Can I use Azure AD Login parallel to database login to my web application using JAAS? I have created a web app in azure portal and have tried the login using the code present here: https://github.com/AzureAD/azure-activedirectory-library-for-java/blob/dev/src/samples/public-client-app-sample/src/main/java/PublicClient.java
But I'm facing issues like
The request body must contain the following parameter: 'client_secret
or client_assertion'.\r\nTrace ID:
fd0sxdac-72a3-4ac2-9aca-02aa64bb8ef5\r\nCorrelation ID:
96xsdb2c-864e-4325-b8cb-98fb6d6ab541\r\nTimestamp: 2017-02-10
13:30:02Z","error":"invalid_client"} at
com.microsoft.aad.adal4j.AdalTokenRequest.executeOAuthRequestAndProcessResponse(AdalTokenRequest.java:108)
I changed my app to native app and tried login again, but this time I ended up getting this error:
com.microsoft.aad.adal4j.AuthenticationException:
{"error_description":"AADSTS65001: The user or administrator has not
consented to use the application with ID
'7xxxyyy9-bcf6-4uu1-bzzz6-d279189ea7bf'. Send an interactive
authorization request for this user and resource.\r\nTrace ID:
cbd15f8a-983b-469f-9e20-bf0c8eee4e0c\r\nCorrelation ID:
213bb116-3617-4b89-8170-a123e072bfb5\r\nTimestamp: 2017-02-10
15:32:12Z","error":"invalid_grant"} at
com.microsoft.aad.adal4j.AdalTokenRequest.executeOAuthRequestAndProcessResponse(AdalTokenRequest.java:108)
I've added the required permissions to the app using Microsoft Graph (sign in and read user profile), but still doesn't work. I'd really appreciate if one of you could point me in the right direction.
Figured out the answer actually, I just had to grant the relevant permissions on the application and it started to work.
Related
I would like to have access to my OneDrive files using Microsoft Graph API in Java. I've tested this sample : https://learn.microsoft.com/en-us/graph/tutorials/java, and added a "getFiles" part to it which displays informations about my files. For the moment, this works perfectly.
But I would like to avoid user sign-in each time I run the sample. Indeed, in the authentication part of the code, a DeviceCode is used to acquire the token, and I'm redirected to a Microsoft web page where I sign-in and authorize the application to have access to my account.
I tried to replace the DeviceCode with IntegratedWindowsAuthenticationParameters (I got this from here : https://github.com/Azure-Samples/ms-identity-java-desktop/blob/master/Integrated-Windows-Auth-Flow/src/main/java/IntegratedWindowsAuthFlow.java (line 73)) using my scopes and email address as parameters, but I got the error below :
"com.microsoft.aad.msal4j.MsalServiceException: WsTrust endpoint not found in metadata document"
Edit : IntegratedWindowsAuthenticationParameters isn't suitable for personal accounts like mine (xxxxx#hotmail.com), is there another way to acquire token with this type of account ?
Is it the right solution to access personal accounts ? Or did I miss something in the App configuration in AAD ? Are there any other solutions ?
Thank you for your help :)
Using a global tenant administrator account, which is your .onmicrosoft.com account.
Please verify and make sure you have logged in with the proper account for the App you registered.
username = xxxx#xxxx.onmicrosoft.com
Update
Integrated Windows Authentication (IWA) supports federated users only - users created in Active Directory and backed by Azure AD. Users created directly in Azure AD without Active Directory backing (managed users) can't use this authentication flow.
Please refer to this doc.
I'm trying to develop a simple java client that needs to access Skype for Business APIs in order to setup an online meeting (i.e. I need to retrieve a simple setup meeting URL by invoking an UCWA API).
I followed this Microsoft tutorial step-by-step:
https://learn.microsoft.com/en-us/skype-sdk/ucwa/developingucwaapplicationsforsfbonline
I have an Office 365 Business Premium license and I configured a custom domain (correctly registered and added at the zone DNS file);
I configured and registered my java client app on Azure (taking care to assign required delegated permission for Skype for Business capabilities);
I performed the Sign-in phase and Azure is able to recognize me;
I performed the Autodiscovery phase in order to retrieve the user's UCWA home pool;
I sent a GET request to the Azure oauth2 endpoint with response 401 error (and this is the expected behaviour by the authentication handshake);
Unfortunately, I failed when I request an access token using implicit grant flow: Azure responds with a Sign-In HTML page rather than the json object containing the oauth2 access token.
