Currently I am working on rails 4 project, and now I have to link / connect another application (not so).
Say, I have a link as 'Connect to example.com' and when user clicks on the link it will open the sign in page of example.com.
After entering credentials, it will redirect from example.com to my site.
As per my understanding I have to use Oauth.
So can any explain the approach for implementing this?
Thnaks
Use this Gem Domp https://github.com/AlexanderZaytsev/domp
It provides omniauth authentication for many platforms. There is a complete list of authentications it provides on this page:
https://github.com/intridea/omniauth/wiki/List-of-Strategies
Related
I'm trying to connect to Freshdesk using OAuth 2.0, for single sign-on from my app. My app is serving as it's own OAuth identity provider. I've set up my Authorization url on Freshdesk -- let's call it https://www.myWebApp.com/auth:
So now for testing purposes I go to the URL that Freshdesk support provided for a user to initiate the single sign-on process:
https://myWebApp.freshdesk.com/login/normal
...and I see a nice sso-style login screen:
I enter a correct email and password for one of my site users and click "Login".
Now in the Chrome network tab, I would expect to see Freshdesk trying to ping my Authorization URL. But I don't. I see this:
When loaded, my auth page (https://myWebApp.com/auth) pings my server, which issues a console.log() message, and my server logs show no such console log message -- so Freshdesk doesn't seem to be pinging my auth page at all.
What is keeping Freshdesk from pinging my auth page as it should?
There is probably a fair bit here that you have in place already but I am just adding it in for completeness.
Logged into the backend and on the security page for contacts
https://stackoverflow.myfreshworks.com/security/contacts
[stackoverflow == your site :) ]
you will have to create a Custom Policy if you don't have one in place already (this is different to the one for Agents)
And for that configure your SSO with Oauth 2.0
Then , if you have at least one SSO configured your login (at https://stackoverflow.freshdesk.com/support/login ) should look like this:
Where (1) now appears. That will be the link to ping your server via the urls you set up for the SSO:
If you only have one SSO set up for your contacts that link (1) should complete the sign-in process directly and then you should end up logged into Freshdesk as the specific contact.
If you had two SSO options set up; for example:
..when you clicked the link (1) on the https://stackoverflow.freshdesk.com/support/login page, you should then be redirected to a page with those two options:
The url for that page is something like (parameters will be different for you):
https://stackoverflow.myfreshworks.com/login
?redirect_uri=https://stackoverflow.freshdesk.com/freshid/customer_authorize_callback
&client_id=14416083630394368&slug=6117145232763
I am imagining you could use that as a direct link to the portal on your main site.
If you only have one SSO option set up you should be able to navigate directly to the link as above and then see :
which is probably what you are aiming for.
I changed the name of that button (Sign in with contacts SSO) just to be sure I was using the right one and to differentiate from the login for agents. You can change the text under the Advanced Options when configuring the SSO:
Hope this helps you along the way - if you have any other questions on this post them as comments.
I've been trying to use the Grails Spring Security OpenID plugin and while following the tutorial instructions https://grails-plugins.github.io/grails-spring-security-openid/docs/manual/guide/tutorials.html it just doesn't work at:
Navigate to http://localhost:8080/openidtest/secure/admins and you should be prompted with the login screen. Leave the Use OpenID checkbox checked and enter a valid OpenID. Don't check the remember-me checkbox yet (it doesn't work with the extended workflows where you create a new user or link an OpenID) and click the "Log in" button.
After authenticating at the OpenID provider, you'll be redirected to the registration page. Note that there's a link to just associate the current OpenID with a local account - for now click the "link this OpenID" link.
When I try to log in, I simply get:
Sorry, we were not able to find a user with that username and password.
The documentation is not recent, and last I saw in some other post was that Burt said he had some github issues and had not been able to updated it (I think it was a stackoverflow comment around October 2013).
Does anyone know if there is a configuration or setting that must be changed? or a new step perhaps?
