After completion of the installation, While logging in to Forgerock OpenAM, the screen is getting stuck at loading. How shall one rectify this problem for successful logging in into OpenAM.enter image description here
You messed the cookie domain while installing, remember if you will access your am at http://server.domain.com, you should set your cookie domain either: server.domain.com, or domain.com
Related
Having a very confusing issue with passport and our node/express/react application using a domain name we purchased.
On our ip address for the server, we can access the app fine, the post for the /login works, each user gets their own passport session, and can use the logout post fine.
However when we use Microsoft IIS to reverse proxy to http:localhost:3000/ the website will show using the domain, but when we try to login it takes almost 30 seconds before it succeeds, you will have to refresh the page and the user will have their auth and can visit the site. /logout post acts the exact same way. All of the gets work fine.
This is the cache-related issue you could solve the issue by disabling the cache and kernel cache in iis.
1)Open iis manager, select your site.
2)Double click on the output caching from the middle pane.
3)On the right side under Actions, click on Edit Feature Settings
4)Uncheck Enable Cache and Enable kernel cache
5)Click OK
You could also disable client cache in iis:
Client Cache
I am unable to login to the Opencart Dashboard. I can see the login screen and enter passwords. I even did a fresh install. It just doesn't redirect me to the dashboard. I have read up and tried every possible solution. Is there something on the server that could be blocking the re-direct.
This could be caused by .htaccess redirect. It happened to me too because my website was getting redirected to www.example.com but the session was for example.com. Make sure you have the same version of the url everywhere.
I'm using vTiger CRM 5.4.0
It was working fine but i have changed and updated my server and simply copy paste and upload previous back from old server along with DB...
but it always shows me Popup box for "Authentication Required" on each page.
this message is most probably due to the use of HTTP Basic Authentication on the server side.
This has nothing to do with Vtiger and it's something you (or the person in charge of managing your server) needs to set on the web server side (may be Apache, IIS, or others).
If your interest is to disable the request of username and password, you should edit the server configuration. In case of IIS, this is a good starting point. In case of Apache web server, see this link.
Otherwise, you should check with the manager of your server for your username and password. The popup should not come up once the right combination has been entered.
I think the problem is Plesk. Plesk automaticaly creates a virtual directory named "test". This directory holds the Vtiger logo. Loading the logo causes the permission issue.
Solution: rename or delete the virual directy "test" in Plesk.
Getting the following error when trying to access my protected application credentials are valid:
Has resulted in too many redirects. Clearing your cookies for this site or allowing third-party cookies may fix the problem. If not, it is possibly a server configuration issue and not a problem with your computer.
It's most likely a cookie related issue. Keep in mind that OpenAM's SSO tracking cookie is a domain cookie by default.
Some background and troubleshooting tips ...
http://blogs.forgerock.org/petermajor/tag/cookie/
I would appreciate any hints regarding the following issue:
The problem summary:
While using Negotiate:Kerberos in IIS 7.5, the authorization works correctly right until we setup URL rewriting (using the MS module "URL Rewrite 2.0") - any rewritten URL then returns "401.1 Unathorized" (requests not matching any rewrite rule keep working though).
The setup:
Windows Server 2008 R2 x64
IIS 7.5
URL Rewrite 2.0
Server is in a domain
SPN exists for HOST/hostname and HOST/hostname.domain (created by default)
Pool is using default ApplicationPoolIdentity (no custom account, not network service)
Kernel mode set to OFF
Authentication providers set to "Negotiate:Kerberos" only (no NTLM or annonymous)
URL Rewrite rule as as "^(.*)/$" => "index?x={R1}"
The result:
1) When accessing any URL not matching any URL rewrite pattern, Kerberos is working correctly, i.e. Kerberos ticket is issued (verified using klist), sent (verified using netmon and HTTP headers) and accepted (verified by URL being accessible and appropriate AUTH_USER property set to my domain account name) => no problem here.
2) When accessing any URL matching URL rewrite pattern, e.g. "hostname/foo" the result is:
HTTP Error 401.1 - Unauthorized
You do not have permission to view this directory or page using the credentials that you supplied.
Module WindowsAuthenticationModule
Notification AuthenticateRequest
Error Code 0x80070055
Requested URL http://hostname/index?x=foo
Physical Path D:\wwwroot\
Logon Method Not yet determined
Logon User Not yet determined
(if we try to access the rewritten URL directly, e.g. hostname/index?x=foo, Kerberos works again normally)
The attempts to solve it so far:
After googling, we have tried several options:
turning kernel mode ON: Kerberos stopped working completely, using either default pool identity or network service (I suppose we would need to setup additional HTTP SPN and/or use custom domain account with additional SPN for that account explicitly)
turning "useAppPoolCredentials" ON: no difference
enabling "Failing Request Tracing": surprisingly these failing 401.1 requests ARE NOT generating any output into the fail logs no matter what rule we try to setup (e.g. 400-999) - the folder is just empty (while other errors, like 404 or even handshake 401.x when accessing not-rewritten URLs are generating logs - very strange)
The conclusion:
So far we have reached a dead end - it may be some weird kind of "double hop" issue requiring using a custom domain account rather than default app pool identity, but as we're in fact accessing the same resources, it seems more like a URL Rewrite issue.
Any tips, hints, pointers? Anything would be highly appreciated.
Best regards,
Marek
we face the same issues as you do. By enabling extended error logging, we were able to put the finger on the actual problem, which seems to be a bug in the rewrite module (or at least in some part of IIS, which is related to the module):
When the URL gets rewritten, the access to the new rewritten URL is checked (seemingly hardcoded) using Basic Authentication and NTLM, neither of which has been configured on the Website at hand. The only configured authentication provider is Kerberos. Since the client doesnt send NTLM nor Basic credentials, there is no way this can work.
We (another person on the current project) are sending the issue to Microsoft. I will let you know, when I get any result.
It seems as though you have multiple issues here.
Failed-Request Tracing Logs
To fix your missing logs issue, you must make sure that the user that is running your site's AppllicationPool has read/modify rights to the folder where those logs are generated, otherwise you won't see anything. See the section labeled "Enable Failed-Request Tracing" on this page: Troubleshoot Failed Requests Using Tracing in IIS 7
What isn't clear is the fact that the site's Application Pool Identity (found in Advanced Settings for Application Pool) is the account that needs read/modify rights to that folder.
Once that is fixed you can load the XML logs in IE and see a much clearer picture of what is going on.
401.1 - Unauthorized Issue
A possible fix to your 401 error is to make sure unlisted file name extensions are allowed in Request Filtering. Go to IIS --> Sites --> [your site] --> Request Filtering
You have two options here:
Allow File Name Extension... and add the value "." (minus the quotes), see this answer.
Edit Feature Settings... and enabled the option "Allow unlisted file name extensions"
The 1st option should work well, the 2nd option obviously opens up a gaping hole but allows everything so you should be able to get it working.
I hope that helps.