Azure Active directory reply address not same - azure-active-directory

I am getting error message below after I deploy my app on a new environment.
{
"error":"invalid_client",
"error_description":"AADSTS70002: Error validating credentials. AADSTS50011: The reply address 'http://xxxx/' does not match the reply address 'https://xxxx' provided when requesting Authorization code.\r\nTrace ID: d3f9a8ba-cadd-491c-a983-a56230f95900\r\nCorrelation ID: 9666214a-74f9-444c-92b6-edc8d42ec383\r\nTimestamp: 2018-04-25 10:00:49Z",
"error_codes":[70002,50011],"timestamp":"2018-04-25 10:00:49Z",
"trace_id":"d3f9a8ba-cadd-491c-a983-a56230f95900",
"correlation_id":"9666214a-74f9-444c-92b6-edc8d42ec383"
}
I checked the ReplyURL and it is correctly set as https://xxxx.
In config the ida:PostLogoutRedirectUri is https://xxxx/
Url used for navigation is https://xxxx
Does anyone know where it is retrieving the http://xxxx ?
Thanks.

The issue here, which it seems that you have noticed, is that one url has a trailing backslash (/), while the other does not.
The reply url for authentication must match exactly what is registered on the app, therefore the trailing backslash (/) must be included everywhere.
Note that a trailing slash may be added to your reply url depending on the libraries and variable format used for storing that value.
For example:
PS C:\Users\shtabriz> $redirectUri = New-Object system.uri("https://myreply")
PS C:\Users\shtabriz> $redirectUri.AbsoluteUri
https://myreply/
I would just use the trailing slash everywhere you have your reply url to avoid this issue.

Related

Quickbooks Authorization error

i have got Access token from "https://oauth.intuit.com/oauth/v1/get_request_token" using rest api in apex. when i pass the response to the authorizaiton url as shown below
https://appcenter.intuit.com/Connect/Begin?oauth_token_secret=xEtlEPu7ljKAeWRYM6pZwY02e8ewZcZ2txR1xpix&oauth_callback_confirmed=true&oauth_token=qyprdc5t2G9j8TcR8AW1123BCD3iy4M0PSBwsk84Rl8WhmCa
i get this error
Oops! An error has occurred.
Please close this window and try again.
Error Code: no_such_database
Message: Application not found by appToken
Any kind of help will be much appriciable
I am not sure if you figured it out but the URL for authorization actually seems different from documentation :
https://appcenter.intuit.com/Account/DataSharing/Authorize?oauth_token=YYYY
I used this url for authorization and it worked.
Instead of old user authorization link (https://appcenter.intuit.com/Connect/Begin ) use the new link (https://appcenter.intuit.com/Account/DataSharing/Authorize)
After generating the request token and secret , redirect to the new link. This will lead to the user authorization pages. Once authorized it will redirect back to our callback url.
Code Example :
$userAuthUrl = "https://appcenter.intuit.com/Account/DataSharing/Authorize";
$signedUrl = "{$userAuthUrl}?oauth_callback={$callBackUrl}&oauth_consumer_key={$consumerKey}&oauth_nonce={$nonce_random}&oauth_signature_method=HMAC-SHA1&oauth_timestamp={$timestamp}&oauth_token={$reqToken}&oauth_version=1.0&oauth_signature={$signature}";
header("Location:$signedUrl");
Authorized URL is not correct.
It should be like -
https://appcenter.intuit.com/connect/begin?oauth_token=qyprdsGhfVztCxWPDIXbPYjVybkwxNAvUdNNaiaTabcde
Here oauth_token is actually request_token (not request_secret) which you get as part of the first call OAuth1.0a flow.
ie. https://oauth.intuit.com/oauth/v1/get_request_token
Please refer this sample Java code which shows all the 3 steps required to generate accessToken and accessSecret (OAuth1.0a).
https://gist.github.com/manas-mukh/b6450bb28506e1302463

