I want to implement following flow:
User goes to Login page
"Login with Facebook" button displays there
User logins with his Facebook account
"Login with Facebook" button disappears
"Logout" button appears
I have implemented everything I want, except displaying of controls depending on user signed in or signed out.
How I can do this on JSP level? Which variables I need to put in tag?
Thanks
Try to use authorize tag from Spring Security taglib in conjuction with SpEL expressions:
<%# taglib prefix="sec" uri="http://www.springframework.org/security/tags" %>
<sec:authorize access="isAuthenticated()">
Logout button goes here
</sec:authorize>
<sec:authorize access="isAnonymous()">
Login button goes here
</sec:authorize>
Related
OmniAuth 2.0 requires that requests to the IdP authentication server be POSTs instead of GETs.
What this means for most users is that on their login page, where they have links to OmniAuth providers like Facebook and Google, they change the method on those links or buttons to be POSTs. No problem.
But for one of my apps, we want it so that if authentication fails (like coming to the app and you need to login still) we redirect in a custom Devise::Failure App to the IdP authentication server. This means you come to our app with a GET request, of course, and we see you're not authenticated so we redirect you to the IdP. But we can't do that anymore because it has to be a POST. The only way I can see around it is I have to remove our custom Failure App so that you're redirected to the normal login page where our link to the IdP is.
Any ideas on how I can keep our current redirect straight to the IdP logic?
The answer is you can't do that with OmniAuth 2.0. You're not going to be able to redirect your DeviseFailureApp to the IdP's login page because that's going to be a GET.
Instead, have your Failure App return a redirect_url to a new controller action you can add in your SessionsController. I called it saml_redirect. Add a route for it:
devise_scope :user do
match 'saml_redirect' => 'sessions#saml_redirect', as: :saml_redirect, via: [:get]
end
That controller action doesn't really have to do anything but render an .html.erb. In that html.erb, simply have a hidden button which will do the POST to the IdP's login page, same as if you had a button to Facebook and a user clicked it. Then when the page loads, you automatically click the button. Here's the full code of the html.erb:
<div class="info_box">You are being redirected to your corporate network sign-in page</div>
<%= button_to "Login with #{ENV['saml_idp_name']}", user_saml_omniauth_authorize_path(provider: :saml), method: :post, id: 'saml_button', style: 'display: none' %>
<script>
function ready(callbackFunction){
if(document.readyState != 'loading')
callbackFunction();
else
document.addEventListener("DOMContentLoaded", callbackFunction);
}
ready(() => {
document.getElementById('saml_button').click();
})
</script>
So no rocket science here. The name of the game is if you want a user to automatically go to the Identity Provider's page when they need to login instead of forcing them to click a button from your login page, then you simply automate the clicking of the button.
I am new so please be willing to lend me a hand.
I am into a web application that a user needs to enter his credentials in a form set for the login page (index.aspx).
After he signs on, he'll be redirected to a content page (content-page-for-user-x.aspx).
He does open many more subpages and finally enters "index.aspx" in the browser to get back the index page.
What should I do to prevent the index.aspx (login form page) from showing up again? Because he is already in, not new at all. The index page now should be content-page-for-user-x.aspx.
In backend logic of login page index.aspx, you could check if user has already logged in.
If user has already logged in, just redirect user to content-page-for-user-x.aspx should be fine. If user not logged in, display your login page (index.aspx) to prompt user to login.
I've successfully been able to implement this using http://www.aaron-powell.com/posts/2015-01-11-auto-redirect-when-logging-out.html
But!
I'd like to be able to display a message similar to "You've been successfully logged out" once redirected back to login screen.
I've tried setting a session value in my logoff action method prior to going over to the sign in page... but then the session is still null in the LogonWorkflow --> Login.cshtml razor view.
Any suggestions? Help!
I already have a Facebook Login Button, that works perfectly (upon pressing the button, I get to a login screen and upon successful login, I get back to the original page, where the FB Button now says "Log out" instead of "Log In"). However, I need a way to discern when a login was successful or not and obviously this does not work with a simple method, in which I check for button clicks. The reason I need to check for successful logins is that I need to set some tokens that are useful for user identification purposes. So how can I do that in Objective C?
you can use the "Custom Login Button" section on the following page:
https://developers.facebook.com/docs/facebook-login/ios
To check if the user is currently logged in or not
if ([FBSDKAccessToken currentAccessToken]) {
// User is logged in, do work such as go to next view controller.
}
I a using below code for Single Sign out,
http://netpl.blogspot.com/2010/12/wif-ws-federation-and-single-sign-out.html
Problem which i am facing is, it printing the RP's name on the Default.aspx page of my STS Application, I want as soon as User Click on Sign out user should redirect to Some Common Page, Which would be Home Page of Some RP, But when i do Response.Redirect on default.aspx of STS after completing Signout Process, it it did not perform Single Signout process,
Can any one help in this issue,
A sign-out is done the following way:
Click "Sign out" on a RP's page.
Show sign out page of STS with image "links" to all currently signed in RP's.
The browser requests the images of every RP. This request includes the parameter wa=wsignoutcleanup1.0 which does a sign out on the RP.
Step 3 only works if the sign out page of the STS is displayed in the browser. By calling Response.Redirect you prevent this. A possible solution could be to redirect the user after e.g. a second to the target page. This can be done through javascript or a meta tag:
<meta http-equiv="refresh" content="1; url=http://example.com/" />