I am trying to set up the OpenWIS software. In Fedora 28, I have deployed OpenAM 12.0.0 on tomcat 7.0.59 which is run as root.
I have also deployed another webapp called openwis-user-portal on another instance of tomcat 7.0.59 which is run as a different user called openwisuser. In the OpenAM instance, I imported the openam and openwis-user-portal as hosted Identity Provider and hosted Service Provider respectively and put them in the same circle of trust using protocol SAMLv2.
I deployed and configured another webapp called idpdiscovery on the first tomcat instance too.
But when I try to login in the openwis user portal, it gives the following error in the log file:
"Identity Provider not found."
Have I missed something to do?
Related
I am deploying my ASP.NET Core 3.1 app to Azure App Service. While creating the new app service, I chose Linux as Operating System. In deployment center, when I deploy the app, it prompts me to enter a startup command. Everywhere I read about it it says startup command is optional. But when I deploy, it doesn't get further without this.
I have recently deployed other app services on windows and this was not the problem then. The startup command I am entering is dotnet <project.dll>. It deploys successfully. But after the deployment whenever I hit an API endpoint, it gives 500 Internal Server Error.
My question is:
What is the purpose of startup command? Why is this returns with 500 when deployed to linux.
S
It seems your startup command is correct refer to this.
You could check if this setting had been set already in Configuration, and check if the .dll file name is correct. As far as I known, this setting is necessary under Linux environment.
For 500 Internal Server Error, it's a error from server side, sometimes it means your web app is not prepared, and restart it would solve the problem.
If not solved, check the wwwroot file structure in kudu. ->.scm.azurewebsites.net If the file structure not correct, try another way to deploy.
Update
As your own reply, you connected your app to database. If issue still here, try add sql server policy like this:
I diagnosed the problem. My deployed app service is not whitelisted to access database. That is the reason for 500 Internal Server Error
In our current Production Setup, we have setup SSRS and have been able to successfully use the SSRS reports in our .NET Web Application since years. We have used Impersonation in Web.Config (there might be other solutions available, we had to go with this) as shown below.
<identity impersonate="true" userName="domainname/username" password="password"></identity>
This solution worked well becuase our Active Di
rectory and SSRS server are located in the same Network / domain.
Now, as part of our Azure migration, we have migrated our SSRS server to an Azure VM. and we are able to view the reports using Report Server Manager within the VM. Now, when we access the Web Application (App Service - Web App), we are getting the following error. Below is the updated impersonation attribute that we have used.
<identity impersonate="true" userName="username#ouremailaddressdomainname.onmicrosoft.com" password="password"></identity>
"Could not create Windows user token from the credentials specified in the config file. Error from the operating system 'The user name or password is incorrect"
Obviously, this is because of the fact that we don't have a Active Directory domain setup in Azure. Below are my questions.
Can we utilize the users available in the default Directory that gets created on Azure?
If yes, how do I specify the impersonization?
Thanks,
Prawin
With your planned setup you cannot use identity impersonation. This is because the AppService Web Apps do run in an isolated sand-boxed environment which cannot be part of a Windows Domain.
You have couple of options:
Change the reporting server to use mixed mode Authentication and create local for the SQL Server login and user with appropriate permissions. Then configure your reporting application to provide these SQL Server credentials
Move your Web Application to same VM (will not require Domain environment) as your Reporting Server (or just the part which deals with the reports)
Move your application to a separate VM and utilize the Azure Active Directory Domain Services to make the VMs part of same domain (an overkill IMO)
I would vote for the first option, as it requires least changes and leverages PaaS services (App Service). Everything else is overkill or just an abuse of the cloud platform.
I am tasked to change the user for IIS Admin, WWW publishing service, and HTTP SSL windows services for IIS6 (Windows 2003).
It works perfectly with Local System account (by default the selection with this fresh instance of Windows 2003) - but I have to change the user - not negotiable for me unfortunately as it is a must do instruction from my boss to me.
The user Im trying to set it to e.g. UserABC is on the Server and is the Log On for other services which execute without problems.
So first I tried setting the Log On for HTTP SSL but received the error:
"Error 1079 : the account specified for this service is different from the account specified for other services running in the same process".
Now when I looked at the dependencies I saw that WWW publishing service is dependent on HTTP SSL.
So I tried setting the Log on for WWW publishing service, but got the error:
"Could not start the WWW Publishing service on local computer"
"Error 5: Access is denied"
Now I tried setting the user for IIS admin, but received the error:
"Could not start the IIS admin service on local computer: Error 1068 : The dependency service or group failed to start"
Any advice please on how I can change the user log on for these services? The instance of IIS is working fine and its just the password that I need to set. Are there folders which I have to assign rights to for UserABC perhaps? Something else I'm missing?
The other forums on the web suggest things like deleting "MetaBase.bin", or running MS fix: http://support.microsoft.com/kb/827328 but this will not work for me on this new server - but I do not want to muck around with this please.
Thank you
I am not able to connect to Azure via a webapp deployed in tomcat.
I am getting the below error though i am sending the correct input for the keystore pwd.
"Keystore was tampered with, or password was incorrect"
Plz comment.
When you try connecting to Windows Azure Management Portal, using Service Management API, the connectivity is created over SSL tunnel and a certificate is used to create the SSL tunnel.
I would suggest first that, it is not a Windows Azure specific problem, it is more of a Java/Tomcat related issue mainly happening because while selecting the certificate to create the SSL tunnel the code met with some problem.
To solve this problem, I can suggest the following:
In your VM/Physical machine, where Tomcat web application is running try to locate the physical keystore file first and delete it.
After that try creating keystore with correct password and setup that password properly in your Tomcat configuration
Trustcacerts password was supplied wrongly ! Now it works
What are the permissions needed for running delegated deployments, using MSDeploy, targeting a Windows 2003 Server / IIS 6.0 ?
EDIT: this is a duplicate of ... How to allow non-admin user to deploy web applications on IIS 6 using web deploy
IIS6 can't be published to directly via Web Deploy, so you will need to use Web Deployment Agent. Once you have setup the agent, the endpoint address should look something like this:
http://myserver/MsDeployAgentService
Note this is not an HTTPS address and does not explicitly specify a port. Also, the account publishing to this endpoint must have admin rights on the server (nasty, but necessary). Finally, make sure the "Web Deployment Agent Service" is actually running because it's not set to start automatically by default.