My question is with oracle portal, My portal is able to communicate with the OID because if i provide an incorrect login credentials, then it gives me an appropriate error message and I can view the details also in the ssoServer.log.
But when I provide the correct credentials, it is taking a long time to process and gives a message
"No Response from Application Web Server
There was no response from the application web server for the page you requested.
Please notify the site's webmaster and try your request again later.
I have checked the log file of sso and portal but unfortunately i am not able to trace any error.
Just to give the background, i am able to open all the public pages and custom application. This is only when i try to open the Portal Administration Page from the SSO Login. Please suggest.
Related
I have a Google Cloud App Engine app that functions correctly when either I allow unauthenticated AllUsers access or turn on IAM for controlling access in Identity Aware Proxy. However when I follow the instructions on this page https://cloud.google.com/iap/docs/cloud-run-sign-in to enable Cloud Run Hosted sign-in with external identities and attempt to access either the login page or the Google Cloud Run hosted sign-in page, I receive the following error in the browser.
"Could not fetch URI /computeMetadata/v1/instance/service-accounts/default/token?scopes=https://www.googleapis.com/auth/cloud-platform,https://www.googleapis.com/auth/identitytoolkit"
For context, the Google Cloud Run service hosting the user sign-in is set to allow all Unauthenticated. It should re-direct to the Google App Engine web app. I think this is related to permissions or redirects, but I am at a loss as to how to fix. Any thoughts? Thanks!
I attempted to fix by re-deploying the Cloud Run Service, switching IAP on and off, switching between IAM and external identities, but to no success.
Thanks #John Hanley, I discovered that one my compute engine service account was disabled for some reason within the project. Re-enabling solved the problem partially. I'll spend more time matrix out the permissions and re-directs to make sure they are aligned.
I originally thought I completely answered my own question and solved my problem. Unfortunately, I only solved one of the problems with my implementation of the external identities authentication method.
Description of the other problem:
I enabled email/password and Google as providers, but when I click on the the option to authenticate with Google, I receive the following text in the browser: "The requested action is invalid."
At the Console in Dev Tools I get the following error:
GET https://www.googleapis.com/identitytoolkit/v3/relyingparty/getProjectConfig?key=*mykey*&cb=1599165379363 403
The following url is displayed in the URL bar:
https://.firebaseapp.com/__/auth/handler?apiKey=mykey&appName=%5BDEFAULT%5D-firebaseui-temp&authType=signInViaRedirect&providerId=google.com&customParameters=%7B%22hl%22%3A%22en%22%7D&scopes=profile&redirectUrl=https%3A%2F%2Fiap-gcip-hosted-ui-app-engine-app-myserver-uc.a.run.app%2F%3FapiKey%3Dmykey**&v=7.16.0&fw=FirebaseUI-web
mykey and myserver were removed for this post and is not the actual values.
Email/password sign-in works, but not the Google sign-in. What am I missing here?
I am trying to run this github project.
For this I need to create credentials and OAuth Client Id.
When I click to create. After selecting web applications and typing the name I see authorised javascript and authorised redirect uri.
So what should I enter there because I tried with keeping both fields empty. But I got error saying no redirect url found for client id
Please help me.
I am using Developer Console for first time can't find any help on internet. This site is my last hope.
I did as said in [comment].2
Here is what I got in Linux shell and the error i received on redirected url opened webpage.
Linux Shell Message
/YouTube-Subscription-Importer/env/lib/python3.6/site-packages/oauth2client/_helpers.py:255: UserWarning: Cannot access subscribe.py-oauth2.json: No such file or directory
warnings.warn(_MISSING_FILE_MESSAGE.format(filename))
Your browser has been opened to visit:
https://accounts.google.com/o/oauth2/auth?client_id=1069660256195-n8adm0dmi70v29i55hcfblftle09hb5n.apps.googleusercontent.com&redirect_uri=http%3A%2F%2Flocalhost%3A8080%2F&scope=https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fyoutube&access_type=offline&response_type=code
If your browser is on a different machine then exit and re-run this
application with the command-line parameter
--noauth_local_webserver
Snipe of what redirect url webpage said
**MOST IMPORTANT
I am running this in windows bash.
Now tell me what to do next.
I just simply need a tutorial/how-to use guide for Google developer console credentials and OAuth Screen.
