In our local Dev environment we would like to bypass the authentication and instead use some dummy authentication in place.
We are using the react-msal libraries for the authentication and it’s working as expected. But when it comes to the dummy authentication, I am not entirely sure how it can be done.
Any help would be appreciated.
Thanks
Related
I am trying to run the tests using Zalenium but the browser is asking for the credentials, so I am providing the username and password manually.
Does anyone know how to handle browser authentication?
My project uses Specflow, C# and Selenium
There are several options
You can login with http://username:password#website.com/page
Automate login process at #BeforeMethod or #BeforeClass
Set cookies. Although I don't advise this method since it doesn't speed up automation much and there is quite a bit of work to do to implement it.
You could put your web application behind a proxy that automatically injects the basic auth credentials. I did this once for a client a few years back.
I'm pretty sure I used: https://github.com/adamfisk/LittleProxy with https://github.com/ganskef/LittleProxy-mitm
But I had to write some code intercept requests and inject basic auth headers. Although from memory it was pretty straight forward.
If you don't need https then you could probably use cntlm and then set the basic auth header by hand using this:
-r "HeaderName: value"
Add a header substitution. All such headers will be added/replaced
in the client's requests.
Pretty simple question, spend a lot of time searching around.
Spring Boot 1.4.x application, with Spring Security, tried to use Keycloak for user management / authentication / authorisation, all works fantastic!
How do I avoid redirecting to Keycloak login form?
How do I implement my own authentication worlflow based on username-password input?
I see that I can ask for access-token and refresh-token, but should I implement all that token magic myself or there is some famous library people use?
Any github or examples would help. Thanks!
You might have a look into the Ressource Owner Password Credentials grant. It boils down to set the "Direct Access Grants Enabled " for your Keycloak client and implement the login logic yourself.
But please, PLEASE make sure to read this first: https://www.scottbrady91.com/OAuth/Why-the-Resource-Owner-Password-Credentials-Grant-Type-is-not-Authentication-nor-Suitable-for-Modern-Applications
You could also use some openid connect - libraries and get the data you need for the endpoints from the .well-known endpoint of your realm.
I’ve got a question which seems popular, but I couldn’t find the answer. Well there’s a lot of information about it but I’m not sure what the best way is. So here’s the scenario.
We have a Single Page Application (SPA) and a RESTful Web Service (API). We use an external authentication/authorization service provider via OAuth2/JWT. But I need to persist the user ID (provided by the external authentication provider) on the database on the server side after successful login. And also I need to enrich the Authentication/Principal object in security context after successful login (for example by adding email).
There's a lot on the web about this scenario. But we have SDK for authentication/authorization already and it works perfectly (no custom code, etc). I just need to add something to the authentication object. What is the correct way to do it? Thanks.
For the record, this is what we did:
As I said there's already a SDK doing all the heavy lifting of authentication mechanics. We just need to enrich the authentication object after successful authentication. So we wrapped the AuthenticationProvider (implemented in the SDK) in our implementation (inspired by PreAuthenticatedAuthenticationProvider) and after successful authentication, we enriched the result using our UserDetails implementation (inspired by PreAuthenticatedGrantedAuthoritiesUserDetailsService). The rest was straight forward.
PS: please let me know if you don't like the idea.
I am using Aacotroneo/Laravel-Saml2 and have successfully setup a login system using ADFS. In another system I am using simpleSAMLphp elsewhere on the same domain successfully with WIA so I know ADFS is setup for that and that everything is setup correctly except the laravel application.
I have installed a browser addon to check the SAML logs for responses and requests. The only thing I can think of is that there is no client request ID sent through from laravel.
&client-request-id=d1ccbbdd-d55e-4828-eb24-0080000000b4
Any suggestions are appreciated. If I have missed a saml2 setting I am more than happy to try them, a lot of them don't seem to work or make any difference whether set to true or false.
Is it possible I need to setup encryption certificates and certain true/false combinations?
Thanks
Check this article
ADFS has non-standard SAML2 Authentication Context Class urn:federation:authentication:windows
By default this class has lower priority than urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport
I would suggest making the following changes to AuthNRequest:
<samlp:RequestedAuthnContext Comparison=”minimum”
<samlp:AuthnContextClassRef xmlns:samlp="urn:oasis:names:tc:SAML:2.0:assertion">
urn:federation:authentication:windows
</samlp:AuthnContextClassRef>
<samlp:AuthnContextClassRef xmlns:samlp="urn:oasis:names:tc:SAML:2.0:assertion">
urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport
</samlp:AuthnContextClassRef>
</samlp:RequestedAuthnContext>
I want to use Ionic to connect with a Laravel rest API. As far as I know I should use OAuth to authenticate the user. How does this stop other clients/requests from accessing my rest API?
For instance if someone created another Ionic app or anything and requested a OAuth token.
AFAIK there's still no way to perfectly protect your API source. As you mentioned, OAuth is one way to help protection.
I often use JWT, aka. JSON Web Token with token-refresh which expires right after one use. You can check out my short tutorial on using JWT with Laravel and AngularJS, which is absolutely same with Ionic.