We Keep Coding

How to authenticate the database by using the Windows service user on Wildfly 9?

I am configuring a data source to use windows authentication that is configuring the Wildfly service.
I put in the connection URL the "integratedSecurity = true" parameter:
<datasource jndi-name="java:/DBEASYFINANCE2_D0000" pool-name="java:/DBEASYFINANCE2_D0000" enabled="true">
<connection-url>jdbc:jtds:sqlserver://SRVXX:1433;databaseName=DB_XXX;integratedSecurity=true</connection-url>
<driver>jtds</driver>
<pool>
<min-pool-size>0</min-pool-size>
<max-pool-size>100</max-pool-size>
</pool>
<validation>
<check-valid-connection-sql>select ''</check-valid-connection-sql>
<validate-on-match>true</validate-on-match>
</validation>
<timeout>
<blocking-timeout-millis>30000</blocking-timeout-millis>
<idle-timeout-minutes>5</idle-timeout-minutes>
<use-try-lock>60</use-try-lock>
</timeout>
</datasource>
When I run the connection test on the DataSource the error occurs:
Unexpected HTTP response: 500
Request
{
"address" => [
("subsystem" => "datasources"),
("data-source" => "java:/DBEASYFINANCE2_D0000")
],
"operation" => "test-connection-in-pool"
}
Response
Internal Server Error
{
"outcome" => "failed",
"failure-description" => "WFLYJCA0040: failed to invoke operation: WFLYJCA0047: Connection is not valid",
"rolled-back" => true
}
I'm using Wildfly 9.
Can you tell me what is wrong with my configuration ?

