I'm building a rails application and have successfully implemented Okta single sign on using the 'devise' gem and 'devise_saml_authenticable' gem. Everything is working great and I am able to successfully log into the app using my Okta account.
The one issue that I am facing is that if a user logs in that has an Okta account, but no account within the application, Otka goes into an endless redirect loop. How would I go about redirecting the user to a login error message or page instead?
Actually, I found out the reason for the issue. It was because, by default, Devise will redirect you back to the login page (http://localhost:3000/users/sign_in) if the user was unable to successfully authenticate (i.e., 401 error). If the user is signed into Okta, when they get redirected to the sign_in path then it tries to do the Okta authentication again, resulting in an endless loop.
To fix this I had to change Devise's default redirect, as instructed by this wiki:
https://github.com/plataformatec/devise/wiki/How-To%3a-Redirect-to-a-specific-page-when-the-user-can-not-be-authenticated
Related
I have an app that all works fine for authentication and it uses Oauth2 (Google).
Now, I am struggling with the logout URL for this app. It works, but I am under the impression that it is possible to logout of it and remain logged into my gmail account please? Currently, ALL accounts are logged out of so the two gmail accounts need to go through login each time the app is used and log out is pressed.
I have read that this is possible but this is the URL that I am using to Log out
https://www.google.com/accounts/Logout?continue=https://appengine.google.com/_ah/logout?continue=http://news.bbc.co.uk
I am sure it can be done because I did it in a former role but do not have the code!
I am using Docusign's docusign_esign gem in a Rails 7 app with great success in local development (localhost:3000).
The issue is when the app gets deployed to the cloud, the signing work flow breaks. Instead of getting redirected to the document to sign after successfully completing the initial SSO step, User gets redirected to their Docusign profile page.
Here's the breakdown of steps:
User signs into the rails app
User gets redirected to the embedded workflow
the first step of which is a sso login
then the user should get redirected to the document, but the issue is that get forwarded to the user's profile (the settings, etc)
Anyone have any insight into what this could be? Thanks!
unwanted 302 after successful SSO image
Rails 7.0.3.1
docusign_esign 3.18.0
ruby 3.0.2
Found the answer.. Was a simple config issue, I was missing the DOCUSIGN_INTEGRATION_KEY in the release environment.
I have a RoR app using omniauth. I want to allow the user to log out so that they can sign in with a different Facebook user, but no matter what I do, once a user logs into FB, it keeps them logged in.
I have tried:
https://www.facebook.com/logout.php?next=&access_token=
To no avail. I also tried the reauth option for omniauth-facebook but that resulted in the user being brought to FB rather than to my specified redirect URL.
Its easy, add this to your javascript initialization code: (after FB.init)
FB.logout(function(response) {
FB.Auth.setAuthResponse(null, 'unknown');
setTimeout('document.location.reload()',0);
});
And the button of sign out:
Logout
Using the approach https://www.facebook.com/logout.php?next=&access_token= will make your user leave your page, as facebook won't redirect to your website again.
I hope this will solve your problem.
Heroku hosted Rails 3.2.2 app using Devise and Omniauth.
I'm currently getting the facebook userid via post when opening the app. If the user exists, I automatically log them in and it all works peachy. If they don't, I redirect them to
user_omniauth_authorize_path(:facebook)
Which gets "/users/auth/facebook" - and the Facebook 'permissions request' dialog. If the user accepts, OmniauthCallbacksController#facebook is called, which signs the user in and redirects them to the app's home page. But on that last redirect, they are being redirected out of the Facebook iframe.
I'm out of ideas as to why this is taking me out of the iframe. Any suggestions?
Minor correction, I don't ask new users to authenticate automatically. They have to press a button to engage with the site before being asked for permissions.
In your omniauth.rb initializer, put
OmniAuth.config.full_host = "http://apps.facebook.com/canvas_url/"
Trailing / was necessary if I remember correctly.
This should keep you within the Facebook frame.
I'm using the Facebook login with Koala for my RoR web application.
I'm using Clearance authentication, and when user logs in with Facebook I'm recognizing the site existing user or subscribing a new user.
I am having an issue with logging out:
I'm trying to logout of the site without logging out of Facebook.
As I understood from the FB API, I should use the url for logging out:
"https://www.facebook.com/logout.php?next=#{sign_in_url}&access_token=#{access_token}".
When directing to that URL it seems like cookies changed, but then on the sign_in page when getting to the parse facebook cookies part (for checking if user logged in to facebook), the
oauth.get_user_from_cookies(cookies)
returns:
OAuthException: Code was invalid or expired. The session is invalid because the user logged out
Like it deletes the whole session instead of just change the cookies...?
* I checked and the cookie fbsr_... still exists! shoudln't it be changed to fbs_...?!
I would appreciate help on this.
Thanks a lot!
Moozly.