I'm trying to configure MongoDB user store as our primary user store in WSO2 Identity Server v5.9.0 following steps provided in below GITHUB repo:
MongoDB user store extension
[user_store]
type = "database"
class = "org.wso2.carbon.mongodb.user.store.mgt.MongoDBUserStoreManager"
connection_url = "mongodb://localhost:27017/wso2_carbon_db"
connection_name = "wso2_admin"
connection_password = "test123"
I tried running the wso2server.bat after copying the mongodb.user.store.mgt-1.0.0-SNAPSHOT.jar in both the paths
latestwso2\repository\components\plugins
latestwso2\repository\components\dropins
WSO2 Identity Server Console
WSO2 Identity Server Console
Please let me know what else do I need to configure to make it work.
It seems like the bundle is not getting activated. [1]
The extension that you are using may not be compatible with IS-5.9.0. It's compatible with IS-5.5.0. So the versions should be upgraded relevant to the dependency versions used in IS-5.9.0[2]
[1].https://movingaheadblog.blogspot.com/2014/01/how-to-debug-wso2-carbon-products-using.html
[2].https://github.com/wso2/product-is/blob/v5.9.0/pom.xml
Related
I have a regression with a TCP\IP connection string post a firebird 3 migration from v2.5. The FirebirdClient version is 4.6.1 but I've tested with the latest stable version and it also doesn't work (v7.10.1).
The error message is "Your user name and password are not defined. Ask your database administrator to set up a Firebird login".
The stacktrace:
at FirebirdSql.Data.FirebirdClient.FbConnectionInternal.Connect()
at FirebirdSql.Data.FirebirdClient.FbConnectionPoolManager.Pool.GetConnection(FbConnection owner)
at FirebirdSql.Data.FirebirdClient.FbConnectionPoolManager.Get(ConnectionString connectionString, FbConnection owner)
at FirebirdSql.Data.FirebirdClient.FbConnection.Open()
The user was created via the IBExpert UI.
Here's how the connection string looks (not real life connection data obviously):
#"Database=inet://10.000.0.000:3050/C:\Database.FDB;User=MY_USER;Password=secret";
The same user works if using a standard same network connection string as below:
#dialect=3;initial catalog=C:\Database.FDB;data source=localhost;user id=MY_USER;password=secret;character set=ISO8859_1;pooling=True;connection lifetime=30;server type=Default;port number=3050
My firebird.conf is set like so:
ServerMode = Super
DefaultDbCachePages = 100K
FileSystemCacheThreshold = 100M
TempBlockSize = 2M
TempCacheLimit = 4000M
AuthServer = Legacy_Auth, Srp, Win_Sspi
AuthClient = Legacy_Auth, Srp, Win_Sspi
UserManager = Legacy_UserManager, Srp
WireCrypt = Enabled
RemoteServicePort = 3050
LockMemSize = 30M
LockHashSlots = 30011
RemoteAccess = true
Not sure what I'm missing here. The connection string above works with SYSDBA. According to the firebird documentation I've read it looks fine. I've read all other stackoverflow tickets with the same issue but don't see any answers that work for me. Any ideas?
Recent versions of FirebirdSql.Data.FirebirdClient support the version 13-15 wire protocol of Firebird 3, and then only support Srp authentication. Your old version supported only up to the v12 protocol (Firebird 2.5) and then would use the legacy authentication. If you created the user using the Legacy_UserManager (the default in your configuration), then you cannot authenticate with version 7.10.1 (where you could with 4.6.1), because as far as the Srp authentication plugin is concerned, the user does not exist.
It looks like you created the user either using gsec, which always applies the default user manager (FYI, gsec is deprecated since Firebird 3), or you used CREATE USER without USING PLUGIN Srp (or with USING PLUGIN Legacy_UserManager). You can verify this by checking the output of select sec$user_name, sec$plugin from sec$users. The solution would be to drop the user and then create it again with the right user manager (USING PLUGIN Srp).
Note that in theory you could have the user both for Srp and Legacy_UserManager (e.g. if the same user needs to be used by an application that cannot authenticate with Srp), but it is far more secure to have the user only exist for one plugin.