CAS Delegated Authentication and AttributeReleasePolicies

We were able to integrate CAS 5.2.6 using delegated authentication with Azure AD (Saml Idp)
The integrated is working fine when the client webapp is deployed on Tomcat-9
The same client WAR fails in JBoss-EAP or Wildfly because of SaxParing exception
This is because Jboss is using xercesImpl for parsing Xml which fails when the xml element is numeric.
So, a standard solution will be to use AttributeResolver configuration on CAS server side to ensure that we map the attribute to standard names (vs numeric names)
Attached herewith the SAML response and CAS Client Response
<samlp:Response
Destination="https://somedomain.cloudapp.azure.com:8443/cas/login?client_name=MY_SAML"
ID="_6a00b756-53f4-4702-b329-7a6af0145fa0" InResponseTo="_d5nkosrzkcj29rlldngsuozq3uwtb5znanfm616"
IssueInstant="2018-10-04T13:22:05.275Z" Version="2.0"
xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
<Issuer xmlns="urn:oasis:names:tc:SAML:2.0:assertion">https://sts.windows.net/522b3803-a001-4675-b3b5-1d727d43585a/</Issuer>
<samlp:Status><samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/></samlp:Status>
<Assertion ID="_337eded3-a927-4674-b78a-77259cfbf784" IssueInstant="2018-10-04T13:22:05.275Z"
Version="2.0" xmlns="urn:oasis:names:tc:SAML:2.0:assertion">
<Issuer>https://sts.windows.net/522b3803-a001-4675-b3b5-1d727d43585a/</Issuer>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo><CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/><SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
<Reference URI="#_337eded3-a927-4674-b78a-77259cfbf784">
<Transforms><Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></Transforms><DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<DigestValue>BkenglDOQwAFlKJ3hLrZ4vUzAg9gOD9EFUjGKH9hsI4=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>...</SignatureValue>
<KeyInfo>
<X509Data>
<X509Certificate>...</X509Certificate>
</X509Data>
</KeyInfo>
</Signature>
<Subject>
<NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent">nX16LJA-9igFhluTHQGlDUOK0CNPy_XfliMDJ3iud88</NameID>
<SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><SubjectConfirmationData InResponseTo="_d5nkosrzkcj29rlldngsuozq3uwtb5znanfm616"
NotOnOrAfter="2018-10-04T13:27:05.275Z"
Recipient="https://somedomain.cloudapp.azure.com:8443/cas/login?client_name=MY_SAML"/></SubjectConfirmation>
</Subject>
<Conditions NotBefore="2018-10-04T13:17:05.275Z" NotOnOrAfter="2018-10-04T14:17:05.275Z">
<AudienceRestriction>
<Audience>spn:8b4fcc4d-6781-4da0-acc9-0c28a3317695</Audience>
</AudienceRestriction>
</Conditions>
<AttributeStatement>
<Attribute Name="http://schemas.microsoft.com/identity/claims/tenantid">
<AttributeValue>522b3803-a001-4675-b3b5-1d727d43585a</AttributeValue>
</Attribute>
<Attribute Name="http://schemas.microsoft.com/identity/claims/objectidentifier">
<AttributeValue>8fa1e8a3-41b8-440e-91cf-fafa246ab571</AttributeValue>
</Attribute>
<Attribute Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name">
<AttributeValue>xxxxx#AAAA.onmicrosoft.com</AttributeValue>
</Attribute>
<Attribute Name="http://schemas.microsoft.com/identity/claims/displayname">
<AttributeValue>Firstname Lastname</AttributeValue>
</Attribute>
<Attribute Name="http://schemas.microsoft.com/identity/claims/identityprovider">
<AttributeValue>https://sts.windows.net/522b3803-a001-4675-b3b5-1d727d43585a/</AttributeValue>
</Attribute>
<Attribute Name="http://schemas.microsoft.com/claims/authnmethodsreferences">
<AttributeValue>http://schemas.microsoft.com/ws/2008/06/identity/authenticationmethod/password</AttributeValue>
<AttributeValue>http://schemas.microsoft.com/claims/multipleauthn</AttributeValue>
</Attribute>
</AttributeStatement>
<AuthnStatement AuthnInstant="2018-10-04T09:50:06.611Z"
SessionIndex="_337eded3-a927-4674-b78a-77259cfbf784">
