I am try to set up the SSO(Single Sign-On) integration with OpenProject using the OpenProject OmniAuth SAML Single-Sign On plugin. I have configured it with the relevant details. Generated the metadata and registered it with the IDP that is powered by Shibboleth. The plugin does show an additional login button on the openproject login form. Clicking it is properly redirecting to the IDP's login page. After giving the credentials, it is correctly redirecting to the AssertionConsumerService URL I have mentioned. It is of the form https://example.com/openproject/auth/saml/callback. But the page is showing a bad request error. Debugging the file app/controllers/concerns/omniauth_login.rb showed that, inside the omniauth_login function, the following lines of code is resulting in the 400 error.
auth_hash = request.env['omniauth.auth']
return render_400 unless auth_hash.valid?
The value of auth_hash looks to be empty. Could this be an issue due to attribute mapping or something else? I am coming from PHP bacnkground and have no experience in ruby on rails. So finding it difficult to debug the issue. I have tried googling a lot but couldn't find anything useful.
Any help is greatly appreciated.
Thanks
replace the following code
uid { #name_id }
with the following code
uid do
if options.uid_attribute
ret = find_attribute_by([options.uid_attribute])
if ret.nil?
raise OmniAuth::Strategies::SAML::ValidationError.new("SAML response missing '#{options.uid_attribute}' attribute")
end
ret
else
#name_id
end
end
inside the
strategies/saml.rb
file. It is inside the def other_phase function
For reference please have a look into the following github link
https://github.com/omniauth/omniauth-saml/blob/master/lib/omniauth/strategies/saml.rb line number 90
Related
I am using the omnicontacts gem so that users can invite their contacts on my website. I have set it up successfully for Google.
I have setup an omnicontacts controller with the contacts_callback method as suggested by the gem's readme.
and a route: get "/contacts/:importer/callback" => "omnicontacts#contacts_callback"
At the initializer of omnicontacts.rb I have the followings:
require "omnicontacts"
Rails.application.middleware.use OmniContacts::Builder do
importer :gmail, "hidden-client-key", "hidden-secret-key", {redirect_path: "/contacts/gmail/callback"}
importer :facebook, "hidden-client-key", "hidden-secret-key", {:redirect_path => "/contacts/facebook/callback" }
importer :hotmail, "hidden-client-key", "hidden-secret-key", {redirect_path: "/contacts/hotmail/callback"}
end
The last two (facebook and hotmail) according to the gem's readme file do not need a redirect_path but just in case I tested both with it or not and I still get an error that the redirect_uri is invalid. As I was searching for a solution I found a place that the :redirect_path was instead :callback_path and tried that as well but no luck.
On the Microsoft app (for hotmail) I was getting a longer description on the error which was:
The provided value for the input parameter 'redirect_uri' is not
valid. The expected value is
'https://login.live.com/oauth20_desktop.srf' or a URL which matches
the redirect URI registered for this client application.
As a result I went on and registered a redirect URI for this client application. The URI was http://example.com/contacts/hotmail/callback which matches the callback path.
Still, getting the same error. Any clue?
Look like you miss to pass you domain details from where you like to access your application please see in image and try to add you domain and try again..
same you need to do it for hotmail app
I've been using the gem LinkedIn OAuth 2.0. Right now I can get it to generate the linkedin signin page. However, the next thing that is supposed to happen is it sends to my callback link a code which I use to generate an access token. The problem is that the variable 'oauth' is generated in the authenticate action but then needs to be used again in the callback action. I've tried generating the oauth variable again using the exact same parameters, but when I do that I get an SSL certificate error. It seems like the exact same oauth instance needs to be used in both cases. Let me know if you have any thoughts. My code is below:
def authenticate
require "linkedin-oauth2"
LinkedIn.configure do |config|
config.client_id = "Mycode"
config.client_secret = "Mysecret"
# This must exactly match the redirect URI you set on your application's
# settings page. If your redirect_uri is dynamic, pass it into
# `auth_code_url` instead.
config.redirect_uri = "http://localhost:3000/auth/linkedin/callback"
end
oauth = LinkedIn::OAuth2.new()
url = oauth.auth_code_url
redirect_to url
end
def callback
require "linkedin-oauth2"
code = params[:code]
access_token = oauth.get_access_token(code)
api = LinkedIn::API.new(access_token)
my_job_titles = api.profile(fields: ["id", {"positions" => ["title"]}])
puts my_job_titles
redirect_to("/")
end
end
Getting an SSL certificate error doesn't mean that the instantiation is wrong. I don't know that gem, but I can't see why would that be a problem.
The require and the configuration block should not be inside the method (maybe you forgot the configuration from the second method?); the best place for those is in config/initializers/linkedin_oauth2.rb.
