Cannot regist intended password salt value by keycloak admin api - keycloak

I tried to add user to keycloak 3.4.3.Final by admin api with json file like this.
Command
bin\kcadm.bat create users -r master -f add-user.json
add-user.json Content
{
"username" : "myUserName",
"enabled" : true,
"credentials" : [ {
"type" : "password",
"hashedSaltedValue" : "encoded password string",
"salt" : "salt string",
"hashIterations" : 27500,
"algorithm" : "pbkdf2-sha256"
} ],
"realmRoles" : [ "admin" ]
}
Salt value was not registered as it was written in the json file.
For example, when use published test data, salt value "3fBAt5GAGGxFrV9fznpZHQ==" was registed as "ddf040b79180186c45ad5f5fce7a591d" on database.
How can I register my intended salt value?

The above problem was solved. Sorry for lack of verification.
I should write salt byte value base64 encoded.

For those wondering how to get the base64 encoded do the following:
echo -n 'the_value' | openssl base64
you get your salt based64 encoded and you can copy that and put in the JSON.

Related

Restheart for MongoDB, ACL and users

I have a MongoDB instance with the atlas sample databases and I'm trying to configure Restheart on it.
I have restheart configured with mongoRealmAuthenticator and MongoAclAuthorizer, with ACL and USERS collections in the restheart database, and the following mongo-mounts:
- what: /sample_weatherdata
where: /sample_weatherdata
The Users collection have the admin user and a user called sample_weatherdata with user role. The ACL collection have the following ACL.
{
"_id" : "userCanGetOwnCollection",
"roles" : [
"user"
],
"predicate" : "method(GET) and path-template('/{userid}') and equals(#user.userid, ${userid})",
"priority" : 100,
"_etag" : ObjectId("62322951a40a5c34cad71769")
}
But when I try to get the information from the sample_weatherdata db with curl (curl -k -u sample_weatherdata:secret -X GET https://xxxxx:4443/sample_weatherdata?page=1), I'm getting an error on the restheart logs:
21:01:22.702 [XNIO-1 task-1] DEBUG o.r.s.authorizers.FileAclAuthorizer - role user, permission (roles=[user],predicate=method(GET) and path-template('/{userid}') and equals(#user.userid, ${userid}) and qparams-contain(page) and qparams-blacklist(filter, sort)
), resolve false
21:01:22.716 [XNIO-1 task-1] DEBUG o.r.s.authorizers.MongoAclAuthorizer - role user, permission id BsonString{value='userCanGetOwnCollection'}, resolve false
21:01:22.718 [XNIO-1 task-1] INFO org.restheart.handlers.RequestLogger - GET https://xxxxxxx:4443/sample_weatherdata?page=1 from /10.100.200.100:55555 => status=403 elapsed=26ms contentLength=0 username=sample_weatherdata roles=[user]
Any idea if I'm missing something or how to configure the ACLs to allow the query?
If you use the default authenticator, i.e. mongoRealmAuthenticator the correct id property of the user is #user._id
So your permission should be:
{
"_id" : "userCanGetOwnCollection",
"roles" : [ "user" ],
"predicate" : "method(GET) and path-template('/{userid}') and equals(#user._id, ${userid})",
"priority" : 100
}
In the example acl.json you have:
NOTE: the id of the user is #user.userid with fileRealmAuthenticator and #user._id with mongoRealmAuthenticator
I'm the main committer of RESTHeart, and given that now mongoRealmAuthenticator is the default authenticator, I have just updated the example acl.json and related documentation to use #user._id

MongoDB - How to Change current logged in user's password? [duplicate]

