7,669 questions
1
vote
0
answers
34
views
Magento 2 SSO Login: “login_redirect” cookie created on first login, forcing repeated login on checkout
I’m integrating a custom SAML-based SSO module with Magento 2.
The SSO login works, but I’m facing an issue specifically during the first login after the user arrives via SSO
After SSO login, when the ...
- 11
1
vote
0
answers
59
views
Importing hashed passwords into Keycloak
I want to create a user using a password that has already been hashed (using argon2). This is to validate the user migration process from my application's database to Keycloak.
I went to ...
- 160
0
votes
0
answers
34
views
Sustainsys Saml2 HandledResult = true still sets the cookie
On AcsCommandResultCreated, I want to set my custom cookie. However, I end up with two cookies: one created by the library and another that is mine, even though I set HandledResult = true. How can I ...
- 1,479
0
votes
0
answers
65
views
App is not logged out after doing SSO sign out from other apps
I recently worked on a PHP based project and it implemented Keycloak SSO login system.
There are three apps (let's say App-1, App-2, and App-3) that are using the SSO. App-1 also implemented ...
- 1
0
votes
1
answer
66
views
How do x509 certificates work using OpenID Connect SSO authentication?
We decided to involve the OpenID Connect authentication in our project. The identity provider server uses x509 certificates confirmation as an authentication method. So, should we make an additional ...
0
votes
1
answer
62
views
Azure AD B2C: invalid_grant with JWE key missing when redirecting via SSO pre-login app
[ERR] Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler
Message contains error: 'invalid_grant',
error_description: 'AADB2C90090: The specified kid 'cpimcore_09252015' is not ...
0
votes
0
answers
45
views
Unable to acquire new SharePoint Online access token across tenants in Azure AD SSO app (AADSTS50076 MFA error)
We have an Azure AD Single Sign-On (SSO) .NET 8 Core application that transfers documents from one SharePoint tenant to another.
Based on the selected tenant, we retrieve sites, libraries, etc.
We ...
-3
votes
1
answer
74
views
AssumeRoleWithWebIdentity - Call AWS DynamoDB from firebase function using IdentityToken
I am getting this error when calling AssumeRoleWithWebIdentityCommand from a firebase function.
Error: {
Type: 'Sender',
Code: 'InvalidIdentityToken',
Message: 'Incorrect token ...
0
votes
1
answer
111
views
OIDC django-allauth - kid lookup uses x509 instead of jwk when upgraded to 65.11.0?
We recently upgraded to django-allauth[mfa, socialaccount]==65.11.0 where we are using an OIDC-provider that extends OAuth2Client and we discovered that one of our SocialApplication configs that is ...
- 35
0
votes
1
answer
59
views
Lavarel Socialite and introspection endpoint. Aka Access Token validation at server side
I'm a bit confused because a lot of articles about Oauth with Mobile App explains the client side but never talk about the server side which needs to verify the validity of the Access Token. As if the ...
- 225
0
votes
1
answer
170
views
why does one have to execute the aws sso login command when one is Only working with LocalStackCloud on one's work computer? [closed]
Here is the info about the technologies that I'm using:
LocalStack CLI 4.6.0
OS Name Microsoft Windows 11 Enterprise
Docker Desktop 4.43.2 (199162)
aws --version aws-cli/2.17.0 Python/3.11.8 Windows/...
- 1,517
0
votes
0
answers
86
views
Why with local storage would email be undefined
I'm configuring Entra OIDC for my team and have run into the issue where the company email only populates in my user store with sessionStorage as my cacheLocation, but not with localStorage. I would ...
- 11
1
vote
1
answer
83
views
WSO2 Google Identity federation
I am using wso2 identiy server 5.7.0
I Configured Google Federation by adding clientid and client secret in WSO2IDP also created service provider and deployed pickupdispatch.war as exmample.
After ...
1
vote
0
answers
365
views
Airflow 3.0.2 + Helm + Keycloak SSO: User role changes from "Admin" to "Viewer" after login
We are using Apache Airflow 3.0.2 with the official Helm chart version 1.17.0, deployed on Kubernetes via Terraform. We're integrating SSO using Keycloak.
Problem
After successful SSO login, users ...
- 642
-1
votes
1
answer
161
views
OAuth/SSO to Snowflake with Power BI and Airflow
My team is changing all our Power BI and Airflow users' Snowflake connections to use OAuth and SSO. Anyone have experience doing this with these 2 tools?
Far as I can see for Airflow, we register an ...
0
votes
0
answers
72
views
When Cloudflare is enabled, my SSO login does not work between my domain and subdomain
I recently placed my client’s site www.domain.com and its subdomain forums.domain.com under Cloudflare’s protection. In general Cloudflare has been excellent at blocking unnecessary and suspicious ...
- 601
0
votes
0
answers
81
views
Firebase Auth deletes the displayName property after first sign in with SAML provider
I use Firebase Authentication with an SAML provider linked to an Azure SSO in a Next.js web app.
Problem : After a user first signs in, the displayName property in Firebase Authentication is set to ...
- 833
1
vote
0
answers
179
views
Apple sign-in with FastAPI returning different state in response
Below is the call to and the callback for my Apple sign-in implementation.
async def login_with_apple(request):
logger.debug(f"Session before Apple login: {request.session}")
...
- 329
0
votes
0
answers
36
views
Is there any way to Implement PingIdentity with Angular's HashRouting?
So, I have an angular web app that our org wants to integrate with PingIdentity and SSO. The 2LDR Problem is, we have HashRouting set on our application, and PingIdentity will not accept an ACL (...
- 640
-3
votes
1
answer
380
views
Bitbucket + SSO requires authentication every time now, how do I get it to remember the details?
I have checked out 10 bitbucket projects on my old laptop, and used them for years with intellij and git bash without having to authenticate when I pull/push etc.
I copied my dev folder to a new ...
- 12.8k
0
votes
1
answer
153
views
Obtain Azure AD cookies to auto-authenticate users in browser app
I have a WPF desktop application that lets employees open enterprise ticket-management portal from inside the UI.
The portal is protected by Azure AD single-sign-on (OpenID Connect). Ideally, I want ...
1
vote
0
answers
91
views
Keycloak IDP initiated SSO setup
I have the following setup
Keycloak A is the Service provider under dev.my-host/auth
Keycloak B is the Identity provider under staging.my-host/auth
My application is on dev.my-app
Both using master ...
- 8,181
0
votes
2
answers
192
views
using extensionattributes for optional claims in access tokens
I am trying to supply a username to a third party application that will occasionally be different than the users SAM.
I've got it working on the ID token by defining it in OIDC-based sign-on.
The ...
0
votes
0
answers
41
views
Microsoft Entra Id SAML Response Username encrypted
I setup federated login to Cognito with Entra Id as the IdP. When I require encryption, the user name created is encrypted. When I don't require encryption, the username is not encrypted. Shouldn't ...
- 51
0
votes
0
answers
48
views
SSO login with incognito mode force session to be started multiple times
I am working on an ASP.NET MVC application. We use few external login providers 'Google' and 'Azure' are used mostly. During investigation one issue with Google login, I discovered that session start ...
- 642