Hi Filippo, In our case, we have different applications that would be opened at the same time (in different tabs for example) and all of them can share the same login. Closing a tab (an application) we don't want to logout the user because the logout will occur in all applications that the user has opened. So, for us, I don't see it as security issue, but I understand in your case will be. About closing a tab and logout the user, I see it differently as you. I think logout should be done on the client (of course we have to provide the methods for that :), but it just my opinion, maybe Jorge has a different opinion :) Regards, Jose On Tue, Aug 29, 2017 at 3:09 PM, Filippo Giuffrida <filippo.giuffrida at eng.it > wrote: > Hi Jose, > > ok, if you want, we can wait for the Jorge's opinion, though for us it > would be simpler if the accounts.fundingbox.com session is cleaned when > the user closes the browser. This is a general security issue of > accounts.fundingbox.com, isn't it? > > I'm thinking that, in any case, if an user closes the browser without > clicking on logout, the Liferay session should be cleaned but the > accounts.fundingbox.com session would remain active. Do you agree? > > Regards > > *Filippo* > Il 29/08/2017 14:50, Jose Alonso ha scritto: > > Hi Filippo, > > Not actually. > > I think we can add a second parameter (for instance > ?doLogout=true&redirect_url=http://figlobal.eng.it) but I would like to > know about Jorge's opinion :) > > Regards, > > Jose > > On Tue, Aug 29, 2017 at 2:39 PM, Filippo Giuffrida < > filippo.giuffrida at eng.it> wrote: > >> Hi Jose, >> >> the URL http://accounts.fundingbox.com/?doLogout=true redirects to >> http://accounts.fundingbox.com/login, I think that an user that logouts >> on FIA should be redirected on the FIA login page, not on FundingBox Login. >> >> Is there a way to set the redirect page ? >> >> Please, let me know. >> >> Best Regards >> >> *Filippo* >> >> >> Il 29/08/2017 13:24, Jose Alonso ha scritto: >> >> Hi Filippo, >> >> Yes, you're right. The sessions remains active. I think the best way to >> handle this is that client could call a logout method and sessions will be >> closed. >> >> Actually you can invoke the http://accounts.fundingbox.com/?doLogout=true URL >> to logout the user via accounts. Could you call this URL when user logouts >> FIA (if logged with funding box account of course)? >> >> Regards, >> >> Jose >> >> On Tue, Aug 29, 2017 at 11:47 AM, Filippo Giuffrida < >> filippo.giuffrida at eng.it> wrote: >> >>> Hi Jose, >>> >>> ok, this new client_id works fine for figlobal.eng.it. If you want, you >>> can test it by the following link >>> >>> >>> >>> I've noticed that the session of accounts.fundingbox.com remains active >>> when the user close the tab/browser. >>> This means that: >>> >>> 1. User A clicks to sign in on FIA by FundingBox account >>> 2. User A inserts the own credentials on accounts.fundingbox.com >>> 3. User A logins and uses FIA >>> 4. User A clicks on FIA logout. The Liferay session is cleaned, but >>> (not having the Single Log out) the fundingbox session remains active. >>> 5. User A closes the browser. *Here the **fundingbox session should >>> be cleaned, but instead it remains active.