I've configured my identityServer to work with Windows authentication and it's working fine if the user insert the right credentials, but if the user click the cancel button when the login form pop-up for the first time, he is redirected to External controller Action Challenge and i see a blank page, instead i would like to return the user to the Login action of the Account controller. If i click the cancel button after a wrong login try, the error page "401.1 - Unauthorized" is displayed.
Any one handled these cases with my same configurations? How?
Thanks to all for the replies.
Related
I have created a multitenant application in the Azure Portal. I have set its redirect URIs and Front-channel logout URL.
I opened a normal(not incognito) Chrome window and I give consent to my application with a Microsoft account. Then I opened another incognito Chrome window and went to https://myaccount.microsoft.com/(it redirect me to sign in page firstly) after that I clicked to Sign out everywhere button. However any request come to API that listen to GET requests of Front-channel logout URL so I could not clear any datas from the database.
However if I open the another Chrome window withhout incognito mode, a request is always comes to API that listen to GET requests of Front-channel logout URL if Sign out everywhere button is clicked.
So, why a request is not sent when I am using incognito window? I expect that Microsoft should know the logged in session and send a request for it even if the Sign out everywhere action is done in another incognito session.
The general guide I am following for this is: https://learn.microsoft.com/en-us/azure/active-directory/develop/
The specific guide is this: https://learn.microsoft.com/en-us/azure/active-directory/develop/scenario-web-app-sign-user-sign-in?tabs=java#sign-out
The example project that I am use it for making practicing: https://github.com/Azure-Samples/ms-identity-java-webapi/tree/master/msal-web-sample
The button that I am clicking and could not get a GET request to my front channel logout url which is set in my application page on Azure Portal when I try to click that button in a different incognito window or different browser window is shown below:
I'm building a user management system using react and spring boot. Currently when the user signs in, the user is redirected to the homepage. How do I disable the back button in the homepage? And similarly how do I disable the back button once the user signs out?
I've been learning Auth0 for a React / React Native project. With two different apps now, including one from their site, I see the following behavior:
clear browser cache
login
enter password, now logged in
select logout
--> now logged out
select login
am NOT prompted for password again, just logged in without interaction.
It seems the session has been kept alive even though I logged out. I would expect that if I manually log out of an application, I must re-authorize with my password on the next login attempt.
As I said I've seen this twice now, once with my own project and once with the tutorial they provide at https://auth0.com/blog/react-tutorial-building-and-securing-your-first-app/ . Doesn't make any sense to me. Am I missing something?
Thanks ~~
This is the Seamless SSO behaviour explained here. This is now enabled by default on all tenants and it "seamlessly" logs the user in without showing any prompts if a session exists for the user in the Authorization server (Auth0 in this case). Previously you would get a prompt that said "Last time you logged in with ..." Clicking it would login you in without requiring a password.
If you are "Logging out" and yet you can log back in again without needing to enter credentials, the most likely explanation is that you are actually not calling the https://YOUR_AUTH0_DOMAIN/v2/logout endpoint which logs out the user by clearing their SSO cookie in Auth0. You can confirm this endpoint is called from Network tab in your browser when you click to logout.
The Auth0 React quickstart by default does not call the logout endpoint, it only removes the tokens from browser storage. To clear the SSO cookie and logout from IdP using Auth0.js you need to call the logout function as well. Refer to the Auth0.js logout function here.
Hope that helps.
i am working on one web application in which i want (for same role) logout first use when second user try login for same browser.I have tried cookies for that but i don't get solution.
So I'm quite new to angularjs, and actually I just inherited this code.
So this the signup process:
User clicks sign up, sign up modal appears
User fills up sign up fields, clicks submit
Another modal appears, telling user that sign up is successful and confirmation email has been sent to email
User provides confirmation url, then prompted an option to save login credentials of previous registration
If a registered user is logged in, there are totally no prompts whatsoever in Chrome, but everything's fine in Firefox.
My questions is:
what triggers the prompt? I figured that it showed up somewhere, so I'm rather close to getting this right.