what is the metadata attribute pair in MQFTE ? Why is it used? - metadata

I am working with wmqfte. While creating a transfer there is a parameter for metadata attribute pair. Why is this used for ?

One of the FTE engagements I worked on required email notifications of transfer status. Our approach to this was to add an email step in the transfer and the way we passed in the source and destination addresses was with metadata pairs. The transfer XML is provided below for an example:
<?xml version="1.0" encoding="UTF-8"?><request version="4.00" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="FileTransfer.xsd">
<!DOCTYPE request>
<managedTransfer>
<originator>
<hostName>host.example.com</hostName>
<userID>me</userID>
</originator>
<sourceAgent QMgr="QMGR01" agent="AGENT01"/>
<destinationAgent QMgr="QMGR02" agent="AGENT02"/>
<transferSet priority="5">
<metaDataSet>
<metaData key="email.from">fteadmin#example.com</metaData>
<metaData key="email.to">"dept#example.com</metaData>
</metaDataSet>
<item checksumMethod="MD5" mode="binary">
<source disposition="delete" recursive="false">
<file>/root/path/file</file>
</source>
<destination exist="overwrite" type="directory">
<file>/root/path/</file>
</destination>
</item>
</transferSet>
<job>
<name>Your Job Name Here</name>
</job>
</managedTransfer>
</request>
A better way of sending status emails is to watch the transfer notifications published at the Coordination QMgr. However this example does show one possible use for the metadata pairs.

Related

How to pass and validate the signInEmail claim during External IDP login using Azure B2C custom policy?

This question is related to this one.
What we'd like to do is: at the moment the user clicks the button like Facebook OR Microsoft account OR Corporate AD in the Sign in page, call a validation technical profile to validate the email address the user is using to sign in.
I tried adding an OrchestrationStep like this:
<OrchestrationStep Order="4"
Type="ClaimsExchange">
<Preconditions>
<Precondition Type="ClaimEquals"
ExecuteActionsIf="false">
<Value>idp</Value>
<Value>CorporateAD</Value>
<Action>SkipThisOrchestrationStep</Action>
</Precondition>
</Preconditions>
<ClaimsExchanges>
<ClaimsExchange Id="FetchMoreClaimsExchange"
TechnicalProfileReferenceId="REST-ValidateSignInEmail" />
</ClaimsExchanges>
</OrchestrationStep>
This is actually calling REST-ValidateSignInEmail because I see an error returned in the URL like this:
https://mywebsite.azurewebsites.net/#error=server_error&error_description=AADB2C%3a++is+disabled.%0d%0aCorrelation+ID%3a+bce3fd82-1111-4f17-ad99-ef7770ed8dda%0d%0aTimestamp%3a+2019-11-08+20%3a34%3a51Z%0d%0a&state=7b7c70e7-7a77-77d7-7d7e-7dd0e7b707e7
The message is+disabled is coming from the REST API I put together but this obviously tells me that the email\signInEmail claim it expects as a parameter is not being sent\passed.
This is the Technical Profile:
<TechnicalProfile Id="REST-ValidateSignInEmail">
<DisplayName>Validate Email</DisplayName>
<Protocol Name="Proprietary"
Handler="Web.TPEngine.Providers.RestfulProvider, Web.TPEngine, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" />
<Metadata>
<Item Key="ServiceUrl">{Settings:AzureAppServiceUrl}/api/B2C/ValidateSignInEmail</Item>
<Item Key="AuthenticationType">None</Item>
<Item Key="SendClaimsIn">Body</Item>
</Metadata>
<InputClaims>
<InputClaim ClaimTypeReferenceId="signInName"
PartnerClaimType="UserEmail" />
</InputClaims>
<UseTechnicalProfileForSessionManagement ReferenceId="SM-Noop" />
</TechnicalProfile>
Can you shed some light on how to approach this?
Generally after I post the question I keep fiddling with the code.
Got it working like this:
<TechnicalProfile Id="REST-ValidateSignInEmail">
<DisplayName>Validate Email</DisplayName>
<Protocol Name="Proprietary"
Handler="Web.TPEngine.Providers.RestfulProvider, Web.TPEngine, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" />
<Metadata>
<Item Key="ServiceUrl">{Settings:AzureAppServiceUrl}/api/B2C/ValidateSignInEmail</Item>
<Item Key="AuthenticationType">None</Item>
<Item Key="SendClaimsIn">Body</Item>
</Metadata>
<InputClaims>
<InputClaim ClaimTypeReferenceId="signInName"
PartnerClaimType="UserEmail" />
</InputClaims>
<InputClaim ClaimTypeReferenceId="email"
PartnerClaimType="UserEmail" />
</InputClaims>
<UseTechnicalProfileForSessionManagement ReferenceId="SM-Noop" />
</TechnicalProfile>
Note that I added a new InputClaim with ClaimTypeReferenceId="email". email is the claim value that is passed when using an external IDP.
This sample policy showed me that I could add the OrchestrationStep right before the JwtIssuer one. We can also have it without any preconditions like this:
<OrchestrationStep Order="7"
Type="ClaimsExchange">
<ClaimsExchanges>
<ClaimsExchange Id="REST-ValidateSignInEmail"
TechnicalProfileReferenceId="REST-ValidateSignInEmail" />
</ClaimsExchanges>
</OrchestrationStep>
Doing so it'll get called for all IDPs.
Azure Active Directory B2C: Custom CIAM User Journeys

