I am trying to setup oauth2-proxy to authenticate against microsofts german azure cloud. It's quite a ride, but I got as far as being able to do the oauth handshake. However, I am getting an error when trying to receive user mail and name via the graph API.
I run the proxy within docker like this:
docker run -it -p 8081:8081 \
--name oauth2-proxy --rm \
bitnami/oauth2-proxy:latest \
--upstream=http://localhost:8080 \
--provider=azure \
--email-domain=homefully.de \
--cookie-secret=super-secret-cookie \
--client-id=$CLIENT_ID \
--client-secret="$CLIENT_SECRET" \
--http-address="0.0.0.0:8081" \
--redirect-url="http://localhost:8081/oauth2/callback" \
--login-url="https://login.microsoftonline.de/common/oauth2/authorize" \
--redeem-url="https://login.microsoftonline.de/common/oauth2/token" \
--resource="https://graph.microsoft.de" \
--profile-url="https://graph.microsoft.de/me"
Right now it's stumbling upon the profile url (which is used to retrieve the identity of the user loggin in)
The log output is this:
2019/01/28 09:24:51 api.go:21: 400 GET https://graph.microsoft.de/me {
"error": {
"code": "BadRequest",
"message": "Invalid request.",
"innerError": {
"request-id": "1e55a321-87c2-4b85-96db-e80b2a5af1a3",
"date": "2019-01-28T09:24:51"
}
}
}
I would REALLY appreciate suggestions about what I am doing wrong here? So far the documentation has not been really helpful to me. It seems that things are slighly different in the german azure cloud, but documentation is pretty thin on that. The fact that the azure docs only describe the US cloud where all urls are different (not in a very logical sense unfortunately) makes things a lot harder...
Best,
Matthias
the issue was that the profile url https://graph.microsoft.de/me was incorrect.
While https://graph.microsoft.com/me is valid for the US cloud, the german cloud requires the version embedded in the URL like this:
https://graph.microsoft.de/v1.0/me.
This worked for me:
docker run -it -p 8081:8081 \
--name oauth2-proxy --rm \
bitnami/oauth2-proxy:latest \
--upstream=http://localhost:8080 \
--provider=azure \
--email-domain=homefully.de \
--cookie-secret=super-secret-cookie \
--client-id=$CLIENT_ID \
--client-secret="$CLIENT_SECRET" \
--http-address="0.0.0.0:8081" \
--redirect-url="http://localhost:8081/oauth2/callback" \
--login-url="https://login.microsoftonline.de/common/oauth2/authorize" \
--redeem-url="https://login.microsoftonline.de/common/oauth2/token" \
--resource="https://graph.microsoft.de" \
--profile-url="https://graph.microsoft.de/v1.0/me"
Related
I have recently upgraded my Airflow version from v1.10.6 to v2.2.3(Latest version). I created a user with role - User.
airflow users create \
--role User \
--username DEVUSER \
--firstname DEV \
--lastname USER \
--email my_email#gmail.com
Password is devairflowuser
I'm trying to Trigger a new Dag Run using the below curl command :
curl -X POST 'http://localhost:8083/api/v1/dags/handling_migrations_task_request/dagRuns' -H 'Content-Type: application/json' --user "DEVUSER:devairflowuser" -d '{
}'
But, I get 401 error Unauthorized:
{
"detail": null,
"status": 401,
"title": "Unauthorized",
"type": "https://airflow.apache.org/docs/apache-airflow/2.2.3/stable-rest-api-ref.html#section/Errors/Unauthenticated"
}
In airflow.cfg
auth_backend = airflow.api.auth.backend.basic_auth
But, with Admin credentials I'm able to trigger a new Dag run.
From this - https://airflow.apache.org/docs/apache-airflow/stable/security/access-control.html#user. I can see that Role-User can also create a Dag run
(permissions.ACTION_CAN_CREATE, permissions.RESOURCE_DAG_RUN)
Any help is appreciated. Thanks!
I have installed cardano-wallet using this documentation. Everything is OK, Just I don't know how to run it so I can have interaction with it via node js:
const { WalletServer } = require('cardano-wallet-js');
let walletServer = WalletServer.init('http://127.0.0.1:1337/v2');
async function test() {
let information = await walletServer.getNetworkInformation();
console.log(information);
}
test()
Does's anyone have an idea?
According to IOHK documentation, prior to running a server you have to run a node:
cardano-node run \
--topology ~/cardano/config/mainnet-topology.json \
--database-path ~/cardano/db/ \
--socket-path ~/cardano/db/node.socket \
--host-addr 127.0.0.1 \
--port 1337 \
--config ~/cardano/config/mainnet-config.json
And after that call a serve command with appropriate flags:
cardano-wallet serve \
--port 8090 \
--mainnet \
--database ~/cardano/wallets/db \
--node-socket $CARDANO_NODE_SOCKET_PATH
If you need more details, read my medium post.
you have to run cardano node in order query blockchain.
