How to remove sign up option on the thingsboard white labelled login page? I have explored self registration option, but i couldn't see any option to disable sign up.
Related
I've set up my asp.net mvc app according to this sample and if you see that line in startup.auth.cs, it says that when the user clicks on "Forgot Password" link, it should redirect to my app at which point it should catch that error in the line 101 that I've linked to and then redirect the user to the proper reset password flow.
However, when clicking forgot password, the flow is never directed back to my app, but rather I see this screen:
Where can I check as to why this happens? Is this supposed to be in my sign in policy or is there some setting in application or tenant?
This happens if you enable development mode in your custom policy.
Either remove the lines, or set it to DeploymentMode:Production.
https://learn.microsoft.com/en-us/azure/active-directory-b2c/troubleshoot-with-application-insights
From various googling and reading https://www.jhipster.tech/security/#oauth2 , I gathered that in order to have mobile/social integration with JHipster generated app I should use OAuth2. Am I right to think this way? (I can't seem to find a clear cut answer to this)
I created a new application with JHipster v5.1.0 with OAuth2 enabled. I noticed a couple of features missing with regards to user management. Below are my questions.
How does a new user register a new account?
How does a user change password / reset forgotten password?
Hopefully someone with experience on the above can help clarify.
Thank you in advance.
For social login, yes your best option is OAuth 2.0. You can use JWT for mobile development with React Native (via JHipster Ignite) and Ionic (via Ionic for JHipster), so it's not necessarily required for mobile.
For user registration and change password, you'll need to enable those options in Keycloak or Okta. This blog post shows you how.
To summarize:
For Keycloak, you can enable registration by navigating to http://localhost:9080 and click on Administration Console. Login with admin/admin and click on the Login tab. This screen allows you to enable forgot password, remember me, and verify by email as well.
To enable self-service registration in Okta, you’ll need to navigate to the Classic UI from the Okta Developer Dashboard. There’s a link to toggle between the two in the top left corner of your screen.
Then navigate to Directory > Self-Registration and click Enable Registration. Set the default group to ROLE_USER, the Default redirect to a Custom URL with http://localhost:8080 as its value, and click Save.
NOTE: If you get an error that says 'http://localhost:8080' is not a valid redirect URI, it’s because you need to add http://localhost:8080 as a trusted redirect under Security > API > Trusted Origins. After making this change, navigate to Directory > Self-Service Registration and edit the settings to configure the custom URL again. It should work this time.
Sometimes when a user logins into a site with Google's OAuth 2.0 they choose the wrong account to login with. Normally this isn't a problem if the user has more than one account registered with the browser, google will automatically show the user select screen:
But if a user has only one account and is logged in, this screen is skipped. Instead I need Google's sign in panel to always appear, so that I can be sure the user has the option to try and enter the correct account. I tried using approval_prompt = "force", but that forces the acceptance of permissions rather than simply showing the login page.
How can I force Google's OAuth 2.0 to always show the login screen?
(and never automatically skip it)
Add the parameter prompt=select_account to your authorization request.
This will cause the account chooser to always be shown, even if the user is only logged in to one account. Users will be able to select from their accounts, or add a new one.
For example: https://accounts.google.com/o/oauth2/auth?redirect_uri=https%3A%2F%2Fdevelopers.google.com%2Foauthplayground&response_type=code&client_id=407408718192.apps.googleusercontent.com&scope=profile+email&access_type=offline&prompt=select_account
I am using LDAP mode of authentication and have written web service and clients to enable gerrit users to reset their passwords should they happen to forget it. For that, I added the following line into gerrit.config file:
[auth]
httpPasswordUrl = http://domain.com:port/Register/ChangePassword
However, this link is not visible anywhere on gerrit, either before login or post login. Can someone guide me on how to make this link "visible" to one and all (users)?
This link is displayed in the Settings -> HTTP Password screen. So this link cannot be used for users who forgot their password. I don't think there is an option to display such a link for non-logged-in users.
A possible solution would be displaying a custom footer / header which adds this link: https://gerrit-review.googlesource.com/Documentation/config-themes.html#_html_header_footer
We have our F5 LTM BIG-IP® Configuration Utility setup in an Active/Passive setup, and have different links to each admin utility console.
Is it possible to display the Failover Status (active vs standby) on the Login Page so you don't have to login to see the status? It's frustrating to login only to see you've logged into the Standby node.
I don't believe so, but if you go to System>Preferences you could modify the "Security Banner Text To Show On The Login Screen". Generally, here you would specify a custom security message which provides legal protection to your organization, such as a message stating that unauthorized access is forbidden and what password restriction that other users should be specifying (the login screen of the BIG-IP Configuration utility displays the text that you specify in this field). Here, you could probably mention which is active and which is standby without syncing this change to the group. Just make sure that whenever you fail-over from one device to the other (shouldn't be too often); that you simply adjust this message and you should therefore be good to go with that. Hope this helps :)
https://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/bigip-datacenter-firewall-config-11-1-0/3.html