What's wrong on this GET request?
GET https://login.microsoftonline.com/oauth2/authorize?
response_type=id_token
&client_id=my_application_client_id
&redirect_uri=configured_redirect_uri
&state=UUID_generated_code
&resource=UCWA_home_pool
HTTP/1.1
This GET URL looks like that one used for the Sign-In phase (step 3); I suspect that it isn't the right request URL.
I tryed to put my domain on the URL:
https://login.microsoftonline.com/my_domain_name/oauth2/authorize
and I tryed to put a common domain name (as reported on the documentation):
https://login.microsoftonline.com/common/oauth2/authorize
But Azure still reponds with a Sign-In page (and response code 200 OK).
Can someone help me please?
Please check the oauth2AllowImplicitFlow property in manifest of your application after downloading the latest manifest file. It should be set to true for this to wrok. If it's still false, only then I would expect the redirect to sign-in page as you're seeing.
More detailed steps here -
Configure your app for OAuth implicit grant flow
I'm using SSRS with JAVA web application, I successfully generated the reports with passing the parameters and the report format dynamically, but I'm facing an issue with the reporting services login prompt there, I want to stop this prompt and instead adding the reporting services user credentials in the back-end using JAVA. But it did not work and I'm really confused.
What is it the right way to do so? Is there something I'm missing and/or that I need to do? Is there any other way to do this?
I've imported the web service classes into my project and tried to set the user credential using LogonUser in the ReportExecutionServiceSoap object as:
reportExecutionServiceSoap.logonUser(username,pwd,"");
But this has not worked for me.
EDIT:
Microsoft.ReportingServices.Diagnostics.Utilities.LogonFailedException: Logon attempt for user ..... failed., Microsoft.ReportingServices.Diagnostics.Utilities.LogonFailedException: Log on failed. Ensure the user name and password are correct.;
Although I'm sure that the credentials I've passed are correct and it's working fine when using the login prompt to pass the same credentials.
I am trying to develop two applications web and mobile. Web and API is done with laravel 5. Both use email / password authorization and facebook login. Mobile application will use mentioned API. (I understand that I could use the API with AngularJS for web application but this is bit too advanced at the moment)
I managed to marry facebook with larvel, so I can create and login to the app with credentials or login using facebook. Users are stored in user table and if user logins with FB its access token is stored in the same table. Android mobile application uses facebook login via facebook SDK. I am using the same facebook app ID for both with the same permission scope. My problem is that access tokens generated by both processes are different so user using facebook via web application has different token than user using facebook via mobile.
So if I follow the logic, identifying facebook user to access back-end data by email and access token does not work, as email field in table is unique and by overriding access token from either web or mobile application makes no sense. So scenario is i have two different users even they come from the same facebook account.
I suspect my logic is incorrect and would like ask you for help / explanation what is the proper way of authorizing the same facebook user on web and mobile app concurrently.
Instead of access tokens you should use fbid to identify a user. It is part of the response returned from facebook api.
For PHP:
https://developers.facebook.com/docs/php/howto/profilewithgraphapi/4.0.0
For Android:
https://developers.facebook.com/docs/android/graph
Step 1 – Visit the following url https://developers.facebook.com/apps/ and create a new facebook app.
Step 2 – Create facebook app with email and app name
Step 3 – Then, Navigate to setting->advanced and add redirect URL
Step 4 – Now, add valid auth redirect url. So, click facebook login->setting and add valid auth redirect URL
Step 5 – Finally, Navigate to facebook developers dashboard and copy the following App ID and App SECRET
composer require laravel/socialite
Create Model
Step 6 – Install Jetstream Auth
Step 7 – Build Routes
Create Controller
go threw this URL https://www.tutsmake.com/laravel-8-facebook-login-tutorial-step-by-step/
I am currently working in google analytics. I was able to get it working in eclipse, using tomcat server. while running the application to get the pageviews of my site i am been asked for login and access token permission in my system's default browser. after i provide these details i am getting the analytics displayed via google Oauth2 API's.
Now my question is i want to get these data in a public server which doesn't allow browser UI's. so could any body provide some answers for getting the access token for analytics using plain java like URL connection object.
Possible Solution
1 Possible solution got:
Used service login email and key file. which is used to get the auth credentials. This can be generated in google api console where we will be adding the google api's to be used in our projects.