SAML stopped working after update to Artifactory 5.3.1 - upgrade

We've used Artifactory 5.2.0 until today and had SAML configured and working. I just upgraded and now it doesn't work anymore. I'm being redirected to
https://MY_URL/artifactory/webapp/saml/loginResponse
which is not found.
Unfortunately I couldn't find any information about this on the Artifactory site - can anyone help?
I do not have access to ADFS directory unfortunately - we have an external partner for those kinds of things. But they told me that they haven't changed anything in their configuration.
Login into Artifactory works, also with LDAP and the new version works fine - except that one thing.

Turns out an ADFS patch was the problem and the message Artifactory got wasn't correct so obviously the login didn't work anymore. Unfortunately I didn't really get an error message that would have led me on the right path.
We fixed the ADFS, got a new certificate and now it's working again!

Related

WSO2 IWA with Kerberos – unable to decrypt kerberos token exception

We are using WSO2 5.4.1 version and trying to setup IWA using Kerberos. We have done all the configurations as mentioned in the following post.
https://medium.com/#farasath/integrated-windows-authentication-with-kerberos-and-wso2-identity-server-ffcd8263a0f1
When we try to access the application we are getting following exception.
We have checked all the configurations multiple times but not able to figure out the root cause. Can someone help us to find out what could be missing in this setup? Are we missing any additional step?
We have also tried with WSO2 IS version 5.5.0 but still getting same error.
How can we enable additional logging to see what is going wrong with kerberos token decryption?
It was indeed a JDK issue. For some reason we were using Oracle jdk1.8.0_45 and we were facing this issue. We had upgraded the version to jdk1.8.0_162 and we were able to proceed but then we encounter another problem. After authentication we were not getting remote claims in the response from WSO2 IS. As per this post (stackoverflow.com/questions/49997900/…) we upgraded to latest patch of WSO2 IS 5.5.0 and now it is working.
We are able to authenticate user using IWA-Kerberose.

Unable to clone git repository in Eclipse using https and SSH links

While trying to clone a Git repository in Eclipse Luna, I'm getting the error shown below using the https link:
I added the said values in the Git configuration using this link - "SSL host could not be verified" error but I'm still getting the same error.
I'm sure that the URL is correct. Not too sure if there's something wrong with proxy settings (I don't think so).
On the other hand, I tried the ssh link by generating keys and putting them into the enterprise gitlab account and also on the pc (windows) but I'm still being unsuccessful doing that and getting the same error shown in the image below except for the last point.
I checked the error log, while using the https link it says 'not authorized' and 'Auth fail' when I try to use the ssh link.
I'm listed as the member of the repository and I'm using my email and password of the enterprise account to access it, but no luck.
Help much appreciated. Thank you.
First, if you are using a private GitHub Enterprise in an enterprise, SSH URLS are rarely allowed.
For HTTPS URLs, you need to make sure your proxy configuration ignore host setting in Eclipse includes the domain name of the GitHub Enterprise (on premise) private server, or it will try to contact the proxy every time (and fail)
I have face same problem. To resolve this problem make sure your repository access level is public. It will solve this issue.
Assuming that your company uses their own certificate authority, their root certificate has most probably been added to your computer's trust store. However, Java by default uses its own trust store, so Eclipse does not know about it.
The best solution is to make Eclipse use the system trust store. See this answer for Windows or this answer for macOS.

Unable to integrate CQ5.6.1 with Site Catalyst

I'm having difficulty in integrating AEM 5.6.1 with Site Catalyst. It allows me to connect in the configuration successfully, but does not work on the framework setup.
I've followed the standard procedure to connect AEM to SC and it accepts my login in the configuration, but fails on the framework set up with the browser message 'We were not able to login to SiteCatalyst. Please check your credentials and try again.'. Behind the scenes in the server log;
12.12.2014 14:10:06.967 *WARN* [0:0:0:0:0:0:0:1 [1418393406764] POST /libs/cq/analytics/sitecatalyst/service.json HTTP/1.1] com.day.cq.analytics.sitecatalyst.impl.SitecatalystHttpClientImpl Data center 'https://api3.omniture.com/admin/1.3/rest/' responded with errors {"error":{"code":500,"message":"Internal Server Error"}}
12.12.2014 14:10:06.967 *ERROR* [0:0:0:0:0:0:0:1 [1418393406764] POST /libs/cq/analytics/sitecatalyst/service.json HTTP/1.1] com.day.cq.analytics.sitecatalyst.impl.servlets.SitecatalystServlet Call to SiteCatalyst method 'Company.GetReportSuites' failed com.day.cq.analytics.sitecatalyst.SitecatalystException: not authenticated
I've tried accessing via the API Explorer and it works.
I've tried the troubleshooting guide without success.
I can log in to Site Catalyst, I'm an admin, I am in the web services access group.
I've tried using a clean install of CQ5.6.1 with geometrixx - it doesn't work either.
I've tried this from a server and from a localhost/dev machine with the same results. No proxy. I've even tried using the shared secret as the password but then it doesn't connect at all, and fails on the configuration screen.
What might cause this to fail?
If it doesn't work with a fresh install and Geometrixx, then it's probably an Adobe bug. That's typically the first thing support will ask you about.
I would also verify using Geometrixx Outdoors, or a more recent demo site, on your fresh install, just to ensure it's not an outdated ClientLib issue.
I know this isn't a direct answer to your question, but honestly, I would approach the integration differently. I've worked with the AEM-SC framework and it's buggy at best. It's very finicky, it doesn't REALLY work the way the documentation claims, and it requires that you're very specific about what Clientlibs are on the page.
Moving forward, I think using Adobe Dynamic Tag Manager is the better approach, for many reasons. My understanding is that it's Adobe's recommendation as well. I'd consider moving to that. In AEM 5.6.1, you'll have to customize your integration with DTM, but it's not very hard.
Solution: Add a property on the configuration node for sitecatalyst: (eg. /etc/cloudservices/sitecatalyst/my-sc-configuration)
server=https://api.omniture.com/admin/1.2/rest/
it also seems to work with newer API versions such as https://api3.omniture.com/admin/1.3/rest/
It would appear that for 5.6.1 it ignores the OSGi configuration, at least for the configuration screens. With this extra property, the framework page loads without error and allows selection of the RSID.

