I have a guest executable service deployed to Service Fabric with the following Traefik tags:
<StatelessServiceType ServiceTypeName="MyServiceServiceType" UseImplicitHost="true">
<Extensions>
<Extension Name="Traefik">
<Labels xmlns="http://schemas.microsoft.com/2015/03/fabact-no-schema">
<Label Key="traefik.frontend.rule">PathPrefixStrip:/myservice</Label>
<Label Key="traefik.expose">true</Label>
<Label Key="traefik.frontend.passHostHeader">true</Label>
</Labels>
</Extension>
</Extensions>
</StatelessServiceType>
And the Traefik toml file is configured with the ServiceFabric backend as follows:
[serviceFabric]
clusterManagementUrl = "http://localhost:19080"
apiVersion = "3.0"
refreshSeconds = 10
However when i navigate to the traefik UI the service is displaying on the left hand side under the 'ServiceFabric' tab but the endpoints on the right hand side show no items in the table.
Is there something missing in order to get them to be displayed.
Related
Hello everyone,
I deployed WSO2 APIM on a kubernetes cluster which includes the micro integrator, and I used Integration Studio locally to develop my first integration solution.
I followed these steps:
Configured the service catalog in Integration Studio using the ingress address of the APIM
The service appears inside the services tab
I created an API out of that service
Error : When I try testing the API I get the following error "Error Connecting to Back end"
I think the service url may be the problem, I tried using the ingress address for the Micro Integrator but it didn't work
The following is my configuration:
metadata.yaml file
---
key: "HelloWorld-1.0.0"
name : "HelloWorld"
displayName : "HelloWorld"
description: "Sample API"
version: "1.0.0"
serviceUrl: "https://localhost:8290/sample"
definitionType: "OAS3"
securityType: "BASIC"
mutualSSLEnabled: false
swagger.yaml file
openapi: 3.0.1
info:
title: HelloWorld
description: API Definition of HelloWorld
version: 1.0.0
servers:
- url: /sample
paths:
/testing:
get:
responses:
default:
description: Default response
and my API
<?xml version="1.0" encoding="UTF-8"?>
<api context="/sample" name="HelloWorld" xmlns="http://ws.apache.org/ns/synapse">
<resource methods="GET" uri-template="/testing">
<inSequence/>
<outSequence>
<payloadFactory description="name" media-type="json">
<format>
{"name":"$1","role":"$2"}
</format>
<args>
<arg evaluator="json" expression="$.name"/>
<arg evaluator="json" expression="$.role"/>
</args>
</payloadFactory>
</outSequence>
<faultSequence/>
</resource>
</api>
Hope Someone can help me as I'm really stuck
If you are trying to the testing through the console included in APIM, it might not recognize the Ingress host names (I assume the ingress host mapping is done in your local /etc/hosts). This should work if you use get the relevant curl and invoke it through the terminal.
As an alternative, you can use the service name (instead of Ingress host name) of the MI deployment and see whether you can invoke it through APIM's inbuilt console. This is of course if you have deployed those in the same namespace.
currently We have CAS SSO to our existing .net application, but now client is asking for Shibboleth SSO instead CAS. I'm totally new to Shibboleth.
Client has given the below details:
entityid= urn:mace:incommon:xxx.edu
metadata URL for test environment is:
https://shibboleth-test.xxx.edu/idp/shibboleth
By using guidelines from Shibboleth site, below are the steps i followed.
