7,670 questions
0
votes
0
answers
34
views
Need help to integrate SSO with SAML for one of the applications through Chrome extension
I have one application which supports SSO login by SAML only. I want to create Chrome extension for that and want to give users option to login to that application using SSO from extension in order to ...
-1
votes
0
answers
27
views
Keycloak - deny access if user email not Verified (using External Identity Provider)
I have Keycloak 26 running for user authentication, and I wanted to add federated users, for testing I basically have another Keycloak running somewhere else (let's call it Keycloak 2). So I create my ...
- 462
0
votes
0
answers
31
views
How to increase SAML clock-skew tolerance in Keycloak (as IDP)? [closed]
I’m following the Autodesk SSO integration guide and configuring SAML metadata mapping, but the mapping keeps failing. https://help.autodesk.com/view/SSOGUIDE/ENU/?pl=KOR
When I asked Autodesk support,...
1
vote
0
answers
45
views
Magento 2 SSO Login: “login_redirect” cookie created on first login, forcing repeated login on checkout
I’m integrating a custom SAML-based SSO module with Magento 2.
The SSO login works, but I’m facing an issue specifically during the first login after the user arrives via SSO
After SSO login, when the ...
- 11
1
vote
1
answer
38
views
Azure AD B2C IdP-initiated SSO : REST TP receives literal {QueryString:...} tokens instead of actual query values
We are building an IdP-initiated SSO flow using Azure AD B2C custom policies, where the journey must:
Read 3 querystring values:
enc_attrs_token, sp, and EntityId
Pass them to a backend REST API via ...
- 13
1
vote
0
answers
90
views
Importing hashed passwords into Keycloak
I want to create a user using a password that has already been hashed (using argon2). This is to validate the user migration process from my application's database to Keycloak.
I went to ...
- 160
-4
votes
0
answers
28
views
How to have IDP secure API access between 2 applications?
I have an Application A which authenticates with IDP via SAML-SSO. This application has some APIs that need to be secured. Now there is Application B that needs access to the APIs of Application A.
...
0
votes
0
answers
39
views
Sustainsys Saml2 HandledResult = true still sets the cookie
On AcsCommandResultCreated, I want to set my custom cookie. However, I end up with two cookies: one created by the library and another that is mine, even though I set HandledResult = true. How can I ...
- 1,479
0
votes
0
answers
52
views
How to force refresh of AWS SSO loging "refresh"?
I use metaflow with S3. In order to access S3, I need to login with AWS CLI single sign on (aws sso login). The problem is that I have no way to force "refresh" (not sure about correct ...
- 1,559
0
votes
0
answers
70
views
App is not logged out after doing SSO sign out from other apps
I recently worked on a PHP based project and it implemented Keycloak SSO login system.
There are three apps (let's say App-1, App-2, and App-3) that are using the SSO. App-1 also implemented ...
- 1
0
votes
0
answers
200
views
How can I dynamically refresh a JWT token in Airflow with Microsoft SSO using RSA?
I’ve configured Microsoft SSO with Apache Airflow using RSA-based authentication. The setup involves uploading the public key to the Azure App Registration, while Airflow holds the private key to ...
- 19
0
votes
1
answer
77
views
How do x509 certificates work using OpenID Connect SSO authentication?
We decided to involve the OpenID Connect authentication in our project. The identity provider server uses x509 certificates confirmation as an authentication method. So, should we make an additional ...
0
votes
1
answer
62
views
Single Sign On - Laravel Passport
I have multiple Laravel Apps all with their own user tables and roles tables. I want to implement single sign on so a user can sign in once and then access all the apps without signing in again. I ...
- 473
0
votes
1
answer
73
views
Azure AD B2C: invalid_grant with JWE key missing when redirecting via SSO pre-login app
[ERR] Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler
Message contains error: 'invalid_grant',
error_description: 'AADB2C90090: The specified kid 'cpimcore_09252015' is not ...
1
vote
0
answers
86
views
How to implement quick account switching in Keycloak without re-authentication?
What I want to achieve
I need to implement a "quick account switching" feature where:
User logs in with Account A ([email protected])
User clicks "Add Account" in my application
...
- 11
0
votes
0
answers
50
views
Unable to acquire new SharePoint Online access token across tenants in Azure AD SSO app (AADSTS50076 MFA error)
We have an Azure AD Single Sign-On (SSO) .NET 8 Core application that transfers documents from one SharePoint tenant to another.
Based on the selected tenant, we retrieve sites, libraries, etc.
We ...
-3
votes
1
answer
101
views
Why do we need password grantype for sso keycloak?
In password grant type password along creds client_id and clients secret we use username/password.
Clien_id/client_secret - it is used for getting access token.
I didn't catch how why we need username/...
