We have a .Net app that uses Apereo CAS for authenticating. We verified that the app service is not able to hit the CAS back end to submit the ticket coming from CAS. There should be a GET from our App Service in Azure to the CAS server in a different environment but we can't find any info in the logs that will show us an error.
The Apereo code runs inside of the App Svc, configured by entries in our web.config, so we aren't making the GET request in our code.
Maybe someone has had this problem before and figured it out? (hopefully)
Thank you!
Related
Hi I am working on the mendix rest webservices and through swagger , i can test the local host data all right.
But when i promote objects to acceptance, i need to update the webservice seurity to 'Requires authentication'. This would need username and password.
when the webservices are in the UAT, it fails to autheticate the request as below shown. Can you please help if you have a solution in this situation?
thanks
This could be due to the Path based access restrictions in your cloud environment. Allow all access to the appropriate paths as below to verify your endpoints.
Restart your application after applying the changes.
I use this tutorial to deploy a business network on a free bluemix cluster: https://ibm-blockchain.github.io/
I also deploy the REST Server and communicate via Web apps.
All went fine till yesterday. The REST Server was not accessible anymore.
I deleted everything on the cluster using the script delete_all available in the ibm-container-service repository.
I followed the install procedure using the create_all script. I could access the composer playground (port 31080) again but was not really able to deploy an online business network using the "profile" hlfv1. Now it asks at the bottom of the "deploy UI" for credentials.
I don't know what to fill in. I tried to use ID+Password. On this way I was able to deploy but I got access error by clicking on "connect now". I was able to start the REST server then but if i try to access it in the browser (port 31090), I get the feedback that I'm not authorized.
Any ideas?
And do you know which changes have been made in the last month, which could bring these troubles?
Thx
Phil
The tutorial pointed to only covers playground when used with a Web Browser connection not a real fabric. When you deploy to a real fabric you have to provide an initial identity that you want bound to an initial participant in the business network. The initial participant will be of type org.hyperledger.composer.system.NetworkAdmin and given a name of the initial identity name you provide.
This dialog looks like this
To get you started you should select the ID and Secret radio button. Then for Enrollment ID enter admin and for the Enrollment Secret enter adminpw.
This is the name and secret of the bootstrap identity that exists in the fabric-ca server that has been deployed as part of the scripts.
By providing this information that identity will be enrolled and it's public certificate will be bound to a NetworkAdmin participant which will be called admin. This identity admin will then have access to the business network as only identities that are bound to a participant in the business network can have any sort of access.
I have a com+ application that when I connect to the machine and start the application, it works without issue. It is set with a run identity that is a service account with a non-expiring password.
I have another application (running as a service) that calls the COM+ application is set to run as the same service account. When I invoke the commands I need while logged in to machine that is running the service (the one that calls the COM+ application) it works without issue.
If I log out of the machine running the service and monitor the process that is running, I get the following error:
The server process could not be started because the configured identity is incorrect. Check the username and password.
I'm trying to find out if there is a group policy that might be interfering here. Everything works fine when I'm logged in, but when I log out, the service continues to run but fails to call the COM+ application. I know there are AD policies that prevent services from running when the account is not logged in, but are there any that would prevent the COM+ application from starting when called from a service that is running as a user that is not logged in?
Any suggestions would be very helpful.
The issue only showed up when the application was running as a service and the service account was not logged in. The issue I think was related to a double hop but where I'm not exactly sure. I was able to work around the issue by changing the identify for the DCOM object to use the specific service account's credentials.
After going through walkthroughs I had a test mvc app, test web api, and identityserver3 all working perfectly on my machine. I deployed IdentityServer3 to our servers in AWS behind a load balancer. I followed all the instructions in the Deployment wiki. I am able to hit the .wellknown configuration fine after deployment from a browser on my machine.
I changed the authority url for the mvc and api test apps to point to the aws deployment. Clients, Scopes, users, etc are all configured identically as they are hitting the same database as it was when running on local machine.
I can get an access token using RequestResourceOwnerPasswordAsync just fine so I think ids is installed fine.
However, both the API and the MVC app just trying to use implicit flow are now failing. FOr instance, when I try to hit a mvc controller action marked with [Authorize] I get an error stating "An invalid request URI was provided. The request URI must either be an absolute URI or BaseAddress must be set".
If I try to hit the webapi from the mvc app (both running locally on my machine) after a successful RequestResourceOwnerPasswordAsync call, I get the error "Response status code does not indicate success: 401 (Unauthorized)." after what seems like a timeout.
Any help would be greatly appreciated.
Figured out the problem. When specifying PublicOrigin, it has to be a full URL and not just the domain. I had left off https:// prefix.
The web api issue was related to connectivity to the identity server. There was some incorrect proxy settings for the app.
Unable to login to a newrelic service bound to a bluemix app, returns a Login Failed ! message on the browser
The bluemix app is hooked up to a SSO service, I was able to login to same newrelic instance 2 days ago, now for some reason it stopped working.
Is there a way to get this working without deleting this instance of newrelic ?
You may be encountering an issue with Bluemix restarting services to address a newly identified security vulnerability. See the status updates for individual services here: https://developer.ibm.com/bluemix/maint151023/