The basic setup sounds right. When you get the error, it is a FM error right? You get that after the browser shows the amazon/google login page and you get no error in the browser?
Make sure that the priv set attached to those two accounts has the 'fmapp' extended priv set enabled.
> When you get the error, it is a FM error right?
Yes, it's an FM error.
> Make sure that the priv set attached to those two accounts has the 'fmapp' extended priv set enabled.
Yes, it is.
> You get that after the browser shows the amazon/google login page and you get no error in the browser?
This is where I think I must be doing something wrong -- where does the browser come into it?
When I open the database, I just get an ordinary FM username and password request, the same as it's always been.
I assumed that if I just entered my amazon or google username and password, then authentication would take place seamlessly in FMPro.
Is this just for WebDirect, then?
Thanks for your help,
Ah, yes - that's where the assumption is wrong. You don't type in your Amazon/Google creds in the FM dialog box at all. You click the provider's button on that dialog box, it will open your default browser and show the provider's login page. They will do the authentication and then redirect you back to FM (that's what the redirect url is for that you've entered in the Amazon/Google config area)
Jonathan Jeffery wrote:
Is this just for WebDirect, then?
No. Works for FMP, FM Go and WebDirect.
Ah, that's where things are going screwy -- are you saying that the log-on dialogue box has changed, to include an extra button for providers? I just get a completely normal FM log-on box, the same as it was in FM15 and earlier.
I don't think I can attach screenshots here, but I can send you my server URL for you to look at (it's just a test database).
My client is FMPA 126.96.36.199
This sounds like it's a bug, then...?
Yes, when your providers have been set up correctly on FMS then the login dialog for any file hosted on that FMS will show new buttons, one for each configured provider. This screenshot shows that I have all 3 of them set up:
I don't fill in anything in the top section, I just click the 'Amazon' button which opens my browser and shows the Amazon login page for my 'app':
My devcon presentation this year will be all about this, doing the step by step config for all 3 of the providers
Did you restart the FMS service (not just the db engine) after you configured the providers? It won't work until you do.
This is a relief! I've been driving myself potty trying to work out what the matter was.
For some reason, I don't see anything like that:
Yet the server has OAuth enabled:
Yes, I restarted the FMS demon (in fact, I just restarted the whole server, several times)
This is looking more and more like a bug, and not a set-up error.
Haven't seen it fail yet and I've set it up on about a dozen servers during testing so I'd be very interested to see what is different in your environment.
When you click on the config gear for those providers, are the details still there?
Is the server able to reach out to the internet and is accessible from the internet?
> Haven't seen it fail yet and I've set it up on about a dozen servers during testing so
> I'd be very interested to see what is different in your environment.
So would I
> When you click on the config gear for those providers, are the details still there?
> Is the server able to reach out to the internet and is accessible from the internet?
Yes (the second screen-shot is from a remote server, way off our intranet).
Interestingly, I'm having trouble with WebD, that I didn't have with the same server with FMS15, or with the pre-release and testing versions of FMS16.
I've just tried a re-installing FMS16, after using the FMS uninstall app, and manually uninstalling Java. No better.
One thing that may be effecting it is static NAT -- we have several web servers (including a handful of FM servers) on our intranet, and they are accessed across our firewall by sNAT translation (e.g. internet address, port 10006 -> intranet address, port 5003). This has worked robustly with FMP and WebD for years, and continued to work perfectly well with the earlier versions of FMS16.
My next steps would be to try an install specifying alternate ports (rather than using sNat), and also trying an install on a server more directly exposed to the internet.
I got Google working fine, but am having an issue with the Amazon one.
I have added the return URL as per the server dialogue to the security profle , the button now shows up in the login dialog, but if I cick the Amazon button it takes me to theri site and then says:
Error Summary400 Bad Request
The redirect URI you provided has not been whitelisted for your application. Please add your redirect URI in the 'Allowed Return URLs' section under 'Web Settings' for your Security Profile on Amazon Developer Portal.
Can you take a screenshot of where you have entered the Redirect URL?
There's actually two different processes to set Amazon up. I mentioned both of the entry points in the white paper here: OAuth Identity Providers - White Papers - FMForums.com
On the Developer Console, choose 'login with amazon', select your security profile and go through the wizard; you'll get to the place where your apps are listed. On the right on te line of the app you want to use, choose 'web settings' from the dropdown and there will be spot to enter the 'allowed return urls'
OK, it was the static NAT routing that was the problem.
I adjusted our router to do simple NAT routing (e.g. internet address, port 10006 -> intranet address, port 10006) and re-installed FMS, specifying 10006 as the https port (this can only be done during the install -- nice one, FMI)
Now authentication via Amazon and Google works as expected.