I have installed rubycas-server on my server. I have a ruby app that supports CAS on mysite.com. I would like to have the rubycas-server login page at login.mysite.com.
I have followed the instructions at http://code.google.com/p/rubycas-server/wiki/HowToConfigure and configured my config.yml file.
I have started the rubycas-server but I don't see a login form at login.mysite.com. There isn't anything on login.mysite.com. I have setup the uri_path to login.mysite.com. I thought that it would display the login form when I start the rubycas-server but it doesn't. I guess I am still missing something. What am I suppose to put on login.mysite.com in order for the login page to display? Is there suppose to be another ruby app?
Sorry, I am new to this.
Remember that the CAS is a single sign-on app and the CAS login page is meant to be central to all of your applications. So a typical usage would be that you have your CAS server running on one machine, and the login will be at somedomain.com/cas. Then you have a bunch of applications that want to authenticate, at mysite1.com, mysite2.com, etc. If you try to browse to a CAS-protected page in one of those applications, you'll be redirected to somedomain.com/cas, where you'll sign in, and then CAS will redirect you back to the page you wanted on, say, mysite2.com.
Out of the box, you should see the login by going to the domain that rubycas-client is installed on and going to /cas.
Basically, it sounds like you're expecting the login page to be part of your application, and with CAS, it's not.
Related
I want to open, from an iOS app, a web page that requires authentication in order to get to that page.
I googled a little bit and I believe I need to use WebKit and Javascript injection, but I am not sure and I have never done something like this, so every bit of information is welcomed or pointing me in the right direction.
I will give an example that I hope will make things more clear(I don't actually want to open facebook, it's just part of the example):
Is it possible to do the following scenario? And if yes, how?
Open a web page from an iOS app, for example: "https://www.facebook.com/profile" without having to go through the login page? I do have the user credentials(username and password), as the user is already logged in with those credentials in the iOS app, but the requirement is to not go through the login page, but to go straight to the profile page.
In general the answer is: no. Even if the user is already logged in and has a valid authentication token that token may only be valid from within your app and not from within the browser. And the login form may be protected by something like a captche preventing you from automatically logging someone in.
There certainly are situation where it is possible: For example if the tokens are not scoped to your app you can try passing them along. Or there is an actual API that you can call with the token that logs the user into the website on the website, etc. But those depend on the specific target website or wether you can control that target website and can add this functionality.
I am writing a Reddit client that uses OAuth to authenticate the user. One of the features I would like to implement is the ability to use multiple accounts simultaneously. This requires the user to authorize my client on each account they want to use. The problem I'm running into is that if the user is already logged into Reddit in their browser, when I pop a browser to perform the auth, it will have them authenticate my client against their currently logged in user.
Is there a way to force the user to re-enter their credentials? I would rather not have to put some kind of disclaimer on my Add Account screen that says "Please log out of Reddit in any open browser windows".
I tried opening the Reddit login page in a WebView so the request is sandboxed, and while that worked, it gives the user access to the entire login page (including all the links that navigate to elsewhere on the site). I don't mind that experience when I'm popping an external browser, but in an embedded WebView I really just want to present a username and password box along with the OAuth validation prompt.
Note: I do kind of prefer the embedded experience because it doesn't interfere with the users existing browser cookies, I just don't like how cluttered the login page is this way and I'm not sure how to prevent the user from navigating away from login. Also, for completeness, this is a UWP app, though this problem is largely technology independent.
The problem I'm running into is that if the user is already logged into Reddit in their browser, when I pop a browser to perform the auth, it will have them authenticate my client against their currently logged in user.
It may be caused by the authorization server. If so, we can not do anything in our client app.
But if it is not the server issue, in UWP, there is a WebAuthenticationBroker class witch can help you to authorize your app to access the user info from Resource server by getting a token. You can try to use the class to implement OAuth authorization. You don't need to use the in a WebView so that you can authorize your app with multiple users if you can manage all the user with the token properly in your code logic.
See the Web authentication broker topic and the sample to learn more details.
This Rails project uses Spree and Devise and has a separate controller to serve up JSON responses for the mobile side of things. I've just implemented Devise::Lockable to lock a user account after 5 failed logins. This automatically generates a password reset email. Things work fine on the desktop site and on the mobile site. My question comes from mixing the two together:
If you fail login 5 times through mobile API, the password link is sent to that account's email. But if you are already signed in on the desktop, and then also access the reset link from the desktop, it redirects to the home page (and signs out the user). If you click the reset link again, then the password reset form is served up.
How can I also sign out a user on from "normal" app (the desktop side of things) when the user fails logging in the maximum times on the mobile app?
EDIT: I've tried throwing Devise's "sign_out user" at almost every point in the pipeline but that doesn't do the trick, since the user for some reason isn't found to be signed in.
I am developing a web application with ruby on rails. I am trying to link the authentification page of my webapp to a Central Authentication Service (CAS).
So, whenever someone tries to start my webapp , my app should :
Check if the user is already connected to the CAS
1/ if he is already connected, the app will start and he can use its services normally
2/ if the user is not connected to the app, a login page will be displayed, where he has to type his password and login. These password and login will be tested on the CAS, and according to the result of the test will be allowed to start the webapp or not.
This seems a bit complicated to implement. I need help because i am new to ruby on rails.
thanks in advance
use the devise gem,
here is a railscast to show you how railscast example
and here is the gem link
here is a CAS specific gem for devise
hope that helps
Let's say I have the following sites: ClientSiteA.com, ClientSiteB.com, ClientSiteC.com, MainServer.com
I am distributing a software to client sites. Anyone will be able to install the software so a site can not be considered trusted. MainServer.com will contain user information.
Users will interact with the software on client sites. A user will be able to click a login link on any client site which will bring up a popup. The popup can reside on MainServer.com. When a user logs in on any client, they will be logged in on ALL client sites as well as the MainServer.com. Remember, MainServer.com contains all user information.
I've done a lot of reading on SAML and OAuth2. Can someone tell me what is possible? If it is possible, which tools/workflows should I use? If this isn't possible, can someone tell me something I can accomplish that is similar to this?
FYI - I am trying to accomplish something like what Disqus does. If you login to Disqus on any site, you are logged into all the sites.
You can accomplish this with SAML, although it will involve browser redirects not popups.
The first time use hits a protected site (ClientA) it redirects to MainServer.com. The user logs in, MainServer gives them a session and redirects them back to the service provider with a SAML authentication statement which then lets them in.
When the user then visits ClientB.com, it also redirects to MainServer.com for authentication. Because the user is already logged at MainServer it can invisibly bounce them straight back to ClientB.com with a new authentication statement. The user barely if at all notices.
The problem with the pop-up window approach is that users have to give their credentials for site A to site B. This is a big security hole if site B isn't owned and controlled by Site A. Users should only give their credentials to the site that is authenticating them to prevent them being compromised. SAML and other federated/distributed auth mechanisms were designed with that in mind. I wouldn't want to give the keys to my email account to random sites on the internet but with this method I can log into stackoverflow with my gmail account.