In a Wildfly 8.1.0.Final we deploy:
our own CRM-webapp (Seam2/JSF1.2)
camunda-webapp 7.3.0
camunda-engine 7.3.0 as a module (shared engine)
custom engine-plugin to enable camunda-engine to use the user/group-store of our CRM
We display camunda tasklist in an iframe inside our CRM.
This setup runs fine so far, but we have to login twice.
So we need SSO, but cannot establish AD/LDAP, like in camunda-sso-jboss example.
I thought of Wildfly's JAAS and SSO capabilities, but i'am not sure, if camunda-webapp supports JAAS-authentication.
I think the security-domain configuration in jboss-web.xml is just generated by a maven archetype and has no effect on the camunda-webapp, is that right? I changed that configuration and it had no effect at all.
Can someone give me a hint, where i should hook into camunda-webapp or if it is possible at all?
Ok, i have a first success.
I changed org.camunda.bpm.webapp.impl.security.auth.Authentications.getFromSession to accept HttpServletRequest as parameter instead of HttpSession (called from AuthenticationFilter.doFilter). If the session contains no Authentications, i try to pull the Principle from the request and if one exists, i log em in silently (copied most from UserAuthenticationResource.doLogin).
Then i have a very simple webapp ("testA") with only one JSP and Basic Authentication. Both camunda-webapp and testA have the same security-domain configured, and the host in the undertow-subsystem has the "single-sign-on"-setting.
Now i can login into /testA, then call /camunda in another tab without further authentication.
The code has to be improved a lot. If everythink works fine, i'll post the details.
If someone thinks this is a wrong approach, please let me know ;-)
I've just installed the magento and when I tried to add new product from admin,But now product form is not being displaying. I can see the page like this
what should I do? Please, I searched through Google, but, couldn't find any appropriate answer.
Have you already tried to clear cache and cookies? also some times you have to do it on the shell on /path/to/my/magento/folder/var/cache just run "rm -fr *".
If that doesn't work you can check you files ownership and permissions (the http service has to have the write write permissions an ownership on the files and folder - http://www.magentocommerce.com/wiki/groups/227/resetting_file_permissions).
Hope that works for you.
You could try enabling display_errors in index.php i.e.
ini_set('display_errors', 1);
Also you could enable logs in your backend, and check for errors in system.log and exception.log
As Magneto's back end makes heavy use of prototype.js, check your console for errors .
I'm using the github oauth plugin for our logins but for all of our users in the Organisation I get an error:
Access Denied
<user> is missing the Overall/Read permission
I have tried everything I can possibly think of to try to make this work and I'm probably going to fallback to making everyone an admin user, which i would prefer not to do.
Any advise would be appreciated.
This is how I resolved the authentication problem:
Edit config.xml file, e.g.
sudo vi /var/lib/jenkins/config.xml
Change useSecurity element's value to false, e.g.
<useSecurity>false</useSecurity>
Remove authorizationStrategy block
Restart Jenkins: /etc/init.d/jenkins restart.
Access Jenkins through URL as usual and reconfigure security again.
I had the same problem with "... is missing the Overall/Read permission" on Jenkins (1.651.2) with activated Credentials Plugin.
But it was my own failure: I only configured the user on project side (by credential plugin) but missed to configure the global security.
So I fixed it by selecting:
Jenkins -> Manage Jenkins -> Configure Global Security
And did setup missing global settings (or project matrix based one)
Have you followed this step, from the plugin page?
Control user authorization (i.e. who is allowed to see the jobs and build them) using the Github Commiter Authorization Strategy
Also, make sure you actually allow authenticated users to access Jenkins
Under Jenkins global configuration, under Authorization, add user/group called authenticated
Give that group Overall Read permission
The group should show up with a "group" icon (two users), as opposed to single user icon.
reset from <useSecurity>true</useSecurity> to <useSecurity>false</useSecurity> in config.xml and set the permission again.
