I am trying to monitor keycloak application., but it's only shows without routes
I am using the latest Newrelic agent with the Keycloac 20.0.3
I tried to use
https://github.com/newrelic-experimental/newrelic-java-quarkus
but I got the same results
Most Probably in your newrelic.yml config file there is an option enable_auto_transaction_naming try to enable it
Related
Created ECS cluster let's call it tools.
tools cluster have 2 services:
sso-proxy
grafana - opensource
Going through sso-proxy to get grafana.
when trying to enter credentials to grafana i got the following error:
When incognito mode the login working for the first time.
This is the ECS logs:
Please someone can help.
Grafana must receive proper Host header in the request header. I guess your "sso-proxy" doesn't do that. You didn't provide reproducible example (why not, when you want to help), so it is only a guess.
Lazy and insecure workaround will be Grafana downgrade to version 8.3.4-, where CSRF fix for CVE-2022-21703 is not included.
Every time I try logging in to https://cd.screwdriver.cd/login I am getting {"statusCode":403,"error":"Forbidden","message":"User github:tannupriyasingh is not allowed access"} error.
I tried adding webhook to Github with steps mentioned here https://developer.github.com/webhooks/creating/ and running into Tunnel 541e163b.ngrok.io not found response
I am expecting to login and create a deployment pipeline in screwdriver-cd.
https://cd.screwdriver.cd is our demo Screwdriver cluster used for deploying open source Screwdriver. We currently do not host any instances for public use. You can login with Guest Access to look at the UI in cd.screwdriver.cd, but you'll need to run your own instance of Screwdriver in order to create a deployment pipeline.
A couple options for running your own instance:
Helm chart: https://docs.screwdriver.cd/cluster-management/helm
Docker compose: https://docs.screwdriver.cd/cluster-management/running-locally
I try to add a basic authentication to my kubernetes cluster by changing the file.
/etc/kubernetes/manifest/kubernetes-apiserver.yaml
There i add 3 flags
-- basic-auth-file=/etc/kubernetes/basic-auth.csv
-- authorization-mode=ABAC
-- authentication-mode=basic
But when i add those lines and i restart my system. My kubernetes freezes and won't start. Is this the right way to add flags to an already running kubernetes cluster ? Is this the right way to add basic authentication to kubernetes dashboard ?
I used this tutorial for the basic authentication: https://github.com/kubernetes/dashboard/wiki/Access-control#basic
Conceptually you doing everything right, but the problem is that for Modern Kubernetes version, at least for 1.9, authentication-mode is not a valid CLI flag for API server. All available flags you can check in documentation.
It is a bit outdated documentation in the repo. Actually, basic authentification will be enabled when you provided basic-auth-file option.
So, just remove authentication-mode flag and use only basic-auth-file and authorization-mode. If should help.
For enable a user/password authorization, based on documentation of dashboard, you need to add authentication-mode CLI arg to a Dashboard.
I've created Web Application running on Java Liberty Runtime on Bluemix. Login is done by using SSO service with SAML enterprise provider. After login user redirected to my app and on every JAX-RS request I get user's credentials by following code:
Subject s = WSSubject.getCallerSubject();
Object credential = s.getPrivateCredentials().iterator().next();
String loginToken = credential.toString();
Everything works fine, but if the user has been idle for more then 10 minutes and then perform any ajax request WSSubject.getCallerSubject() returns null, and I required to refresh application.
I've tried to increase timeout by adding following attribute to web.xml:
<session-config>
<session-timeout>60</session-timeout>
</session-config>
But it didn't help. So I'm looking how can I increase timeout or possible I can retrieve user credentials in a different way?
You need to add the optional element <authCache> to the server.xml file to change the default values for the authentication cache.
As you mentioned in your question, the default value is 10 minutes. To change it to 60 minutes you need to include the following in the server.xml file:
<authCache initialSize="50" maxSize="25000" timeout="60m"/>
The documentation here provides more details and also explains initialSize and maxSize options, I left the default value for these two above and just updated timeout.
If you are deploying your application using the default method of pushing the war file, you will need to use a different approach to deploy the application with a custom server.xml file. Please check the documentation here for options on pushing Liberty profile applications (more specific check sections Server Directory and Packaged Server).
In this case, you may also want to check the server.xml file that is currently deployed and modify that version to add the <authCache> element.
You can get a copy of the file by running the following command:
$ cf files <your_app_name> app/wlp/usr/servers/defaultServer/server.xml
How to I change the monitoring-agent.config to go out via proxy with authentication?
The change log states...
Monitoring Agent 2.3.1.89-1
Released 2014-07-08
Added support for HTTP proxy configuration in the agent configuration file.
But I can't see how to do this.
Following wdberkeley's link I can add this value to the monitoring-agent.config file.
httpProxy=http://"pxproxy01":3128
But this gives..
Failure getting conf. Op: Get Err: Proxy Authentication Required
Is there anyway to set the authentication user/password ?
Edit file:
C:\MMSData\Monitoring\monitoring-agent.config
Add line...
httpProxy=http://<insert_server_address>:<insert_port>
e.g.
httpProxy=http://PROXY01.server.com:3128
Then get the proxy control team, who ever they be, to exclude the following from requiring authentication.
https://mms.mongodb.com 80
https://mms.mongodb.com 443
This has worked for me. I now have the MMS Agent on Windows sending stat's to the MMS service.
Thanks to #wdberkeley for starting me off on this route.
wdberkeley, the page you linked to does not exist & the classic page PDF & HTTP versions state 'HTTP_PROXY' not 'httpproxy' (on OSx section & tar.gz section), section '6.6 Monitoring Agent Configuration' does state the correct property name 'httpproxy'.