* >>> 6. User B clicks to sign in on FIA by FundingBox account >>> 7. *User B is logged by the **FundingBox account of the user A*. >>> >>> It's an issue. >>> >>> Please, could you take a look ? >>> It would be enough to clean the accounts.fundingbox.comm session when >>> the user close the tab/browser. >>> >>> Thank you in advance >>> >>> Best Regards >>> >>> *Filippo* >>> >>> Il 29/08/2017 10:39, Jose Alonso ha scritto: >>> >>> Hi Filippo, >>> >>> I added a new client_id=59a52664e6c736834bd0cd2a that redirects to >>> http://figlobal.eng.it/authorize.html >>> >>> Could you please try that? >>> >>> Regards, >>> >>> Jose >>> >>> On Mon, Aug 28, 2017 at 4:17 PM, Filippo Giuffrida < >>> filippo.giuffrida at eng.it> wrote: >>> >>>> Hi FundingBox team, >>>> I ended up developing the SSO with FundingBox oAuth on my local >>>> environment by the client_id=597867a6e6c736834bd0cd1a that redirects >>>> to localhost:3000/authorize.html. >>>> >>>> Please could you provide an additional client_id that redirects to *http://figlobal.eng.it >>>> <http://figlobal.eng.it>**/authorize.html* ? >>>> >>>> Thank you in advance >>>> >>>> Best Regards >>>> >>>> *Filippo* >>>> >>>> Il 24/08/2017 13:34, Jose Alonso ha scritto: >>>> >>>> Hi Filippo, >>>> >>>> Could you try now? Since this morning seems the api didn't respond in >>>> some situations. >>>> >>>> Sorry for the inconvenience! >>>> >>>> Regards, >>>> >>>> Jose >>>> >>>> On Thu, Aug 24, 2017 at 11:07 AM, Filippo Giuffrida < >>>> filippo.giuffrida at eng.it> wrote: >>>> >>>>> Dear FundingBox Team, >>>>> >>>>> since this morning the server of http://api.fundingbox.com/users/me >>>>> doesn't seem to work. >>>>> >>>>> The Ajax call returns a pending status that ends with a 502 error >>>>> >>>>> >>>>> Yesterday evening it was working fine. >>>>> >>>>> Please, could you take a look and give me a feedback ? >>>>> >>>>> Thank you in advance >>>>> >>>>> Best Regards >>>>> >>>>> *Filippo* >>>>> >>>>> Il 24/08/2017 01:43, Jorge Fernandez ha scritto: >>>>> >>>>> Hi Filippo, thanks for reporting this. It's quite strange, I didn't >>>>> had time to check it properly, but looks like the two systems are using >>>>> different cost parameters in their hashing functions, but not always, and >>>>> this is the strange thing, because at least my account is working exactly >>>>> the same in both systems. >>>>> >>>>> Anyway, thanks for telling us ;) , we'll investigate it and fix it >>>>> asap. >>>>> >>>>> Regards, >>>>> Jorge >>>>> >>>>> On Wed, Aug 23, 2017 at 10:51 AM, Filippo Giuffrida < >>>>> filippo.giuffrida at eng.it> wrote: >>>>> >>>>>> Dear FundingBox Team, >>>>>> >>>>>> I followed the Jorge's suggestions, getting these results: >>>>>> >>>>>> - I cannot reset my password for the account >>>>>> filippo.giuffrida at eng.it >>>>>> >>>>>> >>>>>> - I clicked on the link shown in the following image >>>>>> >>>>>> >>>>>> >>>>>> - I tried to use the same email address (filippo.giuffrida at eng.it) >>>>>> and the system (rightly) gave my an error >>>>>> >>>>>> >>>>>> - I changed the email address in filgiuffrida at outlook.it, the >>>>>> account was created successfully and the login works fine, redirecting to >>>>>> http://localhost:3000/authorize.html#access_token=599d3fc4af >>>>>> 59fc84788b4567&token_type=Bearer&expires=1504773700&expires_ >>>>>> in=1296000 >>>>>> <http://localhost:3000/authorize.html#access_token=599d3fc4af59fc84788b4567&token_type=Bearer&expires=1504773700&expires_in=1296000> >>>>>> - I tried