I ran an application that to have access, the user needs to log in, this application has multi levels of authentication, this application is a PWA too.
The problem is that when the user downloads the APP to the home screen it always opens on the login screen, but as it can be offline it will not be able to log in.
How can I do to keep it logged in? that is, when the user is offline or online go directly to their dashboard.
I read some answers about sessions and cookies, is it really the best way?
No react or angular or vue was used.
It took me a while to post the answer here, but it came.
Actually it was quite simple, just put in manifest.json to open the URL already logged in and solved my problem, of course it will only load if the user has ever accessed this URL according to my cache rules in the service worker, I suggest you try the same, if it doesn't work you can contact me that i can help.
Related
I have one WordPress site and an app in codeignitor, App uses its own database to store user and plan details.
Now I want to simplify it like My user can log in to my WordPress website and after successful login I want the login information to forward to the app so that the user can go to the app.
Directory structure:
For Worpress => root->wordpress
For App => root->app
On the same domain hosting.
I want the user's to use WordPress login to access App and manage their profile.
No idea how to proceed. Any suggestions
The most logical way to do this may be to use the cURL. Still, it is impossible to do so because such solutions cannot launch cookies or sessions in your browser and eject your client (essentially a security mechanism). You can try to resolve this by redirecting a user, or the most logical way is to use wordpress api support or capture the data using XML-RPC.
As an update. If both sides are on the same domain, you can try to eject the cookie or the session to the side you want to log in to. If it is under different domains, unfortunately, this suggestion will not work.
I'm trying to create an intranet site where, if possible, all parts of it should be SSO in a way that a user who is logged into his Active Directory account in Windows would immediately be signed on with that same account in all pages of my site through LDAP.
Now the main component of this site is built with a CMS and from there the user should be able to click the links on this site to get to the other tools we're using, like for example the ticket system.
The CMS and the ticket-system software both are able to connect through LDAP themselves but I want a SSO solution for this.
So I searched and found this for the apache server: mod_authnz_sspi
This apparently lets you use $_SERVER['REMOTE_USER'] in PHP to get the windows user signed on right now.
Now I'm stuck since I'm not really sure how to use this to automatically log the user into the sites.
What do I have to do with this to get the SSO solution that I want?
I thought about creating a simple HTML form with the same fields like the one from the ticket-system form I'm trying to log into. I would then try to send the POST-data to the form of the ticket-system and log the user in automatically. For the username I would send $_SERVER['PHP_AUTH_USER'] and for the password $_SERVER['PHP_AUTH_PW']. However, the ticket system is protected with a CSRF-Token which I would have to include into the sent POST-data but can't know in advance since it is generated in the moment of accessing the page.
So it would be really helpful if someone could tell me how to get a SSO working with the mod_authnz_sspi tool (or another).
If there isn't any other way than through using a HTML-form that sends the POST data like I tried, then it would be helpful if someone knew a workaround to the CSRF-Token problem!
You can create an AUTH application that administrate your users (details, permissions, etc.). When an user access other application if it are not logged in redirect it to the AUTH application. AUTH application check user credentials, generate an access_token and redirect user back to the application that try to access. More info you find here https://www.mutuallyhuman.com/blog/choosing-an-sso-strategy-saml-vs-oauth2/
We have several webapps based in Wordpress and Codeigniter, which are based on different servers but under the same domain (ie: intranet.something.local) and most of them use Active Directory login credentials.
For Wordpress, I'm using a plugin called Active Directory Integration to log in with these credentials and it's working perfectly after configuring openLDAP.
The thing is, our client asked us to have a single log on for every app, meaning that once I'm logged into Wordpress, I should be logged in when I go to another app, that uses the same login user and password.
Is there a possible way to do this? And if so, where should I start?
I believe, that is possible in multiple ways..
Setup Single Sign On in your apps
Use a script which automatically copies User data from a web app,
and then using that information creates user login to the other
apps..Idea is to let user register for one site, and based on that information, register him to other sites automatically
May be, some sort of Database sharing be possible, but that would be
really really a tough job, still Possible (I believe, in Computer
Science, nothing is impossible forever)
create a common cookie file and when user switches the app, use that
cookies to get the user login in between different apps
I've create a web site that authenticates users via LDAPS to a Windows domain - works fine, users are able to log in when they enter credentials a session variable ($_SESSION['LDAPSExampleUsername'] is established and maintained until they log out. So, I want to make sure that if a user is logged in, they can see https://host/main.php. If they're not logged in, they can't get to main.php, it'll just take them to https://host so that they can to log in. I have this working fine with syntax like;
if (!isset($_SESSION['LDAPSExampleUsername']))
{
header("Location: /");die();
}
I've been doing some reading and find that many say that this isn't really such a great idea because web browsers can disable forwarding to other web pages (defeating the purpose and causing a major issue). What is the appropriate way of handling this situation?
I'm developing a facebook application and everything is going fine with log in and comments etc.
I came across the issue of 'reauthorizing' users. One of my users 'accidentally' pressed 'don't allow' when it asked them for access to their information and now they cannot sign in.
Does anyone know how I can reauthorize them?
Thanks in advance.
Edit:
It turns out that once I officially published the application the users' error disappeared. I'm pretty sure you aren't supposed to have work-in-progress published apps but that certainly solved my problem.
It should ask for permissions automatically. Try to tell him to do this:
Go to My account > Privacy settings
(I don't know the exact text of the
option because mine is in spanish).
Then, in the footer menu, select
Applications and Web sites
Next to Applications that you use,
click on Edit settings
Search your app and delete it.
Re-enter in your app and permissions dialog should appear.
As explained by manuelpedrera previously, after the user remove the application from their facebook account, he / she has to re-access your website and retry to login to your website using their facebook account. Once they choose to allow the permission, your app will again be added under their facebook account and everything should be back to normal. good luck mate :-)