I am trying to make a custom power BI data connector to connect Autodesk BIM360/Forge.
I have setup auth2.0 authentication as per the power BI github connect sample.The program runs fine in the debug environment in visual studio. But when running the same thing from inside power bi it freezes at authorization step.
Power BI Desktop Freezing in this page-
enter image description here
Visual Studio showing authentication generated-
enter image description here
Connector-https://mnc5d-my.sharepoint.com/:u:/p/sourav_ganguli/ETg4BHsRRMxGgPvnh5-z4l0BzDim1LBmz91vsSeaWDsysA?e=Oaak4j
Code-
'''
// This file contains your Data Connector logic
section PQExtension1;
client_id="VsuX1PRxOl0GQw4O52FNF9DsBgYHqPzN";
client_secret ="O0HHUVoxQFiom6XO";
Scope="data:read";
redirect_uri ="http://localhost:9000";
AuthorizeUrl="https://developer.api.autodesk.com/authentication/v1/authorize?";
TokenUri="https://developer.api.autodesk.com/authentication/v1/gettoken";
windowHeight=720;
windowWidth=720;
[DataSource.Kind="PQExtension1", Publish="PQExtension1.Publish"]
shared PQExtension1.Contents = (url as text) =>
let
source = Json.Document(Web.Contents(url))
in
source;
// Data Source Kind description
PQExtension1 = [
Authentication = [
OAuth = [
StartLogin = StartLogin,
FinishLogin = FinishLogin
]
// Implicit = []
],
Label = Extension.LoadString("DataSourceLabel")
];
// Data Source UI publishing description
PQExtension1.Publish = [
Beta = true,
Category = "Other",
ButtonText = { Extension.LoadString("ButtonTitle"), Extension.LoadString("ButtonHelp") },
LearnMoreUrl = "https://powerbi.microsoft.com/",
SourceImage = PQExtension1.Icons,
SourceTypeImage = PQExtension1.Icons
];
PQExtension1.Icons = [
Icon16 = { Extension.Contents("PQExtension116.png"), Extension.Contents("PQExtension120.png"), Extension.Contents("PQExtension124.png"), Extension.Contents("PQExtension132.png") },
Icon32 = { Extension.Contents("PQExtension132.png"), Extension.Contents("PQExtension140.png"), Extension.Contents("PQExtension148.png"), Extension.Contents("PQExtension164.png") }
];
StartLogin = (resourceUrl, state, display) =>
let
AuthorizeUrl = AuthorizeUrl & Uri.BuildQueryString([
client_id = client_id,
client_secret = client_secret,
response_type="code",
scope = Scope,
state = state,
redirect_uri = redirect_uri])
in
[
LoginUri = AuthorizeUrl,
CallbackUri = redirect_uri,
WindowHeight = windowHeight,
WindowWidth = windowWidth,
Context = null
];
FinishLogin = (context, callbackUri, state) =>
let
Parts = Uri.Parts(callbackUri)[Query]
in
TokenMethod(Parts[code]);
TokenMethod = (code) =>
let
Response = Web.Contents(TokenUri, [
Content = Text.ToBinary(Uri.BuildQueryString([
client_id = client_id,
client_secret = client_secret,
grant_type="authorization_code",
code = code,
redirect_uri = redirect_uri])),
Headers=[#"Content-type" = "application/x-www-form-urlencoded",#"Accept" = "application/json"]]),
Parts = Json.Document(Response)
in
Parts;
'''
PowerBI is probably using IE11 inside the web view controller, and that inherits permissions from your system, which is probably blocking scripts. You can try adding these permissions:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SCRIPTURL_MITIGATION
DWORD value (32 Bit): Your applciation name.exe = 1
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION
DWORD value (32 Bit): Your application name.exe = 11001
Please also refresh/renew your Forge credential secret, which was exposed above.
Related
On making a SAML request the port number (443) is being stripped out of the Destination. I understand this is default behaviour of the URI object. However the SAML identity provider requires the destination includes the port number for validation.
