I am trying to use Shibboleth on a site that uses .NET 6. The Shibboleth documentation uses Request.ServerVariables() but when I add that, I get the error "HttpRequest does not contain a definition for 'ServerVariables'".
I instantiated an IServerVariablesFeature object and I can get the SERVER_NAME variable from there, but I can't find any Shibboleth variables like Shib-Application-ID. Is my IServerVariablesFeature the right place to look for the Shibboleth variables or do I need to get Request.ServerVariables() to work?
By visiting https://domain/Shibboleth.sso/Session I can see the session information, so I know that the authentication is working correctly, I'm just trying to access the user information from an application.
Thanks in advance for any help.
IServerVariablesFeature serverVariables = HttpContext.Features.Get<IServerVariablesFeature>(); works, as does HttpContext.GetServerVariable("VARIABLE_NAME");. What I was missing is that these variables are only available to pages that are protected by Shibboleth. I added the path for my page to the shibboleth2.xml file and I could see the variables.
Related
I'm trying to set up a reverse proxy for single sign on to an application. the URL to reach my app and the defined authentication method is "http://servername.domain/app/main?authsource=sso_rp"
My current config just sends me to the application login prompt. I've tested my authentication source and confirmed its working. My question is, does my URL rewrite config look like it should? there are no conditions or variables defined. i know I'm missing something simple but this isn't documented on the vendor end so seeking your help.
Given an application URL on Heroru like app-123.herokuapp.com, how can I set this value into an environment variable?
I need to set an email template, with the correct links to the app, so there is no HTTP request information available, but I want to have the links with the correct URL.
I'm using Ruby on Rails and using an environment variable, but once I create review apps, with dynamic URL's I cannot rely on this.
Disclaimer: This works only for the review apps, as they are my concern when posting the question.
We can make use of the injected environment variables, as described in the documentation: https://devcenter.heroku.com/articles/github-integration-review-apps#injected-environment-variables
So, given that every application domain will be herokuapp.com we can guess the application address but concatenation of protocal, app and domain:
"https://#{HEROKU_APP_NAME}.herokuapp.com"
I have the following scenario:
Server A:abpWeb;
Server B:abpWeb;
A and B are based on MyCompanyName.AbpZero template, abp. Net core version 3.1.1;aspnetboilerplate
Browser access A:abpWeb and B:abpWeb. But after logging in, cookie shared is invalid.
A:User.Identity?.IsAuthenticated equals true after Browser access A:Login;
But refresh B:/index on the browser,B:User.Identity?.IsAuthenticated equals false;
The same browser domain for A and B is the same.
I created two new ASP.NET Core 2.0 MVC apps with ASP.NET Core Identity, using AddDataProtection for the normal shared cookie is ok.
I referred to:
https://learn.microsoft.com/en-us/aspnet/core/security/cookie-sharing?tabs=aspnetcore2x
I am searching for a long time on net. But no use. Please help or try to give some ideas how to achieve this.
Thanks in advance.
The keys that encrypt/decrypt your cookies are probably trying to be written to an invalid folder.
By default AddDataProtection tries to write these keys to:
%LOCALAPPDATA%\ASP.NET\DataProtection-Keys
As long as there is an environment variable being used to create the keys path, you will need to set the following config file setting to true.
Please also see my other answer here:
IIS - AddDataProtection PersistKeysToFileSystem not creating
Fix: Within %WINDIR%\System32\inetsrv\config\applicationHost.config set setProfileEnvironment=true. I think you have to restart IIS as well.
Is there a way to change the scope/permission when using Microsoft.Web.WebPages.OAuth? The most logical place is when registering the client with OAuthWebSecurity.RegisterClient. I thought that the adding scope to the extraData parameter would possibly work, but I didn't have success with that.
Microsoft.Web.WebPages.OAuth does not expose the scope when authorizing with a client. I ended up adding custom DotNetOpenAuth clients to include my necessary scope.
The extradata is something you can pass about the provider and use it in tehe UI layer. For eg. extra data could be the icon to display when listing the provider to use for login.
Following post shows how you can write your own provider and plug it into your site
http://blogs.msdn.com/b/webdev/archive/2012/08/23/plugging-custom-oauth-openid-providers.aspx
The setup I have is as follows:
I have one Apache server acting as a URL rewriting engine (SERVER1).
I have a second server (Apache too) which runs a web application (SERVER2). First tries to authenticate users. Part of the authentication protocol involves a lot of redirection between that application server and the authentication server.
My problem is that once the authencation is successfull, the authentication server needs to redirect the user back to the application server, which is only visible from SERVER1. Effectively, SERVER2 needs to be able to reconstruct a URL based on SERVER1's parameters.
Most of the environement variable are helpful i.e. I know the host name, script name, page called etcc but I can 't figure out wether the call was made through HTTP or HTTPS: that information is wiped in the rewrite process by SERVER1...
Anybody knows if/how I can get that information through environement variables? I am limited in that I can't use query string parameters...
Thanks all !
This may sound strange, but I have found part of the answer to my question.
The rewrite engine (at least in Apache 2, I haven't looked anywhere else) allows for writting extra request header.
The rule should look something like that.
RewriteRule .* -
[E=INFO_PATH_INFO:%{PATH_INFO},NE]
Put simple, it creates a new header called INFO_PATH_INFO and sets the value to PATH_INFO.
( For more info check out http://www.askapache.com/htaccess/crazy-advanced-mod_rewrite-tutorial.html )
Then it can be retrieved in any languages.
For info I am using Oracle's OWA which adds an extra layer of complication due to the fact that the default environment variables are limited to a few and additional variables need to be specified in thr dads.conf
Hope this will help anyone !