How to make OSX Yosemite webviews work with ADFS - cocoa

I'm using a webview to host a log in page that redirects to an ADFS server to offer single sign on. This works on 10.9, but I noticed for OSX 10.10 I am able to get to the point where the ADFS server will present an http authentication challenge, the webview will show the default dialog to enter credentials, but after entering the credentials I never see the expected redirects that eventually allow the single sign on process to complete. Even if I cancel the webview prompt to login, I never receive a didReceiveResponse message (in the WebResourceLoadDelegate protocol).
Does anyone know of any changes in the webview for 10.10 that may cause it to stop sending/receiving requests/responses like this?
Update: It looks like this issue is a problem with WebViews and HTTP Basic Authentication in general. I have created a simple mac application with a single web view, and pointed it to a apache web server with a folder protected by an .htaccess file. While the app is able to successfully view the actual web page after the user enters their credentials in the login prompt on 10.9, on 10.10 this fails in the same manner as described above.

Related

Mikrotik Hotspot ; Can not reach external login page event listed in walled garden

I'm writing a python based centralized Hotspot login page.
To make a test, I prepare one HapLite as Hotspot.
Put my server address in walled garden, also facebook and gmail site on it.
When I try to connect to this hotspot, I get error as attached picture.
But as expected, I can still open facebook and gmail.
I checked my server Nginx (as reverse proxy to my app) logs and there is no error.
I run my app in debug mode, and also there is error shown.
On Nginx logs and App debug, there is no Access detected.
I try to open my app via android browser and it opens without problem.
After some check,
I'm ended with puting the IP of my external login page to Walled-Garden-IP.
If I put in 'walled garden', ... event if I set the port, it still didn't work
C/q #Benoit ... I really appreciate your response.

How do I clear saved cookies of wxWEBVIEW_WEBKIT used in an app on macOS?

I'm working on a cross-platform wxWidgets-based application that uses a WebView for a web-based OAuth login to a web site. The web site's OAuth login process uses cookies to cache a login token once authenticated, so that you can go through the process again to get another OAuth token if necessary without the user having to enter their credentials again. The WebView backend implementation wxWEBVIEW_WEBKIT that I'm using in the macOS version of the app preserves cookies between restarts of my app and even reboots of the OS. This makes it difficult to test the login process.
Where is the WebView backend persisting these cookies? How would I go about clearing them?
I've already tried clearing the cookies in Safari to no avail, and I removed all of the obvious cache files I saw in the app's file accesses as captured by opensnoop, but the cached login is still present.
Per a response on the wx-users list, wxWEBVIEW_WEBKIT is implemented using a simple macOS WebView.
As noted in How can I remove cookies stored by WebView in Cocoa application?, in macOS 10.11 (El Capitan) and later, each application's WebViews have their own cookie storage and do not have access to each others' cookies.
I did not find a way to manually clear my application's cookies; I tried removing the relevant *.binarycookies file from ~/Library/Cookies but that had no effect. It's still unclear to me where the cookies are stored.
However I was able to delete the cookies programmatically using the NSHTTPCookieStorage API, following the code snippet in https://stackoverflow.com/a/8486398/60422. I ended up just adding a menu item for this to my application to clear the cookies that I only use for manual testing purposes.

Log out from SSO kerberos

My OSX application is required for authentication based on Kerberos protocol.
For login I'm using WebView (and WKWebView for MAC OSX > 10.9) by load the authorization URL request.
The login works as expected, but it remains logged in until I log out from my computer or killing my application.
It means that at the next time I load the authorization URL request then I logged in automatically without being promoted to insert my user & password.
Before I load the authorization URL I delete the cookies from [NSHTTPCookieStorage sharedHTTPCookieStorage].
How can I log out?
You need to destroy the kerberos tickets on the machine the web browser is running on.
/usr/bin/kdestroy
OS X used to have a graphical interface for managing tickets, but I think that is long gone. You should only be doing this for testing. Kerberos tickets are shared among many applications in OS X and if your app blows away the ticket, your users will come after you with pitchforks...
My solution is to close my application by:
[NSApp terminate:self];
A better solution will be to relaunch the app but this is enough for me right now.

How to integrate google contacts api in node webkit

I need to integrate google contacts import in my nw.js app. How should I create the google app ? When I create the app as web app, it asks for redirect uri which is not available for desktop apps. I'm not clear about how to implement google integration for desktop apps. Can anyone help me on this. ?
There is an option in OAuth for desktop applications, when instead of http://domain you will redirect to app://something and you application will be started or receive a callback.
To make this, in your application you need to open request token url in new window (new window in your node-webkit app).
Also: google docs and node-webkit github issue and other issue about this.
For me I thought better would be open a default browser, there is a high chance that user already authenticated, and then just need to click "allow". So I start simple webserver inside node-wekit app and redirect to localhost.
You can see implementation in my project https://github.com/Paxa/postbird/blob/90cfb53b1775310eb2f262c8b54c9dba15b5cc0a/app/heroku_client.js#L185
To open default browser I use command "open" (only for mac)
child_process.spawn('open', [url]);
I also try to close browser window when user redirected back, it works but not always.
response.writeHead(200, {"Content-Type": "text/html"});
response.end("<script type='text/javascript'>window.close();</script>");
May be I should also make a window active when receive redirect back (didn't try it yet):
var currentWin = require('gui').Window.get();
currentWin.focus();
If google not allows to make localhost as a callback url, you can try to use some domain (even free) and point it to 127.0.0.1 or use http://readme.localtest.me/

How to correctly set up development version of Facebook app on localhost for Facebook login?

I have made a Facebook app in Ruby (using Sinatra and Koala), deployed it on Heroku and sat up all the settings and it works that way, but now I have to debug some functionality and for that reason I need to run application from localhost (using foreman start).
I have read somewhere that I should make development version of my app and specify site url to localhost:[port_num] and I have done so.
The problem is when user(me) reach localhost:5000 and application redirects it to Facebook to get permissions (when Facebook login dialog should appears). At that point this error occurs:
App Not Set Up: The developers of this app have not set it up properly for Facebook Login.
I saw this issue but in my development version of app there is no status and review settings and I don't see how to make application alive.
How to set up my app for Facebook Login while it runs on localhost?
or
What is the proper way to run Facebook app from localhost to get full functionality?
The problem laid in Advanced settings in security section - development app "inherits" settings from base app so in Settings->Advanced->Security->Valid OAuth redirect URIs was initially url of my base app not my localhost:5000 and it causes a problem. One of solutions is to leave this field empty (and leave app open to redirect attacks) or to fill this field with your Site URL.
It seems that development version of an application can't be "alive".
To allow Facebook Login for users of your development app you should register them as testers under Roles tab.

Resources