Predix_Logo
  • Categories
    • Questions
    • Predix | Updates
      • Pricing
      • Product
    • Deloitte - Private
    • How-To
    • Accenture-Private
  • Explore
    • Topics
    • Questions
    • Articles
    • Feedback or Feature Requests
  • Sign in
  • Home /
  • Questions /
avatar image
1
Question by Jai · Mar 18, 2016 at 12:09 AM · uaaassetstarter pack

Unable to set redirect URI for hello world application

Have created an Asset service instance, binding the application to an asset service instance. When i see the application in browser view it shows the "Hello world" text, but what i want to do is either if i type application URI or UAA uri it should go to login screen then with the correct login credentials should enter then only it should go my application page.

Can you help me on the steps or docs for this

Real problem what am facing is, When entering this UAA URL of my hello world appliocation https://9a3a0e39-9c0c-417d-a7ee-0b649b2f4a8f.predix-uaa.run.aws-usw02-pr.ice.predix.io/login it's going to login screen but when i enter the credentials (gautham/guna) its not going to my app home screen. Instead of that it shows the error as "You should not see this page. Set up your redirect URI."

After successful login it should go to http://hello-world-jai.run.aws-usw02-pr.ice.predix.io/ app screen Kindly provide solution for this issue.

Comment
Add comment
10 |1200 characters needed characters left characters exceeded
▼
  • Viewable by all users
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Viewable by all users

6 Replies

  • Sort: 
avatar image
0

Answer by Greg Stroup · Mar 21, 2016 at 10:24 AM

Looks like you need to pass in the redirect_uri as a query string parameter to the UAA login page.

Here's an example from the RMD Reference app:

https://9f1851a1-cb52-4c27-bacd-f5cc3165bacc.predix-uaa.run.aws-usw02-pr.ice.predix.io/oauth/authorize?response_type=code&client_id=mvp3_ref_app&redirect_uri=https%3A%2F%2Frmd-ref-app.run.aws-usw02-pr.ice.predix.io%2Fcallback&state=/dashboard

Comment
Add comment · Share
10 |1200 characters needed characters left characters exceeded
▼
  • Viewable by all users
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Viewable by all users
avatar image
0

Answer by Om Soni · Mar 19, 2016 at 08:08 AM

Also, followed the directions here: https://www.predix.io/docs/?r=620185#uAyBrT9y

Following Creating an OAuth2 Client with Local UAA Identity Provider. When I hit UAA url and logs in, it won't redirect and gives me same message.

"You should not see this page. Set up your redirect URI."

Below are setup commands I executed:

C:\Users\cf-uaac\bin>uaac client add traj_client_id --authorities "ua a.resource" --scope "openid" --autoapprove "openid" --authorized_grant_types "authorization_code password client_credentials refresh_token" --redirect_uri ht tp://<>.run.aws-usw02-pr.ice.predix.io/ New client secret: Verify new client secret: scope: openid client_id: traj_client_id resource_ids: none authorized_grant_types: authorization_code client_credentials password refresh_token redirect_uri: http://<>.run.aws-usw02-pr.ice.predix.io/ autoapprove: openid action: none authorities: uaa.resource name: traj_client_id lastmodified: 1458354193928 id: traj_client_id

C:\Users\cf-uaac\bin>uaac user add traj_user --emails trajectory_suppo rt@ge.com --password <> user account successfully added

Comment
Add comment · Share
10 |1200 characters needed characters left characters exceeded
▼
  • Viewable by all users
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Viewable by all users
avatar image
3

Answer by postQuantum · Mar 18, 2016 at 09:09 PM

This is a point of confusion where probably Predix docs could have done a better job.

See the following points.