follow this article
https://developers.cardano.org/docs/get-started/cardano-wallet-js
you have to first download this file docker-compose.yml
wget https://raw.githubusercontent.com/input-output-hk/cardano-wallet/master/docker-compose.yml
then run your node either testnet or mainnet by this command
NETWORK=testnet docker-compose up
then you can able to connect with blockchain
ref - https://github.com/tango-crypto/cardano-wallet-js
Hey there I am trying to figure out why i keep getting this error when running the docker run command. Here is what i am running
docker run -p 127.0.0.1:2575:2575 -v ~/.config:/home/.config gcr.io/cloud-healthcare-containers/mllp-adapter /usr/mllp_adapter/mllp_adapter --hl7_v2_project_id=****** --hl7_v2_location_id=us-east1 --hl7_v2_dataset_id=*****--hl7_v2_store_id=*****--export_stats=false --receiver_ip=0.0.0.0
I have tried both ubuntu and windows with an error that it failed to connect and to see googles service authentication documentation. I have confirmed the account is active and the keys are exported to the config below
randon#ubuntu-VM:~/Downloads$ gcloud auth configure-docker
WARNING: Your config file at [/home/brandon/.docker/config.json] contains these credential helper entries:
{
"credHelpers": {
"gcr.io": "gcloud",
"us.gcr.io": "gcloud",
"eu.gcr.io": "gcloud",
"asia.gcr.io": "gcloud",
"staging-k8s.gcr.io": "gcloud",
"marketplace.gcr.io": "gcloud"
}
I am thinking its something to do with the -v command on how it uses the google authentication. Any help or guidance to fix, Thank you
-v ~/.config:/root/.config is used to give the container access to gcloud credentials;
I was facing the same for hours and I decided check the source code even I not being a go developer.
So, there I figured out the we have a credentials option to set the credentials file. It's not documented for now.
The docker command should be like:
docker run \
--network=host \
-v ~/.config:/root/.config \
gcr.io/cloud-healthcare-containers/mllp-adapter \
/usr/mllp_adapter/mllp_adapter \
--hl7_v2_project_id=$PROJECT_ID \
--hl7_v2_location_id=$LOCATION \
--hl7_v2_dataset_id=$DATASET_ID \
--hl7_v2_store_id=$HL7V2_STORE_ID \
--credentials=/root/.config/$GOOGLE_APPLICATION_CREDENTIALS \
--export_stats=false \
--receiver_ip=0.0.0.0 \
--port=2575 \
--api_addr_prefix=https://healthcare.googleapis.com:443/v1 \
--logtostderr
Don't forget to put your credentials file inside your ~/.config folder.
Here it worked fine. I hope helped you.
Cheers
I'm creating custom docker images for Google AI Platform Notebooks as documented in https://cloud.google.com/ai-platform/notebooks/docs/custom-container
But I can't find out how to update this docker image in the instance once it's created.
You can do it using the metadata.
Just to provide an example, create a Notebook instance from UI, or also from CLI:
gcloud compute instances create nb-container-1 \
--image-project=deeplearning-platform-release \
--image-family=common-container-notebooks \
--machine-type=n1-standard-1 \
--accelerator type=nvidia-tesla-t4,count=1 \
--maintenance-policy TERMINATE \
--metadata="proxy-mode=project_editors,install-nvidia-driver=True,container=gcr.io/deeplearning-platform-release/base-cu101:m49" \
--boot-disk-size 200GB \
--scopes=https://www.googleapis.com/auth/cloud-platform \
--zone=asia-southeast1-b
or
gcloud beta notebooks instances create nb-container-2 \
'--machine-type=n1-standard-1' \
'--container-repository=gcr.io/deeplearning-platform-release/base-cu101' \
'--container-tag=m49' \
'--accelerator-type=NVIDIA_TESLA_T4' \
'--accelerator-core-count=1' \
--install-gpu-driver \
'--location=europe-west3-a'
Once instance is created you can do the following:
Stop instance
Edit metadata to latest tag:
container=gcr.io/deeplearning-platform-release/base-cu101:latest
Start instance
I have been through lot of WildFly documentation in past day and so far I have failed to understand how a SMTP Handler could be added to WildFly logging sybsystem. This was very easy when JBoss used log4j but now there are hardly any documentation available.
Places I have already looked at:
https://docs.jboss.org/author/display/WFLY8/Logging+Configuration
There is support of using a Custom Log handler. as mentioned jira https://issues.jboss.org/browse/AS7-1438 but are there any examples available? can log4j SMTP handler be used here?
Is this the best solution available? https://developer.jboss.org/wiki/CreatingACustomLoggingHandlerInJBOSSAs710Final
How about this one with jboss-cli:
/subsystem=logging/custom-handler=LOG4J_SMTP:add( \
class="org.apache.log4j.net.SMTPAppender", \
module="org.apache.log4j", \
formatter="%-5p [%c] (%t) %s%e", \
level=INFO, \
properties={ \
From="jane.doe#gmail.example.com", \
LocationInfo=true, \
SMTPDebug=true, \
SMTPHost="smtp.gmail.com", \
SMTPPort=465, \
SMTPProtocol="smtps", \
SMTPUsername="jane.doe#gmail.example.com", \
SMTPPassword="***", \
Subject="error mail subject", \
To="jane.doe#icloud.example.com", \
BufferSize=256 })
For configuration details see:
http://logging.apache.org/log4j/1.2/apidocs/org/apache/log4j/net/SMTPAppender.html