When migrating to OAuth 2.0 login (OpenID Connect) from OpenID 2.0 I got an error from Google. (500 error message). That only occurs when I use a personal account but when I use my enterprise account, I can login successfully. I don't know what happened and what can I do to resolve this issue. Please help me to fix it.
Below is my login step by step:
start from my homepage → Select Google Login
Google Login → Select a Google Account Ref Url:http://goo.gl/gkOamz
Select Google Account → personal#gmail.com It is a personal account, not an enterprise account. (personal#enterprise.com)
Permissions page → Select Agree Requires that you grant the following permissions
Select Agree Permissions → Get an error message page from Google.
https://accounts.google.com/o/oauth2/approval?as=2c46c2a1847a7f4&hl=zh_TW&pageId=none&xsrfsign=APsBz4gAAAAAVO7m-Pml8ERHZRM12ZiAtXqD04AbUFRi
Error Page → Error Message
That’s an error.
There was an error. Please try again later. That’s all we know.
Related
I get the following error on my Google cloud account if I try to authenticate via oauth2.
That’s an error.
Error: deleted_client
The OAuth client was deleted.
It used to work for over 2 years now. I did not have changed anything.
How can I repair this?
It seems that your OAuth client got deleted from your console, there's a similar question regarding this issue in the following link. You can check that by heading to the APIs & Services menu, under the Credentials topic.
Quoting the provided solution there:
You need to restore (if possible) or re-create it.
Dashboard -> Enable APIs and get credentials like keys -> Credentials -> New Credentials -> OAuth Client ID
Add the new client id and Reversed Client id to GoogleService-Info.plist
Finally add com.googleusercontent.{apps.YOUR_CLIENT_ID} to URLSchemes
We have a code that logins to Sharepoint Online using :
https://login.microsoftonline.com/extSTS.srf or https://login.microsoftonline.com/RST2.srf, but recently we starting to get authentication failed saying that "Incorrect Username or Password" and after some retries it returns:
"0x80048823 message : AADSTS70002: Error validating credentials. AADSTS50053: You've tried to sign in too many times with an incorrect user ID or password."
While using same username and password to login in the browser works fine, and neither password or username were changed, also code didn't changed. As same code works fine for another Sharepoint tenants. Seems that something changed in the Microsoft login servers, where it's started to not accept user credentials, while web browser login works fine.
Please advise.
Thanks
Microsoft Rep has helped me get this far.
They had us create a "Cloud Only" user. This user was setup as "#" so if your name is bill and your corporate sharepoint site is name is FakeCompany.sharepoint.com then you would have the person as "bill#FakeCompany.onmicrosoft.com"
This user was able to login to https://login.microsoftonline.com/extSTS.srf by just passing username and password.
Our on prem AD users are still having issues, i mentioned this and got the following response.
There is no issue with sync as you are able to login to portal using the same account and password.
The solution you need is documented in https://learn.microsoft.com/en-gb/azure/active-directory/manage-apps/configure-authentication-for-federated-users-portal#enable-direct-authentication-for-legacy-applications
You need to create a home realm discovery (HRD) policy where "AllowCloudPasswordValidation":true.
We have not yet implemented the last solution but the creating of a cloud account may help some of you.
So I think I understand what they are trying to say. There are 2 paths that you are able to authenticate with according to the node-sp-auth example.
"Managed" and "Federated"
"Managed" was the easier version and allowed for you to be able to just provide username and credentials in a soap assertion to login.
Federated is a lot more complicated. You need to first perform a post to Microsoft to validate the user hitting your adfs server. https://adfs.XXXXXXX.com/adfs/services/trust/13/usernamemixed
Then you take the saml:Assertion from that response and put it into the "Token" section of the call you make to https://login.microsoftonline.com/extSTS.srf utilizing the templates from the node-sp-auth.
I have C# code that performs all these steps but I am getting an error
AADSTS70002: Error validating credentials. AADSTS50008: SAML token is invalid. AADSTS50006: Invalid signature. Signature verification failed.
