I am getting the below error when trying to use SSO for mattermost with gitlab. How do you enable OAuth2 in Gitlab?
GitLab Mattermost needs your help:
The system admin has turned off OAuth2 Service Provider.
Go back to Mattermost
My /etc/gitlab/gitlab.rb looks like this -
mattermost_external_url 'http://url/'
mattermost['gitlab_enable'] = true
mattermost['gitlab_id'] = "code123"
mattermost['gitlab_secret'] = "code456"
mattermost['gitlab_scope'] = ""
mattermost['gitlab_auth_endpoint'] = "http://url/oauth/authorize"
mattermost['gitlab_token_endpoint'] = "http://url/oauth/token"
mattermost['gitlab_user_api_endpoint'] = "http://url/api/v3/user"
I enabled mattermost['service_enable_oauth_service_provider'] = true, but it gave me a different error. Maybe this is all you need.
Related
django-allauth been used
ACCOUNT_AUTHENTICATION_METHOD = 'email'
ACCOUNT_USERNAME_REQUIRED = True
ACCOUNT_EMAIL_REQUIRED = True
LOGIN_REDIRECT_URL = 'xxx:index'
ACCOUNT_LOGOUT_REDIRECT_URL = 'account_login'
ACCOUNT_LOGOUT_ON_GET = True
ACCOUNT_EMAIL_SUBJECT_PREFIX = ''
ACCOUNT_DEFAULT_HTTP_PROTOCOL = 'https'
ACCOUNT_UNIQUE_EMAIL = True
DEFAULT_FROM_EMAIL = 'tttt#gmail.com'
EMAIL_BACKEND = 'django.core.mail.backends.smtp.EmailBackend'
ACCOUNT_EMAIL_VERIFICATION = "mandatory"
I set this in settings.py and I runserver, sign up and then received an email such as
You're receiving this e-mail because user jjjj#gmail.com has given your e-mail address to register an account on example.com.
To confirm this is correct, go to https://eeee.cloud9.us-east-2.amazonaws.com/accounts/confirm-email/4444/
so I go to the link but then I cannot login. Instead, I receive another mail and I got no error message. I am sure that I use ID and password correctly. What should I do?
Cloud 9
Python 3.7.9
Django 2.2.17
django-allauth 0.44.0
When I go to the link in VERIFICATION, I like to login.
This issue was resolved by myself. The order of url in urls.py was wrong.
urlpatterns = [
path('accounts/', include('allauth.urls')),
re_path(r'^accounts/confirm-email/[^/]+/', RedirectView.as_view(pattern_name='timeline:index'), kwargs=None),
]
is a right order.
re_path(r'^accounts/confirm-email/ should come after path('accounts/',
The below code failed with error Token Validation finished.{"Validation Result":"Failed","Failure Reason":"EXTERNAL_OAUTH_JWS_CANT_RETRIEVE_PUBLIC_KEY"}
SELECT SYSTEM$VERIFY_EXTERNAL_OAUTH_TOKEN('ey...')
Security integration:
create or replace security integration external_oauth_azure
type = external_oauth
enabled = true
external_oauth_type = azure
external_oauth_issuer = 'https://sts.windows.net/xxxxx/'
external_oauth_jws_keys_url = 'https://login.microsoftonline.com/xxxxx/discovery/v2.0/keys'
external_oauth_audience_list = ('https://xxxx.ap-southeast-1.snowflakecomputing.com')
external_oauth_token_user_mapping_claim = 'upn'
external_oauth_snowflake_user_mapping_attribute = 'login_name'
external_oauth_any_role_mode = 'ENABLE';
This issue can happen only if the external_oauth_jws_keys_url value is incorrect.
Are you sure the url used is correct? It should be the value copied from
Azure - App Registration - - EndPoints - OpenID Connect metadata document url, paste this url in the browser.
From that detail,copy the url for jwks_uri and use it for creating the security object.
Please reverify if the value used is correct and compare it once again.
I installed Grafana on my Azure virtual machine. Now I want to set OAuth.
In defaults.ini I set the
name = my app
enabled = true
allow_sign_up = true
client_id = with my id
client_secret = with my client_secret
scopes = openid email name
auth_url =
token_url =
api_url =
team_ids =
allowed_organizations =
And this not work. Can anyone have some idea where I wrong.
Do not edit defaults.ini!
