Hi Filippo, Yes, you're right. The sessions remains active. I think the best way to handle this is that client could call a logout method and sessions will be closed. Actually you can invoke the http://accounts.fundingbox.com/?doLogout=true URL to logout the user via accounts. Could you call this URL when user logouts FIA (if logged with funding box account of course)? Regards, Jose On Tue, Aug 29, 2017 at 11:47 AM, Filippo Giuffrida < filippo.giuffrida at eng.it> wrote: > Hi Jose, > > ok, this new client_id works fine for figlobal.eng.it. If you want, you > can test it by the following link > > > > I've noticed that the session of accounts.fundingbox.com remains active > when the user close the tab/browser. > This means that: > > 1. User A clicks to sign in on FIA by FundingBox account > 2. User A inserts the own credentials on accounts.fundingbox.com > 3. User A logins and uses FIA > 4. User A clicks on FIA logout. The Liferay session is cleaned, but > (not having the Single Log out) the fundingbox session remains active. > 5. User A closes the browser. *Here the **fundingbox session should be > cleaned, but instead it remains active.* > 6. User B clicks to sign in on FIA by FundingBox account > 7. *User B is logged by the **FundingBox account of the user A*. > > It's an issue. > > Please, could you take a look ? > It would be enough to clean the accounts.fundingbox.comm session when the > user close the tab/browser. > > Thank you in advance > > Best Regards > > *Filippo* > > Il 29/08/2017 10:39, Jose Alonso ha scritto: > > Hi Filippo, > > I added a new client_id=59a52664e6c736834bd0cd2a that redirects to > http://figlobal.eng.it/authorize.html > > Could you please try that? > > Regards, > > Jose > > On Mon, Aug 28, 2017 at 4:17 PM, Filippo Giuffrida < > filippo.giuffrida at eng.it> wrote: > >> Hi FundingBox team, >> I ended up developing the SSO with FundingBox oAuth on my local >> environment by the client_id=597867a6e6c736834bd0cd1a that redirects to >> localhost:3000/authorize.html. >> >> Please could you provide an additional client_id that redirects to *http://figlobal.eng.it >> <http://figlobal.eng.it>**/authorize.html* ? >> >> Thank you in advance >> >> Best Regards >> >> *Filippo* >> >> Il 24/08/2017 13:34, Jose Alonso ha scritto: >> >> Hi Filippo, >> >> Could you try now? Since this morning seems the api didn't respond in >> some situations. >> >> Sorry for the inconvenience! >> >> Regards, >> >> Jose >> >> On Thu, Aug 24, 2017 at 11:07 AM, Filippo Giuffrida < >> filippo.giuffrida at eng.it> wrote: >> >>> Dear FundingBox Team, >>> >>> since this morning the server of http://api.fundingbox.com/users/me >>> doesn't seem to work. >>> >>> The Ajax call returns a pending status that ends with a 502 error >>> >>> >>> Yesterday evening it was working fine. >>> >>> Please, could you take a look and give me a feedback ? >>> >>> Thank you in advance >>> >>> Best Regards >>> >>> *Filippo* >>> >>> Il 24/08/2017 01:43, Jorge Fernandez ha scritto: >>> >>> Hi Filippo, thanks for reporting this. It's quite strange, I didn't had >>> time to check it properly, but looks like the two systems are using >>> different cost parameters in their hashing functions, but not always, and >>> this is the strange thing, because at least my account is working exactly >>> the same in both systems. >>> >>> Anyway, thanks for telling us ;) , we'll investigate it and fix it asap. >>> >>> Regards, >>> Jorge >>> >>> On Wed, Aug 23, 2017 at 10:51 AM, Filippo Giuffrida < >>> filippo.giuffrida at eng.it> wrote: >>> >>>> Dear FundingBox Team, >>>> >>>> I followed the Jorge's suggestions, getting these results: >>>> >>>> - I cannot reset my password for the account >>>> filippo.giuffrida at eng.it >>>> >>>> >>>> - I clicked on the link shown in the following image >>>> >>>> >>>> >>>> - I tried to use the same email address (filippo.giuffrida at eng.it) >>>> and the system (rightly) gave my an error >>>> >>>> >>>> - I changed the email address in filgiuffrida at outlook.it, the >>>> account was created successfully and the login works fine, redirecting to >>>> http://localhost:3000/authorize.html#access_token=599d3fc4af >>>> 59fc84788b4567&token_type=Bearer&expires=1504773700&expires_ >>>> in=1296000 >>>> <http://localhost:3000/authorize.html#access_token=599d3fc4af59fc84788b4567&token_type=Bearer&expires=1504773700&expires_in=1296000> >>>> - I tried to create an other account by the page >>>> https://fundingbox.com/signin >>>> >>>> >>>> and the account l346261 at mvrht.net gave me the same problems of >>>> filippo.giuffrida at eng.it (I cannot use it on >>>> http://accounts.fundingbox.com/login) >>>> >>>> I got the following conclusions: >>>> >>>> 1. If you create the account by https://fundingbox.com/signin, >>>> >>>> >>>> - it works fine on https://fundingbox.com/signin >>>> >>>> >>>> - it doesn't work on http://accounts.fundingbox.com/login >>>> >>>> >>>> 1. If you create the account by http://accounts.fundingbox.com/login, >>>> >>>> >>>> >>>> - it works fine on http://accounts.fundingbox.com/login >>>> - it works fine on https://fundingbox.com/signin >>>> >>>> In this way I'm able to proceed with my development, but we should keep >>>> in mind that this account management isn't working fine and with these >>>> bugs it cannot be used in a production context. We need to solve >>>> these problems, do you agree ? >>>> >>>> Best Regards >>>> >>>> *Filippo* >>>> >>>> Il 22/08/2017 23:21, Jorge Fernandez ha scritto: >>>> >>>> Hi Filippo, please try again, reseting your password here: >>>> http://accounts.fundingbox.com/login >>>> I'll be out till Sept. 1, but I'll try to check the email from time to >>>> time, so you can contact me or try to contact my colleague Jose: >>>> jose.alonso at fundingbox.com >>>> >>>> Regards, >>>> Jorge >>>> >>>> On Tue, Aug 22, 2017 at 3:16 PM, Filippo Giuffrida < >>>> filippo.giuffrida at eng.it> wrote: >>>> >>>>> Hi Jorge, >>>>> >>>>> I'm trying to use the example provided by you. >>>>> >>>>> I've created an account on https://fundingbox.com/ with email >>>>> filippo.giuffrida at eng.it, I've verified the email and I access fine >>>>> on https://fundingbox.com/ >>>>> >>>>> I've tried to access by a blank browser to >>>>> http://accounts.fundingbox.com/authorize?client_id=597867a6e >>>>> 6c736834bd0cd1a&response_type=token , it redirects to >>>>> http://accounts.fundingbox.com/login where the following form appears >>>>> >>>>> >>>>> I've tried to access by the account filippo.giuffrida at eng.it, but it >>>>> doesn't work, I got the message "*Your username or password are >>>>> incorrect, please try again."* >>>>> >>>>> I've also tried to create an account by the link "Create an account" >>>>> but it links to # >>>>> >>>>> Please, could you take a look ? >>>>> >>>>> Thank you in advance >>>>> >>>>> Best Regards >>>>> >>>>> *Filippo* >>>>> >>>>> >>>>> >>>>> >>>>> Il 26/07/2017 18:15, Jorge Fernandez ha scritto: >>>>> >>>>> Hi Filippo, >>>>> >>>>> I've prepared a brief document and a very basic example using the >>>>> "implicit grant" flow. >>>>> >>>>> Example: https://drive.google.com/file/d/0B29v6b3mGXyUUllZcz >>>>> NYRmsyZ1k/view?usp=sharing >>>>> Document: https://docs.google.com/document/d/14Bjn6ibrOgmq1P >>>>> 0sx5hDh_U98f5ypLOqUniy7Vpunvg/edit?usp=sharing >>>>> >>>>> This is probably the easier one to implement, but if you prefer to use >>>>> a different grant type just tell me and we can prepare a different example. >>>>> >>>>> The example is very basic, using only javascript. >>>>> If you use php in your laptop you can run it with this command: php -S >>>>> localhost:3000 >>>>> If not, you'll need to upload the files to a web server or run it with >>>>> node, etc... >>>>> >>>>> Here are the credentials you'll need to use our Accounts service: >>>>> >>>>> *authorization_url*: http://accounts.fundingbox.com/authorize >>>>> *client_id*: 597867a6e6c736834bd0cd1a >>>>> *client_secret (not needed if using the implicit grant type)*: >>>>> mac974348wncw084309du7tcnw084tcw846tndw86tbw >>>>> >>>>> The URI to redirect to after the user grants/denies permission is : *http://localhost:3000/authorize >>>>> <http://localhost:3000/authorize>* >>>>> If you need to change