- 1,417
-3
votes
1
answer
76
views
AssumeRoleWithWebIdentity - Call AWS DynamoDB from firebase function using IdentityToken
I am getting this error when calling AssumeRoleWithWebIdentityCommand from a firebase function.
Error: {
Type: 'Sender',
Code: 'InvalidIdentityToken',
Message: 'Incorrect token ...
0
votes
0
answers
37
views
SAML attribute for SaaS apps
I am working with Single Sign-On (SSO) using SAML for multiple SaaS applications. Each SaaS provider requires different attribute mappings (for example: email, firstName, lastName, NameID, etc.).
I ...
- 1
0
votes
1
answer
111
views
OIDC django-allauth - kid lookup uses x509 instead of jwk when upgraded to 65.11.0?
We recently upgraded to django-allauth[mfa, socialaccount]==65.11.0 where we are using an OIDC-provider that extends OAuth2Client and we discovered that one of our SocialApplication configs that is ...
- 35
1
vote
2
answers
120
views
Kerberos: Verifying TGS using NodeJS
I'm building a single-sign-on solution where:
A user boots up their Active Directory–joined Windows machine.
My app auto-starts after the Winlogon event.
Since the user already has a TGT from logon, ...
- 51
0
votes
1
answer
63
views
Lavarel Socialite and introspection endpoint. Aka Access Token validation at server side
I'm a bit confused because a lot of articles about Oauth with Mobile App explains the client side but never talk about the server side which needs to verify the validity of the Access Token. As if the ...
- 225
0
votes
1
answer
70
views
SSO with Shibboleth and Azure on IIS site with 2 bindings
I have a site that hosts some apps on IIS.
It is configured for SSO with shibboleth and azure.
The issue is that i have a new URL now and i want it to work conncurrently with the old one SSO and all
f....
- 43
0
votes
1
answer
182
views
why does one have to execute the aws sso login command when one is Only working with LocalStackCloud on one's work computer? [closed]
Here is the info about the technologies that I'm using:
LocalStack CLI 4.6.0
OS Name Microsoft Windows 11 Enterprise
Docker Desktop 4.43.2 (199162)
aws --version aws-cli/2.17.0 Python/3.11.8 Windows/...
- 1,517
1
vote
0
answers
61
views
Does Entra ID Ciam support SSO for Native Authentication
I'm building a mobile app in React Native with Expo. For my authentication flow I'm using Entra ID Ciam but the docs are say two different things:
These docs say I need to at least have the redirect ...
0
votes
0
answers
90
views
Why with local storage would email be undefined
I'm configuring Entra OIDC for my team and have run into the issue where the company email only populates in my user store with sessionStorage as my cacheLocation, but not with localStorage. I would ...
- 11
0
votes
0
answers
42
views
How to get Keycloak to always store the Broker Context
Keycloak doesn't seem to store broker context in the in the session notes in post login flow.
I am using a custom keycloak SPI to help with user attribute sanitation, in the context of a saml single ...
- 1
1
vote
1
answer
92
views
WSO2 Google Identity federation
I am using wso2 identiy server 5.7.0
I Configured Google Federation by adding clientid and client secret in WSO2IDP also created service provider and deployed pickupdispatch.war as exmample.
After ...
0
votes
1
answer
123
views
MSAL for iOS - how to refresh token
I implemented MSAL-based Enterprise SSO in my application, but I ran into a problem with token renewal. To verify a request to the API, I use idToken, which I receive after authorization. Its lifetime ...
- 467
1
vote
0
answers
382
views
Airflow 3.0.2 + Helm + Keycloak SSO: User role changes from "Admin" to "Viewer" after login
We are using Apache Airflow 3.0.2 with the official Helm chart version 1.17.0, deployed on Kubernetes via Terraform. We're integrating SSO using Keycloak.
Problem
After successful SSO login, users ...
- 642
0
votes
1
answer
177
views
OAuth2 Token Request Fails with "Bearer token missing" – Help Needed (BA Perspective)
I'm a business analyst working on integrating one of our applications with WSO2 Identity Server to enable Single Sign-On (sso) using OAuth 2.0.
While configuring the SSO flow, I used the following ...
-1
votes
1
answer
170
views
OAuth/SSO to Snowflake with Power BI and Airflow
My team is changing all our Power BI and Airflow users' Snowflake connections to use OAuth and SSO. Anyone have experience doing this with these 2 tools?
Far as I can see for Airflow, we register an ...
0
votes
1
answer
47
views
SAML User identification on Service Provider
In certain Identity Providers (IDPs), users can change their email addresses. Therefore, relying on email addresses for user identification on the Service Provider (SP) side is not feasible. When ...
