I have mapped a domain evangelical.sg to use azure webapp custom domain. However it looks like the domain only redirect to https://efosingapore-wp.azurewebsites.net/
I've checked with domain support, they claim the problem is with azure settings somewhere.
I've set the "custom domain" settings on azure webapp correctly to evangelical.sg (although it still hasnt got SSL) yet the URL seems to still redirect.
Does anyone have an idea what went wrong, and how to fix this pls?
If your URL is redirecting to Tutorial ,
Try to redeploy the app by Deleting all the files, stopping the server, starting it again and then republish.
If you are facing any issues with TLS / SSL mapping , try to Map Custom Domain by following the below steps.
Map Custom Domain:
Go to Azure Portal
Select App Services- ->Select Your Azure App
Click on "+ Add Custom Domain"
Enter the domain and click on validate.
Add CNAME and TXT records in your DNS domain to verify domain ownership.
Click on "Add Custom Domain"
After adding the custom domain, the custom domain is still unsecure. You need to add the SSL certificate.
To add SSL certificate, please follow below procedure :
Go to TLS / SSL settings and click on "+ Add TLS / SSL Binding"
Select your custom domain and import the .pfx or public certificate for you domain and click Add.
Go to Custom Domains section and click on "Add binding".
Select the certificate of your domain and TLS/SSL type as SNI.
Click on "Add binding"
Related
I'm creating Java appliation, where I will need users to log in. Currently I'm verifying if I can configure Keycloak safe enough. I'd like to make sure my application is really authenticating users against my Keycloak server - eg I know there is something like DNS Poisining or other attacks, where my application could get to attackers server with duplicated/attackers Keycloak instance. What surprised me, I have currently configuration with follwing keys:
keycloak.auth-server-url=...
keycloak.realm=...
keycloak.resource=...
keycloak.public-client=true
keycloak.security-constraints[0].authRoles[0]=..
keycloak.security-constraints[0].securityCollections[0].patterns[0]=...
keycloak.principal-attribute=preferred_username
and no public key is needed. Even worse here: https://stackoverflow.com/a/40516696/520521 I see upvoted comment telling, my application may download key from (malicious) server.
Are there any extra steps I need to follow, to authenticate Keycloak server before starting to authenticate users against it?
Based on your configuration, it seems that you've defined your client in Keycloak as public. This allows your client to be able to call Keycloak without any authentication. This type of client is used for example when you're going to authenticate via js in webpage in which nothing can be hidden from attacker as they have access to the source of the page.
If you set the "Access Type" of your client to "confidential" (in Client Settings on Keycloak Admin UI) and save the settings, there will appear another tab (next to "Setting" tab of the client) titled "Credentials". There you can see the default secret that is created for your client. You should then put this secret as below in your keycloak.json file inside your application:
"credentials": {
"secret": "paste-the-secret-value-here"
}
You can also re-generate the value by selecting the "Regenerate Secret" button.
You can also change the "Client Authenticator" there and set it to "X509 Certificate". Then you would be asked to define a regular expression to validate the "Subject DN" of the certificate that client will be using for authentication. Any certificate matching that regex would be considered as valid and authenticated. Then you have to setup your client to use such certificate instead of defining the "secret" value in the keycloak.json file.
There is of course another option which uses "Signed JWT" which is also secure and you can find the details about how to set it up in Keycloak documentation at Client Authentication section.
I can't see a word that this is the aim, but seeing where public and private key is placed I understand that answer is, that in realm settings -> keys -> active there is list of keys. You may download public key or certificate with button on right side. In my case of Spring boot, enter application.properties file a public key under keycloak.realm-key.
Windows Server 2016, ADFS, Certification Authority
I tried to create duplicate web server template, but it says that it's not an accessible. see below snap.
Now, My client is not technical, he provide me an account with most of the access, account is not an administrator, but I can assign many access to my self using AD Administrative service.
My only question is which access DO I need to provide to this account for creating duplicate web server certificate template?
In a multi-domain environment, I have had the same issue, if I did not select a domain controller in the root domain, respectively in the domain that hosts the CA. In my case, another domain was chosen by the console, because my computer for remote administration is in another domain (child domain).
Try the following:
Open "Certificate Template Console"
Right-click "Certificate Templates" in the left pane
Click "Connect to another writable domain controller ..."
