I am sending out a newsletter and I will have links that go to secured pages. How do I set up WebLogin to redirect to the originally requested page once the user has logged in?
This is the behavior that I want:
Enter the URL www.mysite.com/protectedpage
Redirected to login page.
Successful login.
Redirected back to www.mysite.com/protectedpage
Using
MODx Evolution 1.0.14
WebLogin 1.1
PHP Version 5.3.6
Apache 2.0
MySQL 5.1.46
Any help appreciated. Thanks.
Being an Evolution extra the documentation is extremely light, however the source code suggests that WebLogin will take note of $_REQUEST["refurl"] (see git) which looks like it supports both resource alias and resource id.
Try adding a hidden form element to your login page with the id of your protected resource.
<input type="hidden" name="refurl" value="PROTECTED_PAGE_ID" />
Related
I'm struggling with Keycloak for what seems a simple problem and, after reading a lot of stuff about the subject, nothing solved my problem yet.
The problem is that I call a url with fragment like http://hostname:8080/somewebui/#!builder/site.com:manager:manager/1.0.0/hostname=anotherhostname.
The fragment after the # allow me to pre-fill fields on the site so that the user has just to click on a button to save the data.
The site is protected by Keycloak.
If I'm already logged on the site and I call this URL, it work fine, the site opens and the requested fields are filled, it's perfect.
On the contrary, if I'm not yet logged on the site (most usual case), the login page managed by Keycloak is displayed asking to enter credentials, which is normal.
But after I successfully enter the credentials, Keycloak redirect me to http://hostname:8080/somewebui/, without the fragment.
My question is therefore simple, how can I said to Keycloak to keep the fragments after a login ?
Thank you in advance,
Seb
https://www.rfc-editor.org/rfc/rfc6749#section-3.1.2
The endpoint URI MUST NOT include a fragment component.
So fragment in redirect URI can't be supported if the standard is implemented correctly.
I have a search controller which lists search results for users. For anonymous users (not logged in) I want to display the page as http.
For logged in users (authenticated) I want to display the page as https. The reason being is authenticated users will see an additional link in their search results. The link pops up a modal dialog form that needs to send a secure form.
I'm using grails 2.2 and spring security plugin 2.0. I haven't found anything in the spring security config files. It looks like a page can be https or http, but not rendered either way depending on some condition.
I prefer not to do all https for performance reasons. How could I do this, with some type of filter?
I am working on a new mvc4 site,and am using mvc4 forms authentication.
the users of the site expect to be able to login to the companies main site and click on a link and go to this new site i am developing. the old site stores the logged in user in a session variable. is it possible for me to check if the session variable exists and log the user in to my forms authentication? or will they need to login again?
Make the same machineKey section in your web.config in system.web like this:
<system.web>
<machineKey validationKey="SAME_KEY_GOES_HERE" ... />
...
You can generate machineKey here.
Then your goal is to pass all the authentication cookies from one website to another. I think you can store them in database, and provide authenticated users with an unique link to your new website. New website can read the key from database, and set cookie values obtained from the existing website. After that, user will be authenticated on your new website.
Update:
There could be easier and little bit less secure way of doing this. Don't keep cookie data in database, just create a form on the first website with post action. This form must contain all authentication cookies in hidden values. Action of the form must point to your second website. On the second website, you just need to place submitted form values to cookies. That's it! Much easier! (yep, and you need same machine key)
I've written a custom plugin that allows for url login. Users entering my Moodle site this way, all come from the same external site and can be identified based on the url.
When their login fails, I would like to redirect them back to a "login failed" page on the external website, instead of the normal login failed routine on my own moodle site.
Is there a function in Moodle to redirect users from within an authentication plugin? Part of the problem is that by the time the plugin is being processed, the header has already been processed. Setting variables in the header is therefore not effective.
Any help is appreciated.
I believe you could do this with loginpage_hook() in your auth plugin as this is called before output, then using the moodle redirect() function in your plugin. See auth/ldap/auth.php for a non-trivial example of doing that.
I'm using PrettyFaces 3.3.3. I have a requirement that if a user tries to view a page, but is not logged in, they are sent to the login page, and then redirected to the original page they wanted to view. Just wondering what would be the best approach for this.
You probably want a security framework here. The basic idea is that you'd want to intercept the requested URL in your security filter, save it into the user's session, then once authentication is complete (e.g. user has submitted the form with their credentials, or whatever mechanism you're using) you retrieve the saved URL from the user's session and perform a 302 Redirect to it.
This is not something PrettyFaces will help you with directly, except that you can use it to capture the URL more easily using PrettyContext.getCurrentInstance(request).getRequestURL();
There is an article about this here: http://ocpsoft.org/java/jsf-java/spring-security-what-happens-after-you-log-in/
Using OCPsoft Rewrite (core of PrettyFaces 4) you can do this programatically as well, and even do the authentication directly in your security rules or annotation config: https://github.com/ocpsoft/prettyfaces/blob/master/annotations/src/test/java/org/ocpsoft/prettyfaces/annotation/jaas/JaasRolesBean.java
This is an upcoming feature but is not yet complete - we would love feedback.