  1. Predix UAA is not an entry point for the your application

  2. In order to access your application you need an OAuth client with an Identity provider.

  3. By default you have admin client which uses a Local Auth provider. It should be used to create another OAuth client. Admin client is useless for your application, it has to be used to do admin operations, like creating an application client for your application with limited access. Ref: Creating an OAuth2 Client with Local UAA Identity Provider Command line is fastest way to do this but if you want you can use this predix starter kit

  4. After you have created the application specific client you can move to creating users.

  5. This is probably most important point. A single client can have multiple redirect_uris. A redirect uri registration just specifies the valid redirections from your UAA. So that it doesn't redirect to any other web page like google.com.

  6. In order to use your UAA you would have to create a hyperlink on your home page like Login: href="[uaa_instance_url]/oauth/authorize?client_id="[my_client]"&response_type=code&redirect_uri=[app_home_page]"

  7. This will redirect user to the UAA page, where UAA will generate a form with the parameters that you have provided in the hyperlink. Default UAA /login form doesn't have these parameters that why you see the UAA error page.

  8. This is all that you have to do, after login in from here user should be redirected to the link that you have provided.

  9. On your landing page (redirection URI) you application controller would have to validate the token provided by UAA during redirection in the Authorization header. If the token is valid then you can go ahead and create a session for the user and store the token if you want to make some UAA service calls or need to use some other resource protected by the same UAA service. If token is invalid then you can again redirect the user to the login url in point 6.

Note: This redirect link must be registered with the OAuth client that you created first, other wise you'll get an error. Also make sure to create the client with limited privileges that it would actually need as chances are it's going to be exposed in the client side code.

If you would like to look at the code sample then here's a full fledged node js app using UAA.

Comment
Add comment · Share
10 |1200 characters needed characters left characters exceeded
▼
  • Viewable by all users
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Viewable by all users
avatar image
0

Answer by Greg Stroup · Mar 18, 2016 at 01:55 PM

Are you building a UI Application with Java in a WAR file? We usually recommend building the UI application separately from the Java microservice projects. Then the Java services just return a 401 unauthorized error if the token is invalid. The UI application would intercept that 401 and redirect the user to the login page. Both the Starter Packs in the catalog demonstrate this pattern (RMD Reference app and Predix Seed app) I haven't seen the redirect logic implemented in a Java WAR project, but I'm sure it's possible.

Comment
Add comment · Share
10 |1200 characters needed characters left characters exceeded
▼
  • Viewable by all users
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Viewable by all users
avatar image
0

Answer by Om Soni · Mar 18, 2016 at 01:33 PM

I think documentation is specific to node.js. Is there any documentation on how we can achieve the same for a WAR ?

Thanks, Om

Comment
Add comment · Share
10 |1200 characters needed characters left characters exceeded
▼
  • Viewable by all users
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Viewable by all users
avatar image
1

Answer by Greg Stroup · Mar 18, 2016 at 09:58 AM

You have two options.

  1. You can pass in the redirect URL from your application to UAA, then UAA will send the user back to that URL after authentication.

  2. You can configure a redirect URL on your UAA Client. Then all requests to authenticate with that client will be redirected to the same URL.

The first option is recommended. See these tutorials for more info and sample code: Build a Basic Application

Comment
Add comment · Share
10 |1200 characters needed characters left characters exceeded
▼
  • Viewable by all users
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Viewable by all users

Follow this Question

Answers Answers and Comments

26 People are following this question.

avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image

Related Questions

Can't set UAA service! 2 Answers

UAA: Not able to log in as admin using the security starter app 1 Answer

windows 10 user has problem with uaa-scirpts 1 Answer

uaa authentication error 2 Answers

pm-configure-uaa.sh error - missing argument: --secret 2 Answers

GE Monogram
  • Legal
  • Cookies
  • Forum Terms
  • Contact Us
  • Copyright © 2017 General Electric Company. All rights reserved.


Enterprise
Social Q&A

  • Anonymous
  • Sign in
  • Create
  • Ask a question
  • Create an article
  • Submit your feedback or feature request
  • Categories
  • Questions
  • Predix | Updates
    • Pricing
    • Product
  • Deloitte - Private
  • How-To
  • Accenture-Private
  • Explore
  • Topics
  • Questions
  • Articles
  • Feedback or Feature Requests