to create an other account by the page >>>>>> https://fundingbox.com/signin >>>>>> >>>>>> >>>>>> and the account l346261 at mvrht.net gave me the same problems of >>>>>> filippo.giuffrida at eng.it (I cannot use it on >>>>>> http://accounts.fundingbox.com/login) >>>>>> >>>>>> I got the following conclusions: >>>>>> >>>>>> 1. If you create the account by https://fundingbox.com/signin, >>>>>> >>>>>> >>>>>> - it works fine on https://fundingbox.com/signin >>>>>> >>>>>> >>>>>> - it doesn't work on http://accounts.fundingbox.com/login >>>>>> >>>>>> >>>>>> 1. If you create the account by http://accounts.fundingbox.com >>>>>> /login, >>>>>> >>>>>> >>>>>> - it works fine on http://accounts.fundingbox.com/login >>>>>> - it works fine on https://fundingbox.com/signin >>>>>> >>>>>> In this way I'm able to proceed with my development, but we should >>>>>> keep in mind that this account management isn't working fine and >>>>>> with these bugs it cannot be used in a production context. We need >>>>>> to solve these problems, do you agree ? >>>>>> >>>>>> Best Regards >>>>>> >>>>>> *Filippo* >>>>>> >>>>>> Il 22/08/2017 23:21, Jorge Fernandez ha scritto: >>>>>> >>>>>> Hi Filippo, please try again, reseting your password here: >>>>>> http://accounts.fundingbox.com/login >>>>>> I'll be out till Sept. 1, but I'll try to check the email from time >>>>>> to time, so you can contact me or try to contact my colleague Jose: >>>>>> jose.alonso at fundingbox.com >>>>>> >>>>>> Regards, >>>>>> Jorge >>>>>> >>>>>> On Tue, Aug 22, 2017 at 3:16 PM, Filippo Giuffrida < >>>>>> filippo.giuffrida at eng.it> wrote: >>>>>> >>>>>>> Hi Jorge, >>>>>>> >>>>>>> I'm trying to use the example provided by you. >>>>>>> >>>>>>> I've created an account on https://fundingbox.com/ with email >>>>>>> filippo.giuffrida at eng.it, I've verified the email and I access fine >>>>>>> on https://fundingbox.com/ >>>>>>> >>>>>>> I've tried to access by a blank browser to >>>>>>> http://accounts.fundingbox.com/authorize?client_id=597867a6e >>>>>>> 6c736834bd0cd1a&response_type=token , it redirects to >>>>>>> http://accounts.fundingbox.com/login where the following form >>>>>>> appears >>>>>>> >>>>>>> >>>>>>> I've tried to access by the account filippo.giuffrida at eng.it, but >>>>>>> it doesn't work, I got the message "*Your username or password are >>>>>>> incorrect, please try again."* >>>>>>> >>>>>>> I've also tried to create an account by the link "Create an account" >>>>>>> but it links to # >>>>>>> >>>>>>> Please, could you take a look ? >>>>>>> >>>>>>> Thank you in advance >>>>>>> >>>>>>> Best Regards >>>>>>> >>>>>>> *Filippo* >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> Il 26/07/2017 18:15, Jorge Fernandez ha scritto: >>>>>>> >>>>>>> Hi Filippo, >>>>>>> >>>>>>> I've prepared a brief document and a very basic example using the >>>>>>> "implicit grant" flow. >>>>>>> >>>>>>> Example: https://drive.google.com/file/d/0B29v6b3mGXyUUllZcz >>>>>>> NYRmsyZ1k/view?usp=sharing >>>>>>> Document: https://docs.google.com/document/d/14Bjn6ibrOgmq1P >>>>>>> 0sx5hDh_U98f5ypLOqUniy7Vpunvg/edit?usp=sharing >>>>>>> >>>>>>> This is probably the easier one to implement, but if you prefer to >>>>>>> use a different grant type just tell me and we can prepare a different >>>>>>> example. >>>>>>> >>>>>>> The example is very basic, using only javascript. >>>>>>> If you