We have a bunch of applications that are deployed on openshift. For e.g. we have a Project A and it has three applications.
Is there a way in openshift where we can configure it(by creating a new application) to be authenticated so that when users try to access these applications, they will be routed to the login page and will be authenticated?
Related
I have an app that is hosted under the azure app service. The app builds on ASP.NET MVC with Angular JS (SPA).
The hosted app is protected with Azure Active Directory authentication. And afterward, I integrated SignalR (2.0.4) into the same application.
SignalR is working correctly on the same site, but when trying to connect the SignalR hub connection from another app it just breaks and redirects me to the MS login page, as a web app service protected with required Azure Active Directory authentication.
I did try to send Authorization: "Bearer <token>" and X-MS-TOKEN-AAD-ACCESS-TOKEN in the request header but it did not work.
My SPA (AngularJs) and SignalR code are in the same project.
I have a web application running in a docker container. I need to let only the users authenticated with Microsoft SSO (only the users in my AzureAD tenant). The web application is written in Spark Java and trying to change the existing basic authentication to Azure with MSAL4j is proving to be time consuming and difficult.
Is there a way to authenticate all users with SSO externally to the container without having to change my application?
I saw an Azure NGINX solution on NGINX site but it seemed to not have a free version. Anything I can use out of the box or develop?
TIA!
There is no way to authenticate all users with SSO externally to the container without having to change your application. You would need to change your application code and add the Azure Authentication manually.
Our OPS team have configured a SSO tile that connects to ADFS. I am building a sample application that utilize an SSO service instance. I can deploy my application to PCF and remote debug my SSO configuration. These things work.
What I need is a way to access the SSO service instance while I am developing on my PC. Otherwise only way to verify my code really works is to deploy my application to PCF and either add log statements or configure remote debugging. Both of these are pretty time consuming.
I looked into configuring ssh access to pivotal services. That works for database service instances, but not for SSO service instance. Has anyone figured it out?
After repeated trials and error, I found the solution. Posting it here in case someone else has similar issue
In PCF, for your SSO add a new application. Auth redirect url for this application should point to your localhost. In my case it is http://localhost:8080
run cf env . Copy the p-identity section only and save to vcap_services.json. Then update the clientId and clientSecret with the values from the new application created in previous step.
Use the following command to start your application
VCAP_APPLICATION=true VCAP_SERVICES=$(cat vcap_services.json) SPRING_PROFILES_ACTIVE=... ./gradlew bootRun
I am working with azure cloud service.
I tried to deploy simple web role to azure as cloud service. My web role just a simple asp net mvc app which convert html to pdf(I am using hiqpdf for conversion) without connection to db.
My web role deployed successfully, Virtual Machine was created and i can access my site through rdp on local iis of VM.
But i cannot access site through public url(my.cloudapp.net) b/c of error: ERR_CONNECTION_TIMED_OUT.
I have an MVC5 EF6 application configured to authenticate using organizational authentication (Azure AD) which works fine when running in IIS Express on my development PC. It was developed using Visual Studio 2013.
I have now deployed the application to an AWS EC2 instance using the Cloud Formation wizard in the AWS Visual Studio toolkit. I have also reconfigured the application entry in the Azure AD to run against the deployed version instead of the development version.
When the application is run by navigating to the ec2 instance from a browser, the user is presented with the Microsoft authentication page, so I know the deployed app is running. After successful authentication I get the following error:
ID3206: A SignInResponse message may only redirect within the current web application: '/' is not allowed.
I have tried all the potential solutions I can find from SO and other forums concerning this issue. These include several different ways of ensuring a backslash is at the end of a URL. However, none of these approaches fixes my issue.
My issue seems to be slightly different in that the error states that:
application: '/' is not allowed
All other similar references I've seen have something like:
application: '/appname' is not allowed
My application does not have this issue in development using IIS Express.
Can anyone offer any potential solutions or avenues to research concerning this?
The redirect error only occurs using the Amazon Cloud Formation tool (inside the AWS Explorer in VisualStudio) to deploy to AWS. If Amazon's Elastic Beanstalk tool is used instead to reply to AWS, the redirect after successful authentication works fine.
Deploying to Azure using VisualStudio results in a successful redirect too.
So, although this is not a definitive answer as to why the Cloud Formation deployment causes the redirect error, using Amazon Elastic Beanstalk instead will redirect correctly.