Referring to the documentation here:
https://grails-plugins.github.io/grails-spring-security-core/guide/authentication.html#rememberMeCookie
I'm unable to get grails_remember_me to use secure cookie even though I've set it accordingly in Config.groovy:
grails.plugin.springsecurity.rememberMe.useSecureCookie = true
Am I missing something here?
Related
I have a ADF flow where I first retrieve an Oauth 2.0 token which then should be used in an Odata request.
This works perfect if I first extract the token and then hard code it in the auth headers(Bearer xxxxxxxx).
However I want to use a variable which I set earlier in the flow in this value. Like "Bearer [variable]". I have tried with the following: "Bearer #variables('Token')" but it doesnt work. I have double checked and the variable 'Token' is getting the correct token value so this should not be the problem.
enter image description here
So my question is whether it is possible to use variables in the Auth Header section?
I have tried to use "Bearer #variables('Token')" in the Value field for Auth Headers. This doesnt work unfortunately.
I reproduced the same thing in my environment and got this output
Create a web activity and generated a bearer token with a sample URL and Create a parameter variable with the name Token
Create a set variable and use this dynamic content value #activity('Web1').output.data.Token
*Then, I created a copy activity with Additional headers.
As suggested by #Scott Mildenberger*
Authorization: #concat('Bearer ', variables('token'))
Pipeline successfully executed and got the output:
I have been using some tutorials to understand what properties must be set in the application.yml. There does not seem to be any documentation on the complete set of properties that can be set. Here's an example
security:
saml2:
relyingparty:
registration:
samlexample:
signing:
credentials:
- private-key-location: "classpath:credentials/private.key"
certificate-location: "classpath:credentials/certificate.crt"
decryption:
credentials:
- private-key-location: "classpath:credentials/private.key"
certificate-location: "classpath:credentials/certificate.crt"
identityprovider:
singlesignon:
sign-request: false
# metadata-uri: https://dev-2148273.okta.com/app/exk2iacdpvAt1bS3D5d7/sso/saml/metadata
metadata-location: "classpath:okta-metadata.xml"
Does anyone know of documentation related to which SAML properties I can set ? For example the last property is not correct. Instead of a URI, I wanted to create a file with the metadata and use that in the application.yml but I dont know what the property name is.
It would be helpful to have a webpage with documentation on the SAML 2 properties that can be set in application.yml.
I think you can deduce the full number of parameters in the class RelayingPartyRegistration which is what a registration is instantiated into:
https://docs.spring.io/spring-security/site/docs/5.5.3/api/org/springframework/security/saml2/provider/service/registration/RelyingPartyRegistration.html
As a matter of fact, there are ways in which you instead of adding properties add the registration as a class manually in which case this restriction should be obvious. Check example 130 here : https://docs.spring.io/spring-security/site/docs/current/reference/html5/#servlet-saml2login-sansboot
I wanted to create a file with the metadata and use that in the
application.yml but I dont know what the property name is.
I was able to use the file:/// URI prefix for the same metadata-uri property value. For example, a metadata file on a different Windows computer:
metadata-uri: file:///\\server\share_name$\path\to\file\metadata.xml
You might be able to adapt that for a file on the same server and provide only the absolute path.
I have been using some tutorials to understand what properties must be
set in the application.yml. There does not seem to be any
documentation on the complete set of properties that can be set
My sympathies, I have the same problem.
Token is generated and stored as ${token} variable but when i check Result Tree for login Authorization header is missing, same as value. What's wrong? Error in project structure?
data
We cannot stay "what's wrong" without seeing your HTTP Header Manager setup so I can provide only generic piece of advice:
Make sure that your token variable exists and has its respective value, it can be done using Debug Sampler and View Results Tree listener combination
If your variable is fine - make sure to manually add it to the HTTP Header Manager as an Authorization header like:
For prebid-server the example shows json='{"pageOpts": {"member": 958,"invCode": "ast_guaranteed_prios_1","..., especially the member value. Without setting this, requests to https://ib.adnxs.com/ut/v3
fail with
{"error":"Could not find valid member in request"}
What is pageOpts.member? Which value should it be set to?
The example you gave is not for prebid-server, it is for accessing Appnexus directly. In order to setup prebid server you should follow their AMP instructions here. Also, to debug the auction on the client side you can add: &debug=1 to the url that sends the request to prebid-server, it generally is prebid.adnxs.com/pbs/v1/openrtb2/amp?, however that will be different if you use your own hosting.
So the thing is, this code works very well:
response["set-cookie"]="cookieName=#{#cookieValue.split.join}"
I can set a cookie, with a correct name and content (yes, split.join is correct too). But I need to set a domain too.
My website goes on domain like this: mysubdomain.mywebsite.com
But I need to set the cookie for domain mywebsite.com.
If I add it like this, the cookie is just not there:
response["set-cookie"]="cookieName=#{#cookieValue.split.join};Path=/;Domain=mywebsite.com"
I need to set a cookie with response["set-cookie"] because it is the only method that works for my long string. I tried every method, but I need to use this one.
So the question is: How can I set a domain by using response["set-cookie"] for setting cookie?
Well, prefer using an initializer here. Create a new file config/initializers/cookies.rb, and put the following code there:
options = {
key: 'your_cookie_name',
domain: 'your_domain'
}
Rails.application.config.session_store :cookie_store, options
This will make your cookie-related configuration at one place, although, it's not mandatory. You can still use the domain option to specify domain name for your cookie.
I wasn't able to make that works. I think Rails have some safety mechanism that prevents this (but it is correct to set cookie for domain from subdomain).
But I was able to do it by javascript:
document.cookie = "#{#cookieName}=#{#cookieContent};domain=yourdomain.com"
One line of code, works perfectly. Just put it in your view or to separate file and require it in application.js I am on subdomain but finally can set cookie for parent domain.