I have added parameters in portlet.xml. It does not show up in the configuration of the portlet. I am signed in as admin.
<preference>
<name>isDisablePortlet</name>
<value>false</value>
</preference>
<preference>
<name>disablePortletText</name>
<value>xxxx</value>
</preference
You can't just edit the preference on the file system after deployment. Values are only read at deploy time. After it is deployed you must use the admin area of the portal server or create a config mode for your portlet.
Related
I downloaded Wildfly (wildfly-13.0.0.Final) and I want to configure it. I start standalone.bat in the bin folder of JBOSS_HOME directory (I use Windows platform).
I go to management console: localhost:8080 -> Administration Console. I see this
Your WildFly Application Server is running.
However you have not yet added any users to be able to access the admin console.
To add a new user execute the add-user.bat script within the bin folder of your WildFly installation and enter the requested information.
I run add-user.bat and it asks me what kind of user I would like to add.
I need a user to have permissions to deploy, redeploy applications. For example, for Apache Tomcat I can consifure tomcat-users.xml file and add users there (https://stackoverflow.com/a/1327730/4587961), so when I log into console as that user, I can deploy applications.
You need to add a Management user with the add-user.bat, whose credentials you will be able to log in the web admin with.
You could direclty add the user to the mgmt-users.properties file in the configuration directory of your standalone or domain, but the entry must be of the form <username>:DIGEST-MD5(<username>:ManagementRealm:<password>), which the add-user.bat script will handle for you.
You don't need any particular role unless you set up RoleBasedAccessControl.
Applicative users are used by applications with frameworks such as JAAS and are interfaced through the "default" security-domain, which refers to the ApplicationRealm containing those users.
As I read
https://docs.jboss.org/author/display/WFLY10/EJB+invocations+from+a+remote+server+instance
https://developer.jboss.org/thread/240892
Management user is used to enter the web console. Here you can deploy app, make settings, add resources (JPA config for example). Application users do not have access to the web console. They can be used for example to authenticate services. For example to invoke remove EJB bean, you need application user credentials to access the remove server.
I am new to jboss, what is the url and configuration settings you need to have to access Jboss's Manager/Admin portal
It depends on which version of jboss you are using.
for example, on JBOSS 5, you have to go to
http://localhost:8080/admin-console
Add the user at -JBOSS_HOME-\server\ -Server_Name-\conf\props\jmx-console-users.properties
On JBOSS version >= 6:
http://localhost:9990
Add management user with add-user.bat located in bin folder
The url to access the JBoss Management Console is usually http://your_host:9990. Be careful that the console works only on localhost unless you edit your standalone.xml.
Before accessing the console you need to create a management user with the console script add-user.sh (or .bat) in your bin directory.
Hope this helps!
See this for more information: https://docs.jboss.org/author/display/WFLY10/Admin+Guide#AdminGuide-Accessingthewebconsole
I have a question about the proxy configuration for Liferay Portal 7 CE. I have searched for quite a while, but haven’t found anything really helpful on the subject. There is already a question here on stackoverflow related to Liferay’s proxy configuration in Wildfly, but it has not been answered yet: Proxy Settings Wildfly
We use a squid proxy server for internet access (no authentication, just a proxy port and a host for HTTP and HTTPs). I would like to run Liferay portal on my local machine and therefore need to tell the portal to use the proxy for web access.
How do I do this? Do I make changes to
a) Liferay’s configuration files (i.e., the portal-ext.properties, I guess) or do I change
b) the configuration files of the application server, on which the portal is running on, or
c) change the configuration for the portlets (e.g. for the marketplace portlet)?
What options would I have to set in the respective configuration files?
Best regards,
Felix
Proxy configuration is splitted in two configuration files: system-ext.properties and portal-ext.properties.
In system-ext.properties you have to configure the proxy environment configuration settings that affects to whole JVM process:
http.proxyHost=192.168.0.200
http.proxyPort=4480
You have to create system-ext.properties file inside webapps/ROOT/WEB-INF/classes. (inside Liferay application classloader)
You have more information about system-ext proxy settings in following link: https://docs.liferay.com/portal/7.0/propertiesdoc/system.properties.html#HTTP
In portal-ext.properties you have to configure the proxy environment configuration settings that affects only to Liferay portal:
com.liferay.portal.util.HttpImpl.proxy.username=
com.liferay.portal.util.HttpImpl.proxy.password=
You have more information about portal-ext proxy settings in following link: https://docs.liferay.com/portal/7.0/propertiesdoc/portal.properties.html#HTTP
If your proxy has no authentication, only system-ext.properties settings are necessary
One of our web app would like to connect with ADFS 2.0 server to get credential token and check the user roles based on that. The ADFS server admin asked us to give them a federation metadata XML file to let them create Relying Party Trusts. I googled and only find how to download the ADFS server's federation metadata XML using URL - https://[adfs server name]/federationmetadata/2007-06/federationmetadata.xml
But could didn't find any guide to create a federation metadata XML for creating "Relying Party Trust" and "Claims Provider Trusts". Is there a tools for creating those metadata files? Please share some idea for how to create.