How can I get the SAML builder to include the port? 443 is being stripped from https://sit-api.eat.xxxxxx.xxxx.xx:443/samlsso (see below)
Saml2Configuration samlconfig = GetSAMLConfig();
var samlRequest = new Saml2AuthnRequest(samlconfig);
samlRequest.AssertionConsumerServiceUrl = new Uri(_appConfiguration["Saml2:AssertionConsumerServiceUrl"]);
samlRequest.Destination = new Uri(_appConfiguration["Saml2:SingleSignOnDestination"]); // https://sit-api.eat.xxxxxx.xxxx.xx:443/samlsso
samlRequest.NameIdPolicy = new NameIdPolicy()
{
AllowCreate = false,
Format = "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent",
SPNameQualifier = _appConfiguration["Saml2:SPNameQualifier"]
};
samlRequest.Conditions = new Condition();
samlRequest.Conditions.Items = new List<ITfoxtec.Identity.Saml2.Schemas.Conditions.ICondition>();
samlRequest.Conditions.Items.Add(new ITfoxtec.Identity.Saml2.Schemas.Conditions.AudienceRestriction() { Audiences = new List<Audience>() { new Audience() { Uri = _appConfiguration["Saml2:AllowedAudienceUris"] } } });
var bnd = binding.Bind(samlRequest);
It is possible to change the destination URL after the ToActionResult method has been called if you are using a Saml2RedirectBinding. And thereby overriding the default behavior.
Like this:
var action = binding.ToActionResult() as RedirectResult;
action.Url = action.Url.Replace("https://sit-api.eat.xxxxxx.xxxx.xx/samlsso", "https://sit-api.eat.xxxxxx.xxxx.xx:443/samlsso");
return action;
I've set up a jitsi-meet instance for test purposes and I use the ldap-related modules for user authentication configured in /etc/prosody/conf.d/ldap.cfn.lua. Here is my working ldap.cfn.lua (I removed usernames and passwords and replaced them with *):
-- Authentication configuration --
authentication = 'ldap2'
ldap = {
hostname = 'my.ldap.server.org',
--use_tls = true,
bind_dn = 'CN=ldap,OU=user,OU=my,DC=company,DC=org',
bind_password = '***',
user = {
basedn = 'ou=workers,ou=location1,dc=my,dc=company,dc=org',
filter = 'sAMAccountName=*',
usernamefield = 'sAMAccountName',
namefield = 'cn',
},
}
I have several locations within my AD (evolved historically) and I need to query them too. How can I specify more than one basedn parameter? Here is what I tried so far without positive results (mere guesses).
user = {
basedn = 'ou=workers,ou=location1,dc=my,dc=company,dc=org',
'ou=workers,ou=location2,dc=my,dc=company,dc=org',
filter = ...
...
},
user = {
basedn = '(ou=workers,ou=location1,dc=my,dc=company,dc=org,ou=workers,ou=location2,dc=my,dc=company,dc=org)',
filter = ...
...
},
Thanks!
Luckily I've figered out another solution in the meantime:
In my case it's not neccessary to query multiple OU within the AD. It's sufficient to query the very root of my AD and filter for every Domain User.
This site gave valuable hints: https://ldapwiki.com/wiki/Domain%20Users
Here is my working config:
authentication = 'ldap2'
ldap = {
hostname = 'my.ldap.server.org',
--use_tls = true,
bind_dn = 'CN=ldap,OU=user,OU=my,DC=company,DC=org',
bind_password = '***',
user = {
basedn = 'dc=my,dc=company,dc=org',
filter = '(primaryGroupID=513)',
usernamefield = 'sAMAccountName',
namefield = 'cn',
},
}
I am using Postman to test OAuth 2 from a vanilla AEM install.
Postman can successfully obtain the authorization code from /oauth/authorize after I grant access:
But when it tries to use the code to obtain a token from /oauth/token it receives the following response:
HTTP ERROR: 403 Problem accessing /oauth/token. Reason: Forbidden
Powered by Jetty://
Looking in Fiddler it is doing a POST to /oauth/token with the following Name/Values in the body:
client_id: Client ID from /libs/granite/oauth/content/client.html
client_secret:
Client Secret from /libs/granite/oauth/content/client.html
redirect_uri: https://www.getpostman.com/oauth2/callback
grant_type: authorization_code
code: Code returned from previous request to oauth/authorize
Am I missing something?
Would help if you can list some code snippets on how you are building the url and fetching the token.
Here's an example of how we've implemented very similar to what you are trying to do, maybe it'll help.