Edit file /var/lib/jenkins/config.xml and add the following lines :
<authorizationStrategy class="hudson.security.ProjectMatrixAuthorizationStrategy">
<permission>hudson.model.Hudson.Read:john.smith</permission>
</authorizationStrategy>
Restart Jenkins
What I did when I got this error is to edit config.xml as mentionned by other users and correctly re-add my username in LOWERCASE in "configureSecurity" Jenkins' page. I was using "KrustyHack" when adding permissions but it didn't work. I had to add "krustyhack" instead, and it worked.
I hope it helps.
I had the same problem here, but it affected only some users, not all of them. Anyway, you should check public organization membership : documentation of the plugin states that "You have to be a public member of the organization for the authorization to work correctly." (https://wiki.jenkins-ci.org/display/JENKINS/Github+OAuth+Plugin).
Follow instructions from GitHub (https://help.github.com/articles/publicizing-or-hiding-organization-membership/) in order to make organization membership public, and this might fix your issue.
Also check the case user names in the authorizationStrategy element. I made my new user's name lower case and restarted the service and it the error went away.
Fix it by these 2 shell commands on the server (sudo permission is required):
sudo ex +g/useSecurity/d +g/authorizationStrategy/d -scwq /var/lib/jenkins/config.xml
sudo /etc/init.d/jenkins restart
This will remove useSecurity and authorizationStrategy lines from your config file.
See also: Disable security at Jenkins website
We hit this same error when a github organization administrator changed the organization's settings for "Third-party access" to "restrict third-party application access". Reverting to the previous settings within the github organization resolved the problem.
See github oauth-app-access-restrictions for details on how to configure that properly.
The assignment of roles to users is stored in config.xml file. Add the ID of the user directly to the role and then restart Jenkins.
In my case, I have a role named editor and a bunch of users assigned to the role.
<role name="editor" pattern=".*">
<permissions>
<...>
<permission>hudson.model.Item.Create</permission>
<permission>hudson.model.Item.Workspace</permission>
<permission>...</permission>
</permissions>
<assignedSIDs>
<sid>bob</sid>
<sid>alice</sid>
<sid>**newuser**</sid>
</assignedSIDs>
</role>
The matrix security is not terribly clear. I am a member of a specific group in our org that has admin privileges however I am also an authenticated user. I would think that the one group super-cedes the other however I have to have both in order to actually log into the system and be admin. It's screwed up IMO.
go to your-jenkins-host:port/role-strategy/assign-roles and configure roles for the user
I had the same problem before,
your OAuth application need your organization owner's approve,
then the OAuth Plugin can access the private data in it
I am using Crowd 2 plugin and I have the same problem.
I fixed it by downgrading OWASP Markup Formatter Plugin from varsion 1.2 to version 1.1 and then changing Markup Formatter in Configure Global Security value to Raw HTML, before it was Plain text.
I had exactly the same problem and adding the plugin Role Strategy Plugin fixed the problem.
All I had to do was install the plugin, create two groups - admin / developer and then add users to the groups.
A much much better solution than recreating the whole permissions matrix :)
I had a similar problem I was not able access Jenkin account and the system was locked.
I had only an error message. "Access Denied "
When I tried to reinstall Jenkins then it prompted to Repair option.
By clicking Repair option it fixed the problem.
Go to $JENKINS_HOME (linux, jenkins in windows), and find config.xml file.
Open this file in the editor. (take backup of .jenkins home)
Look for the <useSecurity>true</useSecurity> element in this file.