Windows Azure Active Directory Application Setup

I have created WAAD application with several reply urls, e.g.
https://localhost:4444/Search
https://server/Search
https://stage.company.com/Search
https://production.company.com/Search
I am using WSFederationAuthencationModule.CreateSignInRequest method and passing in the reply URL based upon where the code is being executed
public ActionResult Federated()
{
var module = FederatedAuthentication.WSFederationAuthenticationModule;
var scheme = Request.Url.Scheme;
var replyUrl = Url.Action("Index", "Search", null, scheme);
var requestMessage = module.CreateSignInRequest(Guid.NewGuid().ToString(), replyUrl, true);
return new RedirectResult(requestMessage.RequestUrl);
}
It seems that the code always redirects to the last Reply URL that I modified in the UI. It seems when you modify the Reply Url it is placed first in the manifest only that Reply Url is used.
Is my understanding Reply URL flawed?
I used your code in my project but wasn't able to reproduce the issue. The method that you are using produces a WSFed SSO request that contains the replyUrl encoded in the wctx parameter (pass the below SSO request produced by your code via a URL decoder and you'll see the encoded ru).
https://login.windows.net/dushyantgill.com/wsfed?wa=wsignin1.0&wtrealm=https%3a%2f%2fdushyantgill.com%2fWSFedTest&wctx=rm%3d1%26id%3d01b22db4-bfdc-4efd-abb5-2909cf445a51%26ru%3dhttps%253a%252f%252flocalhost%253a44311%252fHome%252fAbout&wct=2014-05-14T05%3a37%3a01Z
The OnAuthenticateRequest handler of the authentication module after processing the response, extracts the replyUrl from the wctx and redirects the user's agent. See http://msdn.microsoft.com/en-us/library/system.identitymodel.services.wsfederationauthenticationmodule.onauthenticaterequest(v=vs.110).aspx
Can you confirm that you have a SessionAuthenticationModule in the pipeline too.
Finally, you can always construct your owner WSFed SSO request, with an explicit WReply parameter with one of the reply URLs that you have configured with your application in AAD.
Hope this helps.
What worked for me was setting the passiveRedirectEnabled to true in the config file. Then the returnUrl parameter in the FederatedAuthentication.WSFederationAuthenticationModule.CreateSignInRequest call worked!
<wsFederation passiveRedirectEnabled="true" ....>

Symfony database password using special characters

I'm actually having an issue with Symfony and my database password. The password contains several special characters such as for example : 65RfK_&$+4
Reading the doc, they said that we actually need to escape those special characters such as :
php symfony generate:app --csrf-secret=Unique\$ecret backend
However, I tried to apply this on my password but it's still not working :
65RfK_\&\$\+4
The cached file generate a password such as :
65RfK_\\&\\$\\+4
Since I can't change the password, I need to find a way to make it works. Any ideas?
Thanks
EDIT :
It seems that the problem comes from the + symbol. However, trying to escape it does not work :
65RfK_&$\+4
\u0024\u0026\u002b2
Poblem solved
I finally solved my problem. I contacted the administrator and ask for a new password without the + sign. It works well now. However, I'm still curious about how to escape it from a YAML file. If anyone has an answer, I will be more than glad to see it :)
Where is your database password? In the app/config/parameters.yml, right? Did you try to add simple or double quotes before and after your password?
For example:
# This file is auto-generated during the composer install
parameters:
database_driver: pdo_mysql
[...]
database_password: "65RfK_&$+4"
If the username, password, host or database name contain any character considered special in a URI (such as +, #, $, #, /, :, *, !), you must encode them. You can use urlencode function to encode them.
After that, remove the resolve: prefix in config/packages/doctrine.yaml to avoid errors: url: '%env(resolve:DATABASE_URL)%'

Amazon MWS Connection String Not Working

The connection string below is returning an 'Invalid Address' error. The error message indicates that the API Version is missing, but it is included in the string (see the last parameter). Not sure what the issue is.
https://mws.amazonservices.com/AWSAccessKeyId=[ID Hidden]&Action=GetFeedSubmissionList
&Marketplace=ATVPDKIKX0DER&Merchant=[Merchant Hidden]&Signature=[Signature Hidden]
&SignatureMethod=HmacSHA256&SignatureVersion=2&Timestamp=2013-10-17T00:37:34.100Z&Version=2009-01-01
I usually send my MWS calls through a HTTP POST command, because that's the only way to do a SubmitFeed. The following assumes that a GET works at all (I didn't test):
Your call is missing the ? separator between the query and the rest of the URL. So as a minimum, this should read:
https://mws.amazonservices.com/?AWSAccessKeyId....

D3 Connection issue using mvsp java api

I am trying to connect to D3 Database with MVSP java api. So far:
I have downloaded the mvapi.jar
added it in project lib folder
written the sample code for connection inside main method
String url = "jdbc:mv:d3:hostname:portNo";
Properties props = new Properties();
props.setProperty("username", "");
props.setProperty("password", "");
String account = "AGCO";
String password = "";
MVConnection connection = null;
try {
// Getting error at this point
connection = new MVConnection(url,props);
MVStatement mvStatement = connection.createStatement();
connection.logTo(account,password);
MVResultSet results = mvStatement.executeQuery(query);
}
com.tigr.mvapi.exceptions.MVException: server error with errorCode 1023.
I checked the console but I'm not able to figure out the actual cause or whether I am entering the wrong username, password.
Please suggest what I am doing wrong.
First, you have to set a breakpoint or trace which function is throwing the errors. Then check the routes, (FileName) probably you will have much more experience than I do, but keep in mind that giving the full route ("account,filename," where the last comma is important) is never a bad idea while keep you safer and is mandatory if the filename is in a different account that you are logged to.
And like always please verify these things:
You have enough licenses. Try to close any terminal you have opened for testing your queries. Yes you know is true. One connection one license. Sometimes MVSP let you two under the same IP but chek this.
MVSP service is running. See Pick D3 documentation.
Your USER and ACCOUNT are both ENABLED to access in the MVSP server otherwise you won't be able to access these files or login with the user through the API. See the documentation to enable in the MVSP.Menu account.
I hope this helps.

Resources