<AuthnContext>
<AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</AuthnContextClassRef>
</AuthnContext>
</AuthnStatement>
</Assertion>
CAS Client Response
<cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'>
<cas:authenticationSuccess>
<cas:user>nX16LJA-9igFhluTHQGlDUOK0CNPy_XfliMDJ3iud88</cas:user>
<cas:attributes>
<cas:isFromNewLogin>true</cas:isFromNewLogin>
<cas:687474703a2f2f736368656d61732e6d6963726f736f66742e636f6d2f6964656e746974792f636c61696d732f6f626a6563746964656e746966696572>8fa1e8a3-41b8-440e-91cf-fafa246ab571</cas:687474703a2f2f736368656d61732e6d6963726f736f66742e636f6d2f6964656e746974792f636c61696d732f6f626a6563746964656e746966696572>
<cas:authenticationDate>2018-10-04T13:22:05.643Z[Etc/UTC]</cas:authenticationDate>
<cas:clientName>MY_SAML</cas:clientName>
<cas:successfulAuthenticationHandlers>ClientAuthenticationHandler</cas:successfulAuthenticationHandlers>
<cas:687474703a2f2f736368656d61732e6d6963726f736f66742e636f6d2f6964656e746974792f636c61696d732f646973706c61796e616d65>Firstname Lastname</cas:687474703a2f2f736368656d61732e6d6963726f736f66742e636f6d2f6964656e746974792f636c61696d732f646973706c61796e616d65>
<cas:notBefore>2018-10-04T13:17:05.275Z</cas:notBefore>
<cas:credentialType>ClientCredential</cas:credentialType>
<cas:687474703a2f2f736368656d61732e6d6963726f736f66742e636f6d2f636c61696d732f617574686e6d6574686f64737265666572656e636573>http://schemas.microsoft.com/ws/2008/06/identity/authenticationmethod/password</cas:687474703a2f2f736368656d61732e6d6963726f736f66742e636f6d2f636c61696d732f617574686e6d6574686f64737265666572656e636573>
<cas:687474703a2f2f736368656d61732e6d6963726f736f66742e636f6d2f636c61696d732f617574686e6d6574686f64737265666572656e636573>http://schemas.microsoft.com/claims/multipleauthn</cas:687474703a2f2f736368656d61732e6d6963726f736f66742e636f6d2f636c61696d732f617574686e6d6574686f64737265666572656e636573>
<cas:687474703a2f2f736368656d61732e6d6963726f736f66742e636f6d2f6964656e746974792f636c61696d732f74656e616e746964>522b3803-a001-4675-b3b5-1d727d43585a</cas:687474703a2f2f736368656d61732e6d6963726f736f66742e636f6d2f6964656e746974792f636c61696d732f74656e616e746964>
<cas:687474703a2f2f736368656d61732e786d6c736f61702e6f72672f77732f323030352f30352f6964656e746974792f636c61696d732f6e616d65>myuserID#MYDOMAIN.onmicrosoft.com</cas:687474703a2f2f736368656d61732e786d6c736f61702e6f72672f77732f323030352f30352f6964656e746974792f636c61696d732f6e616d65>
<cas:authenticationMethod>ClientAuthenticationHandler</cas:authenticationMethod>
<cas:687474703a2f2f736368656d61732e6d6963726f736f66742e636f6d2f6964656e746974792f636c61696d732f6964656e7469747970726f7669646572>https://sts.windows.net/522b3803-a001-4675-b3b5-1d727d43585a/</cas:687474703a2f2f736368656d61732e6d6963726f736f66742e636f6d2f6964656e746974792f636c61696d732f6964656e7469747970726f7669646572>
<cas:notOnOrAfter>2018-10-04T14:17:05.275Z</cas:notOnOrAfter>
<cas:longTermAuthenticationRequestTokenUsed>false</cas:longTermAuthenticationRequestTokenUsed>
<cas:sessionindex>_337eded3-a927-4674-b78a-77259cfbf784</cas:sessionindex>
</cas:attributes>
</cas:authenticationSuccess>
So, we need to map this attribute - 687474703a2f2f736368656d61732e786d6c736f61702e6f72672f77732f323030352f30352f6964656e746974792f636c61696d732f6e616d65 to a standard attribute name via AttributeResolver
We have tried the following configuration but its not working out
"attributeReleasePolicy" : {
"#class" : "org.apereo.cas.services.ReturnMappedAttributeReleasePolicy",
"allowedAttributes" : {
"#class" : "java.util.TreeMap",
"name" : "username",
"displayname" : "userdisplayname",
"someattrname" : "groovy { return attributes['name']}"
}
}
So, anyone who was able to map the attributeNames via AttributeReleasePolicies ?
Any help related to this configuration will be really helpful

