I am trying to learn identity server 4 as a token server for a client application. I came across a very well written tutorial by Scott Brady. I am trying to start by using the sample code from the article at https://github.com/scottbrady91/IdentityServer4-Example . The issue I am having is that when I login the “Client Application Access” screen give me a message “You have not given access to any applications”. Lots of searches and attempts have failed to solve this issue. I am hoping someone can point me in the direction of how to give access to applications.
Thanks in advance for any direction.
Thanks
It's not an error message. The View that your are seeing is because that you have not authorized any clients to access your profile.
After giving consent to client(s), The Page will show the list of clients that can request your profile data from the identity server.
I'm assuming that you're only running Identity Server. You need run both Client and Identity Server to understand the complete flow.
Related
This is my first question, so I hope I don't miss a thing. To be clear from the start: I don't expect an answer which dives deep into detail. This is just about getting a general understanding of how to work with this kind of software.
So I don't know if "Identity Management System" is a suitable term for what I mean but when I talk about Identity Management Systems I think of something like Azure AD, which as far as I know provides e.g. web developers the possibility to integrate a way users can authenticate (including access privilege etc.) on their website.
What I'm quite unsure about is how to work with/ integrate such tools in a project. I will try to make it clear with an example: Assuming I have a website let's say this website is a blog. The blog consist of different posts which are stored in my own database which is connected to the website. The posts are written by different users which authenticate with a tool like Azure AD. The user's data is stored somewhere on a server run by e.g. Microsoft. If I want to display the posts togethere with the name, email.... of the user who wrote them, how would I do this?
Is it possible to query the user's data directly from the Identity Management System and display it? This does not sound ideal to me as the consequence would be that data the website uses is stored in two different locations.
Would you kind of copy the user's data from the Identity Management System to the websites database and query it from there? This does not sound like a good solution either because then data would be duplicated.
So whats the "right workflow"?
I appreciate any hints and further information I can get:-)
AFAIK To get the user's information like name, email etc. you can add these claims while generating the JWT token.
To generate access token, you have multiple authentication flows such as Authorization code flow, ROPC flow, Implicit flow.
To add the claims that you need to return with the token, you can make settings like below:
Go to Azure Portal -> Azure Active Directory -> App Registrations -> Your app -> Token configuration -> Add optional claims
When you decode the token via JSON Web Tokens - jwt.io you can find the user information that you need.
To know how to generate access token, you can refer SO Thread which I solved it before.
I work in a big company and we have just migrated to office 365 in a hybrid scenario.
Here is the "stack":
Exchange 2016 Hybrid
ADSync with AADConnect
Usermailboxes hosted on Office 365
Users use the Outlook 2016 Client (can't roll out o365 client, because we have over 50.000 users and so many custom outlook plugins 32 Bit)
We do this as followed:
Create a new ad user.
Enable-RemoteMailbox samAccountName -RemoteRoutingAddress samAccountName#tenant.mail.onmicrosoft.com -PrimarySmtpAddress address#tenant.com -shared
(This also turns of emailAddressPolicy which it should do according to our exchange admins). Our exchange admins are also stuck on that problem so that's why I created this post here)
Then I wait and have a look in the ECP Admin center. Before the sync happens the remote Routing address is: address#tenant.com
After the first sync (every 30 minutes) it's samAccountName#tenant.mail.onmicrosoft.com ==> How it should be.
After another 30 minutes (2nd sync back to AD) it's a X500 address.
When I look it up in PS like get-remotemailbox <UPN> | fl *remote* the address is samAccountName#tenant.mail.onmicrosoft.com (how it should be).
So it's displayed wrong in the ecp.
But the huge problem we face is this:
When I give any user from the company full access to this shared mailbox it won't get Automapped.
After 1 hour of waiting I manually add it. When I do this a .OST error comes.
Error:
"Microsoft Outlook cannot expand the folder. The set of folders cannot
be opened. The file
C:\Users\UserName\AppData\Local\Microsoft\Outlook{username]}.ost"
Also with outlook restart it's not working. So our guess is because something is wrong about ECP and the Remote Routing address.
Please note that this isn't a client problem. It effects almost every mailbox I create these days.
I had another post about this but with fewer details and without the knowledge of the remote routing address: https://www.reddit.com/r/exchangeserver/comments/eceqm6/automapping_doesnt_work_on_hybrid_setting/
Anyone have any ideas? I appreciate any kind of help from you guys. If you need any more informations please ask
You have an Hybrid architecture, ok. You need to use O365, because if you use older versions you will need to change a bit the computer registry in each computer. Or change the on-premise autodiscover.
