I got the below error while I was trying to authenticate through IBM Security Access Manager (using Sustainsys.Saml2.Owin)
Here is the Link of error code
I tested the code on another IDP https://stubidp.sustainsys.com/ and it's working.
Maybe the difference is with the test IDP (Stupidp) it was a solicited response but from IBM Security Access Manager was Unsolicited (Idp-initiated).
But I already set AllowUnsolicitedAuthnResponse = true
Here is the metadata that attached on IBM Security Access Manager
I find the solution I was sent a wrong metadata, the right one if you use SustainSys.Saml2 is to hit your SP URL "https://SP.com/Saml2" this will generate your SP metadata file.
The AssertionConsumerService was wrong was the action to be landed after login on the IDP, but the right one should be "https://SP/Saml2/Acs"
Related
So I registered an app for Personal account only. Then, I generated a sample blazor project with Visual Studio and set up the redirect url https://localhost:7213/signin-oidc. When I start the projects, it correctly redirects me to the /signin-oidc endpoint and following exception page is presented
OpenIdConnectProtocolException: Message contains error: 'invalid_request', error_description: 'AADSTS9002331: Application ... is configured for use by Microsoft Account users only. Please use the /consumers endpoint to serve this request.
Can't find anything in the docs about the consumers endpoint.
Tried changing /singin-oidc to /consumers but it didn't help.
Does anyone have a solution for this?
Thanks
'AADSTS9002331: Application ... is configured for use by Microsoft Account users only
You need to select either the Second or Third option
You can also see same issue in MS Q& A by AngangGuo
References taken from :
Register an application - Microsoft Advertising API
With my outlook.com account I logged in to portal.azure.com and I created a new application. Microsoft has provided a sample app (daemon_console) for quick experiments (in QuickStart guide) and I followed steps provided for the sample app, the app automatically takes the application id and client secret you generated and updates the configuration JSON file (appsettings.json) with this info. I downloaded the code after these steps but when I run the sample app it throws the error "Authorization_IdentityNotFound".
Looks like it is able to fetch the token but following code is throwing the error:
var httpClient = new HttpClient();
var apiCaller = new ProtectedApiCallHelper(httpClient);
await apiCaller.CallWebApiAndProcessResultASync($"{config.ApiUrl}v1.0/users", result.AccessToken, Display);
Microsofts page has step to get Admin consent in two ways:
If you are a global administrator, go to API Permissions page select Grant admin consent for Enter_the_Tenant_Name_Here
Standard user
If you're a standard user of your tenant, then you need to ask a global administrator to grant admin consent for your application. To do this, give the following URL to your administrator:
https://login.microsoftonline.com/common/adminconsent?client_id=my apps client id
I have tried both these options. With the first option, I am able to grant the required permissions. But the issue still exists.
With the second option when I go to the suggested URL it fails with error:
"AADSTS500113: No reply address is registered for the application."
I think this should have been a straightforward process but somehow the app is not able to execute and fails with errors:
"code": "Authorization_IdentityNotFound",
"message": "The identity of the calling application could not be established.",
Please let me know if anyone has tried these steps and has managed to resolve this issue.
Note that I can run "https://graph.microsoft.com/v1.0/users" from graph explorer with my outlook.com account and it works perfectly fine.
I tested it, and at first I was running into the same issue,
its because of the common in the appsettings.json
replace the "Tenant": "common"
with "Tenant": "your Tenant ID",
You can get the tenant ID from the overview page of your app registration Directory (tenant) ID. After you do that, make sure you right click the project and click rebuild. because if I just do a normal run it had it cached and did not update it from common.
This error is driving me crazy, had the same issue with a lambda web api, but that worked when uploaded, so that will do for now
This project however will be a NuGet package, and i need to be able to simply upload a file to S3
I have the code in place using the following : "https://docs.aws.amazon.com/AmazonS3/latest/dev/HLuploadFileDotNet.html"
im trying to run this local, but getting the Unable to get IAM security credentials from EC2 Instance Metadata Service." error
within visual studio, i can see the AWS Explorer, and i can create a bucket from here... so i have my user setup... but when i run local... there is no user???
i know its going to be a one line missing value somewhere :(
Thank you #Geeshan for your answer, it gave me some direction on where to look
However, I had my credentials file setup, but the answer to my question was you also need to have a profile setup with the name "default"
Also, now know that you dont need a matching "default" IAM user.
