IDP failing on test page - debugging

I have installed a simplesamlphp instance, and set it up for facebook login with success on the mysite.org/simplesaml interface.
I was wanting to get linkedin and twitter configured too. I followed the instructions for creating an app on the 3rd party site, and have triple checked my settings with regard to the keys and secrets on authsources.php. I have created an enable file in the relevant module directories.
When I test the authentication source, I get redirected to a blank page with, for example simplesaml/module.php/core/authenticate.php?as=linkedin as an address.
How can I troubleshoot this? I can not find any logs, and no error messages appear on the page. I have enabled showerrors and debug of saml and backtraces in the config/templates/config.php
I have tried disabling the facebook login (which still works fine) incase it was a problem with more than one module active at a time, but this did not help.

If SSP can't find a sspmod_* class than either that module is not installed or not enabled. Based on the class name sspmod_oauth_Consumer I know it is looking in the modules/oauth folder, and I know the oauth module is include (but not enabled) by default.
To enable the module you can do touch modules/oauth/enable

Related

Google Drive API Console: Error saving Drive UI integration page

I have a webapp in production that interacts with Google Drive through Google Drive API.
I need to change some settings in Drive interaction but I can't save.
When I save the Drive UI integration page, I receive this error:
There's a problem at our end.
Please try again. If the problem persists, please let us know using
the "Send feedback" link below. Thanks!
(spying Network console: there is an Internal Server Error in a POST call)
I tried to send feedback for months: nobody answers and the bug is still there.
I tried also to create another project: I can save the first time but then the bug returns.
How can I do? Has someone the same problem?
Is there a way to receive a reply from Google? Is there some workaround?
Thank you.
i think that problem must be Client ID
before adding Client ID, go to the Credentials -> OAuth 2.0 Client IDs
then select edit your Client ID. after that your production site url add to Authorized JavaScript origins and Authorized redirect URIs.
then enter your Client ID in Drive UI integration page
For myself trying to get the Drive UI configured I noticed a couple of errors (that don't have any specific error messages)
When adding in an Open URL it has to be a valid domain, so for instance I tried to test it out with local host, to no avail. However something like https://devbox.app.com worked, but something like https://localhost:8888 does not. Even though https://localhost is a valid javascript origin in the client_id configuration (at least for the app I am working on, not sure about other apps), localhost doesn't work as an open URL.
When adding in the mimeTypes it needs to be in the format */* and can include custom mimeTypes like application/custom+xml and application/custom-name+json not sure for other custom types that are not in a particular format like xml or json. Also not sure about wildcards.
When adding in file extensions do not add in the '.' just the name of the file extension.
The app icon I found only failed to upload the image when the image wasn't the exact dimensions, I actually ended up editing some icons in photoshop to change the pixel x pixel values as a quick work around during dev.
That worked for me to get it to save and I tested it with a file that had a custom mimeType (application/custom-name+xml specifically) and custom file extension!

