I have an SSO setup using OpenAM 13.5 protecting an application on IIS with an IIS Web Agent.
The application receives user/session attributes by mapping the appropriate properties in the Agent configuration - everything is working fine, however I'd like to take things a step further: I'd like to pass the application a few agent properties as HTTP headers - i.e.:
CUSTOM-LOGIN-URL = com.sun.identity.agents.config.login.url
CUSTOM-EDITPASSWORD-URL = (set by a custom agent property)
CUSTOM-EDITPROFILE-URL = (set by a custom agent property)
CUSTOM-LOGOUT-URL = com.sun.identity.agents.config.logout.url
CUSTOM-GOTO-PARAMETER-NAME = com.sun.identity.agents.config.redirect.param
This way I could avoid hardwiring the application to the specific SSO config details.
Do you have any idea on how I could achieve that, possibly without writing code?
That's not possible OOTB. It might be possible by implementing https://backstage.forgerock.com/docs/openam/13.5/apidocs/com/sun/identity/entitlement/ResourceAttribute.html
Please see https://backstage.forgerock.com/docs/openam/13.5/dev-guide/#sec-policy-spi
Related
Below is the piece of code from Java Script(K6) that returns me Cookie.
I am trying to do the same in JMeter Groovy language.
let sso = JSON.stringify(response.request.cookies[`mygateid_sso`]);
let authToken_regex = /{'authToken':'(\S+?)'}/;
authToken = sso.match(authToken_regex)[0];
I am not finding a way to read response.request.cookies
In JMeter you have neither JSON as it's not a part of Nashorn engine nor response.request.cookies
If you want to access your mygateid_sso cookie the easiest way is:
Add HTTP Cookie Manager to your Test Plan
Add the next line to user.properties file (lives in "bin" folder of your JMeter installation)
CookieManager.save.cookies=true
Restart JMeter to pick up the change
That's it, you should be able to access your cookie as ${COOKIE_mygateid_sso} where required
More information: HTTP Cookie Manager Advanced Usage - A Guide
I have been trying out the AADv2 sample from BotAuth to no avail.
The error that I keep getting after I select the button on the action card is that either a HTTP 500 internal server error, or Cannot GET /botauth/aadv2. When I check if the root web page or the messaging endpoint is working or not, I get the same error - either Cannot GET / or Cannot GET \api\messages. The root page I have been trying to get to is https://(botname).azurewebsites.net
May I know what steps I can take to resolve this issue? I have tried to Google the error, but to no avail. Please let me know if you need more information!
Since you are test the sample directly on Azure Web Apps, there should be a few of questions we should pay attention on.
1, const MICROSOFT_APP_ID = envx("MICROSOFT_APP_ID");
const MICROSOFT_APP_PASSWORD = envx("MICROSOFT_APP_PASSWORD");
we declare the environment valiable as MicrosoftAppId and MicrosoftAppPassword. Please modify this sentence as
//bot application identity
const MICROSOFT_APP_ID = envx("MicrosoftAppId");
const MICROSOFT_APP_PASSWORD = envx("MicrosoftAppPassword");
2, And you also need to check the environment variables are set correctly in Application settings of Azure Web App, which is shown at https://github.com/MicrosoftDX/botauth/tree/master/Node/examples/aadv2#3-setup-environment-variables
3, You can leverage online code editor to develop, debug, and manage your project on Azure Web Apps.
And in the output column, you can see the detailed errors throwm by the application. You can leverage these info to narrow down your issue.
Tips, after you changing the application settings, it's better to restart your Azure Web App.
I have created a Liferay 7 module, and it works well.
Problem: In the Java source code I hard-coded something that administrators need to modify.
Question: What is the Liferay way to externalize settings? I don't mind if the server has to be restarted, but of course the ability to modify settings on a live running server (via Gogo Shell?) could be cool provided that these settings then survive server restarts.
More specifically, I have a module for which I would like to be able to configure an API key that looks like "3g9828hf928rf98" and another module for which I would like to configure a list of allowed structures that looks like "BASIC-WEB-CONTENT","EVENTS","INVENTORY".
Liferay is utilizing the standard OSGi configuration. It's quite a task documenting it here, but it's well laid out in the documentation.
