I need to add the new claim ("end_session_endpoint") in OidcProviderConfiguration because UI needs to get that claim, besides the default ones, in /.well-known/openid-configuration response.
Is that possible?
Note: I'm using Spring Authorization Server version 0.2.2
It's not yet possible (as of this writing), but very close! Take a look at Ability to modify OIDC provider configuration #616 to follow progress on this issue.
Related
I am planning to implement SSO w/OIDC between several identical Websphere Liberty profile (wlp) instances with the standard LtpaToken2 cookie, but I don't see it being generated under that name. Instead, I see a random WAS_* cookie.
Even when I set it manually in 1 single wlp's server.xml like:
<webAppSecurity ssoCookieName="LtpaToken2" />
I see that wlp intentionally ignores it, as seen in the logs:
[AUDIT] CWWKS9112A: The web application security settings have changed.The following properties were modified: ssoCookieName=WAS_p1887216770
so it doesn't seem to be an app-related issue, or even oidc-related issue.
Why is wlp behaving like this? All the existing documentation doesn't mention any restriction/reservation of the LtpaToken2 name, in fact it should be the default.
Although I can set it to any other custom name, I am interested in understanding this impediment in using the default LtpaToken2 name, and the reason why it doesn't align with the documentation.
Any explanation is deeply appreciated
Enabling either the openidConnectClient-1.0 or openidConnectServer-1.0 will cause the cookie name to be automatically generated with a server specific identifier for either one of those features. In some situations, this allows configuring multiple Relying Parties and Providers in the same host without collisions when processing their respective cookies.
For the openidConnectProvider, you have the option to use LtpaToken2 when setting the allowDefaultSsoCookieName attribute to "true" as documented in https://www.ibm.com/docs/en/was-liberty/nd?topic=configuration-openidconnectprovider. The openidConnectClient does not provide this option. We have an issue open to allow using the default cookie name for the OIDC client at https://github.com/OpenLiberty/open-liberty/issues/18803.
On the other hand, you might benefit from using jwtSso-1.0 to do SSO between identical servers after the initial authentication with the OIDC Provider. For example, please see the documentation for the allowCustomCacheKey attribute in https://www.ibm.com/docs/en/was-liberty/nd?topic=configuration-openidconnectclient.
Another alternative is to specify a value other than LtpaToken2 for the ssoCookieName attribute. This will override the auto generation of the cookie name when those features are enabled.
Regards,
Teddy
Does the API expose the ability to set the mode to Away or Home?
I don’t see this listed in the API documentation. I think this functionality is important as it now only allows you to turn off your thermostats but also configure alerts via the mobile app (I have mine set to only send alerts for my NestCams when I’m away).
You can't set "away", but you can set the thermostat to either Eco or Off.
No. I also hope the old functionality of the Nest API's will be available on the new API. The motion/person per zone is also missing for example.
There's no way to explicitly set that in this new API. Google wants you to use their Home/Away Routines instead, though I don't think all of the old use cases are supported yet (or will be).
https://support.google.com/googlenest/answer/10071816
In the latest bot samples, we can see that bot is being added to services collection as below
services.AddTransient<IBot, MyBot>();
but in older samples, we saw below approach
services.AddBot<MyBot>(options => { });
Here I am trying to understand the benefits of adding bot using AddTransient() over using AddBot().
What I know is that internally AddBot uses AddTransient only, then why use AddTransient. Referred remarks section from this link.
You can see in the source code that the AddBot methods are used for automatically adding a bot adapter to DI in addition to the bot and for configuring bot-related options like credentials and error handling. The conventions for using the Bot Builder v4 SDK were very different when those samples were made, and the bot's configuration along with its credentials were loaded from something called a bot file. The current convention for using the SDK is much easier because it takes advantage of ASP.NET Core automatically loading the app's configuration from appsettings.json. Since we're not using AddBot anymore you'll notice that the adapter is added to DI explicitly, and you can configure things like error handling and middleware either by accessing the properties and methods of the adapter directly or by deriving your own adapter class, as seen in the samples.
I am currently trying to update update a rule through the web api of sonarqube. I was trying to pass information like Serverity, Description and Remediation Function with the post request with the parameters according to the web api documentation. Everytime I tried to do that I got a response of 400.
But when I edited the request parameters to pass only the markdown_note and the key it worked and the note was set.
I honestly don't know what I am missing. According to the documentation it should work.
The description of the api/rules web services is :
Get and update some details of automatic rules, and manage custom
rules.
You can only update custom rules, not rules provided by language plugins.
The only exception to this is indeed the fact that you can add some notes on all rules.
What is the suggested way to implement output caching of service responses when using http://razor.servicestack.net?
Not used it since it's 4.5 and our current projects are 4.0, but perhaps CacheStack may be of use?
Otherwise handle it yourself via wrapping existing services with the ToOptimizedResultUsingCache extension method, and manually expiring cache keys on CRUD type operations.