I am trying to download the file using CDN edge server, but it gives 403 - forbidden error.
I have created the end point long back, so I dont remember either I created the token auth for this or not.
Does anyone have any idea after creating the token auth where the info goes so that I can see what is the expiry date and key value for the same.
Please let me know if any more information is required on this.
Thanks for the help in advance.
If you created a token, you will need to go to the 'manage' tab at the top bar of the CDN profile blade in portal.azure.com.
See this for screenshots and steps: https://learn.microsoft.com/en-us/azure/cdn/cdn-token-auth
Related
I have keycloak on docker (v20.0.2) and as you know some versions change some or good part of the UI, so is hard to follow tutorials around the web...
I am trying to follow this particular tuto
https://developers.redhat.com/blog/2020/11/24/authentication-and-authorization-using-the-keycloak-rest-api#keycloak_sso_demo
that seems the more updated. My keycloak is actually behind traeffic and thomseddon/traeffic-fordward-auth with a docker-compose file (but the connection through traeffic is good and I have acces to admin UI)
So on step 10 of the tutorial things change for me, I have to look for that particular view inside:
Click on lateral menu Client Scope
Click on button Create client scope
Give a name to the scope, and click on Tab Mapper
All mappers are predefined... so there is no "New mapper" don't understand this bit
then just follow the tuto
With that series of steps I get an error when retriving the token...
https://keycloak:8443/realms/education/protocol/openid-connect/token
enter image description here
(this are fake local data from the realm I created for testing)
that responds with a or something similar I have also tried to change the grant_type to password, and the same happens can not query the token....
{
"error": "invalid_client",
"error_description": "Invalid client or Invalid client credentials"
}
But if I do not link a user with an scope/role as in the tuto suggest then I get the token, but of course I want to use the role or scope to limit who can see which endpoint and who can not
Any step that I'm missing from this update, do you have the same error?
Thank you in advance
I have tried to run it with different combinations of options to see if there is a toggle that actually allows me to fetch the token
Also with different types of grant_type
I will build an API in Python (I don't know Java and prefer Json instead of XML) that connect to this keycloak to allow users or not based on their scope/role/permission or something
I need to be able to block user so if user Student try to access an url from another Student he get blocked that url. So is based on the role or scope or I don't know which is prefered or easer to accomplish, the mission is to block users or not based on a factor that could be used for this in keycloak.
I am using ZAP security testing tool.but at the point of Authentication by username and password of a JSON Request, I face problem to configure these. I checked all links and blogs too. but I can't get the proper step by step solution on it.
Request code:-
{"userName":"cwc_patna","password":"33a0d2e93e0ad396b7c9374bbbc83a58"}
Response code:-
{"userId":72,"userName":"cwc_patna","password":"33a0d2e93e0ad396b7c9374bbbc83a58","emilId":"pratyush#sdrc.co.in","userTypeId":1,"viewName":"cwc","isLive":null,"isActive":null,"isApproved":null,"sjpuAccess":null,"userUserTypeFeaturePermissionMapping":null,"area":null}
That functionality was only just added last week: https://github.com/zaproxy/zaproxy/pull/4624
If you want to use it, you'll either have to use a weekly: https://github.com/zaproxy/zaproxy/wiki/Downloads#zap-weekly
Or, wait for the next full release (likely 2.8.0).
The corresponding PR to update the help content for the new JSON Authentication functionality is here: https://github.com/zaproxy/zap-core-help/pull/188/files if you want to check it out.
You set it up the same way you would for form based authentication. Make sure you define a Logged-in or Logged-out Identifier (or both). Here's some screenshots to help you along:
Manually configure the Authentication for your Context:
Use the Site Tree Context menu(s) to set it up:
Here's an additional help link that might assist you in getting authentication setup: https://github.com/zaproxy/zaproxy/wiki/FAQformauth
On this page https://secure.na1.echosign.com/public/docs/restapi/v5#WidgetFileInfo i'm trying to create widget (POST /widgets).
Here is WidgetCreationRequest exmaples and responses from server.
{"widgetCreationInfo":{"name":"SomeRandom","signatureFlow":"SENDER_SIGNATURE_NOT_REQUIRED","fileInfos":[{"documentURL":{"name":"83011.pdf","url":"http:\/\/www.state.gov\/documents\/organization\/83011.pdf","mimeType":"application\/pdf"}}]}}
Server is thinking (1-2 minutes) and gives "BAD_REQUEST" response.