In short:
#Meta.OCD(id = "com.foo.bar.MyAppConfiguration")
public interface MyAppConfiguration {
#Meta.AD(
deflt = "blue",
required = false
)
public String favoriteColor();
#Meta.AD(
deflt = "red|green|blue",
required = false
)
public String[] validLanguages();
#Meta.AD(required = false)
public int itemsPerPage();
}
OCD stands for ObjectClassDefinition. It ties this configuration class/object to the configurable object through the id/pid.
AD is for AttributeDefinition and provides some hints for the configuration interface, which is auto-generated with the help of this meta type.
And when you don't like the appearance of the autogenerated UI, you "only" have to add localization keys for the labels that you see on screen (standard Liferay translation).
You'll find a lot more details on OSGi configuration for example on enroute, though the examples I found are always a bit more complex than just going after the configuration.
I am writing some C# code that uses the Azure Resource Manager APIs and my CloudBlobClient needs to use a web proxy. According to the documentation for OperationContext.UserHeaders property at https://msdn.microsoft.com/en-us/library/microsoft.windowsazure.storage.operationcontext.userheaders.aspx, UserHeaders can be used to specify a proxy. Can you please share how this should be done properly?
Edited after Gaurav Mantri's comment.
The Azure clients below allow you to specify a proxy to be used via the httpClientHandler but the CloudBlobClient does not respect the proxy information from StorageManagementClient and there doesn't seem to be a way to pass the proxy information to the CloudBlobClient. Our users may want to specify different proxies for multiple connections and it doesn't seem the current architecture will easily allow this.
//Example code that instantiates clients with proxy information inside the httpClientHandler
armCompute = new ComputeManagementClient(tokenCredentials, httpClientHandler)
armStorage = new StorageManagementClient(tokenCredentials, httpClientHandler)
armNetwork = new NetworkManagementClient(tokenCredentials, httpClientHandler)
armResource = new ResourceManagementClient(tokenCredentials, httpClientHandler)
armSubscription = new SubscriptionClient(tokenCredentials, httpClientHandler)
I believe you're understanding it incorrectly. The documentation states:
Gets or sets additional headers on the request, for example, for proxy
or logging information.
From what I understand you use this to get or set the headers for your proxy to understand and not specify proxy configuration settings.
In order to specify proxy settings, you would need to specify those in your application configuration file (web.config or app.config).
I am relatively new to IoC containers so I apologize in advance for my ignorance.
My application is a asp.net 4.0 MVC app that uses the Entity Framework with a Repository layer on top of that. It is a multi tenant application so the connection string that is used varies by the logged in client.
The connection string is determined by a 'key' that gets passed in as part of the route which indicates the client. This route data is only present on the first request of the user's session.
The route looks kind of like this: http://{host}/login/dev/
where 'dev' indicates we are using the dev database.
Currently the IoC container is registering all dependencies in the global.asax Application_Start event handler and I have the 'key' hardcoded as follows:
var cnString = CommonServices.GetDBConnection("dev");
container.RegisterType<IRequestMgmtRecipientRepository, RequestMgmtRecipientRepository>(
new InjectionConstructor(cnString));
Is there a way with Unity to dynamically register the repository based on the logged in client using the route data that is supplied initially?
Note: I am not manually resolving the repositories. They are getting constructed by the container when the controllers get instantiated.
I am stumped.
Thanks!
Quick assumption, you can use the host to identify your tenant.
the following article has a slightly different approach http://www.agileatwork.com/bolt-on-multi-tenancy-in-asp-net-mvc-with-unity-and-nhibernate-part-ii-commingled-data/, its using NH, but it is usable.
based on the above this hacked code may work (not tried/complied the following, not much of a unity user, more of a windsor person :) )
Container.RegisterType<IRequestMgmtRecipientRepository, RequestMgmtRecipientRepository>(new InjectionFactory(c =>
{
//the following you can get via a static class
//HttpContext.Current.Request.Url.Host, if i remember correctly
var context = c.Resolve<HttpContextBase>();
var host = context.Request.Headers["Host"] ?? context.Request.Url.Host;
var connStr = CommonServices.GetDBConnection("dev_" + host); //assumed
return new RequestMgmtRecipientRepository(connStr);
}));
Scenario 2 (i do not think this was the case)
if the client identifies the Tenant (not the host, ie http: //host1), this suggests you would already need access to a database to access the client information? in this case the database which holds client information, will also need to have enough information to identify the tenant.
the issue with senario 2 will arise around anon uses, which tenant is being accessed.
assuming senario 2, then the InjectionFactory should still work.
hope this helps