Configuring Oracle APEX to use SAML authentication - saml

I'm trying to configure Oracle APEX to use SAML with ForgeRock as the IDP. I'm running APEX 21.2.0 on Enterprise DB 21.3.0.0 and ORDS 21.4.1 (all images from the Oracle Container Registry). Worked through the docs here.
I think I'm just about there, I have the SAML config done in APEX, I've created a remote SP in ForgeRock and the app redirects as expected. Once I authenticate with ForgeRock IDM, I get redirected back to the apex_authentication.saml_callback endpoint then I get an error page. The APEX logs have the following error:
- ora_sqlerrm: ORA-19032: Expected XML tag , got no content
ORA-06512: at "SYS.XMLTYPE", line 310
ORA-06512: at line 1
ORA-06512: at "APEX_210200.WWV_FLOW_XML_SECURITY", line 1096
ORA-06512: at "APEX_210200.WWV_FLOW_XML_SECURITY", line 1307
ORA-06512: at "APEX_210200.WWV_FLOW_AUTHENTICATION_SAML", line 462
ORA-06512: at "APEX_210200.WWV_FLOW_AUTHENTICATION_NATIVE", line 1268
ORA-06512: at "APEX_210200.WWV_FLOW_PLUGIN", line 3500
ORA-06512: at "APEX_210200.WWV_FLOW_PLUGIN", line 4097
ORA-06512: at "APEX_210200.WWV_FLOW_AUTHENTICATION", line 1688
I can't seem to find anything useful about this error in a SAML authentication context. I'm guessing there's an issue processing the assertion. I double checked the certs and the assertion looks good in SAML Tracer so I'm stuck. Any ideas what I'm missing? Are there additional logs somewhere that might be more useful?

You'll need to apply the latest patchset for Apex 21.2 to get beyond this issue. It was fixed in Apex 21.2.2 but it's now up to 21.2.6. Even if you get beyond this issue it may not be all plain sailing depending on the IdP you are using.
Some useful hints and help can be found on this thread

Related

moodle invalid response after successful userlogin

i was facing issue in moodle user was not able to logged in so i change the DB collation and user is now able to login into dashboard but i am also getting this error.
Now user is able to login but this popup error is coming.
invalidresponse
Invalid response value detected
File: /lib/externallib.php
Line: 425
Stack trace:
Error in response - Missing following required key in a single structure: tourconfig
Error code: invalidresponse
* line 425 of /lib/externallib.php: invalid_response_exception thrown
* line 250 of /lib/externallib.php: call to external_api::clean_returnvalue()
* line 59 of /lib/ajax/service.php: call to external_api::call_external_function()
For me, user was not able to login into Moodle and it was the dmlwrite exception. So i changed the DB collation of user table and it's started throwing an error after user logged in.
We are running this whole setup on digital ocean and due to some issue in CPU & Memory, i recycle my whole kubernetes cluster and error resolve automatically.
So as #adrian-sărmaș suggested clear cache and give it try for me maybe it was only issue of caching.

Mail configuration in Bugzilla

I've installed bugzilla in my local machine (Windows 7) and its working good. But when I try to create a new account it says:
Traceback:
at Bugzilla/Mailer.pm line 179.
Bugzilla::Mailer::MessageToMTA(...) called at Bugzilla/Token.pm line 89
Bugzilla::Token::issue_new_user_account_token(...) called at Bugzilla/User.pm line 2423
Bugzilla::User::check_and_send_account_creation_confirmation(...) called at C:/bugzilla/createaccount.cgi line 39
I followed the documentation provided in bugzilla. But unable to resolve this issue. Can anyone help this?

WSO2IS NullPointerException when using step authenticator

Occasionally (?) the WSO2 IS user is unable to authenticate with following exception. When retrying, the user will be authenticated. Any ideas what could be reason / resolution? We set up the session caching.
Using WSO2 Identity Server 5.0.0.SP1 / SAML authentication with the authenticator set to advanced (single step, multiple options). I cannot find the correct source code commit to check out (to match the line number in the exception)
Thank you all in advance
Gabriel
TID: [0] [IS] [2016-02-15 13:07:22,914] ERROR
{org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultRequestCoordinator}
- Exception in Authentication Framework {org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultRequestCoordinator}
java.lang.NullPointerException at
org.wso2.carbon.identity.application.authentication.framework.handler.sequence.impl.DefaultStepBasedSequenceHandler.handle(DefaultStepBasedSequenceHandler.java:83)
at
org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultAuthenticationRequestHandler.handle(DefaultAuthenticationRequestHandler.java:121)
at
org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultRequestCoordinator.handle(DefaultRequestCoordinator.java:94)
at
org.wso2.carbon.identity.application.authentication.framework.servlet.CommonAuthenticationServlet.doPost(CommonAuthenticationServlet.java:54)
at
org.wso2.carbon.identity.application.authentication.framework.servlet.CommonAuthenticationServlet.doGet(CommonAuthenticationServlet.java:44)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:735) at
javax.servlet.http.HttpServlet.service(HttpServlet.java:848)
Edit:
This exception occurs on the WSO2 IS 5.1.0 too
see the Source code line 105
StepConfig stepConfig = context.getSequenceConfig().getStepMap().get(currentStep);
// if the current step is completed
if (stepConfig.isCompleted()) {
stepConfig.setCompleted(false);
ERROR org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultRequestCoordinator} - Exception in Authentication Framework
java.lang.NullPointerException
at org.wso2.carbon.identity.application.authentication.framework.handler.sequence.impl.DefaultStepBasedSequenceHandler.handle(DefaultStepBasedSequenceHandler.java:105)
at org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultAuthenticationRequestHandler.handle(DefaultAuthenticationRequestHandler.java:115)
it looks like the stepConfig 'dissapeared' from the authentication config. The setup is done on a single node with session persistence into a database.
Apparently it looks like a problem with concurrency.
When multiple concurrent requests are sent to the SSO endpoint while the user is already authenticated, all threads are attempting to process the request modifying the same authentication context object (currentStep counter) so the cached authentication context comes to an invalid state.
Valid use case is that the client should send only a single request to the SSO endpoint, so the team dealing with the UI have to fix it. But - that's only the a quick fix not preventing the issue in long term. We have to really pick it up with WSO2 (and fix the code ourselves maybe) :)
g.