Google API authentication: Not valid origin for the client

When making an auth request to the Google API (gapi), it's returning false on the checkOrigin.
I have removed any client id's or anything that would link directly to my account and replaced it with a regex indicating what the data is for reference.
Url: https://accounts.google.com/o/oauth2/iframerpc?action=checkOrigin&origin=https%3A%2F%2Flocal.tools&client_id=(\d{21})
My origin url is a local url, which is https://local.tools
Result: {valid: false}
I'm using the example found here without deviation (except for replacing clientid with my 21 digit clientid): https://ga-dev-tools.appspot.com/embed-api/third-party-visualizations/
The items I'm trying to display show up nicely on the demo site, but aren't getting past the Not valid origin for the client error on my local.tools site.
Clear your browser cache. Started getting this error in Chrome and then I created a new client id and was still getting the issue. Opened firefox and it worked, so I cleared the cache on Chrome and it started working.
I received the same console error message when working with this example: https://developers.google.com/analytics/devguides/reporting/embed/v1/getting-started
The documentation says not to overlook two critical steps ("As you go through the instructions, it's important that you not overlook these two critical steps:
Enable the Analytics API [&] Set the correct origins"), but does not clearly state WHERE to set the correct origins.
Since the client ID I had was not working, I created a new project and a new client ID. The new project may not have been necessary, but I'm retaining (and using) it.
Here's what worked:
Create a new project
Add and Enable the Analytics API
Create a new credential - ensure that it is an OAUTH credential (scroll to the bottom of this page for instructions https://developers.google.com/api-client-library/javascript/start/start-js#Setup).
During creation of the credentials, you will see a section called "Restrictions
Enter JavaScript origins, redirect URIs, or both". This is where you can enter your origins.
Save and copy your client ID (and secret).
My script worked after I created the new OAUTH credential, assigned the origin, and used the newly generated client ID following this process.
try clear caches and then hard reload, i had same error but when i tried to run on incognito browser in chrome it worked.
Key Point: Add both http://localhost and http://localhost:port_number to the Authorized JavaScript origins box for local tests or development.
Credentials do not work if API is not enabled. In my case the next steps were needed:
Go to https://console.developers.google.com/apis/library
Enter 'People'
From the result choose 'Google People API'
Click 'Enable'
Creating new oauth credentials worked for me
You probably use Client ID like this: <CLIENT_ID>.apps.google.com
Make sure your client ID is without ".apps.google.com"
For me - I just went here:
https://console.developers.google.com/apis/credentials
Then chose the right project; then choose the credential with the same ID shown in your console error message. When editing the credentials you can add multiple origins to the white list.
After updated Authorized JavaScript origins browser still caching old data, so I need to Empty cache and hard reload then it works
1. Change Authorized origins
2. Open Dev Tool (F12) then right-click into reload button
Clearing the cache on chrome works!
Please find the steps below to clear the cache.
Open dev tools (Right-click on the page and select inspect/ press F12)
Right-click on the chrome reload button while the dev tool is opened. (You will find the option to clear the cache and reload the site)
clearing the cache works for me.
for React developers try to restart the project otherwise it will show the same error again and again.
It was a referrer-policy problem.
This has been such a pain for a long time to me too...
Found the issue, my website instance had a referrer policy set to
no-referrer. After setting it to no-referrer-when-downgrade, the One
Tap prompt showed up as expected.
https://stackoverflow.com/a/63039142/15565029
If you are using Django, SECURE_REFERRER_POLICY is 'same-origin' by default. Change it by adding the below code in your settings file.
# settings.py
SECURE_REFERRER_POLICY = 'no-referrer-when-downgrade'
https://docs.djangoproject.com/en/3.2/ref/settings/#std:setting-SECURE_REFERRER_POLICY
Similar to few answers at above but with screenshots. If you created project for Firebase, may also use the same steps to configure at Google Cloud Platform console.
Select the project at https://console.cloud.google.com/
Navigate to Credentials
Click Edit button for the related OAuth 2.0 Client ID
Add URI into Authorized JavaScript origins
Don't forget to Save
That worked for me after trying for an hour:
On https://console.cloud.google.com/apis/credentials :
Edit Client Outh (mine was: Web Client (Auto Created by Google Service), which was created by my Firebase Web Project)
Enter JavaScript Origin for the Client ID (mine was: localhost:NNNN)
and don't forget to Save.
Try google login for half an hour: didn't work
Enabled Google Analytics as suggested above
Empty Chrome cache and hard reload as suggested above
Try google login for half an hour: didn't work
Sign Out from https://console.cloud.google.com, and sign in again
Empty Chrome cache and hard reload
Now it worked
I don't know which one of the above fixed the problem.
May be it was just a matter of time for cloud.google to
recognize my new JavaScript Origin.
I got the error because of Allow-Control-Allow-Origin: * browser extension.
Trying on a different browser(chrome) worked for me and clearing cache on firefox cleared the issue.
(PS: Not add the hosting URIs to Authorized JavaScript origins in API credentials would give you Error:redirect_uri_mismatch)
I was getting the same error but tried publishing my app and now it shows as below:

