Trying to sign an OutlookAdd-In with a GoDaddy certificate using http://tsa.starfieldtech.com as the Timestamp server, but was getting "signing parameter is incorrect". Now getting "An error occurred while signing: Timestamp URL server name or address could not be resolved." I successfully utilized http://timestamp.comodoca.com/authenticode in order to get it out to users but am not completely comfortable using a new URL. Are others experiencing this issue?
Thanks!
Here's my 2ยข:
As of a couple of days ago, GoDaddy withdrew from the code signing certificate (CSC) business. GoDaddy have told me they will honor my certificate till its expiry, which is 2023.
GoDaddy tech support tell me that starfieldtech.com, GoDaddy's recommended TSA (Time Stamp Authority) server, no longer recognizes GoDaddy CSCs. Using MS SDK signtool.exe, I have tried the following alternatives, all of which fail with the error "The specified timestamp server either could not be reached or returned an invalid response.":
http://tsa.starfieldtech.com/
http://timestamp.digicert.com?alg=sha1
http://timestamp.globalsign.com/scripts/timstamp.dll
http://www.startssl.com/timestamp
http://rfc3161timestamp.globalsign.com/advanced
https://timestamp.geotrust.com/tsa
http://tsa.startssl.com/rfc3161
http://www.trustcenter.de/codesigning/timestamp
http://freetsa.org/tsr/
http://freetsa.org
https://freetsa.org
The only one that still works is:
http://timestamp.comodoca.com/authenticode
I'm skeptical that TSA server is sufficient, I think the problem goes deeper than that.
I have also reviewed https://gist.github.com/Manouchehri/fd754e402d98430243455713efada710.
Does anyone know of other reputable TSAs that work?
I'd rather not have to prematurely replace my expensive CSC.
It's dead.
Browser shows Server not found.
Name resolution fails:
nslookup tsa.starfieldtech.com
...
can't find tsa.starfieldtech.com.: Non-existent domain
I've backup of ondemand instance for sugarcrm version 8.0.0 Enterprise Edition
It works normal for CRUD records and other stuff, but when I try to upload module via Zip it gives me following error
Cross Site Request Forgery (XSRF) Attack Detected
Form authentication failure (Administration -> UpgradeWizard). Contact your administrator.
I've tried following article
Troubleshooting Cross-Site Forgery Messages
But the problem still persists. The problem only occurs for BWC modules IMO.
EDIT: Before trying this work-around, check if you have the HTTP referer header disabled in your web browser, as that might be the reason for having the described problem in the first place.
If this is a local test/dev-instance you might want to add
['csrf']['soft_fail_form'] = true,
to your $sugar_config in config.php or config_override.php. That should cause the error to be logged only instead of aborting the action.
Note: This works on Sugar 7.9. I have yet to test it on 8.0.
Source: https://community.sugarcrm.com/community/developer/blog/2017/10/11/upcoming-security-changes-to-sugar
Add this lines in your config_override.php file
$sugar_config['http_referer']['list'][] = 'http://CHANGE_TO_YOUR_LOCAL_URL/';
$sugar_config['csrf']['soft_fail_form'] = true;
A copy of a TYPO3 4.4 site has been installed on a Windows 10 system. PHP and Apache versions are approximately equal. The site itself is functional and appears complete. I can log in to the backend of the live site. I cannot log in to the backend of the copied site.
Trials:
Change database character set from latin1 to utf8
Change my credentials to database credentials (username, md5('password')) used in localconf.php
Comment out modified $TYPO3_CONF_VARS['BE']['installToolPassword'] in localconf.php
./typoconf/temp_* deleted
Edit #1:
If localconf.php is modified to point to the live database I am able to log in. This suggests that the issue may be a difference in server versions.
Edit #2:
Installing MySQL server version 5.5.54 (live site has 5.5.53) makes no difference.
Have you tried to set
from:
'loginSecurityLevel' => 'rsa',
to:
'loginSecurityLevel' => 'normal',
in your localconfig.php file?
I had the same problem. The reason was that someone copied the system via phpmyadmin.
I copied the typo3 mysql-DB via
mysqldump ... > ...sql
and
mysql ... < ...sql
and now it works
Maybe you should look at your cookie domain in localconf.php
It took a look a ancient history to see that one source of the error was the MySQL strict mode. The clue that told me I was logged in was a record in the sys_log table with a current timestamp & my userid. An old bug report included a comment on strict mode. By changing MySQL 5.7 my.ini from sql-mode="STRICT_TRANS_TABLES,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION" to sql-mode="NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION" I gained access to my sandbox. Hooray for wayback machines everywhere.
A few weeks ago this error started popping up.
Set-PSRepository : The specified Uri 'http://*****' for parameter
'SourceLocation' is an invalid Web Uri.
Please ensure that it meets the Web Uri requirements.
I'm not sure how to fix this short of uninstalling Powershell. There is a workaround available on StackOverflow but it's clunky and will not work for me long term.
Frankly I'd rather just find where the PSRepositories are stored and edit the files manually when I need to.
The answer to this other question should help: Invalid Web Uri error on Register-PSRepository
It involves registering the repository using a local path first, then updating it to point to the URL.
Had the same issue,
for me it was an expired certificate at my own repostitory. Exchanged the certificate and the error was gone.
I'm using the github oauth plugin for our logins but for all of our users in the Organisation I get an error:
Access Denied
<user> is missing the Overall/Read permission
I have tried everything I can possibly think of to try to make this work and I'm probably going to fallback to making everyone an admin user, which i would prefer not to do.
Any advise would be appreciated.
This is how I resolved the authentication problem:
Edit config.xml file, e.g.
sudo vi /var/lib/jenkins/config.xml
Change useSecurity element's value to false, e.g.
