Ive got a rest api that connects with a MQ queue. Im using the IBM tools such as App connect enterprise, and MQ Explorer of IBM.
The thing its that when I send rest, using basic mode, the request results in 200 (ok). Ive assigned the values of users and passwords. But when I try to use inherit auth from parent, the answer it's unauthorized 401.
I tryed to modify the swagger doc, but it resulted very complex, and also It occurred to me that maybe if I develop an LTPA token, that could be a help.
Do you know a method to make inherit auth to work without asking the user and password again? Thank you
Related
Trying to configure the salesforce connector to read data from salesforce using Google Data Fusion, but can't connect to Salesforce.
I keep getting "Connection to salesforce with plugin configurations failed" error message when hitting the "get schema" button on the connector. My guess is that this related to my salesforce connected app, but can't really tell. Is it related to the callback URL setting in the connected app? Did anyone succeed connecting to Salesforce using Data fusion?
It looks like the error is coming from https://github.com/data-integrations/salesforce/blob/abc563938e837b3bcfc42dbd4b26c0c6ef347451/src/main/java/io/cdap/plugin/salesforce/authenticator/Authenticator.java#L57.
Unfortunately it looks like the error message doesn't include anything from the root cause, but most likely it's failing during the oauth login, which makes a POST request to:
[login url]?grant_type=password&client_id=[client id]&client_secret=[client secret]&username=[username]&password=[password]
You could try making that request manually and see if you get an error back.
I was getting the same error, but I managed to solve it.
First things first, even though the Security Token is optional, I did not manage to make it work without it.
Apparently, depending on how your Salesforce instance is configured, if your password is mypassword, and your security token is XXXXXXXXXX, then the plugin uses mypasswordXXXXXXXXXX during the authentication.
Secondly, and most important, for the login URL field, this field is the oauth2 url. Therefore where before I was putting https://test.salesforce.com, I had to put https://test.salesforce.com/services/oauth2/token. With this final step, it worked. Below a screenshot of the field.
I got 401 unauthorized when trying to export a report from Power BI online by using the Power BI REST API.
My access token works fine with other API methods. I am also setting full API access in App registrations.
When I logged in by using the same account and use 'try', the access token provided in this test actually works.
https://learn.microsoft.com/en-us/rest/api/power-bi/reports/exportreport
Has anyone successfully used this method?
You will need to create an Authentication app and provide the right privileges corresponding to the REST API you are loading from. For this particular API Microsoft suggests to provide Report.Read.All or Report.ReadWrite.All privileges.
You can achieve this directly by creating an authentication application from https://dev.powerbi.com/apps.
You will also need to make sure you grant the admin consent once your app is up and running.
Also, make sure the request you are creating is in the right format. If you match your request with the one specified here : https://learn.microsoft.com/en-us/rest/api/power-bi/reports/export report and test to check if it working with your parameters and login, you should be able to make it work with your code. Also test it with Postman to make sure you are entering the right configuration in the request and you know what you are requesting.
Once you have all this in place, you should not have any issues accessing the right data.
I am a bit confused. The requirement is that we need to create a REST API in Salesforce(Apex class) that has one POST method. Right now, I have been testing it with POSTMAN tool in 2 steps:
Making a POST request first with username, password, client_id, client_secret(that are coming from connected app in Salesforce), grant_type to receive access token.
Then I make another POST request in POSTMAN to create a lead in Salesforce, using the access token I received before and the body.
However, the REST API that I have in Salesforce would be called from various different web forms. So once someone fills out the webform, on the backend it would call this REST API in Salesforce and submits lead request.
I am wondering how would that happen since we can't use POSTMAN for that.
Thanks
These "various different web forms" would have to send requests to Salesforce just like Postman does. You'd need two POST calls (one for login, one to call the service you've created). It'll be bit out of your control, you provided the SF code and proven it works, now it's for these website developers to pick it up.
What's exactly your question? There are tons of libraries to connect to SF from Java, Python, .NET, PHP... Or they could hand-craft these HTTP messages, just Google for "PHP HTTP POST" or something...
https://developer.salesforce.com/index.php?title=Getting_Started_with_the_Force.com_Toolkit_for_PHP&oldid=51397
https://github.com/developerforce/Force.com-Toolkit-for-NET
https://pypi.org/project/simple-salesforce/ / https://pypi.org/project/salesforce-python/
Depending how much time they'll have they can:
cache the session id (so they don't call login every time), try to reuse it, call login again only if session id is blank / got "session expired or invalid" error back
try to batch it somehow (do they need to save these Leads to SF asap or in say hourly intervals is OK? How did YOU write the service, accepts 1 lead or list of records?
be smart about storing the credentials to SF (some secure way, not hardcoded). Ideally in a way that it's easy to use the integration against sandbox or production changing just 1 config file or environment variables or something like that
I'm using the outlook calendar rest api from Salesforce. To continuously leverage the calendar API I need to get authorisation code, access and refresh token.