Replace "true" with "false"
Remove the elements authorizationStrategy and securityRealm
Start Jenkins
I found it in
C:\ProgramData\Jenkins\.jenkins
Jenkins Version: 2.319.2
Instead of removing all security (the top answer), Add admin access as root, to the user you want to give admin to. We had the same issue where all admins were no longer with the company. This is how I resolved the authentication problem: I logged into:
jenkins#<jenkins server>:/var/lib/jenkins/
Edit config.xml file, and add a config for
<permission>hudson.model.Hudson.Administer:<username></permission>
Then restart Jenkins:
root#<jenkins server>:/$ /etc/init.d/jenkins restart
Just use Jenkins > Configure Global Security bottom page matrix to provide permissions to the user (start w/ read)
I edited the /var/lib/jenkins/config.xml file and replaced the
<authorizationStrategy>...</authorizationStrategy>
with
<authorizationStrategy class="hudson.security.FullControlOnceLoggedInAuthorizationStrategy">
<denyAnonymousReadAccess>true</denyAnonymousReadAccess>
</authorizationStrategy>
It is the default settings after installation. Then restart the jenkins service.
Our team is completely new to the WSO2 tool. We got the basic training on how to add proxy services and were able to do so as well.
Now, we have to add a class in the In Sequence. We tried that using the Class mediator but it was not able to find the class. Then we realized that the jar file needs to be in the components/lib folder. So, its able to load the class now. It proceeds to the out sequence and fault sequence properly. But, in the end, it gives the following exception.
Unable to add proxy service :: Failed to add proxy service: Parse. Check whether the Proxy already exists-Failed to add proxy service: Parse. Check whether the Proxy already exists
So far, we're using the design view to configure it. I surveyed through most of the posts within this forum, and, all are using the source code to configure. Also, the proxy service is not present in the Source View section under Service Bus.
Are we missing any step in the configuration? Do we need to switch to coding method or it is possible this way.
Your explanation is strange. Above mentioned error log can appear at the time of deploying the proxy service. But you say your proxy is going to the out-sequence and fault-sequence. From that what I understand is the proxy is already deployed.
You can check whether a proxy with the same name is there by looking in the ESB_HOME/repository/deployment/server/synapse-config/default/proxy-service folder. If there is a file with name Parse.xml (I think the name of the proxy service is Parse) you can delete it from the file system and then go to the design view and add the proxy again.
It seems there is already a proxy with the name you provided. Go to WSO2 ESB "source view" and check whether there exist a proxy with that name. Source view is available on the left side of the management console.
This artical will take you step by step in writing custom class mediators.
This post may also be relevant for you.
Good day everyone, I have been trying to put my moodle online so pcs from internet can access it, but until now, no luck at all. (Im using moodle 2.3.2 on Windows Server 2008 and IIS 7).
I tried to configure the moodle file config.php, setting the directive $CFG -> wwwroot = "my-public-ip/moodle". Then, when I access to moodel from the server, I can access it by "http://my-public-ip/moodle", when I try to access via localhost, it sends an error which it is OK.
But the funny part comes when I try to access the server from an outside pc. When I type "http://my-public-ip/moodle" it simply cant "see" the configuration I made to the config.php file (it says: This server cna only be accessed via localhost/moodle) it looks like the outside pcs are either ignoring it, or searching for another configuration file. I dont know what the hell is happening, this is very odd.
Any ideas?? tnx!!!
Change the following file:
lib-->setuplib.php
Redirect ($CFG->wwwroot, get_string('wwwrootmismatch', 'error', $CFG->wwwroot), 3);
for
Redirect ($CFG->wwwroot, get_string('wwwrootmismatch', 'error', $CFG->wwwroot), 0);
I realise this is an old question, but it's also worth pointing out you may need to also run the database search and replace script, at:
http://my-public-ip/moodle/admin/tool/replace/index.php
as referenced in Method 2 here.
This is required if you change the name of the site once you have installed it. If you were already using Moodle under "localhost", then there will be a number of references to the old localhost address stored in the database that need to be updated to the new IP-based address.
It might be because the http:// part is missing?
$CFG->wwwroot = "my-public-ip/moodle"
should be
$CFG->wwwroot = "http://my-public-ip/moodle"