**
You need the redirect URL, you will be redirected from Google OAuth Consent Screen to https://REDIRECT_URL?code=AuthorizationCode, you can just set it to http://localhost.
After creation, you can your find Client ID on the Credentials page.
I am trying to run the active-directory-dotnet-webapi-onbehalfof sample in single tenant mode. I've registered the web app service and the native app client as global admin for the tenant. When I run the sample, as a user in the tenant, I can get a token in the client only after consent pops up (first-time for user), and then call makes it to the service, but there it fails with below. Why is that? Documentation says that when a tenant admin registers the application no further consent is needed? I don't think it is possible to give consent when a remote webapi tries to get OBO token. Something seems buggy... AAD team, please clarify how the OBO feature should be used.
AADSTS65001: The user or administrator has not consented to use the application with ID 'b824502e-fe8a-4770-bd98-8d65a07efcc3'. Send an interactive authorization request for this user and resource.
Trace ID: ad7843d0-be4e-4098-8f7c-43c8e5505cfc
Correlation ID: 140466a4-7250-429f-8843-dbd4f63dc60e
Timestamp: 2016-11-25 21:46:13Z
When you register an application using the Azure Management Portal (manage.windowsazure.com) as a tenant administrator, then yes you should not get consent, as long as subsequent tokens are being retrieved in that same tenant.
Because you are seeing consent for the native client app, and then getting that error message, we must assume that something is not being satisfied which would suppress consent for your app.
To resolve this issue, my recommendation is to simply initiate an interactive authorization request just like the error message implies. You can do this by generating a log-in url for your application, with a specific query string that will force prompt tenant wide consent (prompt=admin_consent).
Here is the skeleton for the URL you need to complete:
https://login.microsoftonline.com/<TenantID>/oauth2/authorize?client_id=<AppID>&response_type=code&redirect_uri=<RedirectURI>&resource=<ResourceURI>&prompt=admin_consent
You can do this for all the applications you registered, and you should not run into consent issues (assuming you are indeed signing in as a tenant admin).
I hope this resolves your issue.
I have registered a dummy app with Yammer, as I am still in testing phase. I gave the homepage of my org as the redirect URI. Honestly, there is no app hosted anywhere. Still, I think it is possible to test the authentication and go till creating a token. This is what I have done.
Navigated to https://www.yammer.com/client_applications page.
Registered an application. I provided the "RedirectURI". I got a "Client Id", "Client Secret", and "Expected Re-direct".
Since I don't have an app to launch anything from, I manually typed in the following URL in the browser. "https://www.yammer.com/oauth2/authorize?client_id=[:client_id]&response_type=code&redirect_uri=[:redirect_uri]".
I was taken to the app registration page. I clicked "Allow".
Now the page is redirected to the home page of my org, as I provided along with "www.<<>>.com/code=".
I copied this code over, tried to launch "https://www.yammer.com/oauth2/access_token.json?client_id=%s&client_secret=%s&code=%s".
I expected a token to be created, so that I go back to my dummy JAVA program and start connecting to Yammer, but I am not allowed to connect in above step. I am getting a "Not Authorised" error.
Can some please point out what I need to do? My requirement is that I get this token not from with in an app, but then on use it in a SWT based Rich Client JAVA application to connect to Yammer.
I think the request to oauth2/access_token.json needs to be a POST not a GET
I am creating a windows plugin which would access Yammer data like groups user follows etc, for this i created a client application and accessed yammer rest api using client id and access token i get after user allows my app to access his data in a consent page. I am able to successfully do all this when people of my network are trying to login but this does not work when the plugin is being used by people of other networks, I am able to receive the access token after the user gives his consent in user consent page, but when i try to access his data like fetching groups using rest uRL i get an error saying "{"response":{"stat":"fail","code":17,"message":"Attempt to access a protected resource failed."}}"
please be noted the client app i created is not yet deployed into Global App directory, I really doubt if this is the actual cause of the issue, because i think if this was an issue it should not have recognized the client id itself and would not have shown the external network users the consent page too. may be if i am wrong please correct me
To access users on other networks' data, your app must be globalized (even if you don't want it to be listed in the Global App Directory). Without the user's consent, your app is not allowed to attempt to login on behalf of the user, thus they see the popup for authentication, and then the auth process fails because the app is not globalized.