Getting scoping working with Kentor/Sustainsys AuthServices SAML2 - saml-2.0

Has anyone got scoping working with Kentor/Sustainsys AuthServices?
The release history https://github.com/Sustainsys/Saml2/releases states that version v0.18.0 has support for scoping and indeed there does seem to be be some scoping classes however they seem to not be used.
Specifically the creation of Saml2AuthenticationRequest instances don't include scoping anywhere.
Am I missing something here? Is there a way to achieve this through configuration in the web.config or is the code not ready for scoping yet?
I'm trying to use the AuthServices MVC package to add SAML2 to an existing MVC project to support SSO as an SP.

Override the AuthnRequestCreated notification and modify the AuthnRequest from code.

Related

how to access process.env.endPointAPI in factories

how to access this variable "process.env.endPointAPI" in yeoman
in the factories Services ?
I want to call the API from different server?
To complement my comment to the question and to provide a more detailed answer:
It is necessary more info regarding your code. I guess you are using a yeoman generator with nodejs server side, maybe with expressjs. If that is the case then you need to pass process.env.endPointAPI via express with the help of your templating engine or change your grunt/gulp tasks to include it in a custom angular factory (for example) when you serve/build your app.
This article describes some of these situations step-by-step.
If the options in the article above don't work for you for some reason, and you are using grunt, maybe you can give grunt-ng-constant a try. Basically, it will generate you a custom constant-value utility for Angular. Once injected in your app module you can access those values from your controllers for example.

Api calls are blocked by $urlRouterProvider.otherwise('/') if the API is in the same project

Until the end of my Angular application development period, I worked with two seperate projects. WebApi and Angular SPA.
Now I am trying to deploy them to our production server and because of the need for seperate SSL certificates, we decided to combine them and run in the same Project. So far so good...
I managed to combine them together and the server side code compiles. Now when I run the app, the first call to the API results in a parse error with the homepage contents (full of html). I understand that this is due to the $urlRouterProvider 's otherwise attribute, routing all the non-routed paths to the root "/".
I need to fix it, excluding the paths which includes /api in them in order to bypass Angular's routing system out of API's way. Any ideas to help?
EDIT: New project is a combination of WebApi (v2 - Asp.Net) and Client App (Angular v1.3.15 on MVC5 views. And yes, html5Mode(true) but doesn't change a thing if turned off).
EDIT2: Forgot to mention, the error is raised from a jQuery ajax call, outside the angular scope. :$
As interesting it is, I realized some other abnormalities in the way WebApi worked. Did some research and found out that it's because of the latest EntityFramework (v6.1.3). During my merge, I updated EF from v6.1.1 so uninstalled and 6.1.3 and installed back 6.1.1 and the problem is solved! That is very odd. EF 6.1.3 should have been a solid release without any breaking changes. Very odd...
Thanks to all who commented and tried to help.
EDIT: After some time, what I realized is this. EF models should be in sync with the Database in order to make successful database calls from WebApi. When I make an ajax call and the db is not in sync with the models, the problems in the question occures. I hope that information helps someone.

Thinktecture IdentityServer V3 - Data is not binding and resources are not loading

I've recently created an Web API that I'd like secured by Thinktecture's IdentityServer V3. I imported the package from nuget, and was able to hit the token endpoints to create a token. However, I noticed that the bootstrap css would not load on IS's main page:
This is how it appears i.imgur.com/DftMQ7C.png vs https:/demo.getidentityserver.com
It didn't bother me until I started using the views (and not just the endpoints) where my pages would print the variable names and function incorrectly with the resources not loading properly. Like so.
Of course, I can not log in since it redirects me the literal "loginUrl" page. I've tried reverting to the previous version 1.2.1, but I still have the same issue. Alternatively, I've looked at samples and those don't have the same issue at all, so I'm wondering if there's a config in my API project that may be causing this.
Has anyone encountered this problem or know of a potential fix?
Be sure to read through the documentation thoroughly, guys. Lesson learned. I just needed to add RAMMFAR to my web.config "otherwise some of the embedded assets will not be loaded correctly by IIS"
<system.webServer>
<modules runAllManagedModulesForAllRequests="true" />
</system.webServer>

Disable Dynamic Routing capability in Camel

With Camel, it is possible to add routes dynamically to the context. And it appears the context is always passed as part of the exchange.
Is there a way to prevent applications from adding routes at runtime? I looked at Shiro security but did not seem to find something along those lines.
the only thing I can think of is to wrap interactions with these applications using POJO Bean Binding which only passes the body of the Exhchange around and limits access to the Exchange directly...
see http://camel.apache.org/bean-binding.html
Maybe you can extend DefaultContext and add security rule in that.

ASP.NET 3.5 webforms URL Routing question

I'm attempting to configure URL routing in my ASP.NET 3.5 WebForms app. Setting up routes has always been confusing to me, so I was hoping I could get some direction.
My requirement is fairly simple. I'm setting up different "brands" of my application, and I'd like the brand to be specified in the URL. For example, http://www.mysite.com/brand1/Default.aspx would bring up one brand (code behind would look up brand1 in the db and load specific text, images, themes, etc) and http://www.mysite.com/brand2/Default.aspx would bring up another brand, etc.
I'm fairly flexible with how the URLs are displayed, with the exception of keeping the http://www.mysite.com/brand1 prefix. That cannot be changed.
Thanks for any help!
I do this by using http://www.UrlRewriter.net, as explained here by Scott Gu:
http://weblogs.asp.net/scottgu/archive/2007/02/26/tip-trick-url-rewriting-with-asp-net.aspx
The trick is to use URL rewriting rules (Regular Expressions) in your web.conifg to get a request for /brand1/default.aspx to actually execute /Processor/Default.aspx?brand=brand1, for example.
NB: The Form.browser trick worked a treat for me when doing postbacks.
Another possible answer from me...
If you're using IIS 7 there is a handy built in module for URL Rewiring, all controlled through a GUI if that's your preference:
http://learn.iis.net/page.aspx/460/using-the-url-rewrite-module/

Resources