WSO2 Idenity Server Initial Setup for Cloud Host - redirect

After a fresh install, I'm able to login into the https://host:9443/carbon URL, but not able to register a local user through dashboard due to an
immediate redirect onto the URL https://localhost:9443/samlsso.
Which files needs to be configured to reflect the valid hostname? Are
there any digital certificates required to secure SSL that host and where is the place to store it?
Thanks in advance for hints how to setup the WSO2 Identity environment.
Regards,
Claude

You can change the hostname value for key IdentityProviderSSOServiceURL in repository/conf/security/authenticators.xml file.

Related

Keycloak Admin Console requires HTTPS when connected remotely (Should I disable SSL)

I am connecting to Keycloak remotely. And when I try to open the Admin Console, I get an error saying HTTPS required.
In one of the websites, it says that I should do this: "update REALM set ssl_required='NONE' where id = 'master';"
But I do not know the consequences of doing this. Will this make it unsecure? Or can I reverse this?
Thank you
(And If I would run Keycloak within a docker image would this problem be solved?)
Admim console uses open id connect protocol, which needs HTTPS to be secure. So it isn't good idea to disable ssl in the prod environment.
Keycloak in the container doesn't solve your problem. But it provides user friendly approach to generate selfsigned cert - Keycloak Docker HTTPS required
Secure option is to generate valid TLS certificate and use it in your Keycloak instance, so you have valid secure TLS/HTTPS connection.

How to change host in Keycloak update password email

We use Keycloak REST api to send update password email to users. In my setup Keycloak and application making REST calls to Keycloak (using keycloak admin client library) is deployed inside Kubernetes cluster. From my application I am using Kubernetes service name to talk to keycloak.
e.g. http://keycloak-http:8100/auth
With this setup, update password link in email becomes like this
http://keycloak-http:8100/auth/realms/test/login-actions/action-token?key=somekey
So I need to change only host in this URL.
I looked at executeActions.ftl file in keycloak theme and it doesn't have any specific parameter for just host which I can customize.
Any ideas how I can achieve this?
Thanks in advance.
In my case, Keycloak 9+, I used the "Frontend URL" in the Realm Setting to specify the hostname.
I had a similar issue, and it turns out that by default, the host name is filled with the request hostname. (Using Keycloak 6.0.1)
All i had to do was to trigger the email generation with the hostname i wanted in the email.
--> Trigger the update action from the url you need (and that is accessible)
http://externalurl.keycloak.com/auth/...
You can also change the hostname provider, to use a FixedHostnameProvider, or a custom one (it is RequestHostnameProvider by default)
https://www.keycloak.org/docs/latest/server_installation/#_hostname

Setting up clientCredentials Endpoint Behaviour on WCF-Custom Send Adapter

I am trying to wrap my head around how this should be set up correctly. I have two certificates, a client certificate and a service certificate. I've placed these in the MMC, on the service account for the host instance that handles the send port. So the client certificate is placed in the Personal folder and the service certificate is placed in the Trusted People folder.
I've tried using several "Find" methods to locate these certificates, such as thumbrprint and serial number, but I always get a "Certificate not found" exception back.
My current settings on the adapter.
Client certificate:
Service certificate:
My settings for Authentication:
SSL Certificate Authentication settings:
What is the correct way to add the certificates to the different stores, so that they can be located by Biztalk? I've found the MSDN documentation on the topic, but it doesn't really provide any answers: https://learn.microsoft.com/en-us/dotnet/framework/configure-apps/file-schema/wcf/clientcertificate-of-clientcredentials-element
You have to be logged in as the BizTalk Service Account to manage Certificates. Run As doesn't typically work.
Other than that, the instructions should be correct.

Swisscom Cloud SSL certificate

We're rolling out some simple static web sites onto the Swisscom CloudFoundry cloud, and want to enable SSL for the sites.
Our product manager is not happy with the scapp.io or applicationweb.io names, and we want to be able to add SSL certificates for our domain, e.g "www.swisscom.io".
How do achieve this, given the fact that we're users and not administrators and don't have access to the "Operations Manager" tool? This question is specifically about the Certificate: The setting up of the domain and DNS is clear.
SSL certificates from Let’s Encrypt are now available on the Swisscom Application Cloud: SSL Secure Routes
The cloud guys can probably help you out more here, but one option would be to use: https://www.cloudflare.com/
I was able to use the cloudflare SSL certificate to secure the traffic to and from my application without having to upload a certificate or use the "Operations Manager" tool.
Cheers,
Allan.
I'm currently using an existing VM on https://www.digitalocean.com to serve as a reverse proxy (see https://www.digitalocean.com/community/tutorials/how-to-use-apache-http-server-as-reverse-proxy-using-mod_proxy-extension#enabling-ssl-reverse-proxy-support, e.g.). It works, but it's not very elegant.

How to secure ClickOnce Deployment with Visual Studio using IIS7.5

In IIS7 I have a FTP site and Website for deployment. Everything works fine, the only thing I do not like is that theoretically every user can tamper with the application files on FTP because read/write access is configured for anonymous.
I fixed this by enabling and configuring "Basic Authentication" instead of "Anonymous Authentication" and now I have to provide my domain password during deployment.
Great! So what's the problem?
The problem is that the password is transferred unencrypted.
Question(s): How can I make sure that the password is encrypted (can I use sftp instead of ftp?)
Any thoughts about certificates? I already tried with a self signed certificate but didn't managed to get things running.
Are there other way to deploy software more secure? I tried over https but I don't have the Frontpage Extension which is necessary for this.