I created a client called my-app in myrealm realm, the Always Display in Console and Consent Required options of which are also enabled.
According to the help message of the Always Display in Console option which says:
Always list this client in the Account Console, even if the user does not have a active session.
And then, I logged in the user console via <mydomain>/auth/realms/myrealm/account, but there is no application named my-app in the application (only one named Account Console listed here).
Is there anything I missed for the configurations?
I tried filling out the Base URL field on the client, and the application was listed in the Application List in the Account Console.
Related
KeyCloak Account Management Console
How do I disable the menus authenticator, sessions, applications, log and my resources options from the Account Management Console in KeyCloak as marked in the picture? I just want to have the Account and Password option to be available for the users.
Are you using the new or the old account console?
With the new account console you may simply want to adjust the content.json file
Check out this quickstart for details
With the old account console, I guess you will need to adjust the template.ftl in your own theme.
Note: Please be aware that this will only change the theme and users will still be able to use the APIs directly.
How do you access or enable the old KeyCloak user account console? In this blog post about the new user account console, they say "The old account console is still available for those who need it", but I cannot find out where to enable that.
You need to :
Go to your Realm;
And in Account Theme explicitly chose "keycloak"
Click Save
In the Account dropdown menu you will see at least the follow:
base;
keycloak;
keycloak.v2.
By default the new version is selected keycloak.v2. keycloak refers to the "old" version.
I have my own private organization and repositories.
I also have multiple directories and all of them work except for the "Microsoft account" directory.
I am able to log into Azure Devops no problem using the Microsoft account directory.
I see my organization and I can go through my repositories, agents, pipelines, everything.
However, I can't change anything. All I get is the error or screens that don't load fully.
Its like its in read only mode.
I went into user settings to check permissions and it lets me in but only so far. It stops loading user lists after selecting groups.
It shows me groups and permissions for everything, however.
When I try and generate a PAT, the screen sits there and says "Loading Tokens..."
The error I see everywhere and in the network responses is:
$id: "1"
innerException: null
message: "TF400813: The user '' is not authorized to access this resource."
typeName: "Microsoft.TeamFoundation.Framework.Server.UnauthorizedRequestException, Microsoft.TeamFoundation.Framework.Server"
typeKey: "UnauthorizedRequestException"
errorCode: 0
eventId: 3000
Exactly like that, nothing there between the quotes.
It also shows up in Red text with just this message:
TF400813: The user '' is not authorized to access this resource.
To resolve this I have done the following:
Logged out of devops entirely, which seems to log me out of several services.
Switched between my AD accounts while logged in.
I've rebooted my machine(I first started seeing this in VS so I updated and rebooted as part of that)
Anything I'm missing here?
message: "TF400813: The user '' is not authorized to access this
resource.
This looks more like the anonymous access error as you said that there's nothing between the quotes.
In azure devops, e.g PAT generated, most services have themselves security module. When user want to make use of them, it must pass the firstly identity check. If for system, your visit and operate are identified as anonymous, it will look like read-only.
We ever handled such issue and found it due to the proxy blocking the traffic, which also lead him to get the same error when accessing azure devops with vscode.(Similar with yours)
You need confirm is there any proxy configured in your side.
If there's no proxy set but still has this issue. Since Stackflow is a open forum but this is a identity issue. I strongly suggest you contact here and then attach below info also:
Activity id: You could see this from the Headers of Network. For our backend, we could use this id to check the exactly stack
trace.
Org name and account name.
Fiddler trace. The mostly useful info we need is fiddler trace.
I tried a few options like setting the PAT in interactive screen or via environment variable or by storing it in a file and echoing that file content to the az devops login or az pipeline create command as mentioned in
https://learn.microsoft.com/en-us/azure/devops/organizations/accounts/use-personal-access-tokens-to-authenticate?view=azure-devops&viewFallbackFrom=vsts&tabs=preview-page#create-personal-access-tokens-to-authenticate-access
However none of them worked. Finally it worked after I changed the token (PAT) in the file
/home//.azure/azuredevops/personalaccesstoken.
Try to sign out and the sign in again,
it's worked for me.
Numerous forum posts and documentations specify extracting login info for the Kubernetes install from ~/.kube/config.
The problem I found: mine doesn't have a proper user account, it specifies a name and a token.
How do I get the account name so I can use the kubernetes-cockpit UI? Surprisingly there appears to be nothing on that topic - what to do if the config doesn't contain an account.
It depends on how you use Cockpit.
According to cockpit official page:
Used in a standard cockpit session:
If a user is able to use kubectl successfully when at their shell terminal, then that same user will able to use Kubernetes dashboard when logged into Cockpit
I suppose this is your scenario, so if you didn't change default settings, the cockpit will look for .kube/config itself, i.e. you should be able to login without specifying your account.
I'm kind of new with websphere. I was following an internal guide for setting up one of our company apps in websphere, but I changed one parameter in the admin console and after restarting the server, we cannot access with the administration console.
I checked the first option, when before the second one was, with user admin, and password admin also. Now, because It says "Server identity generated automatically" I have no idea what combination of user and password I need to enter in the administration console..
The administration console I'm referring to is the one located in server:port/ibm/console.
Thanks, this is really a serious problem for me, I would really appreciate any help I can get...
You should still be able to use whatever password you were using for admin user before making the change. Server user id is not used for restricting access to administrative console (see What is security property 'Server user identity' used for in Websphere Application Server?).
Nonetheless, since you can't access admin console at the moment (I'm assuming you mean that admin colsole login page shows up but you can't get admin user authenticated due to wrong password), first thing I'd suggest is turning of global security, so that you can use admin console to fix your settings and re-enable security. Once security is turned off, you won't be asked for a password during admin console login. Changing security settings in WebSphere Application Server with wsadmin technote gives step by step instructions.
If you are not sure about what password you have used for admin user, you must reset the password in the user repository you have configured (for example if you've configured LDAP, you must reset password at LDAP), before enabling security. If you are using a federated repository (this is default if you've not changed it), most probably admin user resides in file based repository, which is the first member of federated repository. In this case, you can just follow steps at How to reset the administrator's password in the file registry technote to reset your password. Otherwise you can try alternative documented at Updating your WAS administrator password (the link is from Lotus documentation but still is applicable).
Given that you have the command line 'xmlstarlet' in your terminal and,
WAS_HOME = Is your Websphere root location
PROFILENAME = IS your
profile's name
CELLNAME = Is your cell's name
Then,
xmlstarlet edit --update "/security:Security[#enabled='true']/#enabled" --value "false" $WAS_HOME/profiles/$PROFILENAME/config/cells/$CELLNAME/security.xml > /tmp/security.xml
cp /tmp/security.xml $WAS_HOME/profiles/$PROFILENAME/config/cells/$CELLNAME/security.xml
Summary: You are simply editing the correct security.xml file by changing the enabled="true" attribute to enabled="false" programmatically using xmlstarlet. Note that sed,awk,ed and other GNU tools lack the necessary ability to properly deal with the nested tree structure of XML.