I tried to disable certificate validation for service workers on Firefox Nightly setting:
dom.serviceWorkers.testing.enabled: true
dom.webnotifications.serviceworker.enabled: true
devtools.serviceWorkers.testing.enabled: true
dom.serviceWorkers.enabled: true
in about:config tab.
I restarted Firefox, but I still get an exception on ServiceWorking registration caused by user settings limitations.
What can I do more?
Related
I am having keycloak installed and working in Prod and we are currently migrating to Kubernetes(EKS) so I used Bitnami chart and used the same config as in Prod but admin console not working internally I tried version 19.0.0 and 20.0.0
here is the keycloak config
KC_HTTPS_KEY_STORE_FILE: **
KC_PROXY: edge
KC_DB: postgres
KC_DB_URL_HOST: **
KC_DB_USERNAME: ***
KC_HOSTNAME: public_url
KEYCLOAK_ADMIN: admin
KEYCLOAK_HOSTNAME: public_url
PROXY_ADDRESS_FORWARDING: true
KK_TO_RMQ_URL: **
KK_TO_RMQ_USERNAME: **
KK_TO_RMQ_PASSWORD: **
KEYCLOAK_IDENTITY_URL: **
KC_HOSTNAME_STRICT: true
KC_HOSTNAME_ADMIN: internal_url
in the Docker file I give start --proxy edge
here is the error that comes in the browser
Timeout when waiting for 3rd party check iframe message.
Error: A listener indicated an asynchronous response by returning true, but the message channel closed before a response was received
I am trying to get keycloak admin console to work internally but it keeps loading forever without opening the admin dashboard
I also tried the fix on the thread Keycloak admin console loading indefinitely
but it didn't help
I am able to fix the issue, and here is the solution explained:
I removed the admin console internal connection configuration to dig more
I was using Bitnami chart for keycloak in the Bitnami chart there is a config like that
containerSecurityContext:
enabled: true
runAsUser: 1001
runAsNonRoot: false
as keycloak needs to create tmp folder for caching the css and js files it was not able to create it
KC-SERVICES0075: Failed to get theme request: java.lang.RuntimeException: Temporary directory /opt/keycloak/bin/../data/tmp does not exist and it was not possible to create it
so I disabled this feature in bitnami
containerSecurityContext:
enabled: false
set the user in the image as keycloak or any other privileged user
and that's it, now working as a charm.
I'm running a local h2 based development instance of keycloak (quarks one). I've been trying to add another custom means of login and I seem to have broken it.
I've changed the First Broker Login Flow and disabled the Review Profile(review profile config). I cannot login anymore. I get his error in the keycloak instance console when going into the login screen:
WARN [org.keycloak.authentication.DefaultAuthenticationFlow] (executor-thread-12) REQUIRED and ALTERNATIVE elements at same level! Those alternative executions will be ignored: [auth-cookie, null]
2022-09-25 10:50:38,131 WARN [org.keycloak.services] (executor-thread-12) KC-SERVICES0013: Failed authentication: org.keycloak.authentication.AuthenticationFlowException
Is there a way to revert this change through some config file / h2? Or do I just have to delete keycloak and start from scratch?
Thanks in advance
You can delete h2 related files from data/h2 directory. Though you will lose the configuration which you have done.
We have setup weblogic 12.2.1.4 clustered environment with 2 nodes in a cluster. We use session ID as part of authentication mechanism to log our user session info to the database. When both managed servers are up, the server generates this session ID:
MrvgJEMe6NG95XNsflnhsWjspl52GXPdl33whbIfGkgaEQm7Rk0X!1974917613!-533469515!1605782630842
When we tried to test session replication, by bringing down the server that currently serves the HTTP request, we have noticed that the session ID has changed and contains NONE as part of the generated ID.
MrvgJEMe6NG95XNsflnhsWjspl52GXPdl33whbIfGkgaEQm7Rk0X!1974917613!NONE!1605782630842
This has caused session replication inconsistency. Has anyone encountered the same issue and how did you resolve it? Your inputs are highly appreciated.
Thank you in advance for the help.
Enable the Debug Flags to Track Session Replication Failures
To gather more logging information about session replication failures, you should enable the flags DebugCluster, DebugClusterAnnouncements, DebugFailOver, DebugReplication, and DebugReplicationDetails.
To Enable:
In WebLogic Server 9.x and higher, the reccommended approach is to use the admin console. For each server in the domain, navigate to Servers -> -> Debug and enable the desired flag(s).
You can use the weblogic.Admin command line utility to dynamically turn the debug options on and off.