Use the following link to create or locate grafana.ini or custom.ini depending on your OS:
https://grafana.com/docs/grafana/latest/installation/configuration/
I would recommend that you copy the block of code for the OAuth provider you want to use to grafana.ini/custom.ini and then edit it to suit your need.
You may have to edit the URL under the [server] settings to allow for the correct redirect when using external OAuth
1.
I have setup a CAS server up and running at port: 8443 url -> https://ekansh/cas.
I can see the login page and i am successfully able to login using mysql database user table credentials. and even logout and see status.
I created a demo grails app, installed spring security plugin and created user role mappings by s2-quickstart. and scaffolding domains.
I added the
compile ":spring-security-core:2.0-RC4"
compile ":spring-security-cas:2.0-RC1"
dependencies.
Added configurations in Config.grovy
grails.plugin.springsecurity.cas.active = true
grails.plugin.springsecurity.cas.loginUri = '/login'
grails.plugin.springsecurity.cas.sendRenew = false
grails.plugin.springsecurity.cas.serviceUrl = 'http://ekansh:8095/app1/j_spring_cas_security_check'
grails.plugin.springsecurity.cas.serverUrlEncoding = 'UTF-8'
grails.plugin.springsecurity.cas.key = 'grails-spring-security-cas'
grails.plugin.springsecurity.cas.artifactParameter = 'ticket'
grails.plugin.springsecurity.cas.serviceParameter = 'service'
grails.plugin.springsecurity.cas.filterProcessesUrl = '/j_spring_cas_security_check'
grails.plugin.springsecurity.cas.proxyCallbackUrl = 'http://ekansh:8095/app1/secure/receptor'
grails.plugin.springsecurity.cas.useSingleSignout = true
grails.plugin.springsecurity.cas.serverUrlPrefix = 'https://ekansh:8443/cas'
grails.plugin.springsecurity.cas.proxyCallbackUrl = 'http://ekansh:8095/app1/secure/receptor'
grails.plugin.springsecurity.cas.proxyReceptorUrl = '/secure/receptor'
grails.plugin.springsecurity.logout.afterLogoutUrl ='https://ekansh:8443/cas/logout?url=http://ekansh:8095/app1/'
grails.plugin.springsecurity.providerNames = ['casAuthenticationProvider']
Nw when i run this app, i get redirected to cas server page, i enter the credentials, it logs me into cas server, but it sends me to the spring security login page with message that
Sorry, we were not able to find a user with that username and password. And i am not even able to sign in to the application from this point.
What am i missing ? Why am i getting spring security login page.
I also found that when i comment line grails.plugin.springsecurity.providerNames = ['casAuthenticationProvider'], i am able to login to the system. I have not altered the casAuthenticationProvider.
Any help would be appriciated.
I found the answer to my question after a lot of research. Basically i did mess up with the configurations of the cas server.
The user was getting logged into the cas server but a ticket was not being generated for the same user, thus it was still sending a user not authenticated response back to the application and spring security, was redirecting to the login page.
I'm running Grails 2.3.6.
My BuildConfig.groovy contains:
compile ":spring-security-core:1.2.7.3"
compile ":spring-security-ui:0.2"
compile ":spring-security-oauth:2.0.1.1"
My Config.groovy contains:
oauth {
providers {
google {
api = GoogleApi
key = 'my-google-api-key.apps.googleusercontent.com'
secret = 'secret_key'
successUri = '/oauth/google/success'
failureUri = '/oauth/google/failure'
scope = "https://www.googleapis.com/auth/userinfo.email"
callback = "${grails.serverURL}/oauth/google/callback"
}
}
debug = true
}
When the login process gets to the Google "Request for Permission" page the DIV with the ID "grant_heading" content displays:
my-google-api-key.apps.googleusercontent.com is requesting permission to:
...
How and/or where do I change "my-google-api-key.apps.googleusercontent.com" to something more informative to a naive user. I've looked in https://code.google.com/apis/console/b/0/?noredirect and cannot seeing anything obvious that would allow me to control "grant_heading" contents.
The solution to providing a friendly user acceptance screen is to use OAuth 2 as described here https://github.com/donbeave/grails-spring-security-oauth-google you will need to add some additional dependencies per http://grails.org/plugin/spring-security-oauth-google and http://grails.org/plugin/spring-security-core. I followed the described steps and ensured I had specified GoogleApi20. This provided the user acceptance screen I was after.