This issue is resolved. We had to give the complete path of the attribute and not just part of the name
{
"#class" : "org.apereo.cas.services.RegexRegisteredService",
"serviceId" : "^(https|imaps)://.*"
"name" : "SOME-NAME",
"id" : 200,
"description" : "This configuration is for app",
"evaluationOrder" : 10000
"logoutType" : "BACK_CHANNEL",
"logoutUrl" : "https://login.microsoftonline.com/522b3803-a001-4675-b3b5-1d727d43585a/saml2"
"attributeReleasePolicy" : {
"#class" : "org.apereo.cas.services.ReturnMappedAttributeReleasePolicy",
"allowedAttributes" : {
"#class" : "java.util.TreeMap",
"userid" : "groovy { return attributes['http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name']}"
"displayname" : "groovy { return attributes['http://schemas.xmlsoap.org/ws/2005/05/identity/claims/displayname']}"
}
}
}
So, post this configuration change, now the SAML Response is returning meaningful names
<cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'>
<cas:authenticationSuccess>
<cas:user>Elsbhy4pa-ZLcZ7OWNZ-0vKWjqzV4F7UfVYjRJTCjDY</cas:user>
<cas:attributes>
<cas:credentialType>ClientCredential</cas:credentialType>
<cas:isFromNewLogin>false</cas:isFromNewLogin>
<cas:authenticationDate>2018-10-05T09:20:07.216Z[Etc/UTC]</cas:authenticationDate>
<cas:authenticationMethod>ClientAuthenticationHandler</cas:authenticationMethod>
<cas:clientName>SOME_CLIENT</cas:clientName>
<cas:displayname>FirstName Lastname</cas:displayname>
<cas:successfulAuthenticationHandlers>ClientAuthenticationHandler</cas:successfulAuthenticationHandlers>
<cas:longTermAuthenticationRequestTokenUsed>false</cas:longTermAuthenticationRequestTokenUsed>
<cas:userid>myusername#MYDOMAIN.onmicrosoft.com</cas:userid>
</cas:attributes>
</cas:authenticationSuccess>
</cas:serviceResponse>