For example, to turn on DebugCluster on all administration instances of ServerDebug Mbean (i.e., Admin Server or a Managed Server):
java weblogic.Admin -url t3://localhost:7001 -username system -password weblogic SET -type ServerDebug -property DebugCluster true
Alternatively, you can edit the config.xml and the Mbean element in the stanza for each server that you want to debug and set the value to "true" to enable or "false" to disable. Then you must restart the Admin Server. Managed Servers will reconnect to the Admin Server and the debug flags will then dynamically take effect. Example:
At the end, with all the flags set, in your config.xml the ServerDebug tag would like below:
Make sure the stdOutSeverity level of the server is INFO and StdoutDebugEnabled is set to "true". The debug information will be logged into the server log as well as to the standard out.
Validate the Weblogic.xml entries
Make sure weblogic.xml has all the parameters that need to be set for each Session Replication type. For example, when using in-memory replication the sample weblogic.xml would look like:
I followed the steps of this tutorial:
http://www.ibm.com/smarterplanet/us/en/ibmwatson/developercloud/doc/ega_docs/dialog_ega.shtml#ega_getstart_setup
until the step 3h (Account validation), which leads to following error:
“Client error – 407 Proxy Authorization required”.
(I am behind a company proxy)
I use Eclipse Mars 4.5.2 and IBM Bluemix Tools 1.0.10.v20160406_1758.
What i have already done:
-Of course I have Bluemix account that works perfectly fine.
-I have filled in the HTTP and HTTPS info within the Eclipse proxy settings (General->network settings) and cleared the SOCK-field. I can therefore install new software and use the eclipse marketplace for instance.
-Set the proxy at the http_proxy/https_proxy at the Windows system variables, therefore I can use the Bluemix command line tool and login to Bluemix.
-Experimenting with adding various lines at the eclipse.ini as in the following:
-Dorg.eclipse.ecf.provider.filetransfer.excludeContributors=org.eclipse.ecf.provi der.filetransfer.httpclient
-Dhttp.proxyPort=8080
-Dhttp.proxyHost=YYY.com
-Dhttp.proxyUser=uid123
-Dhttp.proxyPassword=XXX
-Dhttps.proxyPort=8080
-Dhttps.proxyHost=YYY.com
-Dhttps.proxyUser=uid123
-Dhttps.proxyPassword=XXX
-Dhttp.nonProxyHosts=localhost|127.0.0.1
-Dorg.eclipse.ecf.provider.filetransfer.retrieve.closeTimeout=3000
-Dorg.eclipse.ecf.provider.filetransfer.retrieve.readTimeout=3000
The command "nslookup api.ng.bluemix.net" returns:
Server: AAA.de Address: aa.bbb.cd.ef
Not authorized answer:
Name: ng.bluemix.net Address: 75.126.70.44 Aliases: api.ng.bluemix.net
Any suggestions how to successfully use the Eclipse Bluemix Plugin?
Based on the error, it looks like you have authentication error on accessing the proxy itself. The Bluemix Tools does not use the command line interface (CLI) to communicate with the Bluemix server. Therefore, proxy settings are not setup in Eclipse even if you have it working using the CLI.
In Eclipse, all the proxy settings can be done from the Preference page. There is no need to change eclipse.ini so you can restore the eclipse.ini file to the original before changing the preference setting. You can find the corresponding preference page in Window>Preferences>General>Network Connection. Then, change the "Active Provider" to "Manual" and edit the HTTP and HTTPS port proxy settings as needed.
In the Edit Proxy Entry dialog, you can input the proxy authentication information by selecting Requires Authentication checkbox and input the user/password.
I am trying to install extensions for VSCode. But getting unable to get local issuer certifiate.
my settings.json
// Place your settings in this file to overwrite the default settings { // Controls the font family.
"editor.fontFamily": "Consolas",
// Controls the font size.
"editor.fontSize": 12,
//Setting corporate proxy
"http.proxy": "http://proxy_servr:3128",
"https.proxy": "http://proxy_servr:3128",
//Disable SSL Verification
"http.proxyStrictSSL": false }
In VS code:
Click File -> Preferences ->Settings
{
"http.proxyStrictSSL":false,
"http.proxy":"http://USERID:PASSWORD#proxy.domain.com:3128"
}
It appears that you have not added authentication credentials to http.proxy
Edit %AppData%/Roaming/Code/User/settings.json, adding:
{
...
"http.proxyStrictSSL":false,
...
}
This could be a DHCP problem on your system. I was seeing the same and similar error messages trying to update and install NPM packages in my Window WSL2 Ubuntu terminal. After running sudo echo nameserver 8.8.8.8 > /etc/resolv.conf I was able to install and update packages again. I spent days trying to troubleshoot this and never thought to check for DNS issues.
All the above answers open security risks, because you are downloading from internet without checking that the Server Certificate Chain is correct. Using such practices open different hack possibilities that you would like to avoid.
The better way to do it is to properly configure the Server Certificate Chain on your system (this is different from OS to OS) and remove the config "http.proxyStrictSSL":false, from your setting.
To make this working with the extensions installation, I found that you have to override the "Proxy Support" for extensions. Weirdly with "on" doesn't work for me.
Now with this config I can download securely extensions on the host like as well in docker containers used for remote execution.