I have a requirement in which I need to send links to the user who has some requests pending at his role. When user clicks on that link, he can access the application skipping the login but for creating a session. I need to use the windows username. I tried using system.getProperty("user.name") but it is giving user name which is host dependent, which means giving username of a particular host. But I need the windows username of a user sending the request. I tried using request.getRemoteUser() and getPrincipalUser() but facing some authentication issues.
Can anyone help me regarding this issue?
Related
I am trying to hit a post request to https://login.microsoftonline.com/<My_Tenant_Id>/oauth2/token from my Java Code, but I am getting the error "invalid_grant: AADSTS50126: Error validating credentials due to invalid username or password". I have verified the credentials and they are correct (I am able to login to Azure portal and see my AWS APP for SSO). I even tried hitting the same request from postman, but then also same issue.
The parameters I have passed are:
"grant_type", "password"
"requested_token_type","urn:ietf:params:oauth:token-type:saml2"
"username", username
"password", password
"client_secret", clientSecret
"client_id", clientId
"resource", clientId
I have even checked various Microsoft Documentations but I am still not able to resolve the issue.
Can anybody tell what might be the issue. is the API call wrong or the server setup is wrong.
Please note: Initially my API call was working, but then I got an error invalid_request: AADSTS80014 then it automatically got resolved and I started getting invalid_grant: AADSTS50126. Has anybody faced this issue or knows how to fix this. Thanks!
I am able to resolve this by creating a cloud only user. The reason a federated user fails with the Resource Owner Password Grant flow is because for a federated user Azure AD has to redirect the user to the specific federation Server that belongs to the user's on-prem domain so that the ADFS server can get the auth down with the local domain controller. In Resource Owner Password grant flow this redirect is not possible hence it is not able to validate the username and password and hence that error.
As a suggestion, we can create a new cloud only user whose username and password should reside in Azure AD, so that when using Resource Owner password Grant flow we submit the user's credentials, AAD can authenticate the user without any redirections.
This user can be a normal user in AAD and the respective delegated permissions should be present in the app registration. Now one more thing to make sure is, if the delegated permission that we are providing needs admin consent then before the user logs in to the application, the admin has to provide the admin consent to this delegated permission. If we want to the user to provide his/her own consent (if the delegated permission needs user consent) then we would have to somehow provide the user consent before going ahead with the Resource Owner Password Grant Flow.
Hi i have created my web application in java to authenticate my application i can check the credentials in active directory. If user typed his user name and password means it works fine.
My question is, if the user already logged in his personal computer which is present in the domain by using his username and password. If the user open my web application means i need to go inside the home page without typed the username and password in the login page. How can i do this? Thanks in Advance.
Once the user is logged in successfully you can store some attributes in the session. You can then check on each page load whether the session is valid before allowing access. At a more comprehensive level this can be done using a Filter. Read a little bit on sessions here https://docs.oracle.com/cd/E19644-01/817-5451/dwsessn.html
If you want to read credentials from a user's browser, as someone suggested search Single Sign-on (SSO). There are a number of ways SSO can be implemented by your application, Kerberos-SPNEGO might be most suited for your requirement. But you can make a call once you have better understanding of SSO concepts.
I have managed to configure ActiveDirectory authenticator on weblogic, and our web application successfully authenticates AD users now, the issue I have is I am not able to get logged in user's full name. Is it possible?
I am getting just userId from both http request's getUserPrincipal and getRemoteUser methods. thanks.
I have java ADF Web Application , and its in our company and we use secure network
so can i Authenticate the users depend on there login to windows ... if we can get the user Who login to the windows we can do this
i try some commands in java
like
String username = System.getProperty("user.name");
System.getenv("USERNAME");
but all give me server user not client
and i try
request.getRemoteUser() ... it always return null until i do SSO login
and i don't need SSO cause the user is login by his account to Windows
Can any one Help me
If you would like the user logged in to your application based on his logging into a windows workstation, then you are basically asking for Single Sign-on (SSO). In that case, request.getRemoteUser() would be the right method to call.
You could also inspect the request headers and find the header that is populated with the username and then fetch it's value via request.getHeader("USER_HEADER_NAME").
How to get the logged username in windows from a remote server Apache/jboss.
I have deployed a war file in tomcat apache which is in host_1. I am accessing the web application from host_2. host_2 windows machine and logged in as a testuser. host_1 is a unix machine.
I want the server application to get the logged in username of windows[testuser] when i hit the request in browser. Is this possible? Do i need to do any settings in my browser?
Any help is appreciated.
Essentially the internet is anonymous and there the user name is not returned as a http header.
You would need to run some javascript on the users browser to determine the username - and as it is a security risk I dont think it will work very well
I found this link
JavaScript - How to get the name of the current user