WebMethods Integration Server pub.client.soapclient changes the request element names

I have an issue with build-in (non accessible) webMethods Integration Server soapClient service. Somehow it changes the request it should send while processing it, renaming parameter items to item.
what is send to the method:
<request>
<t1>1</t1>
<operation>op</operation>
<service>1</service>
<params>
<count>1</count>
<items>
<key>12</key>
<value>12</value>
</items>
</params>
</request>
what request webmethods sends:
<request>
<t1>1</t1>
<operation>op</operation>
<service>1</service>
<params>
<count>1</count>
<item>
<key>12</key>
<value>12</value>
</item>
</params>
</request>
I'd be grateful for any workaround/idea for a solution.
I see in your example code that you first create an document named "items", then you map this document to a document list named "items". This is not valid. Please note that the pipeline in IntegrationServer is nothing but a key-value map, and the keys must be unique. That is the reason why you still have a single document named "items" instead of a document list. Rename your document to something like "item", and then use appendToDocumentList to add it to the "items" doc list.

Set Allowed Countries on Store View

In Magento 1.4, I was able to set allowed countries on the Store View Level, therefore I could have a Website with one Store und multiple Store Views for each of my countries:
Now in Magento 2, I can only set the Allowed Countries on the Website and not on the Store View, the Store View setting looks as follows:
Why do I want to change that? I need to be able to set a different store contact address for each of these Store Views, because I e.g. have an Argentinien und a Bulgarian Store View, so I want to set the different addresses but use the same Website/Store.
Unfortunately, I'm also not able to change the Store Contact Address per Store View anymore, this also only works on Website Level.
Am I missing something? Was there a logical change from 1.X to 2.X about the Store Views?
I don't know why the allowed country option was removed from settings in store view. But looking in the code shows that the information is used if present. So you can just enter the data into core_config_data (scope: stores, scope_id: your_store_id, value: AT,AB,AC...
the correct answer that respects Magento 2 standardization is overloading the system.xml of the magento/Backend/etc/adminhtml.
you should try:
Vendor/ModuleName/etc/adminhtml/system.xml
<?xml version="1.0"?>
<config xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="urn:magento:module:Magento_Config:etc/system_file.xsd">
<system>
<section id="general">
<group id="country" translate="label" type="text" sortOrder="1" showInDefault="1" showInWebsite="1" showInStore="1">
<label>Country Options</label>
<field id="allow" translate="label" type="multiselect" sortOrder="2" showInDefault="1" showInWebsite="1" showInStore="1" canRestore="1">
<label>Allow Countries</label>
<source_model>Magento\Directory\Model\Config\Source\Country</source_model>
<can_be_empty>1</can_be_empty>
</field>
</group>
</section>
</system>
</config>
Remember to add overridden module - Magento_Backend
Vendor/ModuleName/etc/module.xml
<?xml version="1.0"?>
<config xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:noNamespaceSchemaLocation="urn:magento:framework:Module/etc/module.xsd">
<module name="Vendor_YourModule" setup_version="1.0.0">
<sequence>
<module name="Magento_Backend"/>
</sequence>
</module>
</config>