Why eureka considers a service still 'UP' even if its last renewal time was two days ago

I have a service with 2 replicas running. But I found the service having 3 UP instances in eureka's dashboard.
Below the detail info of the service in eureka. The problematic instance is 8d0c39f3ed9b:ocr-server:8095, whose last renewal time was two days ago. And the status and health url can NOT be accessed. I'm wondering why eureka considers it's UP!
<application>
<name>OCR-SERVER</name>
<instance>
<instanceId>211a4634b45f:ocr-server:8095</instanceId>
<hostName>211a4634b45f</hostName>
<app>OCR-SERVER</app>
<ipAddr>10.0.0.38</ipAddr>
<status>UP</status>
<overriddenstatus>UNKNOWN</overriddenstatus>
<port enabled="true">8095</port>
<securePort enabled="false">443</securePort>
<countryId>1</countryId>
<dataCenterInfo class="com.netflix.appinfo.InstanceInfo$DefaultDataCenterInfo">
<name>MyOwn</name>
</dataCenterInfo>
<leaseInfo>
<renewalIntervalInSecs>30</renewalIntervalInSecs>
<durationInSecs>90</durationInSecs>
<registrationTimestamp>1505589414444</registrationTimestamp>
<lastRenewalTimestamp>1505833520772</lastRenewalTimestamp>
<evictionTimestamp>0</evictionTimestamp>
<serviceUpTimestamp>1505589414444</serviceUpTimestamp>
</leaseInfo>
<metadata class="java.util.Collections$EmptyMap"/>
<homePageUrl>http://211a4634b45f:8095/</homePageUrl>
<statusPageUrl>http://211a4634b45f:8096/manage/info</statusPageUrl>
<healthCheckUrl>http://211a4634b45f:8096/manage/health</healthCheckUrl>
<vipAddress>ocr-server</vipAddress>
<secureVipAddress>ocr-server</secureVipAddress>
<isCoordinatingDiscoveryServer>false</isCoordinatingDiscoveryServer>
<lastUpdatedTimestamp>1505589414444</lastUpdatedTimestamp>
<lastDirtyTimestamp>1505589412731</lastDirtyTimestamp>
<actionType>ADDED</actionType>
</instance>
<instance>
<instanceId>8d0c39f3ed9b:ocr-server:8095</instanceId>
<hostName>8d0c39f3ed9b</hostName>
<app>OCR-SERVER</app>
<ipAddr>10.0.0.38</ipAddr>
<status>UP</status>
<overriddenstatus>UNKNOWN</overriddenstatus>
<port enabled="true">8095</port>
<securePort enabled="false">443</securePort>
<countryId>1</countryId>
<dataCenterInfo class="com.netflix.appinfo.InstanceInfo$DefaultDataCenterInfo">
<name>MyOwn</name>
</dataCenterInfo>
<leaseInfo>
<renewalIntervalInSecs>30</renewalIntervalInSecs>
<durationInSecs>90</durationInSecs>
<registrationTimestamp>1505589356797</registrationTimestamp>
<lastRenewalTimestamp>1505589356797</lastRenewalTimestamp>
<evictionTimestamp>0</evictionTimestamp>
<serviceUpTimestamp>1505589356797</serviceUpTimestamp>
</leaseInfo>
<metadata class="java.util.Collections$EmptyMap"/>
<homePageUrl>http://8d0c39f3ed9b:8095/</homePageUrl>
<statusPageUrl>http://8d0c39f3ed9b:8096/manage/info</statusPageUrl>
<healthCheckUrl>http://8d0c39f3ed9b:8096/manage/health</healthCheckUrl>
<vipAddress>ocr-server</vipAddress>
<secureVipAddress>ocr-server</secureVipAddress>
<isCoordinatingDiscoveryServer>false</isCoordinatingDiscoveryServer>
<lastUpdatedTimestamp>1505589356797</lastUpdatedTimestamp>
<lastDirtyTimestamp>1505589356787</lastDirtyTimestamp>
<actionType>ADDED</actionType>
</instance>
<instance>
<instanceId>0c62739f5ca8:ocr-server:8095</instanceId>
<hostName>0c62739f5ca8</hostName>
<app>OCR-SERVER</app>
<ipAddr>10.0.0.34</ipAddr>
<status>UP</status>
<overriddenstatus>UNKNOWN</overriddenstatus>
<port enabled="true">8095</port>
<securePort enabled="false">443</securePort>
<countryId>1</countryId>
<dataCenterInfo class="com.netflix.appinfo.InstanceInfo$DefaultDataCenterInfo">
<name>MyOwn</name>
</dataCenterInfo>
<leaseInfo>
<renewalIntervalInSecs>30</renewalIntervalInSecs>
<durationInSecs>90</durationInSecs>
<registrationTimestamp>1505589403150</registrationTimestamp>
<lastRenewalTimestamp>1505833509700</lastRenewalTimestamp>
<evictionTimestamp>0</evictionTimestamp>
<serviceUpTimestamp>1505589403150</serviceUpTimestamp>
</leaseInfo>
<metadata class="java.util.Collections$EmptyMap"/>
<homePageUrl>http://0c62739f5ca8:8095/</homePageUrl>
<statusPageUrl>http://0c62739f5ca8:8096/manage/info</statusPageUrl>
<healthCheckUrl>http://0c62739f5ca8:8096/manage/health</healthCheckUrl>
<vipAddress>ocr-server</vipAddress>
<secureVipAddress>ocr-server</secureVipAddress>
<isCoordinatingDiscoveryServer>false</isCoordinatingDiscoveryServer>
<lastUpdatedTimestamp>1505589403150</lastUpdatedTimestamp>
<lastDirtyTimestamp>1505589400020</lastDirtyTimestamp>
<actionType>ADDED</actionType>
</instance>
</application>
The config of eureka client looks like below,
eureka:
instance:
statusPageUrlPath: /info
healthCheckUrlPath: /health
preferIpAddress: false
client:
fetchRegistry: true
registryFetchIntervalSeconds: 5
healthcheck:
enabled: true
serviceUrl:
defaultZone: http://eureka-peer1:8761/eureka,http://eureka-peer2:8761/eureka
The configuration of eureka server is,
eureka:
instance:
preferIpAddress: true
enableSelfPreservation: false
homePageUrl: http://${eureka.hostname}/
---
spring:
profiles: peer1
eureka:
instance:
hostname: eureka-peer1
client:
serviceUrl:
defaultZone: http://eureka-peer2:${server.port}/eureka/
---
spring:
profiles: peer2
eureka:
instance:
hostname: eureka-peer2
client:
serviceUrl:
defaultZone: http://eureka-peer1:${server.port}/eureka/
And both the eureka clients and servers are running in docker swarm.

Your server has probably entered the self preservation mode, that's why you see a stale instance there.
I see you have the enableSelfPreservation: false option however it is not in the right section, it should be eureka.server.enableSelfPreservation, your entry is under eureka.instance.enableSelfPreservation which is not right.