Thanks
Lu
Answer my own question:
I found the Federation Utility tools in WindowsIdentityFoundation-SDK-4.0 at http://www.microsoft.com/en-ca/download/details.aspx?id=4451 will do it.
Actually the URL is
https://server/federationmetadata/2007-06/federationmetadata.xml
There are no tools that I an aware of.
You can use the Microsoft.IdentityModel.Protocols.WSFederation.Metadata class or refer Generating Federation Metadata Dynamically.
Have a look at
"Thinktecture.IdentityServer.v2 / src / Libraries / Thinktecture.IdentityServer.Protocols / FederationMetadata" over at Thinktecture.IdentityServer.v2.
Or if your application uses WIF it's in the metadata directory.
Update:
In WIF, unless you want to the token to be encrypted, you don't need the certificate. That's more for the ADFS side as it has to sign the token and the app. needs the public key to verify.
Example:
<?xml version="1.0" encoding="utf-8"?>
<EntityDescriptor ID="_5b6cd05c-a5e3-470d-a2fc-6c6f66633d1b" entityID="http://localhost/app/" xmlns="urn:oasis:names:tc:SAML:2.0:metadata">
<RoleDescriptor xsi:type="fed:ApplicationServiceType" xmlns:fed="http://docs.oasis-open.org/wsfed/federation/200706" protocolSupportEnumeration="http://docs.oasis-open.org/wsfed/federation/200706" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<fed:ClaimTypesRequested>
<auth:ClaimType Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name" Optional="true" xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" />
<auth:ClaimType Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/role" Optional="true" xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" />
</fed:ClaimTypesRequested>
<fed:TargetScopes>
<EndpointReference xmlns="http://www.w3.org/2005/08/addressing">
<Address>http://localhost/app/</Address>
</EndpointReference>
</fed:TargetScopes>
<fed:PassiveRequestorEndpoint>
<EndpointReference xmlns="http://www.w3.org/2005/08/addressing">
<Address>http://localhost/app/</Address>
</EndpointReference>
</fed:PassiveRequestorEndpoint>
</RoleDescriptor>
</EntityDescriptor>
where localhost\app\ needs to be your app's URL. Note end slash!
I had to do this recently, having never used .Net or ADFS before, and having only the server (STS) metadata URL that I was trying to integrate with. I had a basic Windows 10 PC and was trying to set up a Node.js webapp as an RP. This is what I did:
On the Win 10 PC, went to Control Panel -> Programs and Features -> Turn Windows features on or off -> Enable Windows Identity Foundation 3.5
Installed Windows Identity Foundation SDK 4.0 (as referred to by the original author).
Created a basic Web.config file which contained:
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<system.web>
</system.web>
</configuration>
In the SDK installation directory, I found FedUtil.exe and FedUtilSampleUserInput.xml. The sample file explained all the parameters that FedUtil.exe was going to ask for, which was very helpful.
Launched FedUtil.exe as Administrator (right-click in File Explorer), providing the Web.config file I just created, the webapp URL, the server (STS) metadata URL as the "existing STS", and selecting to create a new default certificate.
Lo and behold, a FederationMetadata.xml file was generated and my Web.config file was updated automatically.
I then un-commented some of the claim types in the updated Web.config file and re-ran FedUtil.exe, which then updated my FederationMetadata.xml with the additional claim types that I needed from the STS (e.g., email, given name, surname)
Provided the FederationMetadata.xml to the STS admin, which worked!
Only downside is that this all required a Windows machine ... I'm not sure what I would have done on Mac or Linux!
For creating SAML RP Metadata there is a web based tool available at samltool.com which can help out. I haven't found one for WS-Federation other than the Federation Utility...
I also recently discovered the site rcFederation which supports AD FS / WS-Federation
Metadata xml for creating "Replaying party trust" is not ADFS federation metadta, but SP (Saml issuer)'s metadata xml.
I have trouble reaching the Administration console of the OpenAM server for a second time after a restart of the JBoss applicationserver on Windows 2008 Server R2 Datacenter.
I deploy OpenAM 9.5.2 (the opensso.war file) in the JBoss-4.2.3GA 'deploy' folder of its default profile.
I point my Internet Explorer 8 browser to: my.test.domain.com:8080/opensso
The page appears to create a Default or Custom Configuration for the OpenAM server
I successfully complete the wizard for creating a Custom Configuration
A pop-up with a 'Proceed to login' link appears after completing the configuration
I click this link and I can access the Admin console
Here is the thing:
When I restart JBoss and try to browse to the Admin console URL manually for a second time:
http://my.test.domain.com:8080/opensso/console
It will instead go to the page again to create a Default or Custom Configuration:
http://my.test.domain.com:8080/opensso/config/options.htm
And therefore I cannot access the Admin console anymore.
Note:
I verified that the URL: my.test.domain.com:8080/opensso/console is correct by opening
a second tab in IE8 before the restart of JBoss.
Been looking at doing this myself - this may provide the solution
https://wikis.forgerock.org/confluence/display/openam/Considerations+when+deploying+on+JBoss+AS+5.1
Indeed that will work. I discovered that you can alternatively add in your run.bat of JBoss:
-Dcom.sun.identity.configuration.directory= your configuration directory