ColdFusion 10 Can't Verify Exchange 2010 Mail Server

So I've been running CF9 on Linux for a while and using CFMail to send email through a client's Exchange 2010 server for quite a while.
We're attempting to migrate to CF10 on Win2008, IIS7.5. Everything is set and ready to go except I can't get CF10 to verify the mail connection? I've got both mail settings (CF9 and CF10) set the exact same way and can view them open side by side and verify they're identical. However, while the CF9 verifies successfully the CF10 system fails??
I tried sending through CFMail tags while specifying the server credentials and see this in the CF10 log:
"javax.mail.AuthenticationFailedException: No authentication mechansims supported by both server and client"
What does this mean? I know my authentication credentials are correct because I'm able to connect in CF9.
I've turned off all firewalls and still nothing. So, I then tried installing CF10 on my Mac laptop. It, too, will not verify the mail connection!
Is there a known problem with CF10 connecting to an Exchange mail server?
Any ideas?
I "solved" this.
I could find little online and received no comments to this thread. No combination of settings I tried would work and I have no access to the client's mail server. The person who runs that server couldn't run a lemonade stand so no help there.
Then I stumbled across this page. Nothing to do with ColdFusion but seemed like a similar issue.
Recent changes in the JavaMail API has changed certain authentication
defaults and sometimes will create an authentication error with some
Exchange Server environments dependent on the configuration.
I'd never put much thought into CFMail because it was always drop dead simple and simply worked. Focusing on this link's Resolution 2 (ie replace the mail.jar with an older version). I wondered if CF used JavaMail and if I could downgrade CFMail? I cracked open CF's mail.jar file and found that CFMail does, indeed, use the JavaMail API. So, I then checked the ColdFusion docs to see if any new features were added to CFMail between CF9 and CF10. None.
So, I swapped out the mail.jar file from my CF9 install to CF10 and restarted. Boom! Everything worked immediately. As far as I can tell I've had no compatibility issues to report.
Swapping the mail.jar did not work for me. However, adding the following to JVM arguments
-Djava.net.preferIPv4Stack=true
worked for me. Please refer to the following article
Java Mail mystery - SMTP blocked?
posted by another user

Eclipse with TFS plugin - endless login loop

I have a problem in eclipse with the tfs plugin. I try to login and it stuck in some kind of login loop.
I looked here and in google. Nothing help.
I found this posts:
Eclipse with TFS plugin - looping login
http://social.msdn.microsoft.com/Forums/vstudio/en-US/5e3f8b3a-d623-4401-b9f1-50f1f52ab299/eclipse-tfs-plugin-keeps-signing-in-in-loop-followed-by-there-were-some-problems-message
I tried to clean cookies and password and everything possible in IE
I reinstalled the plugin. I updated everything possible, checked for eclipse indigo last version (3.2.7)
Nothing worked. Anyone can help me?
The forum posts you referenced are about the Team Foundation Service, not the on-premise server. Since the service uses Microsoft Accounts (previously known as Live Id's) it depends on cookies in your browser.
The on-premise version of Team Foundation Server uses your domain account which isn't stored as a cookie, but which is stored in the Windows Credentials Vault by default for Windows processes. Try going through the stored credentials to make sure your username/password or TFS server isn't mentioned there. If it is, either update it or remove it.
Can you verify whether the same account settings are correctly picked up by Visual Studio/Team Explorer (if you have it installed on the same machine)? Eclipse and Team Explorer should use the same credential vault.