Define a service like below (snippet) and define the values (host, url, etc) in OSGI (or you can also hard code them for testing purposes)
#Service(value = OauthAuthentication.class)
#Component(immediate = true, label = "My Oauth Authentication", description = "My Oauth Authentication", policy = ConfigurationPolicy.REQUIRE, metatype = true)
#Properties({
#Property(name = Constants.SERVICE_VENDOR, value = "ABC"),
#Property(name = "service.oauth.host", value = "", label = "Oauth Host", description = "Oauth Athentication Server"),
#Property(name = "service.oauth.url", value = "/service/oauth/token", label = "Oauth URL", description = "Oauth Authentication URL relative to the host"),
#Property(name = "service.oauth.clientid", value = "", label = "Oauth Client ID", description = "Oauth client ID to use in the authentication procedure"),
#Property(name = "service.oauth.clientsecret", value = "", label = "Oauth Client Secret", description = "Oauth client secret to use in the authentication procedure"),
#Property(name = "service.oauth.granttype", value = "", label = "Oauth Grant Type", description = "Oauth grant type") })
public class OauthAuthentication {
...
#Activate
private void activate(ComponentContext context) {
Dictionary<String, Object> properties = context.getProperties();
host = OsgiUtil.toString(properties, PROPERTY_SERVICE_OAUTH_HOST,new String());
// Similarly get all values
url =
clientID =
clientSecret =
grantType =
authType = "Basic" + " "+ Base64.encode(new String(clientID + ":" + clientSecret));
}
public static void getAuthorizationToken(
try {
UserManager userManager = resourceResolver.adaptTo(UserManager.class);
Session session = resourceResolver.adaptTo(Session.class);
// Getting the current user
Authorizable auth = userManager.getAuthorizable(session.getUserID());
user = auth.getID();
password = ...
...
...
String serviceURL = (host.startsWith("http") ? "": protocol + "://") + host + url;
httpclient = HttpClients.custom().build();
HttpPost httppost = new HttpPost(serviceURL);
// set params
ArrayList<BasicNameValuePair> formparams = new ArrayList<BasicNameValuePair>();
formparams.add(new BasicNameValuePair("username", user));
formparams.add(new BasicNameValuePair("password", password));
formparams.add(new BasicNameValuePair("client_id", clientID));
formparams.add(new BasicNameValuePair("client_secret",clientSecret));
formparams.add(new BasicNameValuePair("grant_type",grantType));
UrlEncodedFormEntity postEntity = new UrlEncodedFormEntity(formparams, "UTF-8");
httppost.setEntity(postEntity);
// set header
httppost.addHeader("Authorization", authType);
response = httpclient.execute(httppost);
HttpEntity entity = response.getEntity();
if (response.getStatusLine().getStatusCode() == 200) {
if (entity != null) {
object = new JSONObject(EntityUtils.toString(entity));
}
if (object != null) {
accessToken = object.getString("access_token");
////
}
}
}
I found the answer myself and thought I'd share the process I went through as well as the answer because it might help other people new to AEM.
How to find the cause of the error:
Go to CRXDE Lite.
Select console.
Then deselect the stop button to allow new console logs to appear (this is very counter-intuitive to me).
From here I was able to see the cause of the issue:
org.apache.sling.security.impl.ReferrerFilter Rejected empty referrer header for POST request to /oauth/token
Because postman does not place a referrer in the request header I had to tell Apache Sling to allow empty request headers.
To do this:
Go to /system/console/configMgr
Open the Apache Sling Referrer Filter Config
Select the Allow Empty check box
Good way to allow this to list the allowed hosts, otherwise this is against best practices for AEM security checklist.
Its fine for development environment not for production.
using Grails 2.3.8 and
plugins {
compile ':spring-security-core:2.0-RC2'
compile ':spring-security-oauth:2.0.2'
compile ':spring-security-oauth-facebook:0.1'
compile ':spring-security-oauth-google:0.1'
}
and the default providers setup:
oauth{
providers{
facebook{
api = org.scribe.builder.api.FacebookApi
key = '11111'
secret = '222222'
successUri = "http://localhost:8880/oauth/facebook/success"
failureUri = "http://localhost:8880/oauth/facebook/error"
callback = "http://localhost:8880/oauth/facebook/callback"
scope = 'email'
}
}
As I understood, I have to use the absolute URL's for callbacks. That is a problem, as my app is mapped to several domains, like myapp.com, myapp.de, myapp.ru etc.
