I have installed Sonar 3.5.1 and want to disable anonymous users access to the web console.
I went to Security page and deleted Anyone from users and codeviewers roles.
However, when I visit the web console without authentication I am still able to see "Welcome to Sonar Dashboard" page, whereas I expected to be redirected to the login page.
Is it possible to completely disallow unauthenticated users to see any content except the login page?
You can set the "sonar.forceAuthentication" to "true" in the web admin interface:
See http://docs.sonarqube.org/display/SONAR/Authentication for more details.
Related
Requirement: I've a Ruby on Rails application named as "RoR App", for instance. Several different clients have their own Active Directory and when a user hits a particular URL in the "RoR App" then the control will be redirected to the client's login page where user will provide their AD credentials.
Once authenticated, a callback will be called to the "RoR App" where a user's session be created.
Work Done: So far, I'm able to use omniauth-saml gem to redirect to some URL (will be client's login page later) when a user enters a particular URL in "RoR App" using SAML.
Questions:
For testing purpose, do I need to create a login page in some technology (RoR, PRP etc), which will work as client's (IDP) login page. And when the user provide their credentials then I've to write some code in backend to authenticate with active directory?
OR
Does AD or windows provides some self-managed login page which can be created (after some configuration) and performed authentication process itself?
I'm new to Active Directory, so sorry it might be some obvious question.
Atlast, we've used Active Directory Federation Services (ADFS) for setting up the IDP which provides the login page and authenticate the user by using the configured user credentials in Active Directory.
I have portlet applications deployed on Websphere.
Сurrently if the user's session has expired and he logged in again, WebSphere redirects him to "Welcome to IBM WebSphere Portal x.x" page. How can i force it to go back to a previous page?
Thanks!
If your user logs out, then you would normally have some code that deletes his user sessions (could be in the action of deleting a cookie), and then redirect him to the index page.
If you are talking about a user being on some page which is not the index page, then he logs in, and you want him to be redirected to the same page he was before logging in, you would have to save where he was before logging in.
This could be done in various ways. I would probably just have a cookie, that I update with some textfield indicating which site the user was previously on, and redirect the user to that page.
E.G. User visits SomePage.php - Before returning SomePage.php you update a field in his cookie "PreviousPage" = SomePage.php. Then after user logs in, you redirect him to "SomePage.php".
In a default, configuration websphere redirects the user to default page/or the first page the page hierarchy which is determined by the portal. U have manually update the redirect.login.url property in config engine/config service and set redirect.login as true before you do that.
Refer: https://www.ibm.com/support/knowledgecenter/en/SSYJ99_8.0.0/admin/srvcfgref_config.html
Note: Not sure which version you are using but I believe these would be available in previous as well as latest versions.
I am using jekyll-google-auth to secure this website. Visiting the site should prompt the user to authenticate with google, and if they are in my company domain, they should get access to the site.
I have the google app set up, my dyno is up and running, but when I visit the site and click "allow" (or "deny" for that matter) I am not redirected to the site, instead it seems to refresh to the same auth page. I can click "allow" or "deny" indefinitely and never get to the site.
My redirect uri in my google app settings is:
http://dash.fractalhardware.com/auth/google_oauth2/callback
The command jekyll-auth new is supposed to run through setup for you, but it failed for me. It spit out an error when I entered my domain when prompted for GOOGLE_EMAIL_DOMAIN. So I went into the heroku settings and just added it manually in the config variables. I read through the code for the jekyll-auth command and confirmed the setup should've been complete. I don't think that's related to the auth problem but it's the only obvious hiccup I've come across.
Any idea why the oauth page seems to refresh/redirect to itself instead of authorizing the user and showing the site?
Thanks,
Dave
I am not quite a novice yet in Joomla but I am working my way up to that level of expertise!
I have never used Joomla and I have a friend who's asked if I can help with their website.
Basically, they have a members area which registered users can access however, when a registered user logs in, they see the default home page for the website instead of the members home page which they have created specifically for the members.
What is the simplest way to redirect users on login to go to the members home page instead of the default public home page?
They currently have a menu item which is called "Member Login" which is of type "User >> Login" which has an Access level of "Public" - I have set the variable "Login Redirection URL" as follows:
I have also tried configuring the module mod_login by setting the Login Redirection Page as follows:
But neither of these have changed the login behaviour.
The Article I am redirecting to is "Members Home Page" - This page has an Access level of "Registered"
Any help would be wonderful?
Assuming that you are using Joomla 2.5, then there are parameters you can set in the menu item to determine where a user is redirected to on login and logout. You just put the appropriate URL in the field and your done.
From what you are describing, the site is most likely J1.5. The User > Login menu also has the same redirect parameters, so you can still fill those in. However, I would HIGHLY recommend upgrading the site to at least J2.5 before the site gets hacked.
im using websphere portal 6.1.5 and portlet factory 7
How can i send user to a custom page intead of portal home page if user accecces a certain page before loging in?
i want to return the user to the same page that they were on before they clicked login link and went to login page. any solution?
That should be the default behaviour. If the user is redirected to the login page after login the WAS Server woudl redirect you back to that particular page.
This assumes that the URL is unique for that page because that is what is stored by the server before it does the re-direct to the login page.
Cheers
Manglu
No WebSphere by default redirects the user to the first page that he has access to right after login. In order to make portal redirect the user to a custom page you would have to implement a LoginFilter; which can be attached to the wps.war.
Take a look at:
Info Center: Configuring authentication filters
Creating loginfilter for WebSphere Portal
TechNote: New security APIs in WebSphere Portal
I hope this helps.
The default Login redirect behaviour is true, but only if the Login page is requested using the unprotected URL.
If the page is available within the protected area, meaning for authenticated users as well you can change the calculation of the redirect behaviour even without a loginfilter.
Therefore you would need to send a redirect to the current page but reference the protected area. Like wps/portal/a/b/c is the URL the user is currently visiting the login link should trigger wps/myportal/a/b/c.
WebSphere will kick in and require authentication for the user, but stores the original requested URL. This information is then reused from Portal after the user authenticated