it you'll have to ask me to do it. >>>>> >>>>> After the user granted permission you'll receive and access_token and >>>>> you should use it to call our API to get the user details like the email, >>>>> username, etc... >>>>> This can be done calling this REST method: *(GET) >>>>> http://api.fundingbox.com/users/me <http://api.fundingbox.com/users/me>* >>>>> (including a header "Authorization": access_token) >>>>> >>>>> If you need any help or examples to implement this just tell me :) >>>>> >>>>> Regards, >>>>> Jorge >>>>> >>>>> On Wed, Jul 26, 2017 at 10:59 AM, Jorge Fernandez < >>>>> jorge at fundingbox.com> wrote: >>>>> >>>>>> Hi Filippo, sorry for my late response, I'm been out since friday. >>>>>> >>>>>> We have and OAuth2 authentication service with the following grant >>>>>> types: >>>>>> >>>>>> Authorization code grant >>>>>> Implicit grant >>>>>> Resource owner credentials grant >>>>>> Client credentials grant >>>>>> Refresh token grant >>>>>> >>>>>> I guess the simplest implementation would be use the "implicit grant" >>>>>> option, since it's quite simple to implement from scratch. >>>>>> We are now preparing some documentation and examples, and I hope to >>>>>> sent them to you during the day. >>>>>> >>>>>> Regards, >>>>>> Jorge >>>>>> >>>>>> >>>>>> On Tue, Jul 25, 2017 at 7:03 PM, Filippo Giuffrida < >>>>>> filippo.giuffrida at eng.it> wrote: >>>>>> >>>>>>> Dear Jorge, >>>>>>> >>>>>>> did you receive the following email, that I sent to >>>>>>> fiware-fia-fundingbox-integration at lists.fiware.org ? >>>>>>> >>>>>>> Please, could you let us know ? >>>>>>> >>>>>>> Thank you in advance >>>>>>> >>>>>>> Best Regards >>>>>>> *Filippo* >>>>>>> >>>>>>> -------- Messaggio Inoltrato -------- >>>>>>> Oggetto: SSO integration >>>>>>> Data: Mon, 24 Jul 2017 16:11:09 +0200 >>>>>>> Mittente: Filippo Giuffrida <filippo.giuffrida at eng.it> >>>>>>> <filippo.giuffrida at eng.it> >>>>>>> A: fiware-fia-fundingbox-integration at lists.fiware.org >>>>>>> >>>>>>> >>>>>>> Dear Jorge, >>>>>>> >>>>>>> as Giovanni wrote in a previous mail, one of the first steps of the >>>>>>> our integration should be: >>>>>>> >>>>>>> - Integration with FundingBox via OAuth 2.0 or CAS (to be >>>>>>> finally agreed, after information sent by Jorge) >>>>>>> >>>>>>> Currently our tool doesn't provide a native module to use OAuth 2.0 >>>>>>> as SSO system, so we should develop it from scratch. >>>>>>> >>>>>>> An alternative route that allows us to reduce the time for putting >>>>>>> the SSO into operation is the use of CAS. >>>>>>> <https://en.wikipedia.org/wiki/Central_Authentication_Service> >>>>>>> >>>>>>> Does FundingBox implement the CAS protocol ? >>>>>>> >>>>>>> Please, could you let us know ? >>>>>>> >>>>>>> Thank you in advance >>>>>>> >>>>>>> Best Regards >>>>>>> >>>>>>> *Filippo* >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> *Filippo Giuffrida* >>>>>>> Researcher, Member of the Public Administration Innovation Unit >>>>>>> Research and Development Lab. >>>>>>> filippo.giuffrida at eng.it >>>>>>> >>>>>>> *Engineering Ingegneria Informatica spa* >>>>>>> Viale Regione Siciliana N.O. n.7275 >>>>>>> 90146, Palermo (Italy) >>>>>>> Direct phone +39 - 091 7511842 <+39%20091%20751%201842> >>>>>>> Operator +39 - 091 7511711 <+39%20091%20751%201711> >>>>>>> www.eng.it >>>>>>> -- >>>>>>> *Filippo Giuffrida* >>>>>>> Researcher, Member of the Public Administration Innovation Unit >>>>>>> Research and Development Lab. >>>>>>> filippo.giuffrida at eng.it >>>>>>> >>>>>>> *Engineering Ingegneria Informatica spa* >>>>>>> Viale Regione Siciliana N.O. n.7275 >>>>>>> 90146, Palermo (Italy) >>>>>>> Direct phone +39 - 091 7511842 <+39%20091%20751%201842> >>>>>>> Operator +39 - 091 7511711 <+39%20091%20751%201711> >>>>>>> www.eng.it >>>>>>> >>>>>> >>>>>> >>>>> >>>>> -- >>>>> *Filippo Giuffrida* >>>>> Researcher, Member of the Public Administration Innovation Unit >>>>> Research and Development Lab. >>>>> filippo.giuffrida at eng.it >>>>> >>>>> *Engineering Ingegneria Informatica spa* >>>>> Viale Regione Siciliana N.O. n.7275 >>>>> 90146, Palermo (Italy) >>>>> Direct