But your big problem is big indeed. Right now, you can not hare mailboxes in O365 correctly. If you do that, you may have access to main mailbox, but if you use archive, you won't have access (you just have OWA access).
Regards.
Issue: I am trying to sign in as a root user for my account from the AWS portal, but now, after I adding my password I keep getting redirected to:
https://portal.aws.amazon.com/billing/signup?redirect_url=https%3A%2F%2Faws.amazon.com%2Fregistration-confirmation#/start, no matter what.
It was working fine till today, first time I've encountered this redirect.
Main Browser : Chrome - Version 62.0.3202.94
Based on what on similar cases found on google I tried the following and still did not manage to sort out the issue:
-Chrome: deleted all the cookies and cache data
-Chrome: restarted the device and also the browser
-Chrome: used incognito mode
-Firefox (an aws member said is the most suitable browser): tried normal and private mode
-Firefox: deleted all the cookies and cache data
-Edge: tried normal and private mode
Someone suggested already to make use of S3Browser, it does not seem as a efficient solution just to access the AWS Portal a few times a week so I am keeping it as the last resort.
If anyone experienced the same issue or has any more suggestions/ideas would greatly appreciate some help.
Thanks in advance.
I faced the same issue. The following fixed it for me:
Change your Amazon email address on www.amazon.com - You can use the same email address by using this trick. Change myemail#gmail.com to myemail+amazon#gmail.com
Use the lost password recovery on the AWS login site to recover the password for the former email address (i.e. myemail#gmail.com).
Use the new password to login on the AWS console with the former email address (myemail#gmail.com)
I just had the exact same problem and it was caused by my Amazon account who happens to have the same email address as my AWS account. Turns out that somehow ends up to be one and the same account. I finally had to change the Email for my Amazon account and reset the password on my AWS account. Now they are nicely separated.
I contacted AWS regarding the issue and they suggested to reset my password by going through https://signin.aws.amazon.com because they saw I have two accounts under the same email address. I did reset my password but this did not help and I was keep getting sent to the same screen to finish my registration.
Due to the fact that I reset my password for my AWS account, when I tried to do some Christmas shopping through the normal https://www.amazon.co.uk it was prompting me with a message saying that I have another account active (the one from AWS I presume). I just reset my password for my https://www.amazon.co.uk account and it seems that the AWS account start working normally again.
Based on this experience if you encounter the same issue, I would recommend to try and reset the password for both AWS and the online shop https://www.amazon.com.
I had this exact same issue that also manifested itself as my amazon account not being associated with our 3rd party seller account on amazon US FBA (in addition to causing the loop on AWS).
I read the answer here and changed my password but that didn't fix it.
Ultimately, I called amazon.com customer support who transferred me to AWS support (the only way to get them is by calling general support and requesting it). They were able to initiate a password reset request which solved both issues (seller account and AWS Login loop).
I solved the problem of being unable to login to the AWS COnsole because of the AWS Sign In Loop by re-syncing my MFA device.
There's a link on the 3rd phase of login, where it asks for your MFA, that says troubleshoot MFA. If you click it, it asks you for 2 consecutive MFA codes and then lets you in.
Had the same issue.. found out was because of AdGuard app. Hope it will help somebody
for test you can try to login aws on iPhone
I am trying to access the security settings in the ASP.NET Web Configuration tool.
I read the MSDN tutorial at : MSDN
I also found how to make the tool run from this answer
I am getting the following error when I click the 'Security' link on the web config tool page:
There is a problem with your selected data store. This can be caused by an invalid server name or credentials, or by insufficient permission. It can also be caused by the role manager feature not being enabled. Click the button below to be redirected to a page where you can choose a new data store.
The following message may help in diagnosing the problem: Unable to connect to SQL Server database.
I did find a similar question, but the message to diagnose the problem is different in my case.
Can someone please help ?
Thanks.
Update:
Didn't resolve the issue yet, but tried it on a different machine.
Before showing the ASP.NET Web Configuration tool page, it asks for username and password. I tried following this answer, but it still asks for username and password.
Which username and password is required here ?
Thanks.
we have a database with distinct login for every employee. Full of triggers checking permissions, writing logs of user activity, etc. Now I am writing a simple CakePHP interface to a part of it.
What I need to achieve is to connect to the database through CakePHP. Something like connect() method that will try to connect to DB with entered credentials and, if successfull, will keep that connection and access the CakePHP application.
Well, I am googling since yesterday but can't find any direction. Do you know about any article/example..., that would help me with this task?
Thank you very much for your time.
-Petr
there is information on how to do this in the book http://book.cakephp.org/view/1250/Authentication