Apache camel cxfrs—Can't find the request for <URL> Observer

I tried to develop a rest service and expose the same via Apache Camel's CXFRS. I followed all the steps given in http://camel.apache.org/cxfrs.html and also referred to many samples given. I already referred to the question Can't find the the request for url Observer, but in my case it is a simple rest request. Below are the Service class, Route class, and cxf context used:
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:camel="http://camel.apache.org/schema/spring"
xmlns:cxf="http://camel.apache.org/schema/cxf" xmlns:context="http://www.springframework.org/schema/context"
xmlns:jaxrs="http://cxf.apache.org/jaxrs"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://camel.apache.org/schema/spring
http://camel.apache.org/schema/spring/camel-spring.xsd
http://camel.apache.org/schema/cxf
http://camel.apache.org/schema/cxf/camel-cxf.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context.xsd
http://cxf.apache.org/jaxrs
http://cxf.apache.org/schemas/jaxrs.xsd">
<import resource="classpath:META-INF/cxf/cxf.xml" />
<import resource="classpath:META-INF/cxf/cxf-servlet.xml" />
<context:annotation-config />
<!-- enable Spring #Component scan -->
<context:component-scan base-package="org.camelsample.rest" />
<cxf:rsServer id="rsServer" address="/rest"
serviceClass="org.camelsample.rest.service.SampleRestService"
loggingFeatureEnabled="true" loggingSizeLimit="20">
<cxf:providers>
<bean class="org.codehaus.jackson.jaxrs.JacksonJsonProvider" />
</cxf:providers>
</cxf:rsServer>
<camel:camelContext id="samplerestservice"
xmlns="http://camel.apache.org/schema/spring">
<contextScan />
<jmxAgent id="agent" createConnector="true" />
</camel:camelContext>
</beans>
The Service Class:
package org.camelsample.rest.service;
import javax.ws.rs.GET;
import javax.ws.rs.Path;
public class SampleRestService {
#GET
#Path("/")
public String sampleService() {
return null;
}
}
The Route Class:
package org.camelsample.rest.route;
import org.apache.camel.spring.SpringRouteBuilder;
public class SampleRestRoute extends SpringRouteBuilder {
#Override
public void configure() throws Exception {
// TODO Auto-generated method stub
from("cxfrs:bean:rsServer").log("Into Sample Route").setBody(constant("Success"));
}
}
But when I try to hit and test using http://localhost:8080/rest, I always get the following error message:
2015-05-29 13:38:37.920 WARN 6744 --- [nio-8080-exec-2] o.a.c.t.servlet.ServletController : Can't find the the request for http://localhost:8080/favicon.ico's Observer
2015-05-29 13:38:40.295 WARN 6744 --- [nio-8080-exec-3] o.a.c.t.servlet.ServletController : Can't find the the request for http://localhost:8080/rest's Observer
Am using Spring boot to test the rest sample.

Does it work with this URL instead ?
http://localhost:8181/cxf/rest
If you just use address="/rest" as your address then you will probably get the default Jetty port 8181 and default CXF servlet path /cxf as the base URL.
If you specifically want to use the URL you have given then try this instead:
address="http://0.0.0.0:8080/rest"

What is the appsetting.json version of <defaultProxy>?

What is the .Net Core appsettings.json version of
<defaultProxy useDefaultCredentials="true">
<proxy autoDetect="True"
proxyaddress="http://localhost:8888/"
usesystemdefault="False" bypassonlocal="False" />
</defaultProxy>
?

Using a tool at http://www.utilities-online.info/xmltojson
I got the following. I didn't test this.
{
"defaultProxy": {
"-useDefaultCredentials": "true",
"proxy": {
"-autoDetect": "True",
"-proxyaddress": "http://localhost:8888/",
"-usesystemdefault": "False",
"-bypassonlocal": "False"
}
}
}