I am running a WebSphere 8.5.5.3 installation with WebSphere HTTP server in a cluster environment on AIX. I am having a problem of incorrect redirects upon login e.g.:
User is trying to access http://domain_name/app_name/resource_name
User is redirected to the login page at http://domain_name/Login.html
User enters valid credentials
User is redirected to the incorrect url at http:///app_name/resource_name
If the user logs in a second time then everything works fine
What am I doing wrong? Have I misconfigured something?
Thanks to https://www.ibm.com/developerworks/community/forums/html/topic?id=8deb461e-d3fe-41e5-9402-52be4ec4dba9 here is the answer:
http://www-01.ibm.com/support/docview.wss?rs=203&ca=portall2&uid=swg21259747
Summary:
Create a custom property for WebSphere Global Security:
Name: com.ibm.websphere.security.util.fullyQualifiedURL
Value: true
I was able to restart the WebSphere application server... but you may need to restart all of WebSphere if restarting just the app server app is not enough.
Related
I am trying to have users access Keycloak from a different hostname through a proxy. Instead of the actual AWS hostname aws.exampleurl.com:8080 I have a proxy which routes all traffic from example.hostname.com/auth to the AWS url. I am able to access the Keycloak welcome screen and kick off the administrator login (with failed CSS loads which I assume is due to the same issue but I'm not sure), but when I input a set of credentials I am told that there was no cookie found. I have the cookies set to allow all in my browser (Brave).
I have set the HOSTNAME_URL env var to example.hostname.com/auth, tried using a mixture of the HOSTNAME and HOSTNAME_PATH env vars. I have tried setting HOSTNAME_STRICT to false, but to no luck. I've tried restarting the service and restarting the database I have running with Keycloak but these changes have also not worked.
Any ideas on how to get this running correctly would be amazing. Let me know if more info is needed to reproduce.
I downloaded WSO2 IS, took care of all the prerequisites and started it using "wso2server.bat --run" command.
It's running and I am able to configure it in Management Console as Identity Provider (SAML 2.0). I also added my app as Service Provider (SAML 2.0). SSO seems to be working - I navigate to my app, it redirects to WSO2 IS where I log in using default admin/admin. I am then redirected to assertion service in my app when I am authenticating a user. Everything great so far!
The problem is that when I close the browser (using incognito mode) and try to repeat that process and login to WSO2 IS using the same user (admin/admin) I get error message:
"Login failed! Please recheck the username and password and try again."
I also get similar message in console:
[2018-02-08 15:57:39,258] ERROR {org.wso2.carbon.identity.scim.common.listener.SCIMUserOperationListener} - Trying to login from an inactive account of user: admin
How is that possible? It looks like the second I use given user during SSO process - that account gets deactivated. I can't even login to WSO2 IS Management Console.
I did not change any configuration other than mentioned above.
I would appreciate any help.
I have a com+ application that when I connect to the machine and start the application, it works without issue. It is set with a run identity that is a service account with a non-expiring password.
I have another application (running as a service) that calls the COM+ application is set to run as the same service account. When I invoke the commands I need while logged in to machine that is running the service (the one that calls the COM+ application) it works without issue.
If I log out of the machine running the service and monitor the process that is running, I get the following error:
The server process could not be started because the configured identity is incorrect. Check the username and password.
I'm trying to find out if there is a group policy that might be interfering here. Everything works fine when I'm logged in, but when I log out, the service continues to run but fails to call the COM+ application. I know there are AD policies that prevent services from running when the account is not logged in, but are there any that would prevent the COM+ application from starting when called from a service that is running as a user that is not logged in?
Any suggestions would be very helpful.
The issue only showed up when the application was running as a service and the service account was not logged in. The issue I think was related to a double hop but where I'm not exactly sure. I was able to work around the issue by changing the identify for the DCOM object to use the specific service account's credentials.
I have created OpenShift account, and I can login to OpenShift web console from browser, but I can't connect from eclipse. Server type is set to OpenShift 2 and "use default server" is checked. I entered the email address for username and password, the same stuff I use for logging in on OpenShift Web Console.
When I try to login I get :
Your credentials are not authorized to access "https://openshift.redhat.com/broker/rest/user"
The problem you're running into is that you're actually using OpenShift Online 3. You can find a blog post about using eclipse with OpenShift Online 3 here. The only difference being that you need to replace the console url with the correct url from your cluster.
Your cluster's console URL will look like https://console.<cluster-name>.openshift.com.
I'm trying to connect a Spring App Keycloak, but I get this error:
After I enter to my app, and I was redirected to Keycloak for authentication, I receive an error in my browser:
192.168.1.66 redirected you too many times.
Full url
URL: http://192.168.1.66:9092/keycloak-sp-example/sso/login?state=139%2F1ed115fb-4d4f-468c-9a72-845f9cfa9cdb&code=PVGhg5X28G8fjNt36tMGHTJIP7CQdHOhoK4XhPgUh3E.2d885db5-5c4f-43b1-9095-305494718a97
And, in the console, I got:
ERROR org.keycloak.adapters.OAuthRequestAuthenticator - failed verification of token: Token is not active.
It's a bug? Or is anything that I should configure in the console?
I found the problem, I was testing the product in a virtual machine without the correct time zone configured.
Try to sync the server timing of Keycloak and application server or else increase the access token life span which is not recommended.