{"widgetCreationInfo":{"formFieldLayerTemplates":[{"documentURL":{"name":"83011.pdf","url":"http:\/\/www.state.gov\/documents\/organization\/83011.pdf","mimeType":"application\/pdf"}}],"name":"SomeRandom","signatureFlow":"SENDER_SIGNATURE_NOT_REQUIRED","fileInfos":[{"documentURL":{"name":"83011.pdf","url":"http:\/\/www.state.gov\/documents\/organization\/83011.pdf","mimeType":"application\/pdf"}}]}}
I don't know why i decided to use formFieldLayerTemplates, but this time server says You cannot work on behalf of this user.
Document was randomly taken from google.
Please help me to create a widget, I despaired!
Your first request is absolutely correct. There seems to be some issue specific to the URL. I just tried it with the following public URL: https://www.researchgate.net/profile/Donald_Specht/publication/220360902_Probabilistic_Neural_Networks._Neural_Networks_3109-118/links/0c96051b63d9acfb5e000000.pdf and it worked fine. Can you please try out at your end?
I am trying to programmatically download a image from CQ5.I have made a link which when clicked should download a image.To do this I have made a ajax call to a servlet ,for whenever user clicks on the image,we should get a pop of open and save dialog.
This is the code I have written in servlet to download the image.
**response.setContentType("image/png");
response.setHeader("Content-Disposition", "attachment; filename=icon" + ".png");
URL url = new URL("http://somehost:portnmuber/content/dam/image.jpg");
URLConnection connection = url.openConnection();
InputStream stream = connection.getInputStream();**
I am continuously getting 401 error.
Is there some another way that I can do this.
Thanks,in advance.
Firstly, have a look at the download component in the foundation libs:
/libs/foundation/components/download/download.jsp
Secondly, if you don't have a session open with CQ5, it will by default give you a 401 error. I am assuming you are in a generated container for CQ5, or are you just randomly accessing from another domain?
Note that even for anonymous access, CQ will still establish an anonymous session, and give you a login token. Anonymous is effectively still authenticated, just without the requirement of a username and password.
You are gettin 401 error because anonymous user permissions for the DAM are not set.
At first, you should grant access permissions for 'anonymous' users for node '/content/dam'.
You can do it from the page: "http://somehost:portnuber/useradmin" . Doble click on user 'anonymous' and go to the tab 'permissions' (on the window right). Check read permissions for 'dam' node.
Secondly, go to the system console, components tab (http://somehost:portnmuber/system/console/components) and find org.apache.sling.engine.impl.auth.SlingAuthenticator component. Click to 'configure' button. In the component configuration check 'Allow Anonymous Access' and press 'Save'.
Should work.
CQ5 uses sessions so downloading from a path requires a username/password on the author instance, for example curl -u username:password http://someserver.com:4502/etc/packages/my_packages/package.zip -o localpath/package.zip would download a package based on someone who had permissions to read it. For images you need the image path something like http://someserver.com:4502/content/dam/640x960.jpg to get the image, but you would need to add /jcr:content/renditions/original to get the original e.g. http://someserver.com:4502/content/dam/640x960.jpg/jcr:content/renditions/original. You can also change the image path to get a specific rendition of the image, for example http://someserver.com:4502/content/dam/640x960.jpg/jcr:content/renditions/cq5dam.thumbnail.140.100.png gets a 140x100 version of the image.
I had a similar issue trying to download images from AEM to iOS devices. It turns out AEM (at least the instance I'm hitting) requires a referer header; if absent the request is rejected. The problem did not surface with the simulator, just with real devices. This did the trick:
[request setValue: #"https://www.example.com/" forHTTPHeaderField: #"Referer"];
I have been trying to subscribe to real-time updates for the past week and I have been unsuccessful.
When I do the HTTP post (using rest-client) to URL:
https://graph.facebook.com/<app-id>/subscriptions
...I get this error message as response:
{"error":{"message":"(#100) The parameter object is required","type":"OAuthException"}}
My header parameters were as follows:
access_token=***,
object=user,
fields=friends,
callback_url=https://aaa.appspot.com,
verify_token=(app secret key)
I'm not able to find where I'm going wrong.
Somebody please kindly guide/help me figure my mistake.
The below link was used as a reference.
http://www.fb-developers.info/tech/fb_dev/tutorial/bytopic/realtime_upd_02.php
Thanks you for your time in advance.
You need to send your request to https://graph.facebook.com/appid/subscriptions and not https://graph.facebook.com/subscriptions - although that might be an error in your question and not your code!
EDIT: I just checked the markup for your question and you do have appid in the URL, it just wasn't displaying properly
How are you getting the access token? You must use an application access token and not a user access token, i.e. retrieve the access token from https://graph.facebook.com/oauth/access_token?client_id=<APP_ID>&client_secret=<APP_SECRET>&grant_type=client_credentials
https://developers.facebook.com/docs/reference/api/realtime/ is the official documentation, that might be more up to date than the link you've been using.