On a related note, the configuration you have applied is insecure. It is far more secure to leave out Legacy_Auth of the AuthServer setting or - if you still have applications that cannot apply Srp - to put it last (for both AuthServer and AuthClient). Similarly, it is recommended to put Legacy_UserManager last in UserManager (or leave it out entirely), so by default - if you use gsec, or don't include USING PLUGIN xxx in CREATE USER - it will create more secure Srp-type users.
[Update 1]
I could make it work using the following connection string
Server=tcp:mydatabaseserver.database.windows.net,1433;Initial Catalog=mydbname
and implementing an interceptor as mentioned in this article.
This proves that Azure is correctly configured, and the problem is somewhere in the application (maybe a missing package?).
Anyway, I would still like to be able to change the connection string and switch between AAD authentication and sql authentication, without additional logic in the application.
[/Update 1]
I'm using EF Core 3.1.4 on an Azure WebApp, and I would like to use the Azure AD identity assigned to the application for authentication, but I run into the following exception:
ArgumentException: Invalid value for key 'authentication'.
Microsoft.Data.Common.DbConnectionStringBuilderUtil.ConvertToAuthenticationType(string keyword, object value)
This is the connection string:
{
"ConnectionStrings": {
"Admin": "Server=tcp:mydatabaseserver.database.windows.net,1433;Initial Catalog=mydbname;Authentication=Active Directory Integrated"
}
}
I initialize the context using the following code:
var connectionString = this.Configuration.GetConnectionString("Admin");
services.AddDbContext<NetCoreDataContext>(builder => builder.UseSqlServer(connectionString));
The Microsoft.Azure.Services.AppAuthentication package is also imported (version 1.5.0)
Active Directory Integrated wasn't working for me in .NET Core 3.1 but it works now ever since I installed the NuGet package Microsoft.Data.SqlClient (I installed version v2.0.1). It now works with the following connection string:
"MyDbConnStr": "Server=tcp:mydbserver.database.windows.net,1433;Database=MyDb;Authentication=ActiveDirectoryIntegrated"
Note: it also works if I have spaces between the words like this:
"MyDbConnStr": "Server=tcp:mydbserver.database.windows.net,1433;Database=MyDb;Authentication=Active Directory Integrated"
And it also works if I include escaped quotes like this:
"MyDbConnStr": "Server=tcp:mydbserver.database.windows.net,1433;Database=MyDb;Authentication="Active Directory Integrated""
Finally, note that there are additional properties which can also be used in the connection string:
;User ID=myruntimeuser#mydomain.com;Persist Security Info=true;Encrypt=true;TrustServerCertificate=true;MultipleActiveResultSets=true
Welcome to the Net frameworks/runtimes hell.
Currently ActiveDirectoryIntegrated and ActiveDirectoryInteractiveauthentication options are not supported for NetCore apps.
The reason is that starting with v3.0, EF Core uses Microsoft.Data.SqlClient instead of System.Data.SqlClient. And the most recent at this time version of Microsoft.Data.SqlClient (also the preview versions) supports these two options only for NET Framework.
You can see similar question in their issue tracker Why does SqlClient for .Net Core not allow an authentication method 'Active Directory Interactive'? #374, as well as the documentation of the SqlAuthenticationMethod enum - ActiveDirectoryIntegrated (emphasis is mine):
The authentication method uses Active Directory Integrated. Use Active Directory Integrated to connect to a SQL Database using integrated Windows authentication. Available for .NET Framework applications only.
With that being said, use the Authentication workaround, or wait this option to be eventually implemented for Net Core.
Upgrading the Nuget packages:
Microsoft.EntityFrameworkCore and Microsoft.EntityFrameworkCore.SqlServer to 6.0.1 and using Authentication=Active Directory Managed Identity in the connection string helped me resolve the issue.
UPDATE
If you use azure msi, pls read this document.
https://learn.microsoft.com/en-us/azure/app-service/app-service-web-tutorial-connect-msi
PRIVIOUS
Your problems maybe not configure in portal. You can follow the offical document to finished it, then try again.