I used db.addUser(...) to create a user at some point in the past. How do I now change that user's password?
I logged in with a user with userAdmin role. What command do I use to change another user's password?
Edit 2
I need this answered for the v2.4 style addUser and privilege documents
http://docs.mongodb.org/manual/tutorial/add-user-to-database/
http://docs.mongodb.org/manual/reference/privilege-documents/
Edit
It has been suggested that I use the 2.2 addUser syntax to change the password. This does not work:
db.addUser({user: "test", pwd: "oldPassword", roles: ["readWrite"]})
db.addUser("test", "newPassword")
gives
uncaught exception: couldn't add user: system.users entry must not have both 'roles' and 'readOnly' fields
db.changeUserPassword("test", "newPassword")
https://groups.google.com/d/msg/mongodb-user/KkXbDCsCfOs/rk2_h-oSbAwJ
https://jira.mongodb.org/browse/DOCS-1515
Finally found it!
To change a password, just run the addUser command again.
db.addUser("coolguy", "newxH#x0rPasswd", true);
this might help.
Becareful about the argument passed. That is for readOnly option.
EDIT :
Steps I followed in : Added a new user
> db.addUser("admin","firstpwd")
{
"user" : "admin",
"readOnly" : false,
"pwd" : "40a84fcba954c8924d277f23b0f880b1",
"_id" : ObjectId("51966ec8c7ad876ba0319438")
}
exit
> db.auth("admin","firstpwd")
1
Changing the password
> db.addUser("admin","secondpwd")
{
"_id" : ObjectId("51966ec8c7ad876ba0319438"),
"user" : "admin",
"readOnly" : false,
"pwd" : "82f4e416844349418281a3eca1cf6082"
}
exit
db.auth("admin","secondpwd")
1
MongoDB shell version: 2.4.3

Powershell - Converting Azure Keyvault Response Data

I am trying to setup a script for setting up my keyvault and deploying my ARM templates. When I create a keyvault I want to take that output and store it into an object, say, $output. The output looks like so
Name : CertificateThumbprint
Value : xxxxx
Name : SourceVault
Value : xxxxxxx
Name : CertificateURL
Value : xxxxxxxxx
I want to convert this to Json (or xml) so that I can access the data and update my template parameters file. However, when I try to ConvertTo-Json or ConvertTo-Xml I get something like
[
{
"pageHeaderEntry": null,
"pageFooterEntry": null,
"autosizeInfo": null,
"shapeInfo": {
"ClassId2e4f51ef21dd47e99d3c952918aff9cd": "..."
},
"groupingEntry": null,
"ClassId2e4f51ef21dd47e99d3c952918aff9cd": "..."
},
{
"shapeInfo": null,
"groupingEntry": null,
"ClassId2e4f51ef21dd47e99d3c952918aff9cd": "..."
},
{
"formatEntryInfo": {
"listViewFieldList": "Microsoft.PowerShell.Commands.Internal.Format.ListViewField Microsoft.PowerShell.Commands.Internal.Format.ListViewField"
...
]
My powershell experience is pretty minimal so I'm not exactly familiar with all the Format options.
$output[2].formatEntryInfo.listViewFieldList...foo...bar
Should allow you to access your properties of the output without having to convert at all

GCS Transfer via Source: URL list "errorCode": "UNKNOWN"

I'm trying to transfer 7,860,379 files, using the transfer system via URL list, however always encounter the same error:
{ //...
"errorBreakdowns": [
{
"errorCode": "UNKNOWN",
"errorCount": "1",
"errorLogEntries": [
{
"url": " or ",
"errorDetails": [
""
]
}
]
}
]
// ...
}
All the my URLs are valid and the file format as documented:
TsvHttpData-1.0
^([^ ]+)\t([0-9]+)\t([a-f0-9]{32})$
The error I find the API is very generic, someone went through the same problem?
Since, I thank you.
Based on your regex, I suspect you are not providing a base-64 encoded MD5, as it often contains '=' characters. To do this, you need to compute the binary version of your MD5 and then convert it to base64.
Example: Hk2gdsIpWTDz3kQssoTqKg==

How to copy password protected database from remote server in mongodb?

I am running mongodb 2.4.8 and need to copy a database from remote server. Server has auth enabled in combination with a user having privileges the database. I have tried copydb but it didn't work. I guess it failed because of remote server using auth in combination with role based user(mentioned under authentication section of documentation).
host = "myhost.com"
mynonce = db.runCommand( { copydbgetnonce : 1, fromhost: host } ).nonce
username = "myuser"
password = "mypassword"
password_hash = hex_md5(mynonce + username + hex_md5(username + ":mongo:" + password))
db.runCommand({
copydb: 1,
fromdb: "test",
todb: "test",
fromhost: host,
username: username,
key: password_hash
})
# output: { "ok" : 0, "errmsg" : "" }
# but nothing really gets copied
What other options do I have? I would prefer a solution which can work from within the mongo shell as I do not have ssh access to server.
try db.copyDatabase(fromdb, todb, fromhost, username, password). as manual said: http://docs.mongodb.org/manual/reference/method/db.copyDatabase/