use php in your laptop you can run it with this command: php >>>>>>> -S localhost:3000 >>>>>>> If not, you'll need to upload the files to a web server or run it >>>>>>> with node, etc... >>>>>>> >>>>>>> Here are the credentials you'll need to use our Accounts service: >>>>>>> >>>>>>> *authorization_url*: http://accounts.fundingbox.com/authorize >>>>>>> *client_id*: 597867a6e6c736834bd0cd1a >>>>>>> *client_secret (not needed if using the implicit grant type)*: >>>>>>> mac974348wncw084309du7tcnw084tcw846tndw86tbw >>>>>>> >>>>>>> The URI to redirect to after the user grants/denies permission is : *http://localhost:3000/authorize >>>>>>> <http://localhost:3000/authorize>* >>>>>>> If you need to change it you'll have to ask me to do it. >>>>>>> >>>>>>> After the user granted permission you'll receive and access_token >>>>>>> and you should use it to call our API to get the user details like the >>>>>>> email, username, etc... >>>>>>> This can be done calling this REST method: *(GET) >>>>>>> http://api.fundingbox.com/users/me <http://api.fundingbox.com/users/me>* >>>>>>> (including a header "Authorization": access_token) >>>>>>> >>>>>>> If you need any help or examples to implement this just tell me :) >>>>>>> >>>>>>> Regards, >>>>>>> Jorge >>>>>>> >>>>>>> On Wed, Jul 26, 2017 at 10:59 AM, Jorge Fernandez < >>>>>>> jorge at fundingbox.com> wrote: >>>>>>> >>>>>>>> Hi Filippo, sorry for my late response, I'm been out since friday. >>>>>>>> >>>>>>>> We have and OAuth2 authentication service with the following grant >>>>>>>> types: >>>>>>>> >>>>>>>> Authorization code grant >>>>>>>> Implicit grant >>>>>>>> Resource owner credentials grant >>>>>>>> Client credentials grant >>>>>>>> Refresh token grant >>>>>>>> >>>>>>>> I guess the simplest implementation would be use the "implicit >>>>>>>> grant" option, since it's quite simple to implement from scratch. >>>>>>>> We are now preparing some documentation and examples, and I hope to >>>>>>>> sent them to you during the day. >>>>>>>> >>>>>>>> Regards, >>>>>>>> Jorge >>>>>>>> >>>>>>>> >>>>>>>> On Tue, Jul 25, 2017 at 7:03 PM, Filippo Giuffrida < >>>>>>>> filippo.giuffrida at eng.it> wrote: >>>>>>>> >>>>>>>>> Dear Jorge, >>>>>>>>> >>>>>>>>> did you receive the following email, that I sent to >>>>>>>>> fiware-fia-fundingbox-integration at lists.fiware.org ? >>>>>>>>> >>>>>>>>> Please, could you let us know ? >>>>>>>>> >>>>>>>>> Thank you in advance >>>>>>>>> >>>>>>>>> Best Regards >>>>>>>>> *Filippo* >>>>>>>>> >>>>>>>>> -------- Messaggio Inoltrato -------- >>>>>>>>> Oggetto: SSO integration >>>>>>>>> Data: Mon, 24 Jul 2017 16:11:09 +0200 >>>>>>>>> Mittente: Filippo Giuffrida <filippo.giuffrida at eng.it> >>>>>>>>> <filippo.giuffrida at eng.it> >>>>>>>>> A: fiware-fia-fundingbox-integration at lists.fiware.org >>>>>>>>> >>>>>>>>> >>>>>>>>> Dear Jorge, >>>>>>>>> >>>>>>>>> as Giovanni wrote in a previous mail, one of the first steps of >>>>>>>>> the our integration should be: >>>>>>>>> >>>>>>>>> - Integration with FundingBox via OAuth 2.0 or CAS (to be >>>>>>>>> finally agreed, after information sent by Jorge) >>>>>>>>> >>>>>>>>> Currently our tool doesn't provide a native module to use OAuth >>>>>>>>> 2.0 as SSO system, so we should develop it from scratch. >>>>>>>>> >>>>>>>>> An alternative route that allows us to reduce the time for putting >>>>>>>>> the SSO into operation