- 1
0
votes
0
answers
76
views
When Cloudflare is enabled, my SSO login does not work between my domain and subdomain
I recently placed my client’s site www.domain.com and its subdomain forums.domain.com under Cloudflare’s protection. In general Cloudflare has been excellent at blocking unnecessary and suspicious ...
- 601
1
vote
0
answers
167
views
phpMyAdmin OIDC Authentication with OAuth2-Proxy causing redirect loop between login and SignonURL page
I'm currently running phpMyAdmin and OAuth2-Proxy in my kubernetes cluster. OIDC authentication is working just fine, I've verified that PMA_USERNAME is being set properly, and I'm being authenticated ...
- 189
0
votes
0
answers
87
views
Firebase Auth deletes the displayName property after first sign in with SAML provider
I use Firebase Authentication with an SAML provider linked to an Azure SSO in a Next.js web app.
Problem : After a user first signs in, the displayName property in Firebase Authentication is set to ...
- 833
1
vote
1
answer
134
views
SSO Issue with Azure AD B2C Using Microsoft Accounts Across Subdomains
I'm setting up SSO behaviors across multiple modules of a web platform using Azure AD B2C Custom Policies as the identity layer. The modules are React apps served from different subdomains under a ...
- 353
1
vote
0
answers
184
views
Apple sign-in with FastAPI returning different state in response
Below is the call to and the callback for my Apple sign-in implementation.
async def login_with_apple(request):
logger.debug(f"Session before Apple login: {request.session}")
...
- 329
1
vote
0
answers
40
views
LinkedIn OpenID Connect – 403 Error: Missing r_emailaddress / r_liteprofile scopes despite configuration
We're implementing a LinkedIn login for our non-profit platform built with MediaWiki. We're using OpenID Connect and following the official Microsoft documentation step-by-step.
However, we encounter ...
0
votes
0
answers
37
views
Is there any way to Implement PingIdentity with Angular's HashRouting?
So, I have an angular web app that our org wants to integrate with PingIdentity and SSO. The 2LDR Problem is, we have HashRouting set on our application, and PingIdentity will not accept an ACL (...
- 640
0
votes
1
answer
1k
views
How to configure open-webui sso with keycloak
I'm trying to set up Single Sign-On (SSO) for Open-WebUI using Keycloak, but I'm encountering some issues. Could someone provide a step-by-step guide on how to properly configure it? Specifically, I'm ...
-3
votes
1
answer
398
views
Bitbucket + SSO requires authentication every time now, how do I get it to remember the details?
I have checked out 10 bitbucket projects on my old laptop, and used them for years with intellij and git bash without having to authenticate when I pull/push etc.
I copied my dev folder to a new ...
- 12.8k
0
votes
1
answer
474
views
In default blazor login template, how do I remake the page to work with MudBlazor and other blazor components
I have the following page for external logins that is based on the default page that comes with blazor template:
@using Microsoft.AspNetCore.Authentication
@using Microsoft.AspNetCore.Http.Extensions
@...
- 822
0
votes
1
answer
166
views
Obtain Azure AD cookies to auto-authenticate users in browser app
I have a WPF desktop application that lets employees open enterprise ticket-management portal from inside the UI.
The portal is protected by Azure AD single-sign-on (OpenID Connect). Ideally, I want ...
0
votes
1
answer
56
views
What to do after SAML assertion is returned to service provider?
my team is building a healthcare React application and we are using Auth0 for authentication. We are required to have SAML integration for healthcare institutions.
I have set up the Assertion Consumer ...
- 433
1
vote
0
answers
102
views
Keycloak IDP initiated SSO setup
I have the following setup
Keycloak A is the Service provider under dev.my-host/auth
Keycloak B is the Identity provider under staging.my-host/auth
My application is on dev.my-app
Both using master ...
- 8,181
0
votes
1
answer
114
views
How to specify a particular user to authenticate during SAML authentication (SustainSys)
Another dumb SSO-newbie question, but after lots of searching the answer eludes me. We're using the SustainSys SAML2 library (the Http Module version with .NET Framework). When we want to initiate an ...
- 35
0
votes
2
answers
200
views
using extensionattributes for optional claims in access tokens
I am trying to supply a username to a third party application that will occasionally be different than the users SAM.
I've got it working on the ID token by defining it in OIDC-based sign-on.
The ...
0
votes
1
answer
70
views
Spring Boot - Two Authentication Methods for some paths
I've got a spring-boot 3.3.2 project.
My endpoints act as an oauth2 resource server meaning they expect a JWT-Token and validate it using a given issuer.
However, there are some endpoints that should ...
- 91
0
votes
0
answers
46
views
Microsoft Entra Id SAML Response Username encrypted
I setup federated login to Cognito with Entra Id as the IdP. When I require encryption, the user name created is encrypted. When I don't require encryption, the username is not encrypted. Shouldn't ...
- 51