phone +39 - 091 7511842 <+39%20091%20751%201842> >>>>> Operator +39 - 091 7511711 <+39%20091%20751%201711> >>>>> www.eng.it >>>>> >>>> >>>> >>>> -- >>>> *Filippo Giuffrida* >>>> Researcher, Member of the Public Administration Innovation Unit >>>> Research and Development Lab. >>>> filippo.giuffrida at eng.it >>>> >>>> *Engineering Ingegneria Informatica spa* >>>> Viale Regione Siciliana N.O. n.7275 >>>> 90146, Palermo (Italy) >>>> Direct phone +39 - 091 7511842 <+39%20091%20751%201842> >>>> Operator +39 - 091 7511711 <+39%20091%20751%201711> >>>> www.eng.it >>>> >>> >>> >>> -- >>> *Filippo Giuffrida* >>> Researcher, Member of the Public Administration Innovation Unit >>> Research and Development Lab. >>> filippo.giuffrida at eng.it >>> >>> *Engineering Ingegneria Informatica spa* >>> Viale Regione Siciliana N.O. n.7275 >>> 90146, Palermo (Italy) >>> Direct phone +39 - 091 7511842 <+39%20091%20751%201842> >>> Operator +39 - 091 7511711 <+39%20091%20751%201711> >>> www.eng.it >>> >> >> >> -- >> *Filippo Giuffrida* >> Researcher, Member of the Public Administration Innovation Unit >> Research and Development Lab. >> filippo.giuffrida at eng.it >> >> *Engineering Ingegneria Informatica spa* >> Viale Regione Siciliana N.O. n.7275 >> 90146, Palermo (Italy) >> Direct phone +39 - 091 7511842 <+39%20091%20751%201842> >> Operator +39 - 091 7511711 <+39%20091%20751%201711> >> www.eng.it >> > > > -- > *Filippo Giuffrida* > Researcher, Member of the Public Administration Innovation Unit > Research and Development Lab. > filippo.giuffrida at eng.it > > *Engineering Ingegneria Informatica spa* > Viale Regione Siciliana N.O. n.7275 > 90146, Palermo (Italy) > Direct phone +39 - 091 7511842 <+39%20091%20751%201842> > Operator +39 - 091 7511711 <+39%20091%20751%201711> > www.eng.it > -------------- next part -------------- An HTML attachment was scrubbed... URL: <https://lists.fiware.org/private/fiware-fia-fundingbox-integration/attachments/20170829/ca4ff5ec/attachment-0001.html> -------------- next part -------------- A non-text attachment was scrubbed... Name: fmpoddjnaajjjped.png Type: image/png Size: 18176 bytes Desc: not available URL: <https://lists.fiware.org/private/fiware-fia-fundingbox-integration/attachments/20170829/ca4ff5ec/attachment-0007.png> -------------- next part -------------- A non-text attachment was scrubbed... Name: mhdpaloaofgkanlj.png Type: image/png Size: 24007 bytes Desc: not available URL: <https://lists.fiware.org/private/fiware-fia-fundingbox-integration/attachments/20170829/ca4ff5ec/attachment-0008.png> -------------- next part -------------- A non-text attachment was scrubbed... Name: naajnndnjomfjgic.png Type: image/png Size: 13374 bytes Desc: not available URL: <https://lists.fiware.org/private/fiware-fia-fundingbox-integration/attachments/20170829/ca4ff5ec/attachment-0009.png> -------------- next part -------------- A non-text attachment was scrubbed... Name: ikkpanfeccadmmoc.png Type: image/png Size: 17467 bytes Desc: not available URL: <https://lists.fiware.org/private/fiware-fia-fundingbox-integration/attachments/20170829/ca4ff5ec/attachment-0010.png> -------------- next part -------------- A non-text attachment was scrubbed... Name: lidimkbadpcaiepk.png Type: image/png Size: 32521 bytes Desc: not available URL: <https://lists.fiware.org/private/fiware-fia-fundingbox-integration/attachments/20170829/ca4ff5ec/attachment-0011.png> -------------- next part -------------- A non-text attachment was scrubbed... Name: nbjhplbdnnmjmigb.png Type: image/png Size: 11917 bytes Desc: not available URL: <https://lists.fiware.org/private/fiware-fia-fundingbox-integration/attachments/20170829/ca4ff5ec/attachment-0012.png> -------------- next part -------------- A non-text attachment was scrubbed... Name: nmdbcokakomjljpo.png Type: image/png Size: 10519 bytes Desc: not available URL: <https://lists.fiware.org/private/fiware-fia-fundingbox-integration/attachments/20170829/ca4ff5ec/attachment-0013.png>
You can get more information about our cookies and privacy policies clicking on the following links: Privacy policy Cookies policy