Change the domain
click "Ok"
Try to duplicate once again. :)
I know this is an old thread, but thought I might add a fix that could help others. The account you use to login to the CA server should have Enterprise admin rights and should also be a member of local IIS_IUSRS group. If you have verified both, just logout and login to the box again and you should be able to duplicate a template.
I have purchased a domain through the google admin site (G suite), and I am trying to use it in conjunction with a page hosted on github. In google admin I have added a domain alias that is the url pointing to the github page I have hosted. And through github under the 'Github Pages' section of settings I have changed the custom domain to point to the purchased domain I have. But for some reason the webpage I have in my github repository is not displaying on the domain I have purchased. Instead when I navigate to the domain I have purchased, nothing displays, and when I go to the github url of my hosted page it reroutes me to my purchased url.
Am I doing something wrong?
Here's how I set up http://jsonp.therobinkim.com/ to point to https://therobinkim.github.io/lets-learn-jsonp.
On GitHub, from https://github.com/therobnkim/lets-learn-jsonp settings, I put jsonp.therobinkim.com under my GitHub Pages Custom domain settings.
On Google Domains, from my custom domain's DNS settings, I added a new Custom resource record:
jsonp, my custom subdomain (changed from default #)
CNAME, bc we're pointing to another website by name instead of IP address (changed from default A)
1m (changed from default 1h, but not necessary)
therobinkim.github.io (changed from placeholder IPv4 address)
It started working for me within 5 minutes.
I hope this helps!
You need to create a cname file on your github repository. It is as simple as creating a file called CNAME, then putting your domain on it, i.e. yourdomain.com
My target site needs AD auth to browse and use the admin portal. All is fine there. This means syncing to this server via username and password authentication doesn't work. Does this mean i need to enable x.509 authentication?
If you mean using the Staging Module, the staging module's "Username and password" really is not linked to the actual CMS Users. You can put whatever Username and Password on the Destination server, and connect to it from the Source.
x.509 is also fine.
Tell me if you aren't talking about the Staging Module though.
You may need to do 1 of 2 things:
Enable mixed mode authentication. Yes the overall authentication doesn't need to use a physical cms_user user but since you have AD Authentication enabled, anytime another user or service tries to access a system page it may require them to log in.
Create a web.config location node in your /CMSPages/Staging/web.config file that excludes anyone or everyone to access a the SyncServer.asmx page within there.
Otherwise configure the x.509 certificate setup.
FOR DEVELOPMENT: I configured my site to run without SSL for my development box and it all works great.
Now I am moving this to our dev testing server so I can test it there.
I first ran it as a non ssl intranet site to confirm configuration and etc....
It works perfectly.
Now I am in the process of creating a cert for the site and plan to use self signed certs for developer testing.
I have read many post ( google search ) on the topic related to the error I am getting.
Basically, I am 110% sure I am not creating this cert correctly for the site to which I need to bind it to.
The error:
The remote certificate is invalid according to the validation procedure.
So I am trying to understand what they mean by answers like this:
When working with self-signed certificates: add them to the trusted root authorities & use the hostname instead of localhost. ]
So if your computer name is "mypc", the uri should be "https://mypc/..." instead of "https://localhost/...".
This is what is confusing to me...
For example , if computer name is: svr-d-web-003
So the uri: https: //svr-d-web-003/?????
Looking at the advanced settings Bindings could I extrapolate the uri as: https: //svr-d-web-003/webhost.oauth.xyz.org ?? This seems wrong to me...
Site settings and etc....
Used these steps to create the cert:
1. C:> certlm.msc
2. Right-click on Certificates, then click All Tasks/Request New Certificate
Click Next, Next
Click on link as shown under the template you need.
Select Common Name from drop down
Enter the machine name dns name (example: svr-v-wus-001), then click Add button
Click OK,
In the Requests Certificates window check the box for xyz, click Enroll
Look in the certificates store and it’ll be there – you may need to click Refresh button
Follow up In IIS – you’ll bind the certificate there to your site. Remember the name needs to match the url. (This might be my issue here...)
See attachment...
I finally got it to work.
When creating the cert I had to match the name of the cert (common name) to the site.
For example: the site is https://identService.oauth.xyz.org so the cert name needed to be identService.oauth.xyz.org.
Then it all worked. I was confusing the site name with the machine name. Doh...