is the use of CAS. >>>>>>>>> <https://en.wikipedia.org/wiki/Central_Authentication_Service> >>>>>>>>> >>>>>>>>> Does FundingBox implement the CAS protocol ? >>>>>>>>> >>>>>>>>> Please, could you let us know ? >>>>>>>>> >>>>>>>>> Thank you in advance >>>>>>>>> >>>>>>>>> Best Regards >>>>>>>>> >>>>>>>>> *Filippo* >>>>>>>>> >>>>>>>>> >>>>>>>>> -- >>>>>>>>> *Filippo Giuffrida* >>>>>>>>> Researcher, Member of the Public Administration Innovation Unit >>>>>>>>> Research and Development Lab. >>>>>>>>> filippo.giuffrida at eng.it >>>>>>>>> >>>>>>>>> *Engineering Ingegneria Informatica spa* >>>>>>>>> Viale Regione Siciliana N.O. n.7275 >>>>>>>>> 90146, Palermo (Italy) >>>>>>>>> Direct phone +39 - 091 7511842 <+39%20091%20751%201842> >>>>>>>>> Operator +39 - 091 7511711 <+39%20091%20751%201711> >>>>>>>>> www.eng.it >>>>>>>>> -- >>>>>>>>> *Filippo Giuffrida* >>>>>>>>> Researcher, Member of the Public Administration Innovation Unit >>>>>>>>> Research and Development Lab. >>>>>>>>> filippo.giuffrida at eng.it >>>>>>>>> >>>>>>>>> *Engineering Ingegneria Informatica spa* >>>>>>>>> Viale Regione Siciliana N.O. n.7275 >>>>>>>>> 90146, Palermo (Italy) >>>>>>>>> Direct phone +39 - 091 7511842 <+39%20091%20751%201842> >>>>>>>>> Operator +39 - 091 7511711 <+39%20091%20751%201711> >>>>>>>>> www.eng.it >>>>>>>>> >>>>>>>> >>>>>>>> >>>>>>> >>>>>>> -- >>>>>>> *Filippo Giuffrida* >>>>>>> Researcher, Member of the Public Administration Innovation Unit >>>>>>> Research and Development Lab. >>>>>>> filippo.giuffrida at eng.it >>>>>>> >>>>>>> *Engineering Ingegneria Informatica spa* >>>>>>> Viale Regione Siciliana N.O. n.7275 >>>>>>> 90146, Palermo (Italy) >>>>>>> Direct phone +39 - 091 7511842 <+39%20091%20751%201842> >>>>>>> Operator +39 - 091 7511711 <+39%20091%20751%201711> >>>>>>> www.eng.it >>>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> *Filippo Giuffrida* >>>>>> Researcher, Member of the Public Administration Innovation Unit >>>>>> Research and Development Lab. >>>>>> filippo.giuffrida at eng.it >>>>>> >>>>>> *Engineering Ingegneria Informatica spa* >>>>>> Viale Regione Siciliana N.O. n.7275 >>>>>> 90146, Palermo (Italy) >>>>>> Direct phone +39 - 091 7511842 <+39%20091%20751%201842> >>>>>> Operator +39 - 091 7511711 <+39%20091%20751%201711> >>>>>> www.eng.it >>>>>> >>>>> >>>>> >>>>> -- >>>>> *Filippo Giuffrida* >>>>> Researcher, Member of the Public Administration Innovation Unit >>>>> Research and Development Lab. >>>>> filippo.giuffrida at eng.it >>>>> >>>>> *Engineering Ingegneria Informatica spa* >>>>> Viale Regione Siciliana N.O. n.7275 >>>>> 90146, Palermo (Italy) >>>>> Direct phone +39 - 091 7511842 <+39%20091%20751%201842> >>>>> Operator +39 - 091 7511711 <+39%20091%20751%201711> >>>>> www.eng.it >>>>> >>>> >>>> >>>> -- >>>> *Filippo Giuffrida* >>>> Researcher, Member of the Public Administration Innovation Unit >>>> Research and Development Lab. >>>> filippo.giuffrida at eng.it >>>> >>>> *Engineering Ingegneria Informatica spa* >>>> Viale Regione Siciliana N.O. n.7275 >>>> 90146, Palermo (Italy) >>>> Direct phone +39 - 091 7511842 <+39%20091%20751%201842> >>>> Operator +39 - 091 7511711 <+39%20091%20751%201711> >>>> www.eng.it >>>> >>> >>> >>> -- >>> *Filippo Giuffrida* >>> Researcher, Member of the Public Administration Innovation Unit >>> Research and Development Lab. >>> filippo.giuffrida at eng.it >>> >>> *Engineering Ingegneria Informatica spa* >>> Viale Regione Siciliana N.O. n.7275 >>> 90146, Palermo (Italy) >>> Direct phone +39 - 091 7511842 <+39%20091%20751%201842> >>> Operator +39 - 091 7511711 <+39%20091%20751%201711> >>> www.eng.it >>> >> >> >> -- >> *Filippo Giuffrida* >> Researcher, Member of the Public Administration Innovation Unit >> Research and Development Lab. >> filippo.giuffrida at eng.it >> >> *Engineering Ingegneria Informatica spa* >> Viale Regione Siciliana N.O. n.7275 >> 90146, Palermo (Italy) >> Direct phone +39 - 091 7511842 <+39%20091%20751%201842> >> Operator +39 - 091 7511711 <+39%20091%20751%201711> >> www.eng.it >> > > > -- > *Filippo Giuffrida* > Researcher, Member of the Public Administration Innovation Unit > Research and Development Lab. > filippo.giuffrida at eng.it > > *Engineering Ingegneria Informatica spa* > Viale Regione Siciliana N.O. n.7275 > 90146, Palermo (Italy) > Direct phone +39 - 091 7511842 <+39%20091%20751%201842> > Operator +39 - 091 7511711 <+39%20091%20751%201711> > www.eng.it > -------------- next part -------------- An HTML attachment was scrubbed... URL: <https://lists.fiware.org/private/fiware-fia-fundingbox-integration/attachments/20170830/6b84d12c/attachment-0001.html> -------------- next part -------------- A non-text attachment was scrubbed... Name: nbjhplbdnnmjmigb.png Type: image/png Size: 11917 bytes Desc: not available URL: <https://lists.fiware.org/private/fiware-fia-fundingbox-integration/attachments/20170830/6b84d12c/attachment-0007.png> -------------- next part -------------- A non-text attachment was scrubbed... Name: naajnndnjomfjgic.png Type: image/png Size: 13374 bytes Desc: not available URL: <https://lists.fiware.org/private/fiware-fia-fundingbox-integration/attachments/20170830/6b84d12c/attachment-0008.png> -------------- next part -------------- A non-text attachment was scrubbed... Name: lidimkbadpcaiepk.png Type: image/png Size: 32521 bytes Desc: not available URL: <https://lists.fiware.org/private/fiware-fia-fundingbox-integration/attachments/20170830/6b84d12c/attachment-0009.png> -------------- next part -------------- A non-text attachment was scrubbed... Name: mhdpaloaofgkanlj.png Type: image/png Size: 24007 bytes Desc: not available URL: <https://lists.fiware.org/private/fiware-fia-fundingbox-integration/attachments/20170830/6b84d12c/attachment-0010.png> -------------- next part -------------- A non-text attachment was scrubbed... Name: ikkpanfeccadmmoc.png Type: image/png Size: 17467 bytes Desc: not available URL: <https://lists.fiware.org/private/fiware-fia-fundingbox-integration/attachments/20170830/6b84d12c/attachment-0011.png> -------------- next part -------------- A non-text attachment was scrubbed... Name: fmpoddjnaajjjped.png Type: image/png Size: 18176 bytes Desc: not available URL: <https://lists.fiware.org/private/fiware-fia-fundingbox-integration/attachments/20170830/6b84d12c/attachment-0012.png> -------------- next part -------------- A non-text attachment was scrubbed... Name: nmdbcokakomjljpo.png Type: image/png Size: 10519 bytes Desc: not available URL: <https://lists.fiware.org/private/fiware-fia-fundingbox-integration/attachments/20170830/6b84d12c/attachment-0013.png>
You can get more information about our cookies and privacy policies clicking on the following links: Privacy policy Cookies policy