I feel like I'm missing something, either in my understanding of SSO, or in how IdP-initiated in the example projects (MVC and Core) at ITFoxtec.Identity.Saml2 are working.
It seems like the only project set up to be the IdP is TestIdPCore, yet the only projects that have IdPInitiatedController seem to be set up to only be an Service Provider (relying party?).
I dropped IdPInitiatedController into TestIdPCore and was able to get Initiate() to work.
I guess I am confused on how to get IdP-initiated working with the examples as they are.
Thank you for your time, both in the work done and in your responses!
It sounds like you understand IdP-initiated correct. In the old days the solution did not contain the TestIdPCore IdP sample. Therefore, the IdP-initiated sample is placed in a SP (Service Provider).
But you are right, I should move it to the IdP sample.
If you like, you are welcome to do a pull request to move the IdP-initiated sample to the TestIdPCore IdP sample.
Related
I have just verified the custom URL for my Sites Google. When I want to assign it, it says, "This URL is already in use by another Google service." Meanwhile, I don't remember using the URL for any Google service. I just verified it with Google Webmasters. Anyway, I use Plesk for my domain services. Any help?
This is my site: https://sites.google.com/view/alvisyhrn/home
This is my URL: www.alvisyahrin.com
Your help will be much appreciated.
Thank you.
I use Google Domains but was running into the same error message. This post suggests creating and then deleting a synthetic redirect record (e.g. www.alvisyahrin.com -> http://google.com) in Google Domains. This displayed a "All resource records in this synthetic record will be deleted." message before deleting, and seems to have done the trick, since as soon as I deleted the synthetic record Sites was willing to use it as a custom domain.
I realize you're using a different registrar for your domain, but visiting your site now it looks like you managed to get things working (I assume by doing something like this). Hopefully this will be a helpful breadcrumb for Google Domains users that run into this, at least.
I was wondering if it will be possible to implement 2fa using Twilio and Ionic 2. I have tried finding tutorials but so far had no luck. If there is no way, is there any alternative? Any help would be appreciated. Many thanks!!
Twilio developer evangelist here.
We haven't got a tutorial for building 2FA specifically with Ionic, however it's surely possible. I'd start by checking out our tutorial on building 2FA with Authy and see if you can apply that to Ionic.
I'm trying this right now. And found on a forum detailed step by step instructions. Also hints about saving and configuring 2FA codes for phone #' s. I can't post a screenshot because my reputation isn't high enough yet but ill post part of the forum and gist below..it goes on a bit more with footnote links.
Good luck.
Posted by NoGoodDeed on https://productforums.google.com/forum/m/#!starred/gmail/ErW7gPYpIaQ:
...Is it possible that it is on google end do to app passwords...
Yes.
Before I give some instructions and links, I want to confirm somethings. Do you have a Gmail account?
If not: Go [1] HERE and click on the red CREATE AN ACCOUNT button to get started.
A Gmail account will end in #gmail.com, so do not use your own email address when creating an account.
If so: Go to the next question.
Do you have namesilo configured to send emails to the above Gmail address?
If not: Please do so.
Unfortunately, I can't help you with that.
If so: Good. Go on to the next step.
With a computer, go to mail.google.com and sign into (if needed) to the Gmail account that you have namesilo forwarding emails to.
Then [2] Turn On 2-Step Verification. With 2-Step, you have some more options.
I suggest that you [3] Install Google Authenticator instead of just having a SMS or Voice call come to your phone.
Instead of using the official Google Authenticator app, I recommend using the [4] Authy app.
The Google Authenticator and Authy apps are free & Google doesn't charge you to set up or use 2-Factor
I need to set up Shibboleth IdP to validate user name and password against a custom application.
Our application exposes a REST API to which one can pass a user's credentials and either returns a 401 on failure or a JSON object with some user metadata on success.
I was able to achieve this in SimpleSamlPHP IdP with a 30-line class, but having to switch to Shibboleth, I am having a hard time finding directions to do the same there.
Reading through the documentation the suggested solution seems to be to create a custom back end for the password login flow but the Wiki does not explain in detail how to do this.
Can somebody point me out to some tutorials or sample code on which files need to be created or changed in order to do this (even basic examples of checking against a credential file or database would be fine)?