<useSecurity>false</useSecurity>
Remove authorizationStrategy block
Restart Jenkins: /etc/init.d/jenkins restart.
Access Jenkins through URL as usual and reconfigure security again.
I had the same problem with "... is missing the Overall/Read permission" on Jenkins (1.651.2) with activated Credentials Plugin.
But it was my own failure: I only configured the user on project side (by credential plugin) but missed to configure the global security.
So I fixed it by selecting:
Jenkins -> Manage Jenkins -> Configure Global Security
And did setup missing global settings (or project matrix based one)
Have you followed this step, from the plugin page?
Control user authorization (i.e. who is allowed to see the jobs and build them) using the Github Commiter Authorization Strategy
Also, make sure you actually allow authenticated users to access Jenkins
Under Jenkins global configuration, under Authorization, add user/group called authenticated
Give that group Overall Read permission
The group should show up with a "group" icon (two users), as opposed to single user icon.
reset from <useSecurity>true</useSecurity> to <useSecurity>false</useSecurity> in config.xml and set the permission again.
Edit file /var/lib/jenkins/config.xml and add the following lines :
<authorizationStrategy class="hudson.security.ProjectMatrixAuthorizationStrategy">
<permission>hudson.model.Hudson.Read:john.smith</permission>
</authorizationStrategy>
Restart Jenkins
What I did when I got this error is to edit config.xml as mentionned by other users and correctly re-add my username in LOWERCASE in "configureSecurity" Jenkins' page. I was using "KrustyHack" when adding permissions but it didn't work. I had to add "krustyhack" instead, and it worked.
I hope it helps.
I had the same problem here, but it affected only some users, not all of them. Anyway, you should check public organization membership : documentation of the plugin states that "You have to be a public member of the organization for the authorization to work correctly." (https://wiki.jenkins-ci.org/display/JENKINS/Github+OAuth+Plugin).
Follow instructions from GitHub (https://help.github.com/articles/publicizing-or-hiding-organization-membership/) in order to make organization membership public, and this might fix your issue.
Also check the case user names in the authorizationStrategy element. I made my new user's name lower case and restarted the service and it the error went away.
Fix it by these 2 shell commands on the server (sudo permission is required):
sudo ex +g/useSecurity/d +g/authorizationStrategy/d -scwq /var/lib/jenkins/config.xml
sudo /etc/init.d/jenkins restart
This will remove useSecurity and authorizationStrategy lines from your config file.
See also: Disable security at Jenkins website
We hit this same error when a github organization administrator changed the organization's settings for "Third-party access" to "restrict third-party application access". Reverting to the previous settings within the github organization resolved the problem.
See github oauth-app-access-restrictions for details on how to configure that properly.
The assignment of roles to users is stored in config.xml file. Add the ID of the user directly to the role and then restart Jenkins.
In my case, I have a role named editor and a bunch of users assigned to the role.
<role name="editor" pattern=".*">
<permissions>
<...>
<permission>hudson.model.Item.Create</permission>
<permission>hudson.model.Item.Workspace</permission>
<permission>...</permission>
</permissions>
<assignedSIDs>
<sid>bob</sid>
<sid>alice</sid>
<sid>**newuser**</sid>
</assignedSIDs>
</role>
The matrix security is not terribly clear. I am a member of a specific group in our org that has admin privileges however I am also an authenticated user. I would think that the one group super-cedes the other however I have to have both in order to actually log into the system and be admin. It's screwed up IMO.
go to your-jenkins-host:port/role-strategy/assign-roles and configure roles for the user
I had the same problem before,
your OAuth application need your organization owner's approve,
then the OAuth Plugin can access the private data in it
I am using Crowd 2 plugin and I have the same problem.
I fixed it by downgrading OWASP Markup Formatter Plugin from varsion 1.2 to version 1.1 and then changing Markup Formatter in Configure Global Security value to Raw HTML, before it was Plain text.
I had exactly the same problem and adding the plugin Role Strategy Plugin fixed the problem.
All I had to do was install the plugin, create two groups - admin / developer and then add users to the groups.
A much much better solution than recreating the whole permissions matrix :)
I had a similar problem I was not able access Jenkin account and the system was locked.
I had only an error message. "Access Denied "
When I tried to reinstall Jenkins then it prompted to Repair option.
By clicking Repair option it fixed the problem.
Go to $JENKINS_HOME (linux, jenkins in windows), and find config.xml file.
Open this file in the editor. (take backup of .jenkins home)
Look for the <useSecurity>true</useSecurity> element in this file.
Replace "true" with "false"
Remove the elements authorizationStrategy and securityRealm
Start Jenkins
I found it in
C:\ProgramData\Jenkins\.jenkins
Jenkins Version: 2.319.2
Instead of removing all security (the top answer), Add admin access as root, to the user you want to give admin to. We had the same issue where all admins were no longer with the company. This is how I resolved the authentication problem: I logged into:
jenkins#<jenkins server>:/var/lib/jenkins/
Edit config.xml file, and add a config for
<permission>hudson.model.Hudson.Administer:<username></permission>
Then restart Jenkins:
root#<jenkins server>:/$ /etc/init.d/jenkins restart
Just use Jenkins > Configure Global Security bottom page matrix to provide permissions to the user (start w/ read)
I edited the /var/lib/jenkins/config.xml file and replaced the
<authorizationStrategy>...</authorizationStrategy>
with
<authorizationStrategy class="hudson.security.FullControlOnceLoggedInAuthorizationStrategy">
<denyAnonymousReadAccess>true</denyAnonymousReadAccess>
</authorizationStrategy>
It is the default settings after installation. Then restart the jenkins service.