Installed Shibbolth Service provider (shibboleth-sp-2.6.1.4-win64.msi)
Installed Java with JCE
Installed Shibboleth Idp (in which jetty also checked)(shibboleth-identity-provider-3.3.3-x64.msi)
Web Application with self signed certificate
attached my Shibboleth2.xml file
<SPConfig xmlns="urn:mace:shibboleth:2.0:native:sp:config" xmlns:conf="urn:mace:shibboleth:2.0:native:sp:config" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" clockSkew="180"> <InProcess logger="native.logger"> <ISAPI normalizeRequest="true" safeHeaderNames="true">
<Site id="2" name="shibboleth-test.xxx.edu" scheme="https" port="443" />
</ISAPI> </InProcess> <RequestMapper type="Native"> <RequestMap> <Host name="shibboleth-test.xxx.edu" scheme="https" port="443">
<Path name="secure" authType="shibboleth" requireSession="true"/>
</Host>
</RequestMap></RequestMapper><ApplicationDefaults entityID="urn:mace:incommon:xxx.edu" REMOTE_USER="eppn persistent-id targeted-id" cipherSuites="ECDHE+AESGCM:ECDHE:!aNULL:!eNULL:!LOW:!EXPORT:!RC4:!SHA:!SSLv2"> <Sessions lifetime="28800" timeout="3600" relayState="ss:mem" checkAddress="false" handlerSSL="true" cookieProps="https"> <SSO entityID=""urn:mace:incommon:xxx.edu" discoveryProtocol="SAMLDS" discoveryURL="https://ds.example.org/DS/WAYF"> SAML2 SAML1 </SSO>
<!-- SAML and local-only logout. -->
<Logout>SAML2 Local</Logout>
<!-- Extension service that generates "approximate" metadata based on SP configuration. -->
<Handler type="MetadataGenerator" Location="/Metadata" signing="false"/>
<!-- Status reporting service. -->
<Handler type="Status" Location="/Status" acl="127.0.0.1 ::1 <my system IP">/>
<!-- Session diagnostic service. -->
<Handler type="Session" Location="/Session" showAttributeValues="false"/>
<!-- JSON feed of discovery information. -->
<Handler type="DiscoveryFeed" Location="/DiscoFeed"/>
</Sessions>
<Errors supportContact="root#localhost"
helpLocation="/about.html" styleSheet="/shibboleth-sp/main.css"/> <!-- Map to extract attributes from SAML assertions. --> <AttributeExtractor type="XML" validate="true" reloadChanges="false" path="attribute-map.xml"/>
<AttributeResolver type="Query" subjectMatch="true"/> <AttributeFilter type="XML" validate="true" path="attribute-policy.xml"/>
<CredentialResolver type="File" key="sp-key.pem" certificate="sp-cert.pem"/>
</ApplicationDefaults>
<SecurityPolicyProvider type="XML" validate="true" path="security-policy.xml"/>
<ProtocolProvider type="XML" validate="true" reloadChanges="false" path="protocols.xml"/>
</SPConfig>
Problems I'm facing......
When i try to access https://shibboleth-test.xxx.edu/Shibboleth.sso/Status
getting error no metadataprovider available.
Noticed Problems:
1.when i try to add Metadataprovider Shibboleth daemon 2 service is getting
stopped and unable to start.if i remove it's is running.
2.Shibboleth Idp 3 deamon is getting stopped very frequently
When i run 'SC interrogate shibd_idp' in command prompt, results are
control service failed 1062
the service has not been started.
I donno what is wrong with my work.
Can any one please tell me what are the steps to be followed to accomplish this integration.
Thanks in advance,
Hema
There will be a tag in shibboleth2.xml called metadata provider, you will need to open that.
If you have done this but shill service is not getting started then you can check the log and give additional info in question.
Another reason I can think of is connection problem. Try downloading idP's metadata and store it physically in the SP configuration folder. Manually map the file, using following tag
<MetadataProvider type="XML" file="partner-metadata.xml"/>
All the issues has been resolved after we upgraded from Shibboleth 2.6 to 3.0.2. we are getting the Shibboleth Identity provider login page.We are able to see the attributes in Session.Now we are working on how to retrieve the attributes in our application and how to redirect to our application home page.Currently we created 1 sample html page under secure folder in our application. once we logged in we are able to this html page.But when i tried to redirect to our application home page, it's giving 500 error. Can any one knows like how to redirect to our app home page and retrieve the attributes in the application.
