The WSO2 IS Management console url does not seem to be effective - toml

I have a WSO2 5.10 server behind an AWS elastic load balancer. Per my original question How can I change the management console port of a wso2 is server using deployment.toml file changes , I modified the template and the server starts and correctly reflects the new management console url in the log file. When I log into it, it also indicates that I have logged in, but the browser simply redirects back to the logon page. Further, the original carbon management url is still active and functional. For example, logon.domain.com is the host name, idp.domain.com is the management url. Both display the carbon management screens, but the idp.domain.com url does not seem to function. No logs other than acknowledging the logon are apparent. This is a multi tenant setup, all of the tenant logons work fine
Any thoughts on diagnosing this would be much appreciated.

Related

How to debug the Citrix ICA error "The session limit has been reached"?

Apologies in advance for somewhat vague information. I am new to Citrix XenApp/XenDesktop technology and am just looking for generic troubleshooting information.
At my place of employment we have kiosks that are configured to connect to a SaaS webapp. These kiosk have either the Citrix XenApp or XenDesktop installed.
One of the icons launches the IE browser that connects to the SaaS app using a preconfigured user account. Sometimes, however, instead of launching the browser, the system displays the "The session limit has been reached. Please contact your system administrator." error shown in below image.
The people administering these kiosks think that this message comes from the SaaS web application but that application does not enforce any limits on how many session are open for a given account under a given time.
Also considering how Citrix XenApp/XenDesktop works I would think (but maybe I am wrong) that if the SaaS app did reject a user login, we would be displayed an error message in Internet Explorer instead of this ICA prompt.
So I think that the issue here could be that the message is not about login sessions made to the background SaaS app but either about Citrix sessions or perhaps previous IE browsers somehow running in the background(?)
However our company's Citrix team looked at this and noticed that "Citrix was still active" when this prompt was displayed. The conclusion was then that Citrix is for that reason not the cause here.
So I wanted here to ask some questions on what things I could consider as causes and where I could look in the hopes of getting started on this issue.
This would be for XenApp / XenDesktop 7.18.
The questions I have:
Does XenApp / XenDesktop have log files that can be consulted for
debugging issues like this?
Is it possible to get XenApp / XenDesktop to run in debug mode (to
output more details to the log files)?
Does Citrix have configuration settings that could lead it to
have an issue like this?
A. First check the event logs and see when you facing this issue so does any event logs generated.
B. Also you can check the ICA configuration tool for session settings and checked if session settings are set to NEVER.
C. The ICA listener configuration tool is located at Start > All Programs > Citrix > Administration Tools > ICA Listener Configuration.
You are on the right track with the SaaS application itself reporting the error. If this Citrix session was already active when the icon was clicked again and the preconfigured user was already logged into the SaaS application, that would account for this error. To investigate, logout the Citrix session and try clicking the icon again, or check SaaS application to see if that preconfigured users is already connected.
Is the same user used for all these kiosks or is each kiosk supposed to have a unique user? Can this preconfigured user log in multiple times?

Keycloak creates an extra AUTH_SESSION_ID cookie with a path of "/auth" when logging in

The Keycloak server sends what appears to be an extra AUTH_SESSION_ID cookie with a path value of "/auth" when logging into the console.
I am running Keycloak 3.4.3 Final, Standalone HA configuration on Windows 2016 servers which sit behind an F5 load balancer.
When this cookie appears in the browser and the user logs in/out of the console without closing the browser, it will eventually lead to Keycloak prompting the user with a warning "You took too long to login. Login process starting from beginning." After the user logs in for the second time, occasionally, the browser will hit a "Too Many Redirects" error and fail to open the console.
Is Keycloak supposed to create two AUTH_SESSION_ID cookies, one with a path of "/auth" and the other with a path of my realm ("/auth/realms/xxxx")?
How are these symptoms related?
The answer is no, we should not get two AUTH_SESSION_ID cookies.
Thanks to Martin Kanis and the RedHat team as they identified why this was happening. If you are using F5 or another load balancer and not the mod_cluster balancer, you should not include the following setup in your configuration:
<session-cookie name="AUTH_SESSION_ID" http-only="true" />
They are going to update the Keycloak documentation and make this point clear.

Gateway Timeout when accessing Bluemix WEB IDE/Node.js logs

I am using Web IDE and want to see the log by clicking on the arrow.I can only see an empty "Untitled" page. The Node.js app is running normally. Live edit is switch off.
After some minutes:
Gateway Timeout
The proxy server did not receive a timely response from the upstream server.
Reference #1.45bf1402.1511018717.3dddb8b
I'm not for sure what Web IDE you are referring to. The only one I'm aware of is the DevOps (which works for me below):
It seems to me like this error that you posted would indicate a temporary outage. Is it still an issue?
In any case, I would advise opening a support ticket if you encounter this issue again (more details about your account would help). I think the Bluemix proxy will time out requests if they take too long.

How do I get more details on my request error on IIS7

I have deployed a REST service on an external server (IIS7). When I start the service from VS on the Dev server it works fine. But on the server i get:
Request Error, The server encountered an error processing the request. Please see the service help page for constructing valid requests to the service.
How do I get more details on this error? I have looked in the log files directory that is configured under Logging feature for this web site in IIS Manager, but there are no files at all for this site it seems.
You should look in the Windows Event Log using the Event Viewer application (eventvwr.exe). Output to the IIS log files may be buffered so their contents may be updated after a restart, or when IIS is set to do it. Restarting IIS is a surefire way to force this.
Here is a blog post on how to do this.
I'm aware of 3 ways to get nicer errors:
Set UseVerboseErrors in InitializeService method. However, this won't give you anything if your error occurs before InitializeService is called (which happens).
Set IncludeExceptionDetailInFaults to true using an attribute before your service class.
Set IncludeExceptionDetailInFaults to true using web.config.

running a .net web service on iis6 deployed on windows 2003 server sp2

To whom it may respond to,
We have deployed a web service to Windows 2003 Server SP2 , .net framework 3.5 .
"The service is not running , we are getting the error :
The website declined to show this webpage
HTTP 403
Most likely causes:
•This website requires you to log in.
What you can try:
Go back to the previous page.
More information
This error (HTTP 403 Forbidden) means that Internet Explorer was able to connect to the website, but it does not have permission to view the webpage.
For more information about HTTP errors, see Help."
We have played around with the permissions but the situation didn't change a bit.
We would be very glad ideas on it,
Thank you for your concern,
Best Regards,
Kayhan YUKSEL
Make sure you have aspnet_isapi.dll as your wildcard handler in the Virtual Directory setup. Properties --> Virtual Directory --> Configuration --> Insert... --> aspnet_isapi.dll, make sure you uncheck Verify that file exists.