First, you need to create SQL managed instances which maybe cost your long time. Then u need to configure Active Directory admin and your db. When you finished it, you will find ADO.NET(Active Directory password authentication) in your SQL database ->Connection strings in portal. You can copy and paste it in your code to solve the issue.
I have tried it by myself, and it works for me. For more detail, you can see this post.
I'm running presto in K8s and I'm trying to enable file based authentication for the service (using this as a guide https://prestosql.io/docs/current/security/password-file.html). However, as the application is starting up I get an error saying:
java.lang.IllegalStateException: Password authenticator file is not registered
config.properties
coordinator=true
node-scheduler.include-coordinator=false
http-server.http.port=8080
query.max-memory=20GB
query.max-memory-per-node=10GB
query.max-total-memory-per-node=10GB
discovery-server.enabled=true
discovery.uri=http://presto-service.eap.svc.cluster.local:8080
http-server.authentication.type=PASSWORD
http-server.https.enabled=true
http-server.https.port=8443
http-server.https.keystore.path=/opt/presto-server/etc/presto.jks
http-server.https.keystore.key=*************
password-authenticator.properties
password-authenticator.name=file
file.password-file=/opt/presto-server/etc/password.db
The rest of the config looks perfectly sane so does anybody know what I might have missed here?
Thanks,
Password file authentication was added in version 327, so you need to upgrade it.
Security Changes
Add Password File Authentication. (#797)
You can get the latest version from https://prestosql.io/download.html.
Also, you can join the community Slack. https://prestosql.io/slack.html
Can I get assistance with the error codes coming from eclipse when I try to deploy enterprise application on websphere. I followed craig st jean, I also face another problem with configuration i.e websphere data sources using postgresql. i am using a windows machine, 64bit arch. the error codes are the topic of this question. i hope this question can be seen as relevant, since not much solutions exist for the first issue concerning com.ibm.ws.ffdc.FFDCFilter, thus if one doesn't overcome the first, how can one press on and attempt to solve the second. thanks.
Webspere logs
The test connection operation failed for data source AppDb on server server1 at node Lenovo-PCNode01 with the following exception: java.sql.SQLException: FATAL: password authentication failed for user "listmanagerremote" DSRA0010E: SQL State = 28P01, Error Code = 0. View JVM logs for further details.
I have fixed the issues with deployment in the eclipse neon IDE. I think it is either as a result of the installation of the IBM WebSphere Application Server Traditional v8.0x Developer tools for Neon, and IBM jre.
Eclipse console final message
00000063 CompositionUn A WSVR0191I: Composition unit WebSphere:cuname=ListManager in BLA WebSphere:blaname=ListManager started.
Postgre documents the 28P01 SQL State as an invalid password:
"28P01 INVALID PASSWORD invalid_password"
https://www.postgresql.org/docs/9.0/static/errcodes-appendix.html
Check your data source configuration to ensure that you have specified the correct password, or if using an authentication alias for your data source, confirm that the authentication data configuration contains the correct password, and that you have configured the data source and/or resource reference to use that authentication data.
I am using SQL Server CE 4.0 with WebApi on Windows Azure Websites. I have been successfully able to deploy SQL Server CE. The weird problem I am facing is that my site is able to log me in using the same DB but I am not able to use any of the controllers to fetch the data.
I am using same connection string for both. The only difference is that for logging in I am using WebSecurity as I have enabled OAuth on the site.
Can someone throw some light on how to debug and fix this issue? The error I am getting for the calls is
Format of the initialization string does not conform to specification
starting at index 0.
However the same string works for authentication, change password, adding OAuth connections etc.
Thanks in advance
I connected to the site using FTP. I was not giving the site name as domain name and it was denying me access earlier. On connecting, I got hold of the Web.config file and I found something interesting. While publishing the site, the web.config was modified to add another connectionstring with the name of context_DatabasePublish.
This string had following details connectionString="ContextName_DatabasePublish.ConnetionString" providerName="System.Data.SqlClient"
Also there was a new section called context added to the entityframework section of the config file with all the details for the context to use but again pointing to same connection string. The provider it is using is sql and not sqlce. I believe that is the reason it was failing.
I uploaded my normal config file and the site started working. I need to explore more on to why and how the new connection string got added. I will post the details in comments.