Even though the signature is being generated by Microsoft in their SAML.
node-sp-auth code refrence is OnlineUserCredential.ts file.
If someone can figure out the last mile I can post a comprehensive C# solution.
I'm trying to sign up for DFP small business service with an enabled AdSense account.
After submitting with the apply form, I am still unable to log into DFP account and keep seeing this error:
Unauthorized Access
We apologize for the inconvenience, but you are not authorized to
visit this page. If you believe this is an error, please contact your
account manager.
I received nothing in my email (activation link or any message about it) and I cannot log in to check any information or settings about my account.
I also followed this answer to solve the issue but nothing really worked.
Is there anything I can do other than contact google and wait a long time to get useful response?
In order to use DFP, you need to sign an agreement with Google. DFP is not for free. You should contact Google.
I was using this code until yesterday:
$gaemail = 'my email';
$gapassword = 'my password';
$gaprofileid = 'my profile id';
require 'gapi.php';
$ga = new gapi($gaemail,$gapassword);
Today it started giving me the error:
Exception: GAPI: Failed to authenticate user.
Error: "https://developers.google.com/accounts/docs/AuthForInstalledApps " in C:\wamp\www\projects\gapi.php on line 418
Was there any changes recently regarding the authentication process?
See: GAPI: Failed to authenticate user. Permanent fix PHP
GAPI hasn't been worked on since 2009. It also appears to use client
login which was discontinued / shutdown on April 20 2015. You can no
longer use client login with Google Analytics API, you need to switch
to Oauth2 or a service account. So either the author of that project
needs to fix his code, it appears to be an open source project so you
could probably fix it for him.
You have a couple of choices. Looks like the latest version of GAPI now has oauth support - see: https://github.com/erebusnz/gapi-google-analytics-php-interface or use the Google API PHP Client (https://github.com/google/google-api-php-client).
Version 2.0 on GitHub of the GAPI has been released which support OAuth2 authentication. Google has disabled all other forms of authentication.
Note that OAuth2 will require you to create a 'service account' and then download a P12 file to upload to the server. Finally you will need to adjust the developers console, enable 'analytics API'. Finally give this new user 'Read and Analyse' permissions on the Google Analytics accounts you want to access.
I configure IS and AM with SAML SSO as described in official documentation.
SSO login for AM console function well, I can log in as admin using unique credendital as defined in IS.
When I try to login to publisher or store, login is redirected to IS SamlSSO page as expected, but when I insert uid/pwd, browser is redirected to publisher login page asking for user credentials. AM carbon log report this WARN and ERROR:
TID: [0] [AM] [2014-05-07 17:27:28,171] WARN {org.wso2.carbon.server.admin.module.handler.AuthenticationHandler} -
Illegal access attempt at [2014-05-07 17:27:28,0171] from IP address 192.168.50.60 :
Service is RemoteAuthorizationManagerService
{org.wso2.carbon.server.admin.module.handler.AuthenticationHandler}
TID: [0] [AM] [2014-05-07 17:27:28,172] ERROR {org.apache.axis2.engine.AxisEngine} -
Access Denied. Please login first. {org.apache.axis2.engine.AxisEngine} org.apache.axis2.AxisFault: Access Denied. Please login first.
at org.wso2.carbon.server.admin.module.handler.AuthenticationHandler.authenticate(AuthenticationHandler.java:97)
any suggestion on how to solve this?
Giovanni,
I made contact with WSO2 as I had the same problem and they directed me to https://wso2.org/jira/browse/APIMANAGER-2118
It appears that there maybe a bug in the priority of the SAMLSSOAuthentication and Basic Authentication. I followed the points in the above link and modified the APIMHOME/repository/conf/security/authenticators.xml and changed the priority for SAMLSSO from 10 to 0
I am now able to move between store/publisher and also carbon for API Manager, Identity Server also BAM.
Hope this helps
Carl.