Reason: Invalid signature in Request. SSO CIRCLE - single-sign-on

I downloaded this project from git hub https://github.com/slem1/saml-angular
but I'm having trouble testing I updated the certificate but now I'm getting a return of "Reason: Invalid signature in Request." someone help me how should i proceed?
i'm trying to make the saml authentication process complete so i can adapt it in my project

Related

Error 403 "forbidden" being thrown on unity web application

Recently (within past week) our unity webgl (Unity v2019.4.16f1) application has been unable to read files using the google drive API. When I check the web console I see the following error:
UnityGoogleDrive: HTTP/1.1 403 Forbidden
Google Drive API Error Description: Code '403' Message: 'The request is missing a valid API key.'
Domain: 'global' Reason: 'forbidden' Message: 'The request is missing a valid API key.' LocationType: '' Location: ''
(Filename: ./Runtime/Export/Debug/Debug.bindings.h Line: 35)
The application has been in place for 4 months without issue until now.
We currently have an OAuth 2.0 client ID setup, but no API key as we haven't needed it before. The plugin we are using for google drive access in Unity (https://github.com/Elringus/UnityGoogleDrive) does not have any obvious settings for adding an API key in addition to the OAuth ID.
When running the application directly in Unity (which uses localhost) there are no errors and files can be accessed.
I have tried disabling and re-enabling the API in the cloud console. This has given mixed results. The initial request on the web application after re-enabling the Google Drive API succeeds without any errors. All subsequent requests fail with the same error.
Based on the missing values I thought the issue might be that we needed a valid billing plan assigned to the google project but that has not resolved the issue either.
I have tried generating an API key but I am not sure where I need to pass it in order to resolve the issue (if that is even the cause of the issue).
The error reported was a red herring. The real issue was that our request was not triggering authentication with Google. Our Unity dev environment had cached an authentication token which is why the dev environment functioned but the production app failed.
We resolved the issue by sending a request to the GoogleDriveAbout API before anything else, which seems to reliably trigger reauthentication. Once authenticated everything works as expected.

UWP Device Portal app deployment Forbidden: CSRF Token Invalid

I am trying to deploy an application to a hololens with the Windows device Portal Rest API.
For some reasons I don't want to use the Microsoft Device portal wrapper.
In C#, with RestSharp, I can get the list of installed packages but when I try to deploy a new app, I get the error Forbidden because of CSRF token invalid.
Then I tried to add cookies from the previous request but I still get this error.
I tried to do the same with Postman but I have a different error: 413 Payload too large. The msix file is 154 MB but I have no problem to deploy it with the web device portal.
Thank you for your help.
[EDIT] I tried a smaller app on Postman and I get 403 CSRF token invalid
After analyzing the web device portal with wireshark I found that it is using a parameter with the name "X-CSRF-Token" while adding a cookie add the parameter "CSRF-Token".
Manually adding this parameter with the right value did the trick.

Postman request showing IBM cloud down for maintenance

I am trying to send post request to create a toolchain on ibm cloud but getting this error mentioned in screenshot since last three days.
Why this error is coming up,am i doing something wrong?
Also i checked ibm none of the servers are down,cloud is normal
EDIT:So now i am able to create the toolchain,seems it was Authorization token error.
But now i am not Able to add a delivery pipeline through an api to an existing toolchain,is this functionality provided in IBM?
We are trying to understand your situation, but we have not been able to reproduce that Error 500 and "IBM Cloud console is down for maintenance" error you're seeing.
Could you try it again and let us know the datestamp&timezone of when you tried (so we can check our logs)?
Also can you give us the details of your default region, please?, as in if you open
https://cloud.ibm.com/devops/toolchains
does it redirect to:
https://cloud.ibm.com/devops/toolchains?env_id=ibm%3Ayp%3Aeu-de
or to some other non-(eu-de) region?
We did see this entry in the log files:
[2019-07-31T15:06:43.934] [ERROR] template-v2 - Failed to read template from repo https://github.com/open-toolchain/simple-toolchain, branch master, type null: Authorization header contains invalid or expired credentials.
but that occurs when using an invalid Authorization header token, and the response to the browser is not Error 500, but is Error 400 with:
"errorDetails\":\"Property 'access_token' either missing or empty \"
Also, when attempting to create the open-toolchain/simple-toolchain template, it doesn't work; it gives Error 400:
"description":"Failed Schema Validation at prod-region,prod-organization,prod-space,api-key for pipeline"
but creating a toolchain works ok using the repository:
https://github.com/open-toolchain/headless-toolchain
You can provision a toolchain with components such as a delivery pipeline using a GET request. The building blocks are described in the documentation for the IBM Cloud Continous Delivery service as part of creating a "Deploy" button.
There are some tutorials that use that deploy button to build more complex solutions, like the secure-file-storage, logistics-wizard-toolchain, or insurance-toolchain.
The GET request starts off a more complex flow because you need to log in, often provide values, etc. So I would recommend to try that request in a browser and not POSTMAN.
I am now able to create toolchain using POST request.
I was using wrong token for Authorization and got confused since no error message was shown instead "IBM cloud is under maintenance" popped up.

Getting error BXNUI2081E while uploading certificate files to Bluemix

I am getting the following error while trying to upload SSL certificates to IBM Cloud Bluemix. It happens both with the web GUI and CLI
Uploading certificate to domain 'xxxxx.co'...
FAILED
Error response from server. Status code: 500; description: BXNUI2081E: <b>The certificates and keys were not modified because an unknown error occurred: Error.</b> <br>Click the <b>Account and Support</b> icon in the top menu bar, click <b>Get help</b>, and search for help or get support..
What might be the reason and the solution?

How to validate Json Web Token (JWT) via Java-Jwt API?

I am new to oauth and JSON Web Token (jwt). I am trying to validate an authorization token (jwt) via Java JWT api (https://github.com/auth0/java-jwt). I was able to decode the header and payload via that API but having trouble to validate the token.
Little I know of this area, I thought I had to add jwks-rs-java api (https://github.com/auth0/jwks-rsa-java) to my test project in order to handle validation part so I imported and ran following statements based on the documentation I read.
The "oauth_server_domain" is Oracle Access Manager (oam).
JwkProvider provider = new UrlJwkProvider("oauth_server_domain");
Jwk jwk = provider.get("keyId_name");
Then I got following exceptions:
com.auth0.jwk.SigningKeyNotFoundException: Cannot obtain jwks from url https://<oauth_server_domain>/.well-known/jwks.json
Caused by javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
I am trying to understand the problem itself and how to rectify it.
Did I provide wrong key id?
Do I need to import a certificate of the remote "oauth_server_domain" into my local box in where I build/execute project in IDE?
How to add ./well-known/jwks.json into oauth server (e.g. OAM)?
Update:
I do have a certificate (in *.der format) with a public key from the authorization server (oam). It seems like I need to manually create ./well-known/jwks.json file by following this guide (https://auth0.com/blog/navigating-rs256-and-jwks/). I think I should be able to convert binary encoded cert to base64 based cert (*.pem format?).
But how can I expose that relative path from authorization server (e.g. https://auth_server_domain:port/.well-known/jwks.json)?
I'd appreciate your advice and input on this matter. Thank you!