I'm getting the following error with Omniauth SAML and I don't know how to debug it any further.
Authentication failure! invalid_ticket: OneLogin::RubySaml::ValidationError, 6:0: ERROR: Element '{urn:oasis:names:tc:SAML:2.0:assertion}SubjectConfirmationData': Missing child element(s). Expected is ( {http://www.w3.org/2000/09/xmldsig#}KeyInfo ).
I've tried adding skip_receipient_check but that doesn't seem to affect this issue.
Any ideas?
It looks like in this instance, the customers SAML was invalid and the library did the right thing.
Related
i'm trying to use the Email verify service via send grid and after i'm write all the placeholders i'm getting this error: "SendGrid Template does not contain required placeholders", and I can't find any solution.
Can someone guide me with this?
Thank you!
You need to enable the "Template Engine" read access for your API key. You can do so here: https://app.sendgrid.com/settings/api_keys. Make sure it is read access only (i.e. the slider is in the middle).
I had the same problem. I used {{{ code }}} to load the dynamic data. In my case, its OTP. So I replaced {{{ code }}} with {{{twilio_code}}} and the problem was resolved.
As of today, the following applies : https://support.twilio.com/hc/en-us/articles/6554095919003-Error-SendGrid-Template-does-not-contain-required-placeholders-
Cause
This error message usually due to the SendGrid Dynamic template missing
at least one of the following placeholders:
- {{twilio_code}}
- {{twilio_message}}
- {{twilio_message_without_code}}
I am trying to GET an issue in Jira using POSTMAN. I have selected Type as OAuth 1.0. For that it is asking me some fields mentioned below. I have generated Token and Token Secret which I am passing to it. I have also configured my generic application to Jira in Application links. I am not aware of what to be passed in Consumer Secret and Signature Method (what should be the signature method). I am currently selecting HMAC-SHA1. For rest of the fields it is generating values based on the parameters passed above.
Consumer Key : hardcoded-consumer
Consumer Secret : ?? (What should I pass here)
Token : ojn33TZALMlvp5eCa6HeErDSx9K8LL6A
Token Secret : inHfn2QFJkkYkWQ8FxT9mXkdcoNxYPf5
Signature Method : HMAC-SHA1
Timestamp : 1474290363 (Generated value)
Nonce : x1hs2v (Generated value)
Version : 1.0 (Generated value)
Realm : (It is optional)
After hitting my jira Url it is giving me oauth_problem=token_rejected error. Can anyone tell me where I am making the mistake?
Here is the Jira URL which I am hitting :
http://bmh1060149:8080/rest/api/2/issue/NWFM-1 (NWFM-1 is the Jira issue)
Please find the below screen shot for more reference.
After little bit of research I found the answer. Once we get the access token we can directly pass that to your Jira Url. There is no need to pass all those parameters.
To get all issue types we can use the following URL and passing access token as an argument.
http://bmh1060149:8080/rest/api/2/issuetype?access_token=euyyIxB6q5waBHeZ9zB7kGV21GRNNOud
Please see the attached screen shot for more reference.
I was making some changes to security.xml regarding the access like:
<intercept-url pattern="/app/admin/projectform*" access="ROLE_ADMIN,ROLE_ENGAGEMENT_MANAGER"/>
But I am confused how to differentiate between the following two URLs:
/userform?create=Engagement&method=add&from=list
/userform?create=manager&method=add&from=list
They need to be assigned to different roles.
I tried to do something very similar but couldn't. On inspecting the source code I realised spring-security doesn't consider request parameters when applying coarse grain/url authorization.
I ended up creating two separate urls.
I have the same issue. I debugged and found out that Spring failed to parse separated roles with comma actually it throws ParseException at doParseExpession. you can find the exact line [here][1]
It says it missing some data if there is acomma`. I haven't figure why. But, it seems that #Oliver advice is a good one for now. i.e break the rules for two/more lines
Edit
Solution:
seems that in version 4 filter-security-metadata-source expect to get request-matcher AND use-expressions i.e try:
<filter-security-metadata-source request-matcher="ant" use-expressions="false">
<intercept-url pattern="/app/admin/projectform*" access="ROLE_ADMIN,ROLE_ENGAGEMENT_MANAGER"/>
</filter-security-metadata-source>
I am using tornado framework to use the Twitter API. I am not understanding why I am getting a callback url with the value of next in it
auth/login?next=%2F%3Foauth_token%3D
I understand that /auth/login is setup by me during AuthLoginHandler. But I am not understanding what is setting next token inside the url. This makes my other argument
self.get_argument('oauth_token', None)
return None.
