I have a web app where I login and I click a page on it where it opens up in a different tab but it's within the same login. I then navigate back to the main web app and logout (with the other tab still being open), and when I log back in, the web app fails to load and instead a stomp message is being displayed(all it shows is the entropy, origin, cookie_needed, websocket). I'm using spring security, and when I check the logs, there is no securitycontext with the httpsessiondestroyedevent.
I don't really know where to start and would love for some help.
Related
Google just changed their oauth model to the new specification:
Modernizing OAuth interactions in Native Apps for Better Usability and Security
I am trying to follow (specifically section 7 of) the ietf "draft-ietf-oauth-native-apps-09" linked in the above blog, and also this reference from google:
OAuth 2.0 for Mobile & Desktop Apps
The issue I have encountered is that the custom uri-scheme behavior varies across browsers, and in some cases does not work as expected. In Firefox, which maybe be the default system browser, the app actually open inside Firefox, embedded - it does not return to the app it embeds the app in the browser, while the app from which the authentication flow was started remains open.
In chrome, it correctly redirects back to the app, however the chrome page with the authentication confirmation page remains open and does not close, which could be confusing to users.
How can I make sure that the oauth provider will always redirect to my app (without the browser embedding it), and close the tab or window which had the authentication flow open?
We have a desktop application that is used to upload content to a web application, both use Okta for authentication. Before uploading, the desktop application authenticates the user via Okta using an embedded browser control. Later in the workflow we want to open the user's default browser so he/she can start using the web application directly. At the moment the user will need to login a second time when their default browser opens.
We planned to implement a mechanism to generate a one-time key (transferable session token) that can be passed as a URL parameter when the browser is opened. For our application's own token we can achieve this but we also need to transfer the Okta session (cookie) and we have not found a way to transfer this from the desktop browser control to the standalone browser.
What options are available to achieve this?
Edit: it is acceptable if a new session is created for the standalone browser as long as the user identity stays the same and the user does not have to provide login details a second time.
Unfortunately, Okta does not have a way to transfer one active session to another as you describe.
However, if you have enough control over the organization's environment, you could simulate this behavior. For Okta organizations that use IWA to authenticate users, you would get this sort of feature "automatically" (provided that the user's default browser supports Active Directory). Another way could be to configure your web application as a "SAML IdP" and have it "transfer a session" to Okta using a SAML Response and Okta's Inbound SAML functionality.
I need to integrate google contacts import in my nw.js app. How should I create the google app ? When I create the app as web app, it asks for redirect uri which is not available for desktop apps. I'm not clear about how to implement google integration for desktop apps. Can anyone help me on this. ?
There is an option in OAuth for desktop applications, when instead of http://domain you will redirect to app://something and you application will be started or receive a callback.
To make this, in your application you need to open request token url in new window (new window in your node-webkit app).
Also: google docs and node-webkit github issue and other issue about this.
For me I thought better would be open a default browser, there is a high chance that user already authenticated, and then just need to click "allow". So I start simple webserver inside node-wekit app and redirect to localhost.
You can see implementation in my project https://github.com/Paxa/postbird/blob/90cfb53b1775310eb2f262c8b54c9dba15b5cc0a/app/heroku_client.js#L185
To open default browser I use command "open" (only for mac)
child_process.spawn('open', [url]);
I also try to close browser window when user redirected back, it works but not always.
response.writeHead(200, {"Content-Type": "text/html"});
response.end("<script type='text/javascript'>window.close();</script>");
May be I should also make a window active when receive redirect back (didn't try it yet):
var currentWin = require('gui').Window.get();
currentWin.focus();
If google not allows to make localhost as a callback url, you can try to use some domain (even free) and point it to 127.0.0.1 or use http://readme.localtest.me/
I'm using a webview to host a log in page that redirects to an ADFS server to offer single sign on. This works on 10.9, but I noticed for OSX 10.10 I am able to get to the point where the ADFS server will present an http authentication challenge, the webview will show the default dialog to enter credentials, but after entering the credentials I never see the expected redirects that eventually allow the single sign on process to complete. Even if I cancel the webview prompt to login, I never receive a didReceiveResponse message (in the WebResourceLoadDelegate protocol).
Does anyone know of any changes in the webview for 10.10 that may cause it to stop sending/receiving requests/responses like this?
Update: It looks like this issue is a problem with WebViews and HTTP Basic Authentication in general. I have created a simple mac application with a single web view, and pointed it to a apache web server with a folder protected by an .htaccess file. While the app is able to successfully view the actual web page after the user enters their credentials in the login prompt on 10.9, on 10.10 this fails in the same manner as described above.
I need help, since I am new to websphere.
We have 2 applications, deployed in the same websphere server. The problem is that we cannot run those 2 applications simultaneously. Running the 2nd application will immediately expire the 1st application (the 2nd application will also expire after a few seconds) .
Here are the series of events
Login to the 1st application http: //stackoverflow:8080/Application1URL/
Leave the application 1 gui running (you must be logged into the application).
Open another browser tab. Run the 2nd application on the new tab: http: //stackoverflow:8080/Application2URL/
You will notice that the application1 session will immediately expire (“Session Expired. Please login again.”). This happens as soon as the application2 login screen appears
If you try to login back into application1 you will get a message saying the user is already logged in (“User is already logged in. Do you want to force logout the other session ?”)
Kindly suggest any ideas to debug the issue.
Your applications probably invalidate sessions for each other. For example they are looking for some attribute in the session and if it is not found they invalidate session. Since same sessionId is shared by default across applications, once the second app invalidate the session the id is changed and first app cannot find its session any more.
Go to one of your applications and change session cookie name to something different.
In web admin console click Enterprise Applications > yourApp > Session management
Check Override session management and click Apply and Save
Click Enable cookies link, and change default cookie name to something custom. Click OK and Save changes
Restart application.
Your applications shouldn't logout each other anymore.