Error 404 for rest webservice request in offline app in GeneXus Ev3 U9

I'm developing an offline Android app with Genexus Ev3 U9 and when I try the app in the device I see there is no initial synchronization, even when I try to execute a manual sync the app shuts down. The cat log shows that request made to URLs like http://192.168.12.17/MyAppSmartDevicesEnvironment/gxmetadata/MyApp.android.json
worked fine but when the app tries to get this URL http://192.168.12.17/MyAppSmartDevicesEnvironment/rest/MyAppOfflineDatabase?fmt=json&event=gxchecksync returns 404 I tried the same link in my laptop and it's like the requested resource was not created by GeneXus.
What could be wrong?
There are actually a couple of things you might want to check.
When you accessed http://192.168.12.17/MyAppSmartDevicesEnvironment/gxmetadata/MyApp.android.json you got data but that just means that the virtual directory was successfully created. (which is good of course)
Then you need to check if the WCF module is installed correctly, in order to do that you could try to go to http://192.168.12.17/MyAppSmartDevicesEnvironment/MyAppOfflineDatabase.svc/rest or any other service in your KB. That goes straight to the service implementation. (you can check you web.config file in order to see the actual rewriting rules)
If that works it's certainly a URL Rewrite problem like Sandro and Guscarr suggested.
You can download and install the module from here: http://www.iis.net/downloads/microsoft/url-rewrite
Gcastano,
It seems that you're generating to .net, right?
If so, it could be some problem with iis rewrite module.
Anyway you might check gx software requirements...
It seems that REST services cannot be run on your IIS, as Sandro said, try installing URLRewrite.
Further info at http://wiki.genexus.com/commwiki/servlet/wiki?14575,Android%20-%20FAQ%20and%20Common%20Issues

Unable to get the configuration file WcmApiConfig.properties

I have an issue with FileNet-p8:
All simply, I do not have access to a WorkFlow already designed. I have always a popup asking me to authenticate , I use the same Login/psw to access to the Workplace. But always I get the same message :
Unable to get the configuration file WcmApiConfig.properties
I'm workin with the IBM JVM 1.6 and the Firefox browser.
Thanks.
In our environment, you must use IE in order to avoid that error message. We have not been able to get FireFox to work with WorkplaceXT or PCC.
Even when launching PCC from ACCPE we need to use IE.
If you see the login screen, don't even bother with your credentials. It simply will not work.

500 error when integrating multiple apps in one code base

I'm trying to set up an MVC application that will service several facebook applications for various clients. With help from Prabir's blog post I was able to set this up with v5.2.1 and it is working well, with one exception.
At first, I had only set up two "clients", one called DemoStore and the first client, ClientA. The application determines what client content and facebook settings to use based on the url. example canvasUrl: http://my_domain.com/client_name/
This works for ClientA, but for some reason when I try any DemoStore routes I get a 500 error. The error page points to an issue with the web.config.
Config Error:
Cannot add duplicate collection entry of type 'add' with unique key attribute 'name' set to 'facebookredirect.axd'
I am able to add additional clients with no problem, and changing DemoStore to something like "demo" while using the same facebook application settings works fine also.
Working calls:
http:// localhost:2888/ClientA/
http:// localhost:2888/ClientB/
http:// localhost:2888/Demo/
Failing call:
http:// localhost:2888/DemoStore/
I was thinking this might be an MVC issue, but the Config Error points to the facebookredirect handler. Why would the SDK try to add this value to the config during runtime, and only for this specific client?
Any insight would be greatly appreciated.
I managed to figure out what went wrong here. Silly mistake..
After I had set up the application routes to require the client_name I changed the Project Url in the project properties to point to demostore by default. When I hit ctrl+S a dialog popped up that I promptly entered through without reading.
When I changed the Project Url, IIS Express created a new virtual directory for the project. This was the source of my problem. Why? I'm not sure, but once I removed the second site from my applicationhost.config I was able to access the DemoStore routes.
Moral of the story: read the VS dialog messages!

Resources