I know that we can still parse the url the get the oauth_token, but any insights into how TwitterMixin or default Oauth class of tornado is doing this. I am a newbie to Tornado
Firstly, You can ignore the 'next' argument until you get your core code working.
'next' is an extra parameter so you can forward the user to to the original page you asked for like this:
self.redirect(self.get_argument('next', '/'))
The 'next' param is added in the request handler here after a call to get_current_user has returned None. [ie user is not logged in]
The Tornado docs describe how to write a handler for Twitter.
I'm trying to use Google Federated Login REST API. I can succesfully reach out to the google server and validate a user but I cannot pull parameters from the return url
for example:
http://mysite.com/login/return?openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.mode=id_res&openid.op_endpoint=https%3A%2F%2Fwww.google.com%2Faccounts%2Fo8%2Fud...
All the variables in that return string are not accessible in the params array. I have no idea how to get them out. requst.url, request.query_parameter, and all similar calls do not return the query string.
I think i found the issue. I was using the open-uri library to make the call to google's endpoint url so it may have been stepping outside of the normal rails response/request cycle. I've since used Net::HTTP requests and parse the information from the response.
So I have a very similar issue, where I'm actually building a Rails-based openid provider but being consumed by another Rails app. I basically adapted the code from
The whole URL was:
http://localhost:3000/openid?openid.assoc_handle=%7BHMAC-SHA1%7D%7B5193d33f%7D%7BdBrUwQ%3D%3D%7D&openid.claimed_id=http%3A%2F%2Flocalhost%3A3000%2Fopenid%2Fwarren&openid.identity=http%3A%2F%2Flocalhost%3A3000%2Fopenid%2Fwarren&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.ns.sreg=http%3A%2F%2Fopenid.net%2Fextensions%2Fsreg%2F1.1&openid.realm=http%3A%2F%2Flocalhost&openid.return_to=http%3A%2F%2Flocalhost%2Fsession%3F_method%3Dpost%26return_to%3D&openid.sreg.required=nickname%2Cemail
I had a similar problem where the only parameters being reported were:
{"action"=>"index", "controller"=>"openid"}
So, suspecting that some parameter (maybe a period?) was causing it to hiccup, I went through and deleted them one by one until I found that deleting the following parameter enables the entire thing to go through correctly:
openid.mode=checkid_setup
That left all the remaining parameters correctly being parsed:
{"openid.assoc_handle"=>"{HMAC-SHA1}{5193d33f}{dBrUwQ==}",
"openid.claimed_id"=>"http://localhost:3000/openid/warren",
"openid.identity"=>"http://localhost:3000/openid/warren",
"openid.ns"=>"http://specs.openid.net/auth/2.0",
"openid.ns.sreg"=>"http://openid.net/extensions/sreg/1.1",
"openid.realm"=>"http://localhost",
"openid.return_to"=>"http://localhost/session?_method=post&return_to=",
"openid.sreg.required"=>"nickname,email",
"action"=>"index",
"controller"=>"openid"}
I'm now trying to find why openid.mode causes this issue. It fails even if I change it to openid.mode=5, so it's the key, not the value, causing the problem.
Suspecting the ".mode" part of the string for the trouble (maybe ".mode" is a filetype or something being parsed by the routing?) I am looking towards this post on allowing periods, but it only applies to the value, not the key: rails routing and params with a '.' in them
Will report back if I find more.
Update: I tried, in another Rails app, adding ?openid.mode=0 to the end of a URL -- ".mode" does not result in a parameter being read, but ".modes=" does and so does ".mod=". This confirms that ".mode" is causing a params parsing error.
Update 2: yikes... actually "?a.mode=0" does work. So far, only the complete string "openid.mode" does not work, and this is across various Rails apps. "?openid.mode" with nothing else results in: Parameters: {"openid.mode"=>nil}, but "?openid.mode=" with nothing after the "=" fails to pass any parameters besides action & controller. Very odd.
Update 3: OK, figured it out, I believe -- the params were getting sanitized i.e. deleted by the rack-openid gem, in that gem's path: /lib/openid.rb:168, "sanitize_query_string". This seems to be incompatible with the example I was working with: https://github.com/openid/ruby-openid/tree/master/examples/rails_openid. Going to override that method.
Final update: I replaced this line:
oidreq = server.decode_request(params)
with this line, since we could no longer use the now-empty params hash:
oidreq = server.decode_request(Rack::Utils.parse_query(request.env['ORIGINAL_FULLPATH']))