in wordpress, a valid callback for cp_admin_init and _canonical_charset

I'm using WordPress 3.5 with child-theme of Twenty Eleven 1.5. Suddenly I'm getting following Warning,
Warning: call_user_func_array() [function.call-user-func-array]: First argument is expected to be a valid callback, 'cp_admin_init' was given in /home/templ/public_html/wp-includes/plugin.php on line 406
Warning: call_user_func_array() [function.call-user-func-array]: First argument is expected to be a valid callback, '_canonical_charset' was given in /home/templ/public_html/wp-includes/plugin.php on line 173
I'm using following plugins:
download-manager 2.3.9
wordpress-seo 1.4.7
wp-pagenavi 2.83
Some more points:
1) If I'm giving mysite.com it's giving above 2 line warning. If I give www.mysite.com, the following line also include,
Warning: Cannot modify header information - headers already sent by (output started at /home/templ/public_html/wp-includes/plugin.php:406) in /home/templ/public_html/wp-includes/pluggable.php on line 876
2) If I give mysite.com/wp-admin/ or www.mysite.com/wp-admin/, It's giving 1st warning and 3rd warning.
3) If I goto www.mysite.com/wp-login.php, It's giving following 5 warning.
Warning: call_user_func_array() [function.call-user-func-array]: First argument is expected to be a valid callback, 'cp_admin_init' was given in /home/templ/public_html/wp-includes/plugin.php on line 406
Warning: call_user_func_array() [function.call-user-func-array]: First argument is expected to be a valid callback, '_canonical_charset' was given in /home/templ/public_html/wp-includes/plugin.php on line 173
Warning: Cannot modify header information - headers already sent by (output started at /home/templ/public_html/wp-includes/plugin.php:406) in /home/templ/public_html/wp-login.php on line 368
Warning: Cannot modify header information - headers already sent by (output started at /home/templ/public_html/wp-includes/plugin.php:406) in /home/templ/public_html/wp-login.php on line 380
Warning: call_user_func_array() [function.call-user-func-array]: First argument is expected to be a valid callback, 'wp_authenticate_spam_check' was given in /home/templ/public_html/wp-includes/plugin.php on line 173
4) If I give correct username and password, it's not going to login. giving following problem,
ERROR: Invalid username or incorrect password.
ERROR: Cookies are blocked or not supported by your browser. You must enable cookies to use WordPress.
I'm trying to find solution. I can't. Can any-one help me?
This sounds like a corrupted install. So you have a few options to fix this:
Attempt to get logins operational again and doing an upgrade though the wp-admin: Explained Below.
Do a manual Update: http://codex.wordpress.org/Updating_WordPress#Manual_Update
But First: Make a Backup
Please be sure to backup your install! Before proceeding: http://codex.wordpress.org/WordPress_Backups
Getting Logins Working: Masking the symptoms
First I would disable debugging output because that should fix most of these issues. When a warning occurs in Wordpress, PHP starts writing the response body and closes the header section of the response. This means that whenever Wordpress tries to add another header after the original warning was raised, PHP will raise another warning:
Warning: Cannot modify header information - headers already sent by (output started at /home/templ/public_html/wp-includes/plugin.php:406) in /home/templ/public_html/wp-login.php on line 380
So if we disable debugging then we should be able to mask the symptoms. This is a quick patch for a larger problem that we will have to solve with an in-place upgrade
To Disable Debugging
Ensure that the following constants exist and are set correctly is in your wp-config.php file
define('WP_DEBUG', false);
and
define('WP_DEBUG_DISPLAY', false);
Now you should be able to login to your site as an administrator without errors.
Disable your Plugins
Disable all your plugins in Plugins -> Installed Plugins This is imperative so that we can make sure that the update goes smoothly.
Do an Update
Go to Dashboard -> Updates and click either Update Now or Re-install Now
Reactivate your Plugins
Reactivate all your plugins in Plugins -> Installed Plugins and update them if necessary.
That's It
That's the process for reinstalling Wordpress. The key here is that you have Debugging enabled on a production site which is not good. You should always have WP_DEBUG and WP_DEBUG_DISPLAY set to false in a production environment.

Exceptions in MongoDB/Cursor.pm line 161

Using MongoDB 2.4.5 with version 0.702 of the Perl MongoDB driver, I frequently run into exceptions like these:
recv timed out (30000 ms) at ...MongoDB/Cursor.pm line 161.
couldn't get response to throw out at ...MongoDB/Cursor.pm line 161.
missed the response we wanted, please try again at ...MongoDB/Cursor.pm line 161
invalid header received at ...MongoDB/Cursor.pm line 161.
can't get db response, not connected at ...MongoDB/Cursor.pm line 161.
The exceptions are intermittent, and often vanish on the next request (this is a web app). Occasionally, the exceptions will persist over several consecutive requests.
This is a tiny database running the default configuration (no sharding or anything fancy). I've tried using some of the tools listed here and here, but I'm unclear on how to apply them to this situation.
This is all running on Debian 7.1 64-bit. The web server is Mojolicious' hypnotoad 4.07 on perl 5.16.3 running behind apache2.
Can you kindly suggest some tools & strategies for diagnosing the problem? Thanks for your time.