I have an existing WCF REST service running on an Azure Windows Server 2012 using IIS8. Let say 1x.2x.3x.4x:7777/InvService.svc/RESTquery is how my users currently use the service.
I am wanting to replace the IP address with a hostname, say www.testDomain.com so the user will can then use www.testDomain.com:7777/InvService.svc/RESTquery.
After obtaining the domain name from GoDaddy, assigning IP 1x.2x.3x.4x, and testing it (my default site on the server comes up, hence why I am using port 7777). When I try www.testDomain.com:7777/InvService.svc/RESTquery I get a "Connection Timed Out" error.
I believe I am needing to add or change something inside my Web.config file but cannot seem to find the right answer. Here is what my current unsuccessful Web.config file looks like.
<services>
<service name="WCFInventoryService.InvService">
<endpoint address="RESTquery" behaviorConfiguration="restPoxBehavior"
binding="webHttpBinding" contract="WCFInventoryService.IInvService" />
<identity>
<dns value="www.testDomain.com" />
</identity>
</endpoint>
<host>
<baseAddresses>
<add baseAddress="http://www.testDomain.com/"/>
</baseAddresses>
</host>
</service>
</services>
What am I doing wrong? or should try?
I solved my problem. The problem was how the domain was set up in GoDaddy. In the GoDaddy account, the domain was set up to forward to the IP address and not to point to. Once I removed the forwarding record and changed the A record to point to the IP address in the GoDaddy account, the WCF service was accessible by using www.testDomain.com:7777/InvService.svc/RESTquery
I've a SF application with following structure.
Application1
- ServiceA -> Deployed to NodeType1
- ServiceB -> Deployed to NodeType2
- ServiceC -> Deployed to NodeType2
- ServiceD -> Deployed to NodeType2
ServiceA is a front-end service listening on TCP port and has some specific security requirements. Hence it is deployed on NodeType1.
Service B,C & D are back-end service, and deployed to NodeType2.
ServiceA requires NetworkServiceAccount to have access to a certificate which is installed only in NodeType1. And because this is not an endpoint certificate, I'm trying to define a SecurityAccessPolicy for this certificate resource. Initially I tried defining the following in AppManifest.xml.
<Principals>
<Users>
<User Name="SfServiceUser" AccountType="NetworkService" />
</Users>
</Principals>
<Policies>
<SecurityAccessPolicies>
<SecurityAccessPolicy ResourceRef="TLS Certificate" PrincipalRef="SfServiceUser" ResourceType="Certificate" />
</SecurityAccessPolicies>
</Policies>
<Certificates>
<SecretsCertificate X509FindValue="[TlsCertificateThumbprint]" Name="TLS Certificate" />
</Certificates>
While registering ApplicationType, it failed with "Service Fabric Error: Failed to ACL folders or certificates required by application. Error:FABRIC_E_CERTIFICATE_NOT_FOUND". This was because "TLS Certificate" is installed only in NodeType1, but SF was looking for this certificate in NodeType2 as well.
As a workaround, I tried defining SecurityAccessPolicy in ServiceManifestImport section of AppManifest.xml, as below.
<ServiceManifestImport>
<ServiceManifestRef ServiceManifestName="ProtocolGateway.Host.Fabric.FrontEndPkg" ServiceManifestVersion="1.0.0" />
<Policies>
<RunAsPolicy CodePackageRef="Code" UserRef="SetupAdminUser" EntryPointType="Setup" />
<RunAsPolicy CodePackageRef="Code" UserRef="SfServiceUser" />
<SecurityAccessPolicy ResourceRef="TLS Certificate" PrincipalRef="SfServiceUser" ResourceType="Certificate" />
</Policies>
</ServiceManifestImport>
But this failed with error too - "The ResouceRef 'TLS Certificate' in SecurityAccessPolicy is invalid. There is no matching Resource in the corresponding ServiceManifest."