Is it possible out of the box to provide the callback URL's for each domain?
TIA
so, I figured it out!
the solution contains a bit of ugliness, but works like charm:
in my Config I had to change the providers so, that the server name is reflected in provider name and callback-URLs:
oauth{
providers{
facebook{
api = org.scribe.builder.api.FacebookApi
key = '11111'
secret = '22222222'
scope = 'email'
}
'facebook_localhost'{
api = org.scribe.builder.api.FacebookApi
key = '111111'
secret = '222222222'
successUri = "http://localhost:8880/oauth/facebook_localhost/success"
failureUri = "http://localhost:8880/oauth/facebook_localhost/error"
callback = "http://localhost:8880/oauth/facebook_localhost/callback"
scope = 'email'
}
'facebook_wwwmysitenet'{
api = org.scribe.builder.api.FacebookApi
key = '9999999'
secret = '888888888888'
successUri = "http://www.mesite.net/oauth/facebook_wwwmesitenet/success"
failureUri = "http://www.mesite.net/oauth/facebook_wwwmesitenet/error"
callback = "http://www.mesite.net/oauth/facebook_wwwmesitenet/callback"
scope = 'email'
}
}
}
to make processing easier, I remove the dots from the server name.
The same I made for google.
I am attempting to gain three-legged Oauth access, but I can't get the first step to work. My code so far:
include("OAuth.php");
$consumer_key = "anonymous";
$consumer_secret = "anonymous";
define("URI", "http://www.google.com");
$request_token_url = URI.'/accounts/OAuthGetRequestToken?scope=https%3A%2F%2Fwww.google.com%2Fh9%2Ffeeds%2F';
$parsed = parse_url($request_token_url);
$params = array();
$oauth_consumer = new OAuthConsumer($consumer_key, $consumer_secret, NULL);
$req_req = OAuthRequest::from_consumer_and_token($oauth_consumer, NULL, "GET", $request_token_url, $params);
$sig_method = new OAuthSignatureMethod_HMAC_SHA1();
$req_req->sign_request($sig_method, $oauth_consumer, NULL);
$request = $req_req->to_url();
$session = curl_init($request);
curl_setopt($session, CURLOPT_RETURNTRANSFER, 1);
// Make the request
$response = curl_exec($session);
//Error Handling:
// there is an error while executing the request,
if (!$response) {
$response = curl_error($curl);
}
curl_close($session);
parse_str($response, $params);
$oauth_token = $params['oauth_token'];
$oauth_token_secret = $params['oauth_token_secret'];
$_SESSION['CONSUMER_KEY'] = $consumer_key;
$_SESSION['CONSUMER_SECRET'] = $consumer_secret;
$_SESSION['REQUEST_TOKEN'] = $oauth_token;
$_SESSION['REQUEST_TOKEN_SECRET'] = $oauth_token_secret;
print_r($_SESSION);
I'm using OAuth.php.
The returning array does not give me anything:
Array (
[CONSUMER_KEY] => googlecodesamples.com
[CONSUMER_SECRET] => [REQUEST_TOKEN] => [REQUEST_TOKEN_SECRET] =>
)
I found this on the Google Oauth Reference
If your application is not registered, select HMAC-SHA1 and use the following key and secret:
consumer key: "anonymous" consumer
secret: "anonymous"
I have altered the consumer_key and consumer_secret variables but the returning array remains empty.
I'm not sure what I'm doing wrong this is a basic H9 sandbox development procedure; any advice would help.
Well I have figured this one out,
When I printed the response of the curl I got a message which said:
This URL has moved here:
https://www.google.com/accounts/OAuthGetRequestToken?oauth_consumer_key=anonymous%20%20%20%20[amp;oauth_nonce]%20=%3E%20828f80d4cec64b5b6fcca5010e2aa952%20%20%20%20[amp;oauth_signature]%20=%3E%20H+WrK1WIhyFEkrHRBvjpzcVLFvs=%20%20%20%20[amp;oauth_signature_method]%20=%3E%20HMAC-SHA1%20%20%20%20[amp;oauth_timestamp]%20=%3E%201282773417%20%20%20%20[amp;oauth_version]%20=%3E%201.0%20%20%20%20[amp;scope]%20=%3E%20https://www.google.com/h9/feeds/
So once I changed the $request_token_url to this, it worked like a charm and I finally have one-leg!! two left :)