When we create a message hub instance in bluemix, we can see a service credentials tab on the screen. The data is in json format and not editable:
"user": "xxxxxxxxxxxxxxxx",
"password": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
Is there any method to customize or edit the username and password?
no, there is no way for you to customise or edit the username and password.
You can delete the credentials you have, and use the "new credential" button to generate a new username and password, but these will also be randomly generated for you. (I would recommend you do delete the credentials you have shared here...)
Related
I have keycloak on docker (v20.0.2) and as you know some versions change some or good part of the UI, so is hard to follow tutorials around the web...
I am trying to follow this particular tuto
https://developers.redhat.com/blog/2020/11/24/authentication-and-authorization-using-the-keycloak-rest-api#keycloak_sso_demo
that seems the more updated. My keycloak is actually behind traeffic and thomseddon/traeffic-fordward-auth with a docker-compose file (but the connection through traeffic is good and I have acces to admin UI)
So on step 10 of the tutorial things change for me, I have to look for that particular view inside:
Click on lateral menu Client Scope
Click on button Create client scope
Give a name to the scope, and click on Tab Mapper
All mappers are predefined... so there is no "New mapper" don't understand this bit
then just follow the tuto
With that series of steps I get an error when retriving the token...
https://keycloak:8443/realms/education/protocol/openid-connect/token
enter image description here
(this are fake local data from the realm I created for testing)
that responds with a or something similar I have also tried to change the grant_type to password, and the same happens can not query the token....
{
"error": "invalid_client",
"error_description": "Invalid client or Invalid client credentials"
}
But if I do not link a user with an scope/role as in the tuto suggest then I get the token, but of course I want to use the role or scope to limit who can see which endpoint and who can not
Any step that I'm missing from this update, do you have the same error?
Thank you in advance
I have tried to run it with different combinations of options to see if there is a toggle that actually allows me to fetch the token
Also with different types of grant_type
I will build an API in Python (I don't know Java and prefer Json instead of XML) that connect to this keycloak to allow users or not based on their scope/role/permission or something
I need to be able to block user so if user Student try to access an url from another Student he get blocked that url. So is based on the role or scope or I don't know which is prefered or easer to accomplish, the mission is to block users or not based on a factor that could be used for this in keycloak.
I want, for example, create a new client with admin user using admin-cli client.
The token generation works fine:
POST /auth/realms/master/protocol/openid-connect/token
b'username=admin&password=admin&grant_type=password&client_id=admin-cli'
Using that token I can also do some queries like when I need to get id of a client:
GET /auth/admin/realms/master/clients?clientId=my-test-cli
H' Authorization: Bearer xyz
H' Content-Type: application/json
However, when I want to create a new client-role or a new client I always get 400 error. I changed the log level to DEBUG in the Keycloak server but there is nothing useful there other than seeing logs that says the token successfully created.
POST /auth/admin/realms/master/clients/7534ac42-fe8b-4cde-b6c6-c385f4958e3b/roles
400 {"error":"unknown_error"}
I am using Python v3.x and Keycloak v14.0.0 running with JBoss Wildfly container.
Looking at admin user, it seems it has all the roles like admin, default-roles-master, create-realm and I don't see any role in the listings to assign because it seems it has it all. The same for the admin-cli client. The configuration of these two (admin user and admin-cli) are the default configuration that you start the server for the first time.
Do I need anything extra like creating a new role or something in order to get this working?
My payload to create a confidential client:
payload = {
"name": "Some Name",
"clientId": "some-name",
"secret": "some-name-secret",
"enabled": true,
"publicClient": false,
"authorizationServicesEnabled": true,
"redirectUris" : ["/*"]
}
I want to answer my question so that everyone with similar situation won't face the same issue.
Turned out that the payload that I was sending was not correct, thanks to #JanGaraj who pointed that out. But what I want to answer here is that how to find out what should the request body look like.
First, do not look at the documentation. In the documentation all the fields are optional and URLs are not correct either.
The simplest way is to start Keycloak server locally and log into the admin console in Firefox or Chrome, then press F12 to open Development Mode. Then you can see all the requests/responses in there.
For example, if you want to see how to update a role, go to Roles menu item on the main menu and select a role and update it. You can see PUT request with its body. That tells you what you need to pass in and to what URL.
As a hint, you don't need to pass everything when updating, normally only IDs and the fields that you want to update are enough.
When I configure ZAP as in the guideline https://github.com/zaproxy/zap-core-help/wiki/HelpStartConceptsAuthentication
the username and password are not replaced with the ones defined in the Users context setting.
Any idea why this happens?
This is same issue as in https://github.com/zaproxy/zaproxy/issues/2079.
Have a look at https://github.com/zaproxy/zaproxy/wiki/FAQformauth particularly the 'Diagnosing problems' section.
I'm trying to create a new warehouse from the Cloudant dashboard, but receive the following error message:
The Bluemix credentials you entered don't appear to be valid. Please try again.
I had a look at the network traffic and noticed the following url:
https://...cloudant.com/_api/v2/partners/dashdb/warehouse/account?
bluemix_username=...&bluemix_password=...%26...
I checked my password and there was an ampersand in it & which looks as though it has been url encoded.
Do I need to remove any characters from my password that could get urlencoded to a different value?
I removed the & character from my password and I was able to enter my credentials without problem.
I'll leave this Q&A here in case any one else experiences this issue.
I tried to get password for the particular profile, but I'm struggling to do so.
My friends suggested that we can get profile information when we pass profile id. Can any one help me how to do this?
Here is a code snippet of what we've done so far using profileId:
Repository repository = getConnection();
RepositoryView view=repository.getView("user");
RqlStatement stat=RqlStatement.parseRqlStatement("email=?0");
Object param[]={resetEmail};
RepositoryItem[] emailCheck=stat.executeQuery(view, param);
Map profile= new HashMap();
profile.put("userId",profileId);
Please help me get profile information when we pass profile id.
First of all, in ATG the Profile's password is hashed to prevent any malicious attacker from reading it in clear text. Depending on your ATG version it will be hashed in MD5 or SHA-1 plus some salt, so you will NOT be able to see a clear text password.
Second, why do you need to access the password? If you have a specific requirement, such as logging the user in, post it and I will be able to assist.
That said, assuming that you have a valid scenario where you need to access the hashed password, how to do it depends on whether you just need the password of the user that is logged in, or some other user.
For the currently logged in user, you just need to resolve the /atg/userprofiling/Profile component, and do
String password = (String) profile.getPropertyValue("password");
Obviously the "password" string should replaced with a constant or with the Profile propertyManager, depending on your project's coding practices.
If you want to access the password (remember, you can't access the clear text password, only the hashed version of it) of any other user, you need to locate the user first. The /atg/userprofiling/ProfileItemFinder component has tools to help you with these, so you'll have to inject it into whatever component you are writing:
RepositoryItem user = profileItemFinder.findByEmail("your#email.com", "user")[0];
String password = (String) user.getPropertyValue("password");
Hope this helps.
Edit
If all you have is the profile id, you can use the following snippet after injecting the /atg/userprofiling/ProfileTools component:
Profile user = profileTools.findProfile("profile id");
String password = (String) user.getPropertyValue("password");