Though SecurityAccessPolicy inside ServiceManifestImport section accepts ResourceType as Certificate, ServiceManifest doesn't support defining Certificate as a Resource. Only EndPoint is supported.
While I could define ServiceA in one ApplicationType and other services in a different ApplicationType, I don't intend to do that, as these are related services and I want to use SF versioning to manage upgrade and rollback.
Please suggest me alternate for handling this requirement.
Installer installs windows service.
I provide form to user to select one of accounts to start the service:
Local service
Local System
Network System
User account
When I select User and enter Domain\Administrator account + pwd during the installation, service cannot be started.
When I select Local Service it started ok. After this I can change manually account to the same Domain\Administrator account and it started ok.
Why such different behavior?
How I can start service during the installation under any users' account?
Take a look at the Util Extensions User element. You can set the CreateUser attribute to no, the Name attribute to the [PROPERTY] that you are using in your UI for UserName Input and the LogonAsService attribute to yes. This will instruct WiX to grant your user the LogOnAsService right without having to write a custom action to call ntrights.exe.
Here's a sample as requested:
<?xml version="1.0" encoding="utf-8"?>
<Wix xmlns="http://schemas.microsoft.com/wix/2006/wi" xmlns:util="http://schemas.microsoft.com/wix/UtilExtension">
<Product Id="*" Name="Setup" Language="1033" Version="1.0.0.0" Manufacturer="test" UpgradeCode="5c6b0f52-d024-4f1b-bfae-2dbb96b3ef15">
<Package InstallerVersion="200" Compressed="yes" InstallScope="perMachine" />
<MajorUpgrade DowngradeErrorMessage="A newer version of [ProductName] is already installed." />
<MediaTemplate EmbedCab="yes" />
<UIRef Id="WixUI_Minimal" />
<Feature Id="ProductFeature" Title="Setup" Level="1">
<ComponentRef Id="serviceComponent" />
</Feature>
<Directory Id="TARGETDIR" Name="SourceDir">
<Directory Id="ProgramFilesFolder">
<Directory Id="INSTALLFOLDER" Name="Setup">
<Component Id="serviceComponent" Guid="380bbddd-daa7-0744-517b-37da768f5570">
<File Id="serviceFile" Source="$(var.WindowsService.TargetPath)" KeyPath="yes" />
<ServiceInstall Id="serviceInstall" Name="WindowsService" DisplayName="WindowsService" Start="auto" Type="ownProcess" ErrorControl="ignore" Account=".\serviceaccount" Password="p2Ekutrekac34ph2" />
<ServiceControl Id="serviceControl" Name="WindowsService" Start="install" Stop="both" Remove="both" Wait="no" />
<util:User Id="user" CreateUser ="yes" Name ="serviceaccount" Password="p2Ekutrekac34ph2" LogonAsService="yes" UpdateIfExists="yes" RemoveOnUninstall="yes" PasswordNeverExpires="yes" FailIfExists="no" Domain="[ComputerName]" CanNotChangePassword="yes" Disabled="no" PasswordExpired="no"/>
</Component>
</Directory>
</Directory>
</Directory>
</Product>
</Wix>
You need to make sure that the selected user account has the right to log on as a service. It doesn't matter if you are an Administrator, you cannot install services for an user without giving him the log on right.
If setting this policy works, you also need to do it dynamically during install. A solution is to use ntrights.exe as a custom action. This custom action can use your custom properties which contains the user account information.
In case anyone wonders why the code from #Christopher Painter his answer didn't work. I had similar code that didn't work with error 1923.
Error 1923. Service '' () could not be installed. Verify that you have sufficient privileges to install system services.
MSI (s) (10:08) [15:55:00:161]: Product: '' (64 bit) -- Error 1923. Service '' () could not be installed. Verify that you have sufficient privileges to install system services.
Until I found that services.msc dialog needs to be closed during installation.
No idea why, but it works.
During development services.msc was open all the time, so I never noticed.