You are looking for an [External Authentication Flow] (https://wiki.shibboleth.net/confluence/display/IDP30/ExternalAuthnConfiguration)
For an example, see the shib-cas-authn3 project (https://github.com/Unicon/shib-cas-authn3). It uses the CAS Server to authenticate the users. It then creates an IdP session from information retrieved from CAS.
Add me to the list of people confused by all this: https://developers.google.com/accounts/docs/OpenID#openid-connect. I currently use the Python Users API in an AppEngine application running at https://www.stackmonkey.com/. I build the login URL for my login button like this:
login_url = users.create_login_url(federated_identity='gmail.com', dest_url=dest_url)
self.redirect(login_url)
The Users API manages my user DB for me. I'm able to pull the current user's session with this code:
current_user = users.get_current_user()
Given the complete lack of information on the topic anywhere I've looked on Google's pages, I'm wondering if anyone has any information on whether the Users API can be made to work with the suggested migrations, or if Google is going to update the Users API to support the new authentication methods they suggest?
At least I have some time on this, but I'm really not looking forward to reimplementing an entire auth system in my app.
Small update, I've tried creating a sample application running at kordtest2.appspot.com which is returning a 400:
Error: Bad Request
Your client has issued a malformed or illegal request.
The code used for that sample app is cut and pasted from the Python getting started guide on their site (I can't post another link with this account).
I had the same problem, and it appears to be when I was logged into multiple GMAIL/GOOGLE accounts at the same time. When I logged out of all of them except one, that one worked fine with my code, based on the sample Python code.
I would like to use Oauth 2 for an application in Google App Engine with Java, but I dont find any good example of that use, I would be very thankful if somebody could help me please, it is something frustrating dont find good examples, thnak you.
My 2c is avoid oauth2 libraries. Of course opinions may vary, but for me they provide very leaky abstractions, so you end up being dragged into understanding oauth by the back door. For me at least, taking an hour to read the the two pages that tell you all you need to know, and carefully avoiding all the others, will get you where you want to be.
In simple terms, the steps are :-
Call the auth URL with your app/client ID and the scopes you require. Include the "email" scope.
Google will walk the user through login, and (if the first time through) authorisation dialogues
Eventually the browser will redirect back to your oauthcallback url, and pass you an auth code
Call google to convert the auth code to a refresh token. This will also return the user's google ID and an access token.
Store the user ID in your session so you can identify the user subsequently
Persist the refresh token alongside the google user id in a database
On subsequent visits...
If you have the google user id in the your session, you can retrieve the refresh token from your database and use it to generate access tokens as you need them.
If you do NOT have the google user id in your session, go through the steps above. This time, google will NOT prompt the user for authorisation (since it's already authorised), and the refresh token will be blank (since you already have one stored).
Everything you need to know is within the oauth playground page. If you click through the buttons, you will see that it is following the steps I outlined above.
You then need to deal with the possible error situations, eg
user declines permission
user withdraws permission
google expired the refresh token (happens a lot) so you need to re-auth
timeouts
The two pages you need to read are :-
https://developers.google.com/accounts/docs/OAuth2WebServer and the oauth playground at https://developers.google.com/oauthplayground/
Trust me, as long as you know how to form a URL, store a refresh token (it's just a string) and parse a JSON response, then everything you need is on those pages. Except ...
all the documentation skips over the need to preserve the user ID in your session so you know who it is that is accessing your app. If you're on AppEngine, you may be confused by the appengine sample code which uses a separate appengine login. Ignore it. You will be using oauth to authenticate the user so the appengine stuff doesn't apply and is somewhat confusing.
It's actually much simpler than some of the documentation would lead you to believe, and like I said, imho the leaky libraries don't help.
I'm trying to do exactly the same thing and I agree - it is extremely hard to find a good example of this.
I did find this youtube video however and I think it would help: https://www.youtube.com/watch?v=tVIIgcIqoPw.
Its from Google and it is called Getting Started with Google APIs. The last segment of the video deals with authentication.
There are several OAuth 2 client and server libraries for Java listed on this page: http://oauth.net/2/
Here's quick-start documentation for using Apache Otlu: https://cwiki.apache.org/confluence/display/OLTU/OAuth+2.0+Client+Quickstart
If you're accessing a Google API (as a client), you can use the Google client library for Java, which does OAuth as well as API set-up: https://code.google.com/p/google-api-java-client/