I'm working on an application that serves multiple Facebook apps from a single source. It's structured so that multiple apps can be served from multiple machines all running the same code - only the config changes per app.
Running one of these apps on my local machine works fine & running all but this one problematic app on the live server also works.
The scenario causing problems is one app running on the live server that triggers the infinite redirect loop and "Bad Signed JSON signature" spammed in the error log.
Since this is a shared codebase and the other apps all work - the logical place to look is in the config - I've checked 3 times now - the App ID, secret and redirect params are correct.
So - Question: Has anyone had this issue and managed to resolve it? Got any tips for me as to where I can look?
Clearly 3 times was not enough - there was a trailing space in the app secret config file.
Related
I recently deployed a web app to test out Azure as a hosting platform.
The configuration is php 8 with local git. I was able to connect through git and deploy a website. When I try to navigate to the site I get a 404 error. I did some digging and if I use: myapp.azurewebsites.net/.auth/login/aad/callback it will redirect a couple times and take me to a landing page and then from there on I can navigate to my website... at least until the session ends and then I'm back to 404 errors.
This is a free azure deployment there is no special configuration or setup... I'm really just testing out azure as a hosting platform and wondering how to solve this issue.
The site is also configured such that only members of the tenant can access the site, which is by design, and I can authenticate and access the site but only after using myapp.azurewebsites.net/.auth/login/aad/callback
I would have expected.. so long as I have logged in and have an open session / cookie then I can freely navigate the page without first needing to use the callback
I suspect some sort of authentication or redirect issue but I've also followed the instructions in:
https://learn.microsoft.com/en-us/azure/app-service/configure-authentication-provider-aad
The app registration from step 1 was already done as part of the deployment of the site. Kind of odd that after I use the callback URL I'm able to access the site as normal for a while.
Suggestions?
Thanks!
I've been developing a Symfony app (learning Symfony with the goal of replacing an existing "old school" PHP script with it) and am having an issue with putting it "behind" our Shibboleth authentication.
Why do that? For this app I need $_SERVER['REMOTE_USER']. The app doesn't have local accounts, the user doesn't log into the app, but, like many resources, we protect them with some form of authentication.
I have two sites - virtual hosts running on the same physical server. (CentOS 7). The first site has the following in its .htaccess file:
authtype shibboleth
ShibRequestSetting requireSession 1
require valid-user
I have a "phpinfo.php" file in there, too, and can run that script and, after the Shibboleth authentication step, get the output which includes the correct value of REMOTE_USER.
The other virtual host is set up as a Symfony 3.1 app. I've added those three lines to the top of its ".htaccess" file - but after going through the Shibboleth authentication step, the browser gets into a loop and goes no farther. (In Chrome, the 'favicon' is replaced with a looping arrow, and it never stops turning.)
If I hit and then view the source of this still-empty page, I see the following error message:
Error Message: Error decoding authentication request message
I'm not sure how to start to resolve this issue, and was hoping that someone has seen this and knows how to help.
Thanks.
Best,
Stephen
If I understand well, you are trying to make the Service Provider part in Symfony and you already have an IDP working with Shibboleth.
In my case I had also a similar problem and it was because after the Assertion the apache SP was returning to the root URL. I learnt after reading a lot of documentation that if this is not set correctly you can add an attribute in the shibbolet2.xml configuration called homeURL:
<ApplicationDefaults entityID="https://sso/saml2/idp/metadata.php"
REMOTE_USER="mail"
homeURL="https://symfonyApp/redirect/after/login">
Try it out and restart the shib daemon: /etc/init.d/shibd restart
It may be another as well. But it sounds to me that there is some misconfiguration in your SP side.
I have random problems with my S3. I have several environments (several cloud / dev etc. machines). On almost all of them S3 is working perfectly fine. (I am using the PHP SDK with Gaufrette) The only exception is the productive environment which is not working. It has nothing to do with the bucket nor with my credentials. I provide the credentials via Environment variables and I have not changed them. During several deploys I have seen it working and not working in several occasions. I have no idea when it is working and when not. But as soon as I have deployed one codebase the fact whether it works or not seems to be fixed. Sometimes even an empty redeploy can solve the issue.
