I am Currently Working on SSO Project. Like Google, we have accounts.domain.com as SSO Server. And we have three applications hosted on three different servers(application1.com,application2.com,,application3.com,).
Whenever the user wants to log in from those three applications then the user will be redirected to the SSO Server. If the login credential supplied by the user is correct means the SSO Server generates a JWT access token. Now the Generated token have to be attached to the user requested application response header and then the user will be redirected to the requested application along with the "Authorization: Bearer $token".
I am currently facing problem in attaching the generated token to the response header. I am currently using Slim 3 framework along with lcobucci/jwt for JWT token.
My Code :
$username = "Test";
$newResponse = $response->withHeader('Authorization' , "Bearer $token");
return $newResponse->withRedirect("http://application1.com/$username", 301);
When I debug the Response header in accounts.domain.com the Authorization header seems to be set. But on another end (application1.com) not receiving the Authorization Header.
Screenshots
Initial Request from application1.com
SSO Domain Redirect to grab the Cookie
Validate the Session by the Grabbed Cookie and attach the Auth Header attached
Authentication Success but no Authorization Headers Received
My Doubt is whether the problem is because of server configuration(apache2) in .htaccess file (or) my implementation itself is wrong.
Guide me to fix this error.
Environment Details :
Server : Apache 2
Framework : Slim 3
JWT : lcobucci/jwt package
A redirection in the HTTP protocol doesn't support adding any headers to the target location. It's basically just a header in itself and only allows for a URL.
It looks something like this:
HTTP/1.1 307 Temporary Redirect
Location: http://application1.com
When you are adding your Authorization header you are only sending that header back to the client:
HTTP/1.1 307 Temporary Redirect
Location: http://application1.com
Authorization: ...
When you are sending a response redirect and also set some header like Authorization, the browser will not forward this header to the site it is now redirecting to. If you are absolutely bent on passing some parameter to the site the browser will redirect to, you will have to pass that parameter as an URL query parameter.
Related
Trying to authentcate with my API without the frontend of my environment so I can test my API end points with postman or some sort of client. I have a Baerer token I took from my frontend axios requests but apparently Laravel wont take it and just returns Route login not defined IE meaning its trying to redirect to the login so it can't auth.
So I tried generating a new one with Insomnia, similar to postman since postman gave me the Route not defined issue so I gave up wih it.
Going to: http://api-core.test/api/oauth/token
Passing:
client_id=2
client_secret=...
grant_type=client_credentials
username=...#example.com
password=...
scope=
And now its just spitting out
{
"error": "unsupported_grant_type",
"message": "The authorization grant type is not supported by the authorization server.",
"hint": "Check that all required parameters have been provided"
}
I need to integrate Facebook login into my site
I have used some library to do this and then I provided the following URL in Valid OAuth:
Redirect URIs: My valid OAuth Url was :
https:/mydomain.com/smedia_test/index.php/hauth/endpoint?hauth_done=Facebook.
I have set below details in Facebook app
Facebook App Details :
Basic Setting :
App Domains : mydomain.com
Site URL : https://example.com/smedia_test/index.php/
Advance setting :
Server IP Whitelist : My Ipaddress
Facebook login Setting:
Valid OAuth Redirect URIs
https:/example.com/smedia_test/index.php/hauth/endpoint?hauth_done=Facebook
However, I got the error message "URL Blocked: This redirect failed because the redirect URI is not whitelisted in the app’s Client OAuth Settings. Make sure Client and Web OAuth Login are on and add all your app domains as Valid OAuth Redirect URIs.".
How can I fix this? And also Facebook login is not working in localhost
Make sure to make your URL to be exactly the same as the URL you provide to the Valid OAuth Redirect URIs setting. For example, if you are getting the Facebook login URL like this
$login_fb_url = $helper->getLoginUrl('https://www.example.com/fb-callback.php', $permissions);
Make sure that the same URL https://www.example.com/fb-callback.php is used in the Valid OAuth Redirect URIs setting of your application.
I am developing an Oauth 2 authentication server and I have a problem with endpoint redirection.
Here is what the RFC says that I try to follow scrupulously:
3.1.2.1. Endpoint Request Confidentiality
The redirection endpoint SHOULD require the use of TLS as described
in Section 1.6 when the requested response type is "code" or "token",
or when the redirection request will result in the transmission of
sensitive credentials over an open network.
https://www.rfc-editor.org/rfc/rfc6749#section-3.1.2.1
Here is my question:
I know if the current request uses HTTPS with the $_SERVER ['HTTPS'] superglobal, but how do I determine if the url I'm going to redirect is using TLS
?
header("Location: $redirectUri");
Do I only rely on the protocol (https: // at the beginning of the URL)? On headers returned by a CURL request made before redirection (check the presence of the Strict-Transport-Security header) ? If not how should I do it?
PS: Normally it is not necessary but in case. Here is the complete code:
https://github.com/alexandre-le-borgne/oauth-server/blob/master/src/OAuth2/Endpoints/AuthorizationEndpoint.php#L185
My conclusion is that it is enough to check the presence of the https at the beginning of the URL.
I have a service running on Navision accessed by url http://navision_ip/NAV/WS/COMPANY/Codeunit/Web_Service
I also have login / password for service.
When I try to open link with Chrome, after entering credentials, I get wsdl.
I also see that Chrome passes Authorization: Negotiate header.
Other browsers return 401 / 400 instead of wsdl and doesn't show the wsdl.
How do I get wsdl in PHP?
You should set the authentication to NTLM = true in the CustomSettings.config file.
I found this blog post very useful:
http://blogs.msdn.com/b/freddyk/archive/2010/01/19/connecting-to-nav-web-services-from.aspx
and for php:
http://blogs.msdn.com/b/freddyk/archive/2010/01/19/connecting-to-nav-web-services-from-php.aspxhttp://blogs.msdn.com/b/freddyk/archive/2010/01/19/connecting-to-nav-web-services-from-php.aspx
In my web app you get redirected after successful login via header('Location: https://domain.com/loggedin') but when its finished redirecting I get to following URL http://domain.com:443/loggedin which give (of course) following error
400 Bad Request
Your browser sent a request that this server could not understand.
Reason: You're speaking plain HTTP to an SSL-enabled server port.
Instead use the HTTPS scheme to access this URL, please.
What do I have to change? What did I do wrong or what do I have to add?
This sounds absurd but after some thinking:
I added a slash (/) at the end so now it looks like this header('Location: '.PROJECT_HTTP_ROOT.'/');.
Works like it should now!