I have been able to get the Authorisation code by hitting the API. How to get the access token using development code to use the outlook calendar rest API.
Please find the list of AAD authentication libraries here:
https://learn.microsoft.com/en-us/azure/active-directory/develop/active-directory-authentication-libraries
I found this tutorial in Python very helpful for getting access codes:
This tutorial uses Microsoft Graph (which covers several Microsoft products including Microsoft Outlook) rather than the outlook REST API (which covers just Outlook).
https://learn.microsoft.com/en-us/outlook/rest/python-tutorial
At first, I thought setting up a Django server was overkill. Then I realized that I wanted a way for my Python instance to capture the access code after going through single-sign-on. (I MUST use my browser for single-sign-on because my institution uses multi-factor authentation.) Having a Django server is a natural way to do this.
So I created a new PyCharm Django project (which is straight-forward in PyCharm) and began following the tutorial.
I found it essential to continue following the tutorial all the way through displaying my emails to avoid getting authentication errors -- deviate from the tutorial, and I got error messages (such as this one) that were unpenetrable.
I'm new to Shiro. We are attempting to use Shiro with Stormpath. I've been trying to dissect the examples to come up with a solution to what I want to do, but I'm unsuccessful so far.
For now, I'm simply trying to create REST services to do what I want, and I'll tie a real client in later. This is what I'm trying to achieve as my first step:
I want to have a client hit a REST endpoint (login) on my server. My server would authenticate, and return a JWT to the client. This JWT would then be used to access secured endpoints on my server. (I have written Java code that can successfully authenticate against Stormpath).
My problem is the JWT. I expected that a JWT would be created for me, or at least easily accessible. I can't find a way to get one. I have seen sample code on how to build one, but that doesn't seem like the way I would expect to acquire one.
I have run through several examples, but most seem to deal with JSP interfaces, and I can't seem to make the leap to what I'm trying to do.
Is this approach reasonable? Any guidance is appreciated.
Edit 1
I now have a Java client that can authenticate using the Shiro servlet and retrieve a JWT. I have this running as a deployed application (war) in GlassFish. My next step is to use that JWT to authenticate against a different application that has my REST endpoints. This REST application doesn't need to know anything about how to authenticate - I just want to pass the JWT along in the call to a given REST endpoint and use Shiro (via annotations) to control access to the endpoint (if that is indeed possible). All of the examples I can find seem to be "all-in-one" examples (bundling JSP with Shiro/Stormpath configurations, etc). I'm trying to determine the minimum working configuration for securing REST endpoints and I'm having difficulty determining which pieces of the configuration I need.
Edit 2
I am using the Stormpath-Shiro-Servlet (as stolen from the Shiro Servlet example) as my authentication back-end. Using my Java client, I am sending a login request to the servlet, and I am indeed getting back a JWT. However, I am not able to successfully use the JWT to access my other rest resources. My rest calls result in this error:
org.apache.shiro.authz.UnauthenticatedException: This subject is anonymous - it does not have any identifying principals and authorization operations require an identity to check against. A Subject instance will acquire these identifying principals automatically after a successful login is performed be executing org.apache.shiro.subject.Subject.login(AuthenticationToken) or when 'Remember Me' functionality is enabled by the SecurityManager. This exception can also occur when a previously logged-in Subject has logged out which makes it anonymous again. Because an identity is currently not known due to any of these conditions, authorization is denied.
First, I don't understand why the servlet 'login' doesn't actually log me in and give me non-anonymous principle? Second, I am attempting to do everything on a separate client, so I don't have access to Subject.login (is this a correct assumption?).
Take a look at this example from github/stormpath-shiro
The JWT creation is managed for you by the Stormpath API. If you start up one of the examples, (the servlet one above, or the spring-boot-web example), after login, you will have a JWT cookie. There is background info in this blog post.
I'm working on releasing strompath-shiro now, but figured I'd include these link here so you can start looking.