If you don't want to load it at startup, then you can put those in a private method oauth with memoization:
def oauth
#oauth ||=
begin
require "linkedin-oauth2"
LinkedIn.configure do |config|
...
end
LinkedIn::OAuth2.new()
end
end
If the SSL error still occurs, you should investigate that. You can try creating a simple Ruby script with some example from the gem's readme, just to test the connection to LinkedIn.
Looks like the gem is using the faraday gem for HTTP, you can also try using that directly to make a simple call to LinkedIn.
The URL's seem right (Last updated them yesterday):
The files too:
omniauth.rb:
provider :google_oauth2, 'MY_CLIENT_ID.apps.googleusercontent.com', 'MY_CLIENT_SECRET',
:scope => 'https://mail.google.com/mail/feed/atom/'
Error: redirect_uri_mismatch
The redirect URI in the request: http://localhost:3000/auth/google_oauth2/callback did not match a registered redirect URI
header.html.erb
<li><%= link_to "Sign in with Google", "auth/google_oauth2" %></li>
routes.rb:
match '/auth/:provider/callback', to: 'sessions#omniauth_create'
But I'm getting this:
> Error: redirect_uri_mismatch The redirect URI in the request:
> http://localhost:3000/auth/google_oauth2/callback did not match a
> registered redirect URI
(Twitter and Facebook OmniAuth are working perfectly)
Not sure what is the problem. Any usggestions to fix this?
EDIT
I changed the URI to http...:
But still getting the same error.
It looks like the request is hitting http://localhost:3000/auth/google_oauth2/callback, but your specified redirect URI matching the similar pattern is for https. Adding http://localhost:3000/auth/google_oauth2/callback to your list of redirects may potentially solve that issue.
EDIT: Another potential fix is including a trailing / in the corresponding redirect URIs, which appeared to work in this case.
There's a relatively fresh issue with omniauth-oauth2 gem version 1.4 https://github.com/intridea/omniauth-oauth2/issues/81#issuecomment-151038559
Temporary fix is to downgrade that gem explicitly in the Gemfile
gem 'omniauth-oauth2', '~> 1.3.1'
foo
vi config/initializers/omniauth.rb
OmniAuth.config.full_host = 'https://localhost:3000'
Rails.application.config.middleware.use OmniAuth::Builder do
provider :google_oauth2, 'google_client_id', 'google_client_secret'
end
Sharing a very simple copy-paste solution that worked for me.
I copied whatever I was specifying in my code as redirectUri i.e. "redirect_uri": "http://127.0.0.1:3001/" and pasted the value of this key inside the Google settings that ask for Authorized redirect URIs. This way I'm ensured that both the parameters are same.
If the url was computed, I would console.log() it and copy it from the console window before pasting it in for google settings.
I tried all of the above but didn't work for me. In the end noticed in my error message my call back was slightly different. I had a users between localhost:3000 and auth. Not really sure why.
http://localhost:3000/users/auth/google_oauth2/callback
Changed it, waited 30 mins and it worked.
This is the error that I see when trying to login via facebook, I always see that error. Can't seem to get rid of it:
Could not authorize you from Facebook because "Csrf detected".
I put a skip:
skip_before_filter :verify_authenticity_token
on the Omniauth callback, but still I get the error. This is in both local and prod (heroku) environments. I have set the heroku environment variables. Any idea?
I had the same issue you have on the same day!!
I thought it was a gem update or something like this but not at all.
With a deep debugging I found that omniauth "Callback phase initiated." was called twice.
It was due to a stupid double initialization of
provider :facebook, .....
One in config/initializers/devise.rb and in another initializer.
I hope it will give you an hint to find your error
I found that the problem was the gem was too new and passing a STATE header to facebook, which fb didn't want. I rolled the omniauth-facebook gem version back and it worked
Are you sending a p3p header maybe add...
before_filter :set_p3p
private
def set_p3p
headers['P3P'] = 'CP="ALL DSP COR CURa ADMa DEVa OUR IND COM NAV"'
end
to your application controller
I am trying to log into a ftp account with rails, but the authentification fails and i don't know why. My html page calls a method :
test(site.host,site.ftp_user,site.ftp_pw)
My helper defines this method :
def test(host_ip,user,pass)
ftp = Net::FTP.new(host_ip)
ftp.login('user','pass')
ftp.system
ftp.close
end
The information is working with FileZilla so the problem is somewhere else. Any idea ?
I'm getting confused with what should be between quotes or not. I mean site.ftp_user and site.ftp_pw are strings so i don't know why i have to use quotes. But if i don't use them, i get a gettaddrinfo error...
Here is the SocketError i get when removing the quotes :
getaddrinfo: Name or service not known
Kinda lost here :/
Yeah, you want to remove the quote for user and password in your helper.
Then, what line is the getaddrinfo error on? maybe you can share it here.
Is it on the ftp.system line...if so it looks like system may not be the method call that you want.
If you want to open a file or something checkout the examples here http://stdlib.rubyonrails.org/libdoc/net/ftp/rdoc/classes/Net/FTP.html