Here are the logs I am getting:
https://gist.github.com/KeKs0r/872af7eff4d723a589c5
I have read that sometimes the signature has problems with special characters or in some environment it has something to do with timezones? How could I check those settings and for what do I have to look?
(I am working with AWS SDK 1.5.17.1)
This is one example signature:
AmazonS3[x-aws-requestheaders][Authentication]: "AWS
MYKEY:pEU9UV/Yu1+7V71P55UuON8nGpQ="
Is the issue maybe caused by the / and the + signs? Why is the SDK not taking care of it?
I'm relatively new to programming and am having trouble with using OAuth with my app hosted on Amazon Beanstalk.
What I wish my app to do is to connect to the Constant Contact API, using the base code shown here
https://github.com/shannon7wallace/OAuth-2-PHP-Example
If I execute this code locally, everything works fine. I am able to login with my constant contact credentials and pull data. I was sure to setup my redirect uri in my constant contact developer key correctly, and everything works perfectly locally.
When I deployed it to AWS however, I would get a blank page when trying to navigate to index.php. I double checked my container settings and the zip package I uploaded to ensure I was pointing to the correct directories, and made sure my AWS healthcheck pointed to a publicly accessible URL (AWS shows app as being healthy), but the page is blank.
If I replace my index.php with simply HTML or even phpinfo(), it works. I suspect it gets hung up at the authentication check but even if I hard code my account credentials in and remove the login logic, I still get a blank page. Even the html outside my php script tags does not display, regardless if I include things like or other head tags.
Googling for OAuth + Beanstalk produces very little, and the constantcontact API documentation, at least to my inexperienced eyes, is pretty sparse, but the closest thing I could find addressing my problem is this
https://forums.aws.amazon.com/thread.jspa?messageID=277339񃭛
The scenario in the above thread seems to address a problem much more specific than mine, and I am unsure on how to apply the solution to my particular case.
Is there something obvious I am missing? I can't believe AWS would be unsuited for apps using OAuth considering the vast array of projects that are hosted on it.
I appreciate any help anyone can offer.
The Beanstalk container options for PHP have an option to control whether errors should be displayed; switching it to "On" should write a fatal error on your page.
As it turns out, even after changing the setting, the pages would still be blank. I'm not sure if the feature is broken, but it definitely guards you from accidentally leaving it on :)
You'd have to log into your instance (assuming your site isn't loaded yet and it's really just one) and edit your code to insert the customary debug statements as high up as possible:
error_reporting(-1);
ini_set('display_errors', 'On');
Barring any parse errors in your page, it will show the offending error.
I've got a newly set up dev server of a site I built. The dev server sits at a completely different Box and IP.
The dev site is a complete copy of the live site minus updates to paths and databases. The address is dev.mysite.com as opposed to just mysite.com.
The live site has a number of subdomains attached to it that change skins based on the subdomain, but nothing else is changed. When I try to log in to the dev site, it won't set the Session variable for the login. Any thoughts on this would be greatly appreciated.
Before testing the live site you should test and ensure that the dev site works. In your question it sounds a bit the other way round. Anyway, I see two options here:
conflicting cookies
missing server configuration on the dev site
From your question it's hard to say which of those two applies (even not even something else). You should concentrate to get your dev site to work, ignoring your life site. That means, you access the dev site with a complete different browser from a complete different box (if possible) and from a complete different internet connection (if even possible). That should help you to isolate the problem and more easily find out what is going on. Then get sessions to work on the dev site. After it works, you can start to test your live site.
I got a solution for you
— Create a cookie and set it for domain and all subdomain (*)
So you need to insert sessions to database, I suggest you to use Zend Sessions.
Documentation : http://framework.zend.com/manual/en/zend.session.savehandler.dbtable.html