Thanks in advance
So I have come to this conclusion from reading a few different sources and trying things out. I stand to be corrected, however, the current solution is working for me.
My humble understanding: The OpenID input in the plugin requests a link from the OpenID Account provider (e.g. google) with which the user will be authenticated.
Websites can just have a link for each provider they want to support instead of asking for a link, so that you would have a "Login with Google" button with the link prefilled (which by the way is https://www.google.com/accounts/o8/id).
It can help to just look at how other websites do it. You can also just google openid and your provider to find out their links.
Note that some providers have a static link, while it looks like others have user specific links. I'm not yet sure how to deal with user specific links yet.
Let's say I have the following sites: ClientSiteA.com, ClientSiteB.com, ClientSiteC.com, MainServer.com
I am distributing a software to client sites. Anyone will be able to install the software so a site can not be considered trusted. MainServer.com will contain user information.
Users will interact with the software on client sites. A user will be able to click a login link on any client site which will bring up a popup. The popup can reside on MainServer.com. When a user logs in on any client, they will be logged in on ALL client sites as well as the MainServer.com. Remember, MainServer.com contains all user information.
I've done a lot of reading on SAML and OAuth2. Can someone tell me what is possible? If it is possible, which tools/workflows should I use? If this isn't possible, can someone tell me something I can accomplish that is similar to this?
FYI - I am trying to accomplish something like what Disqus does. If you login to Disqus on any site, you are logged into all the sites.
You can accomplish this with SAML, although it will involve browser redirects not popups.
The first time use hits a protected site (ClientA) it redirects to MainServer.com. The user logs in, MainServer gives them a session and redirects them back to the service provider with a SAML authentication statement which then lets them in.
When the user then visits ClientB.com, it also redirects to MainServer.com for authentication. Because the user is already logged at MainServer it can invisibly bounce them straight back to ClientB.com with a new authentication statement. The user barely if at all notices.
The problem with the pop-up window approach is that users have to give their credentials for site A to site B. This is a big security hole if site B isn't owned and controlled by Site A. Users should only give their credentials to the site that is authenticating them to prevent them being compromised. SAML and other federated/distributed auth mechanisms were designed with that in mind. I wouldn't want to give the keys to my email account to random sites on the internet but with this method I can log into stackoverflow with my gmail account.
I am currently using Devise+Omniauth on my Rails 3 app to authenticate users. My client saw this and doesn't like how omniauth redirects you away from the site. He wants something like on digg.com, which I believe uses facebook connect to authenticate (and opens in a popup instead of redirecting).
What are some arguements for my client to keep him using the Omniauth method? Why is it better than Facebook connect.
And failing that, are there any good resources for logging users in with a facebook connect popup window? Or really anything involving facebook and a popup.
Thanks!
OmniAuth supports login via the Facebook Javascript SDK, which works through a popup. You just need to include the right files. I don't remember all the details, but this should help:
https://github.com/intridea/omniauth/issues/120
I would like to know the best way of implementing automatic login to my web site. What I mean by automatic is this:
I've already signed into Google. I now go to my web site and its login page. Instead of clicking on the link to login with Google I would like the web app to detect that I'm already logged into Google and bypass the whole login page.
1) Would I use the DotNetOpenAuth.OpenId.RelyingParty.OpenIdAjaxRelyingParty.HttpApplicationStore to get associations?
2) Or do I need to look at cookies.
To your "1) Associations" guess, no. Associations that the RP may already have with Google are irrelevant to who the user is at the browser or whether they're logged into Google. Your "2) cookies" won't work either because browser isolate Google's cookies from those of your RP so you have no insight into that.
Hbas was right. I think Auto Login user to website when user is logged in to FB or google - DotNetOpenAuth has the answer to your question.
Distant memory suggests that Google had a way to disclosing to an RP that the user was logged into a Google account (with no way to identify which user or auto-login that user) with the idea being that the RP could then promote the "login with Google" button since you know the user has a Google account. However that wasn't well advertised (privacy concerns probably) and I can't find any info on it at the moment.