I am using MongoDB Realm for authentication in my Rest API writen in node js.
When I do the deployment that Realm authorization token getting expired for all the users. My assumption is MongoDb Realm is creating temp files inside the application directory and using that for authorization. Users are getting logged out because of this files are getting deleted during the deployment.
If anyone has some idea please help me out
Are this temporary files needed?
Related
I wanted to create an webapp using JHipster with Keycloak and ran into a problem:
There is no deal to create new users using Keycloak or connecting user specific data to these users.
But if I want to delete a user I have to do that via Keycloak too, so the entry in JHipsters JHI_USER, the role-assignments and all the data created by this user will not be affected from these deletion.
So what I can do to make it possible to delete these user's data as well?
If Keycloak supported SCIM, you could use Apache SCIMple to sync your users. Here's a demo script that shows how to do it with Okta:
https://github.com/mraible/okta-scim-spring-boot-example/blob/main/demo.adoc
Running into issues with multiple instances of IdentityServer4 on Kubernetes exposed by the load balancer. I dont think there is a issue with credential login, my issues are around JWT Tokens. Works fine when there is only 1 instance.
Overview:
IdentityServer4
MongoDB Data Storage
PersistedGrantStore
Data Protection setup on Redis
Multiple .Net Core 3.1 Web API. Using AddIdnetityServerAuthentication in start up passing in the connection and the API Name. I am running multiple instance of the API. Reducing down to 1 I still get the same issue. Works fine if there is only 1 instance of the Identity Server but multiple instances I get the following error on the API:
"Bearer" was not authenticated. Failure message: "IDX10501: Signature validation failed. Unable to match key:
I am not getting any errors or failed authentications on the IdentityServer logs.
So the questions going on in my head is, JWT token so in I believe the request should be validated by the token, i.e. the API should not be requesting info form the Identity Server? Identity Server has DataProtection setup running on Redis as its store, I can see its dropped info in there. I have persisted grants store, but tokens are not added.
Do I need to switch to resource vs JWT? What is likely overhead for that?
Are the tokens not getting shared between the API instances via Data Protection?
Thanks for any advice / suggestions.
In case anyone else comes across this. It was down to mistakenly leaving developer signing in the config of Identity Server. Replaced with a certificate solved the issue.
builder.AddDeveloperSigningCredential();
to
builder.AddSigningCredential(rsaCertificate);
I had a working App Maker application which uses the Directory API and the default Cloud SQL instance that gets created for the App Maker.
Before it was working fine and I was able to retrieve data from the Admin Console and insert them into the Cloud SQL database. Now it stopped working and when I check logs, I see the following:
Exception: Authorization Failed. More information: Unable to fetch
tokens for CloudSql connection:
I have not got any changes to the code and I did not modify anything. I only created a new deployment and I did change the product name in the OAuth Consent screen in the app's project properties to make it more use friendly...
I don't know what parts of the code to share since I did not change/type any new code and nothing in the error above points to anything specific about any part in the code...
Thanks a lot for any feedback and help on this!
I've launched keycloak locally from a docker container with
docker run -e KEYCLOAK_USER=admin -e KEYCLOAK_PASSWORD=admin
Then I've imported a realm (let's call it test-realm) from a json file by POSTing to {keycloak_host}/admin/realms. This works, the realm is created.
It's created without any initial users though. I want to create the users via curl as I want to automatize the whole process (start keycloak server, import realm, create users from json) in the future.
I'm aware of {keycloak_host}/admin/realms/test-realm/users of course. The problem is that POSTing to that end point already requires credentials (e.g. a JWT) from an admin account on test-realm. Or am I mistaken in this assumption?
My question is, how do I create that first admin account on test-realm having access to an admin on master. Or do I even need it to create users on test-realm through curl?
Turned out you can include a users key in the json realm representation. The value is an array of user representations as of version 4.5 of keycloak. So problem solved.
After deploying my Flask app, I get the following error when trying to access the MongoDB service:
OperationFailure: not authorized on [db_name] to execute command ...
I understand this is because the db user does not have read/write access to the database. But I'm not able to create a new user or change permissions. db.grantRolesToUser() returns "not a function" and addUser() gives me no permission... What can I do?
You need to do two things:
Bind the app to the service using cf bind-service (or the web portal)
In the app, parse the VCAP_SERVICES environment variable to get the credentials
This will ensure you app gets readWrite permissions on your database.
Here's a few helpful links in this regard:
https://docs.developer.swisscom.com/devguide/services/application-binding.html
https://docs.developer.swisscom.com/devguide/deploy-apps/environment-variable.html#VCAP-SERVICES
https://docs.developer.swisscom.com/service-offerings/mongodb.html