I am using spring security Saml 2.0.I ran the sample application provided by spring security
(idp.ssocircle.com as identity provider).And it is running successfully.
Now I am tring to implement it in my application .
my application is redirecting successfully on idp and asking for username password.After putting credentials it is giving error message "unable to single sign out or federation" on idp.ssocircle.com site .I am unable to get control it to my application .
Related
I have created an app using ASP.NET Core 6 MVC application. I am using the Microsoft.Identity platform for authentication (Azure AD authentication). It worked fine locally. User is able to sign-in and sign-out and able to navigate. When signing in with wrong password or username then user getting an error.
But when hosted the same code on Azure App Service and when accessing the app the 401 error occured. HOw I fix that issue. As I mentioned everything works fine locally so no issue with registration clientId or any other registration level info.
WebConfig file
AppService configuration
As mentioned in the question, if you enabled Azure Active Directory, there is no need to you to login and logout explicitly. As you are trying to do those operations locally, it must be they are not configured perfectly locally also. The same error it is causing while moving and accessing in Azure App Service.
Kindly check the following things in configuration:
1. Configuration of IIS before deployment
2. Configuration of AAD
These two steps could solve the issue.
I am developing a web application using asp.net MVC 5 that is integrated with ADFS. After login to ADFS using credentials I get this error:
Microsoft.IdentityServer.RequestFailedException: MSIS7012: An error occurred while processing the request. Contact your administrator for details. ---> Microsoft.IdentityServer.Service.SecurityTokenService.EmptyOrMissingWSFederationPassiveEndpointException: MSIS5004: The WSFederationPassiveEndpoint address is not configured on the relying party trust identified by the endpoint 'https://xxxxx.xxx.com'. It is required to process the current request.
please advise ..!
I am new for WSO2 and using for the authentication in iOS app but i am getting authentication error after providing profile and username permission.
Getting "Something went wrong during the authentication process, Please try signing again"
WSO2 server is setup remotely and SSL certification also configured.
Step 1
Step 2
In iOS app I am using AppAuth SDK for authentication. Demo code is working fine with other identity server(Gluu and identity) but getting error with WSO2 identity server.
I have dockerized our Angular application which have been using WSO2 as API manager . After doing the configurations, i was able to run the application successfully and able to hit all existing api's. The only issue arises when i tried to use oath2/token api for performing login operation of our customer . Even though, the same code was used to perform authentication earlier(before dockerization) without any issues,now i am getting error as
{
"error": "invalid_grant",
"error_description": "Provided Authorization Grant is invalid"
}
Token generation api for login :
https://<myapplicationurl>:9443/oauth2/token
Errors am getting in docker console while trying to login using username 'devtest7#mailinator.com' :
Things to note :
WSO2 AM version is 2.1.0 , WSO2 IS version is 5.3.0
Arguments(headers & parameters) for the request is the same as that
used earlier(except the username and password).
I am able to create a new users and the corresponding user is listed
in Carbondb users list.
The issue exists while trying to login using existing user as well as
newly created users.
I have recently generated new ssl certificate for the application.
Able to login using super admin only . Login using newly created email and username is not working.
I tried solutions seen on stackoverflow which doesn't fixed my issues. Can any one please help?
There is a line in the above logs saying that SP tenant is not equal to user tenant and SP is not SaaS. Are the SP and users are from different tenants? Normally users cannot access SP across different tenants.
If you want to make the SP accessible across different tenants then you need to enable SaaS application option in the SP. Check this doc to learn more about SaaS application https://docs.wso2.com/display/IS530/Adding+and+Configuring+a+Service+Provider
Thanks for everyone who commented and tried to figure out the solution for the issue i mentioned. I got the resolution for the issue . As i tried multiple times to login by doing permutations and combinations in configurations, authentication was blocked for me. As a reason, i couldn't login and generate access token . I was able to resolve it by changing a flag in identity.xml file inside IS .
Changed the UserOperationEventListener enabling from 'true' to 'false' .
Before:
<EventListener enable="true" name="org.wso2.carbon.identity.governance.listener.IdentityMgtEventListener" orderId="95" type="org.wso2.carbon.user.core.listener.UserOperationEventListener"/>
After:
<EventListener enable="false" name="org.wso2.carbon.identity.governance.listener.IdentityMgtEventListener" orderId="95" type="org.wso2.carbon.user.core.listener.UserOperationEventListener"/>
This change allowed me to block the invalid authentication check. We are anyway adding that check from our code side.
According to the logs, it says
Non-SaaS service Provider's tenant domain is not same as user tenant
domain; carbon.super != mailinator.com
From the logs, the SP's is in the carbon.super tenant. But it considers the user as in the tenant mailinator.com.
When we specify the username for password grant with email as username, we have to use the full username with the tenant domain. (devtest7#mailinator.com#carbon.super).
I just installed springsecurity core and spring security openId plugins. I am able to login in my application using a yahoo account, but I am unable to login using gmail account. I am getting the following error message :
ERROR consumer.ConsumerManager - Association attempt, but no
discovey endpoints provided.
I am following the instructions in section 3 here : http://burtbeckwith.github.com/grails-spring-security-openid/docs/manual/index.html
I am unable to find any place where I could configure the discovery endpoints. Any help would be appreciated.
OK my mistake the username should be https://www.google.com/accounts/o8/id rather than xyz#gmail.com. Answered by Burt Buckwith. This is not any config property just that user enters this url in username field.