This has happened to me a couple of times now, and each time it took me a while to work out what caused it, so I thought I'd document it.
The problem occurs with a Blazor WASM App using MSAL and Azure AD authentication. If you press login, the message "Checking Login State..." can show and will not open the login popup.
The reason is due to incorrect entry of the Authority in the appsettings.json file shown following. If the ClientId is incorrect, an error will be shown during login. However, if the Authority is incorrect, you just get the unhelpful message "Checking Login State..."
Hopefully this will help someone else out who forgets to set the auth settings, or gets the authority wrong.
Related
I have nginx-->SonarQube.
nginx is able to forward requests successfully.
We want to integrate Authentication with Azure AD.
We followed instructions from here:
https://www.emtec.digital/think-hub/blogs/sonarqube-integration-azure-active-directory/
So when I access https://mycompany.com, I get login page which has "Login with Microsoft" and More options(you can login with local user).
When I enter username and password for Microsoft , we see that Azure AD is returning the token, but SonarQube rejects after that. I see that in the sonarqube access log
"GET /api/navigation/global HTTP/1.1" 401 - "https://mycompany.com/sonar/oauth2/callback/aad?co
So it goes back to login page again. Not sure what I am doing wrong.
Please check with below points:
Try upgrading sonarqube to the latest version.
The redirect URL should be configured with a correct URL, e.g. https:// sonarqube.example.com/oauth2/callback/aad. Here /oauth2/callback/aad is a must in addition to the application URL. For example, if your main URL is "https://sonarqube.example.com" in sonar server base url , you would enter "https://sonarqube.example.com/oauth2/callback/aad" as redirect url in aad.
Make sure the user has required role or permissions to access .
Set the required permissions in portal and grant consent if required
i) Sign in and read user profile
ii) Read all users’ basic profiles
Also please check http redirection - Stack Overflow reference .The redirect URL must have a https or loopback address, else the Azure AD login will not work.
Try clearing the cookies and Restart after any changes made
Referencs:
sonar-auth-aad (github)
running-sonarqube-behind-an-iis-reversed-proxy
docs.sonarqube.org
I am working on Safaricom Daraja API B2C but some of the required test credentials are not displayed in the Safaricom Dashboard.
As you can see above, the initiator name and security credentials are not provided yet they are needed in the B2C API call.
How do I get these credentials.
EDIT:
This question was asked before Safaricom upgraded to the new Daraja Dashboard. The problem has now been sorted
Apparently, for some unknown reason to us, Safaricom chose to hide the test credentials and if you need them, you have to write them an email at apisupport#safaricom.co.ke and request for the test credentials. You will get a response in less than an hour with shortcodes and initiators that you can use for test.
Source -> https://survtechnologies.co.ke/get-test-credentials-safaricom-m-pesa-daraja-api/
The test Credentials are on the simulator link, bottom right redirects to the link.
Please try this with the new mpesa portal2.0 - It is straight-forward
Salesforce token end point was working fine previously but recently it's password got expired. I asked SF team to extend the same password and after that I am able to login to SF portal and able to get SF access token using same password and security token by postman.
But when my prod application is making calls to SF it still gives same error message:
This session could not be mutually authenticated for use with the REST API","errorCode":"MUTUAL_AUTHENTICATION_FAILED"
Could you please help me that why after extending the same password (by changing some setting in sf) when the .net core application hit it, its getting same error message. Does it got cashed and SF service need to be restarted???
I am getting this error
{"error":"invalid_request","error_description":"Unable to retrieve access token: appid/redirect uri/code verifier does not match authorization code. Or authorization code expired. Or external member binding exists"}
when some of my users use the LinkedIn login. It works fine for 70% of the users.
Can someone explain why is this happening..
I'm using running the application on a NodeJS server.
I've been learning Auth0 for a React / React Native project. With two different apps now, including one from their site, I see the following behavior:
clear browser cache
login
enter password, now logged in
select logout
--> now logged out
select login
am NOT prompted for password again, just logged in without interaction.
It seems the session has been kept alive even though I logged out. I would expect that if I manually log out of an application, I must re-authorize with my password on the next login attempt.
As I said I've seen this twice now, once with my own project and once with the tutorial they provide at https://auth0.com/blog/react-tutorial-building-and-securing-your-first-app/ . Doesn't make any sense to me. Am I missing something?
Thanks ~~
This is the Seamless SSO behaviour explained here. This is now enabled by default on all tenants and it "seamlessly" logs the user in without showing any prompts if a session exists for the user in the Authorization server (Auth0 in this case). Previously you would get a prompt that said "Last time you logged in with ..." Clicking it would login you in without requiring a password.
If you are "Logging out" and yet you can log back in again without needing to enter credentials, the most likely explanation is that you are actually not calling the https://YOUR_AUTH0_DOMAIN/v2/logout endpoint which logs out the user by clearing their SSO cookie in Auth0. You can confirm this endpoint is called from Network tab in your browser when you click to logout.
The Auth0 React quickstart by default does not call the logout endpoint, it only removes the tokens from browser storage. To clear the SSO cookie and logout from IdP using Auth0.js you need to call the logout function as well. Refer to the Auth0.js logout function here.
Hope that helps.