Oauth2 auth server from spring, does not supports the ROPC, how would I add/enable the ROPC
The default auth server is working as expected. now I need password grate type. I need to support legacy apps
Related
We are running CAS Server 5.2.2 with 2 authentication handlers. One of them is a custom authentication handler where we are able to manage any kind of scenario. The other one is setup to delegate authentication to another identity provider which validates several types of credentials (digital certificates, ...).
Our problem is with the delegated authentication: the integration via oauth2 works fine and we release Principal attributes using a groovy script. Our new case is the following:
After a successful delegated authentication we need to evaluate some attributes and depending on their values mark the final authentication as failed.
How can we achieve this? We have tried to throw an Exception (registered in application.properties) in the groovy script that releases the Principal attributes but it does not seem to work.
I am setting up SMTP service on Airflow 2.1.2.
I get this error which is quite obvious:
smtplib.SMTPSenderRefused: (530, b'5.7.0 Authentication Required. Learn more at\n5.7.0 https://support.google.com/mail/?p=WantAuthError w5sm3433302wra.87 - gsmtp'
But authentication is done, i am using an email that has 2 steps authentication, so I created an app password and I recognized the activity in google account security tab..
My setup is:
AIRFLOW__EMAIL__EMAIL_BACKEND airflow.utils.email.send_email_smtp
AIRFLOW__SMTP__SMTP_HOST smtp.gmail.com
AIRFLOW__SMTP__SMTP_MAIL_FROM my email
AIRFLOW__SMTP__SMTP_PASSWORD my app pwd of 16 chars
AIRFLOW__SMTP__SMTP_PORT 587
AIRFLOW__SMTP__SMTP_SSL False
AIRFLOW__SMTP__SMTP_STARTTLS True
AIRFLOW__SMTP__SMTP_USER my email
I checked and there is no extra space or something like that neither in pwd or email.
Why is it returning required authentication when authentication is really done?
Not sure why it is not working. But do you see:
Fetching SMTP credentials from configuration variables will be deprecated in a future warning? You should if your environment variables will be used.
If you do not see it, then you likely have smtp_default connection in the Connection database.
In Airflow 2 the authentication for SMTP has been brought to the same level as other connections and rather than passing user/password via environment variable, they should be configured as login/password in the 'smtp_default' connection.
The variables should still work as fallback, but if you already have smtp_default connection created and has some login/password (even empty) configured, those will be used instead of the ENV vars.
In your case likely the solution will be to set login/password in the connection.
Can we authenticate against OpenShift enterprise 3.2 or 3.3 REST API's using username and password instead of tokens?
Thanks much in advance!
As stated in openshift documentation:
Requests to the OpenShift Container Platform API are authenticated using the following methods:
OAuth Access Tokens
Obtained from the OpenShift Container Platform OAuth server using the /oauth/authorize and /oauth/token endpoints.
Sent as an Authorization: Bearer… header or an access_token=… query parameter
X.509 Client Certificates
Requires a HTTPS connection to the API server.
Verified by the API server against a trusted certificate authority bundle.
So you need to authenticate using either of these ways
As of now, we have an authentication service using Spring Security OAuth2 which implements the following grant types: client_credentials and password.
To obtain a token, a client (potentially an HTML5 SPA client) would have to store the client_id and secret to obtain a bearer token with either the client_credentials or password grant type. For this case, it's not very safe as anyone the client_id and secret would live within the HTML5 apps source and anyone could obtain it.
Is there a different flow for this, other than client_credentials or password?
Generally speaking, for SPA s the recommended authorization protocol is OAth with Implicit grant.
You can read a bit more about how that is implemented in Azure Active Directory (it is free) here: https://learn.microsoft.com/en-us/azure/active-directory/develop/active-directory-dev-understanding-oauth2-implicit-grant
and here: https://learn.microsoft.com/en-us/azure/active-directory/develop/active-directory-v2-protocols-implicit
I have developed an Windows Store App consumes WCF service deployed in another server(not mine) everything works fine until i have disabled the Anonymous Authentication to off getting an error message
"The HTTP request is unauthorized with client authentication scheme 'Anonymous'.
The authentication header received from the server was 'NTLM,Negotiate'."
I have googled and found some of the solutions applied but none of the solutions worked for me.The same WCF service accessing in another project it works fine no complains but when i'm using with windows 8 store apps i'm getting the above error.
Any Solution or Explanation is much appreciated.
[Hi Dinesh Haraveer,
Please try using Enterprise authentication.
Windows domain credentials enable a user to log into remote resources using their credentials, and act as if a user provided their user name and password. The enterprise Authentication capability is typically used in line-of-business apps that connect to servers within an enterprise.
You don't need this capability for generic communication across the internet.
Please try looking into http://msdn.microsoft.com/en-us/library/windows/apps/hh464936.aspx