Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Blank page with 403 status code when using Persona authentication system #1

Open
matmurdok78 opened this issue Feb 22, 2013 · 3 comments
Open

Blank page with 403 status code when using Persona authentication system #1

matmurdok78 opened this issue Feb 22, 2013 · 3 comments

Comments

@matmurdok78
Copy link

I'm trying yith on a virtual machine, and managed to install and run it. Now I'd like to user the Persona authentication method. Here's an excerpt of my production.ini

persona_audience = http://localhost:6543

I didn't change the persona_verifier_url setting

Here is the response I get when my browser posts to http://10.0.1.98:6543/persona/login :

HTTP/1.1 403 Forbidden
Content-Encoding: gzip
Content-Length: 20
Content-Type: text/html; charset=UTF-8
Date: Fri, 22 Feb 2013 11:40:47 GMT
Server: waitress
@lorenzogil
Copy link
Contributor

Starting with version 0.2, the persona_audience configuration option has been removed. Now you have to define the public_url_root configuration option as explained here:

https://github.com/Yaco-Sistemas/yith-library-server/blob/master/docs/source/configuration.rst#public-url-root

Can you check if that fix your problem?

@matmurdok78
Copy link
Author

Hello,

Thank you Lorenzo.

your procedure did not work, however a colleague has installed without problem

Thank you anyway.

But I was wondering about this software, I understand they stockait of passwords in the database mongo.

Example: A user opens his browser it connects to the interface http://localhost:6543 (Yith library server in the local network). from that moment Yith library user sees authenticate through "authentication cookie" but what happens next? Yith library recovers all passwords in browser is no longer to retype their login and password daily?

if you could explain step by step what exactly Yith library it would be nice ^ ^

@lorenzogil
Copy link
Contributor

I need to document the whole process in the Yith Library docs. As a really fast summary I can tell you that the server component is not enough to manipulate passwords. You will also need Yith Librayr Web Client or any other client developed by any third party developer.

Yith clients authenticate with Yith server using the OAuth2 protocol. The current client will not remove the session cookie when closing the browser so the next time the user open the borwser and access the client URL it will be already logged in. If the user does not want this behaviour he will need to perform an explicit log out clicking in the link with the same name.

Note that even when the client performs a log out successfully, this won't close the session in the Identity Providers that the server uses (Twitter, Google, Facebook, Persona, etc.). This means that nex time the client initiate the authentication process the user won't be asked for credentials again if he uses the same provider as last time and his session in that provider is still valid.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@lorenzogil @matmurdok78