On the AWS IAM User page, you create your users as normal, no need to create a default user. In Visual studio, when you create a new profile, if your profile is named "default", and you enter they key and secret key for one of your IAM user, running your application will use that user (I miss understood this profile name, and was assuming it needs to match your IAM user, so initially i create a "Default" IAM user. which i now know, is not needed)
If you dont want to use the default then, you can choose a user by using "TryGetProfile and TryGetAWSCredentials in your application code (see below)
This is due to missing credentials in your local machine. Setting up the AWS Explorer will not provide the credentials to running your code.
One way to setup the credentials is to use a Credentials File in C:\users\awsuser\.aws\credentials (asuming you are using windows).
The following is an example of a profile in the credentials file.
[default]
aws_access_key_id = {accessKey}
aws_secret_access_key = {secretKey}
Here you can read more about managing credentials for .Net
I am running Google Translate API in C#.
Running locally on my computer the next code works, but online on a server it throws the following error:
using Google.Cloud.Translation.V2;
TranslationClient client = TranslationClient.Create();
var response = client.TranslateText(sentence, targetLanguage, sourceLanguage: sourceLanguage);
"The Application Default Credentials are not available. They are available if running in Google Compute Engine. Otherwise, the environment variable GOOGLE_APPLICATION_CREDENTIALS must be defined pointing to a file defining the credentials. See https://developers.google.com/accounts/docs/application-default-credentials for more information."
Locally this runs just by installing Cloud SDK Installer which does all the settings, there is no need for authentication in code.
On the server, should I use instead OAuth 2.0 or Service account keys ?
Can someone assist me on how to solve this?
EDIT: Can someone confirm to me if it is necessary to have access to the local server to run commands in command line like here https://cloud.google.com/storage/docs/authentication ? This would be pretty ridiculous, instead of just writing code. For example Youtube API does not require local access.
Follow directions to get json file:
https://cloud.google.com/translate/docs/reference/libraries
Then run this code first:
System.Environment.SetEnvironmentVariable("GOOGLE_APPLICATION_CREDENTIALS", "c:\mypath\myfile.json");
To generate a private key in JSON or PKCS12 format:
Open the list of credentials in the Google Cloud Platform Console.
OPEN THE LIST OF CREDENTIALS
Click Create credentials.
Select Service account key. A Create service account key window
opens.
Click the drop-down box below Service account, then click New service account.
Enter a name for the service account in Name.
Use the default Service account ID or generate a different one.
Select the Key type: JSON or P12.
Click Create. A Service account created
window is displayed and the private key for the Key type you
selected is downloaded automatically. If you selected a P12 key, the
private key's password ("notasecret") is displayed.
Click Close.
You can find more details here
https://cloud.google.com/storage/docs/authentication
Its all in the errormessage. You have two options
Run the Google Compute Engine on the machine you have your program running on and input your credentials there.
Use a service account and set the "GOOGLE_APPLICATION_CREDENTIALS" environment variable to reference your credentials file (which is a .json file that you can download from the google developer console.)
PS: Do not store your credentials file anywhere on the server where it may be accessed by someone else!
You must download API key from
https://console.developers.google.com/iam-admin/serviceaccounts
After that download .P12 file file to use it in your code
var certificate = new X509Certificate2(#"key3.p12", "notasecret", X509KeyStorageFlags.Exportable);
notasecret is default password
The easiest answer to my question , to avoid local settings on the server, is the third option of using the Translation API described below: using API keys.
This means just a simple POST to an endpoint that has the API key in the link.
https://cloud.google.com/docs/authentication/#getting_credentials_for_server-centric_flow
https://cloud.google.com/docs/authentication/api-keys
I have written a BOT using the BOT Application template in VS 2015 and published it to my Azure account. I registered here https://dev.botframework.com/. I'm using the Facebook Messenger Channel. I have setup the webhooks, entered the credentials correctly and verified them. However when I try to test the bot I get this error...
"Security token for MicrosoftAppId: '' is unauthorized to post to connector!"
Obviously the message itself seems pretty clear, but I've checked that the security token is correct. Is there anything else that might be causing this?
Maybe you forget to put your MicrosoftAppId into web.config file?