We have CAS enable application and we need a requirement that when ever we give user id, password and click on submit button, by default it should take a querystring(something like this "service=www.casifiedapp.com").
What could be the better solution? Where do I need to change CAS configuration. I cannot find the the commanline, action urls etc...
Any help would be appreciated. Thanks in advance.
You can write your own AuthenticationHandler to load service data from query string or from another location.
have a look at the docs:
https://wiki.jasig.org/display/CAS/How+To+Write+an+AuthenticationHandler
Related
When the user clicked on the logout button after successful logout user redirects back to callbackurl with additional query parameters.
You can see below the URL return
https://localhost:9443/?sp={spname}&tenantDomain=carbon.super
Can anyone please help me with how we can remove these two sp and tenantDomain parameters?
I found the below article, also there are these two additional parameters.
https://piraveenaparalogarajah.medium.com/rp-initiated-logout-with-wso2-identity-server-b1fde28c4d80
Can search the below text in the article for reference.
Redirect to post_logout_redirect_uri
This seems to be introduced with the fix done for https://github.com/wso2/product-is/issues/3266. It has added the service provider name and tenant domain as query parameters for the success flow as well in addition to the failure flows.
Unfortunately, there is no way to configure this. But you may report this at https://github.com/wso2/product-is/issues and the team will decide whether this needs to be fixed.
This issue is reported for IS 5.10.0:https://github.com/wso2/product-is/issues/12723
I have installed two different PHP frameworks Laravel 5.3 and Yii2 advanced. Both frameworks provide authentication out of the box which is great.
And both have the checkbox Remember me on the login page.
In Laravel, I have found that there is a remember_token field on users table which is as per my understanding used for the remember me feature.
But there is no such extra field on Yii2's user table.
So, I guess both provides the same feature but working differently. So I want to know that how that feature is working on both the frameworks?
Any help would be appreciated.
Note: I'm asking this because I have one system built with Yii2 and now I'm going to build a new system with Laravel. New Laravel system will use the same user table of the Yii2. Means the user can login into both the system with the same credentials.
Thanks,
Parth vora
Yii2 have auth_key - its default name, but you can define ur own column name and then declare it in identity class, which implements yii\web\IdentityInterface, in function getAuthKey().
The remember me function in Yii 2 (and most php frameworks) makes use of cookie-based login.
From the docs:
getAuthKey() returns a key used to verify cookie-based login. The key is stored in the login cookie and will be later compared with the server-side version to make sure the login cookie is valid.
Yii uses the auth_key field by default. That's probably the same field as Laravel's remember_token.
How it works is as follows:
Login with the remember me field checked.
Yii sets a cookie containing the user's (serialized) id, auth_key and duration (amount of seconds representing the duration of validity for this cookie). In yii2, the cookie name is specified by the identityCookie array in the config (user component).
All guests' requests are checked for the existance of the cookie, if it exists and is valid, the user is logged in.
That's basicly how cookie based logins work, so I'm assuming that Laravel uses a similar, if not exact same implementation.
I'm working on a user system, and I want to use the beforeValidate hook to hash the user's password with bcrypt. However, if the password is not changed, I want it to skip hashing the password. I know it's possible in MongoDB/Mongoose, but I haven't stumbled across anything comparable to Mongoose's isModified function.
Is there anything that I can use to check if it's modified? Or would be setting the password via an InstanceMethod be the only way to do that?
Sequelize has the .changed() method which can be used to check whether an attribute has been changed:
http://sequelize.readthedocs.org/en/latest/api/instance/#changedkey-booleanarray
I have a metro application in which I have Login-Page where am entering values for username and password fields.Based on these values my application will need to call web-services.Can anyone give me advice to store and retrieve the values from Login-Page?
Thank you.
You can also use the CredentialPicker class. See https://gist.github.com/3790578 for a full example using the CredentialPicker and then storing it in the PasswordVault.
Sounds like you need the PasswordVault API. Check out the sample app... Credential locker sample # http://code.msdn.microsoft.com/windowsapps/PasswordVault-f01be74a and read up on the PasswordVault class # http://msdn.microsoft.com/en-us/library/windows/apps/windows.security.credentials.passwordvault.aspx
Ok so here is what is happening:
I have a client that I am building an application for. My client has a flowchart that they would like posted on the front page of their application. Check. My client then wants this flowchart to be set up as an image map so that a user could click one of the boxes in this flowchart and be taken to a report in another part of the application. Check.
All of that is elementary and, in a technical sense, works. The issue is, and it is an issue I have encountered before with APEX, is that every time a user clicks one of these links it takes them to the login screen. It seems that linking directly to a page's URL breaks the session and requires you to login again, even if you are linking from one page in the application to another in the same application.
I have played with all of the authentication settings in a hopes of fixing this and tried to determine what is breaking the session exactly but with no luck.
Has anyone else had this problem and could share their method for fixing it? I really cant have users logging in every time they click a link and I also cannot simply remove the authentication on the pages. Thanks in advance.
You should pass on the session id in your links. If you don't, then apex will see this as a new session. You can tell from the url: take note of the session id in your url when you are on your image map. When you select an application, take another look at the session id part in the url. If they are different, then you are starting a new session each time.
/apex/f?p=190:90:1674713700462259:::::
190 -> application id
90 -> page id
1674713700462259 -> Session id
To pass on the session, it depends where you construct your links.
In PLSQL, you can find it through :SESSION or :APP_SESSION
For example, in a plsql dynamic region: htp.p('the session id is '||:SESSION);
In javascript code you can use $v("pInstance") to retrieve the value dynamically, or use &APP_SESSION. which will have the value substituted at runtime.
Small example:
function printsome(){
var d = $("<div></div>");
d.text('&APP_SESSION. = ' + $v("pInstance"));
$("body").append(d);
};
So you probably just need to alter the construction of your link somewhat to include the session!
I was assuming the binding variables will do the job. But they were helpless.
Best way is to pass the current session id to an item then use the item value in the link.
f?p=&APP_ID.:32:&P31_SESSION.:::P32_CUSTOMER_ID:#CUSTOMER_ID#