I want to intergrate alfresco with web application. i.e i have created a login page for my application.Now i want to use the same username and password to login to alfresco so that i dont have to login again using alfresco login page. Can anyone help me out in this?
Thanks and regards,
than1234
Please refer to login in http://wiki.alfresco.com/wiki/Repository_RESTful_API_Reference
Also look for SSO (Single-Sign On)... it would not only avoid your users to re-login to Alfresco, but to other applications. There is information in the manual, the wiki.alfresco.com site, and just by Googling. There are multiple ways to doing it, and choosing will depend on the protocols that you are using. Happy SSO'ing!
Look at this: http://wiki.alfresco.com/wiki/Repository_RESTful_API_Reference#Login
When you make a HTTP GET request to "/alfresco/service/api/login?u={username}&pw={password?}" you get alf_ticket back which you then use in following request instead of loging in each time.
You just append "&alf_ticket=YOUR_TICKET" in your requests... :)
Related
How to scan web pages for site where we need to do login with username/Password.
I used form based authentication but its not working as I am getting POST response as follows.so please let me know how I can scan by providing credentials manually. Thanks!
POST response:
message=%7B%22actions%22%3A%5B%7B%22id%22%3A%22114%3Ba%22%2C%22descriptor%22%3A%22apex%3A%2F%2Fapplauncher.LoginFormController%2FACTION%24login%22%2C%22callingDescriptor%22%3A%22markup%3A%2F%2FsalesforceIdentity%3AloginForm2%22%2C%22params%22%3A%7B%22username%22%3A%22ZAP%22%2C%22password%22%3A%22ZAP%22%2C%22startUrl%22%3A%22%2Femployee%2Fs%2F%22%7D%2C%22version%22%3A%2250.0%22%7D%5D%7D&aura.context=%7B%22mode%22%3A%22PROD%22%2C%22fwuid%22%3A%22r9KGPExoo3AsD7hYz77h_Q%22%2C%22app%22%3A%22siteforce%3AloginApp2%22%2C%22loaded%22%3A%7B%22APPLICATION%40markup%3A%2F%2Fsiteforce%3AloginApp2%22%3A%22vnhBtFVfVynX5gzVl_c_-A%22%7D%2C%22dn%22%3A%5B%5D%2C%22globals%22%3A%7B%7D%2C%22uad%22%3Afalse%7D&aura.pageURI=%2Femployee%2Fs%2Flogin%2F%3Fec%3D302%26startURL%3D%252Femployee%252Fs%252F&aura.token=undefined
For info this question has already been asked on the ZAP User Group: https://groups.google.com/g/zaproxy-users/c/W55XLZe3lOY/m/KLAa_nRmCAAJ
Thats were I'm going to follow up on it :)
I am new to API. I want to know how to use API for Username/Password to my joomla website login page.
Depending upon login and password i want to access the third party portal. I downloaded com_api . I dont know how to use it.
Please help me to solve this issue.
I want to use below id/code to my joomla website.
Headers :
Content-Type : application/json
Authorization : Basic *************************
Body :
{
"refreshToken":"************",
"userName":"*************",
"password":"**********"
}
Thanks a lot...
Regards,
Mahalakshmi
You will need to create a plugin that will implement the event onUserAuthenticate event. In your code, you will check match the username and the password against your 3rd party user database (api) and you will proceed accordingly.
Essentially, the plugin must be an authentication plugin, so take a look at how the plugins\authentication\gmail plugin is written.
No need to use com_api (at least for what you want to do).
One link I saw said that if you login with HTTP Basic Authentication (Rack:Auth:Basic) then you can't really log out without killing cookies in your browser. So there's no good way to log out.
Another link said to use Rack::Session::Pool and then do a session.clear to logout.
What's the correct approach?
I'm trying to access Activiti Explorer from my Liferay portlet. My idea would be to bypass the Activiti login by adding username and password to the URL.
Something like:
Vedi Grafico
Disabling the login function would be good too, but I don't think it can be done. Does anyone have any ideas on how to best proceed?
Thank you!
It is not a good idea put the user and the password in a hiperlink. But if you have clear ideas, the best way for do this is ParameterAutologin.
Ensure that you have active this hook in your portal-ext.properties, if that is not the case you should add the ParameterAutoLogin and reboot the portal:
auto.login.hooks=com.liferay.portal.security.auth.ParameterAutoLogin
then if your portal login is by screenname you put this url:
http://localhost:8082/path¶meterAutoLoginLogin=test¶meterAutoLoginPassword=test
If your portal login is by email you put this url:
http://localhost:8082/path¶meterAutoLoginLogin=test#domain.com¶meterAutoLoginPassword=test
This works with all the urls of your portal. No matters the path.
I would like to understand something please.
I have an application based on oAuth2 with Google Accounts.
So, teh first time I connect to this website, I am redirected to the authentication page on Google domain. So I type my email and password and I dont check "trusted computer" (or "remember me", I dont remember the exact term).
The thing is if I reboot my computer or even delete my cookie (but not my history (tested with Chrome on Android phone), I am not prompted again for the authentication and I have directly access to the application.
I would like to understand why ?
If somebody can explain it to me that should be great !
Thank you
You can actually force re-authentication in the Google OAuth api by passing &max_auth_age=0 to the auth URL.
Source:
Use the PAPE extension for further control of user authentication (optional)
Use the max_auth_age parameter in the PAPE extension to ensure that the login session of the user at Google is recent. You may also specify max_auth_age=0 to force a password reprompt.
https://developers.google.com/accounts/docs/OpenID
It's a bit confusing because they talk about OpenID, but I'm doing this successfully with Google's provided OAuth2 libs.
The Google OAuth 2 API really doesn't give you a way to force re-authentication. Lots of people have asked for this capability though, and maybe we should provide it.
It's hard to say, since it depends on what the flow was that as being executed.
Generally (with oauth) you weren't being prompted for authentication. You were being prompted for authorisation. Once you've authorised, you won't be prompted again, provided of course that the browser/google have some sort of session in existence which identifies the user.
When you say "delete my cookie", which cookie?
Yo can try going to this page https://accounts.google.com/b/0/IssuedAuthSubTokens?hl=en_GB and revoke the permission. That should then cause a repeat prompt.