Same XACML request different response when I use wso2is and Java application

Hi I’m having problem understand why I get different response when I use the (org.xacmlinfo.xacml.pep.agent.PEPAgent.java) and the tryit function in WSO2IS 5.0.0. They are querying the same policy.
<Policy xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" PolicyId="OfficeHours" RuleCombiningAlgId="urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:permit-overrides" Version="1.0">
<Description>denyOutsideOfficeHours</Description>
<Target>
<AnyOf>
<AllOf>
<Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">foo.com</AttributeValue>
<AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:environment:environment-id" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:environment" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="true"></AttributeDesignator>
</Match>
</AllOf>
</AnyOf>
</Target>
<Rule Effect="Permit" RuleId="PermitInOfficeHours">
<Condition>
<Apply FunctionId="urn:oasis:names:tc:xacml:2.0:function:time-in-range">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#time">12:00:00</AttributeValue>
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#time">17:00:00</AttributeValue>
<Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:time-one-and-only">
<AttributeDesignator MustBePresent="false" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:environment" AttributeId="urn:oasis:names:tc:xacml:1.0:environment:current-time" DataType="http://www.w3.org/2001/XMLSchema#time"></AttributeDesignator>
</Apply>
</Apply>
</Condition>
</Rule>
</Policy>
PEPAgent
<Request xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" CombinedDecision="false" ReturnPolicyIdList="false">
<Attributes Category="urn:oasis:names:tc:xacml:3.0:attribute-category:environment">
<Attribute AttributeId="urn:oasis:names:tc:xacml:1.0:environment:environment-id" IncludeInResult="false"><AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">foo.com</AttributeValue>
</Attribute>
</Attributes>
</Request>
<Response xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17">
<Result>
<Decision>Indeterminate</Decision><Status>
<StatusCode Value="urn:oasis:names:tc:xacml:1.0:status:processing-error"/>
<StatusMessage>urn:oasis:names:tc:xacml:1.0:function:time-one-and-only expects a bag that contains a single element, got a bag with 0 elements</StatusMessage>
</Status>
</Result>
</Response>
Tryit
<Request xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" CombinedDecision="false" ReturnPolicyIdList="false">
<Attributes Category="urn:oasis:names:tc:xacml:3.0:attribute-category:environment">
<Attribute AttributeId="urn:oasis:names:tc:xacml:1.0:environment:environment-id" IncludeInResult="false">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">foo.com</AttributeValue>
</Attribute></Attributes></Request>
<Response xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17">
<Result><Decision>Permit</Decision><Status>
<StatusCode Value="urn:oasis:names:tc:xacml:1.0:status:ok"/>
</Status><PolicyIdentifierList>
<PolicyIdReference>OfficeHours</PolicyIdReference>
</PolicyIdentifierList>
</Result>
</Response>
First of all here are a few comments regarding your policy and rule:
the policy description doesn't match the rule description. In one case you say deny, in the other you say Permit.
you use a Condition where in fact a Target would be enough.
Now, as for the different responses: in one case your code (PEPAgent) doesn't send the current time value and the server (is that the PDP?) doesn't add the time either. In the second case, the Tryit client still doesn't send time but obviously the receiving end (another PDP?) fills in the missing time value.
If you look more closely at your first response, you will notice the following error message:
<StatusMessage>urn:oasis:names:tc:xacml:1.0:function:time-one-and-only expects a bag that contains a single element, got a bag with 0 elements</StatusMessage>
This means that you didn't pass in any value for current-time.
I tested this using the Axiomatics Policy Server and I received the expected behavior.

wso2esb enrich mediator deletes node soap:Header

I have 2 child wsse:Security in soap:Header and trying to delete one. I tried to do this with Enrich Mediator, but instead of replace soap:Header it deletes. Here is simple example that reproduces it:
<inSequence>
<enrich>
<source type="inline" clone="true">
<soapenv:Header xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
<foo/>
</soapenv:Header>
</source>
<target xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
xpath="//soapenv:Header"/>
</enrich>
<log level="full"/>
</inSequence>
Log mediator logs message without Header. If I add to target action="child", everything work just as expected. So i have 2 questions:
1. Why enrich mediator act like that?
2. How can i change header with other way?
You should use header mediator to change SOAP Headers
Have a look there : https://docs.wso2.com/display/ESB481/Header+Mediator
Sample to add a custom header :
<header xmlns:myns="http://com/header" name="myns:MyHeader" value="0"/>
Sample to remove it :
<header xmlns:myns="http://com/header" name="myns:MyHeader" action="remove"/>
You can use this mediator to change http headers : just add a scope attribute with a value equals to 'transport'