I created a cloudfront and enable 'Origin Identity Access' (https://d118u7nzjnyfk4.cloudfront.net/Mt+Etna+Italy.jpg) but everytime I access it via browser I get below error. I checked online and it seems I have to use signin request. I'm newbie here so I will appreciate if you can enlighten on how to do this.
Error:
The request signature we calculated does not match the signature you provided. Check your key and signing method.
Related
So I'm trying to use 2 API's from our external data source, an organization that solely focuses on delivering data to customers (me).
They have 2 different API's:
A login API: this API is called with basic authentication (username and password) and will provide a bearer token
An API to extract data and manage filters (this API will require the bearer token acquired through the login API)
Important notes:
The login API requires a self-signed certificate, I have created a certificate on my PC using openSSL and shared the public key with the external data source.
I uploaded the .pfx file in Azure (however i cannot set the domain or port number, this seems to be an issue, I can do this in Postman but can't seem to find it in Azure)
The data source confirmed that the certificate is valid and I am able to use the certificate in Postman but only if i set the correct hostname and also the correct port number (Else i get a TLS error in Postman)
Everything is working as it should in Postman (I can call the Login API and i can use the bearer token to access and download the data using a json file made for postman that i received from the data source organization)
I uploaded the .pfx certificate in Azure using AppServices > TLS/SSL settings and upload the private certificate, however the hostname it says here is my own database name (I am not sure if this is correct, in Postman i set the hostname when i upload the certificate to be the hostname of our data source with the needed port number)
I tried making a web call in Azure Datafactory, here i've used the correct URL i also use in Postman to access the login API and selected basic authentication and filled in the credentials
However when i try to debug pipeline (only the login web call) it gives the following error:
Error code 2108
Troubleshooting guide
Failure type User configuration issue
DetailsError calling the endpoint '[LINK i put with portnumber, which is correct]'. Response status code: 'NA - Unknown'. More details: Exception message: 'NA - Unknown [ClientSideException] An error occurred while sending the request.'.
Request didn't reach the server from the client. This could happen because of an underlying issue such as network connectivity, a DNS failure, a server certificate validation or a timeout.
Source
Pipeline
Punctuality
Am i looking in the wrong direction for this kind of data retrieval? is something going wrong with the certificate? I can't seem to find where i can set the correct hostname and port number (Like i can in Postman when uploading the certificate in .pfx format) Should I use API Management Service rather than Data Factory to make the API call to the external data source?
Select the authentication method as Client Certificate in web activity settings.
Specify base64-encoded contents of a PFX file in Pfx.
I am trying to authenticate my Azure Web App. Follow this doc
In my Azure Portal, I've selected "Authenticate / Authorization" for my Web App.
After I configure my Microsoft Account Authentication Settings with Client ID/Key from the App Registration page, I save the settings page and I'll see an error:
The errors says:
Failed to save Auth Settings for WebApp App:
{"Code":"Conflict","Message":"Cannot update the site 'WebApp' because
Authentication / Authorization was configured with an invalid issuer
URL ''. The URL must be well-formed, absolute, and use the HTTPS
scheme.","Target":null,"Details":[{"Message":"Cannot update the site
'WebApp' because Authentication / Authorization was configured with an
invalid issuer URL ''. The URL must be well-formed, absolute, and use
the HTTPS
scheme."},{"Code":"Conflict"},{"ErrorEntity":{"ExtendedCode":"04530","MessageTemplate":"Cannot
update the site '{0}' because Authentication / Authorization was
configured with an invalid issuer URL '{1}'. The URL must be
well-formed, absolute, and use the HTTPS
scheme.","Parameters":["WebApp",""],"Code":"Conflict","Message":"Cannot
update the site 'WebApp' because Authentication / Authorization was
configured with an invalid issuer URL ''. The URL must be well-formed,
absolute, and use the HTTPS scheme."}}],"Innererror":null}
I'm not sure what's the "invalid issuer URL" the issue is referring to.
This issue is not a general issue. This article is absolutely correct.
So I suggest you try to use another location to deploy your Web App and configure the Applicaiton again.
Also, this issue should be temporary, I have reported this.
Hope this helps!
I'm on the App Service team. This is a known issue which we are working to address - the behavior should be temporary. Our apologies for any issues this has caused.
I do not recommend the solution of moving to another region, as this is not guaranteed to work, and sites that do see resolution in this way may break again.
Please find our recommended workaround instructions in my response to this forum post.
For me it worked to add AAD as an auth provider with the default setting even though I'm not using it. I was then able to save my Facebook auth settings. This is a temporary workaround.
This answer from this discussion. Edit field "issuer" not working for me.
I am trying to access azure resource manager through rest and part of the process is to provide an authorization header. I have been able to successfully retrieve the token by using adal library.
I can use either https://management.core.windows.net/ or https://management.azure.com/ as the resource URL to get the token. What is the difference between two ?
I also would like to understand the difference between login.microsoftonline.com/ and https://login.windows.net/ as the authority URL
I can use either https://management.core.windows.net/ or
https://management.azure.com/ as the resource URL to get the token.
What is the difference between two ?
management.core.windows.net is the endpoint for Azure Service Management REST API while management.azure.com is the endpoint for Azure Resource Manager REST API.
I also would like to understand the difference between
login.microsoftonline.com/ and https://login.windows.net/ as the
authority URL
Both of them are essentially the same but it is recommended that you use login.microsoftonline.com as login.windows.net redirects to that. So if you use former, you're saving on one redirect. However it is recommended that you start using former. Please read this blog post for more details: https://blogs.technet.microsoft.com/enterprisemobility/2015/03/06/simplifying-our-azure-ad-authentication-flows/.
I have scenario where we use Thinktecture Identity Server (IdSrv) as both an R-STS and a IP-STS, as well as a O365 / WAAD tentant as an additional IP-STS. The user choose which Identity Provider to use via the Home Realm Discovery functionality in IdSrv.
Now, implementing a unified WS-Federation wsignout from the RP, is difficult, since I can't get the signout process to work properly against WAAD (Against the Thinktecture IP-STS it works fine);
Sorry, but we're having trouble signing you out.
We received a bad sign-out request.
If you wish to sign-out, please click the following link.
ACS20028: The requested redirection URL is invalid.
Well, the wreply URL parameter points to the RP, which the WAAD instance has no knowledge of.
If I try to follow the Sign-Out link, I get
Sorry, but we're having trouble signing you out.
We received a bad request.
ACS20026: The wtrealm parameter is missing or incorrect.
I've tried to modify the URL directly so that its wreply points to the IdSrv (which really is an RP of the WAAD), but I can't get it to work.
Has anyone gotten this to work?
I implemented OAuth 2.0 Provider layer so all communication between my server and
IBM-Connections server happens with proper OAuth token.
I followed the steps mention in below mention URL:
http://www-10.lotus.com/ldd/lcwiki.nsf/dx/Building_Embedded_Experience_gadgets_for_third-_party_IBM_Connections_Activity_Streams
Request is coming to my server (after clicking on the gadget mention on above URL)
https://?client_id=853e738c8f514ea0b0beb03c538df1e4&redirect_uri=https%3A%2F%2FBLTCon4Gold1.actiance.local%3A9444%2Fconnections%2Fopensocial%2Fgadgets%2Foauth2callback&response_type=code&scope=read_stream%2Cpublish_stream&state=WcSdxX0BvPkwiOli2VFnlsIWEWzAprpT6DW2I9RXEjDtUpD-faNVQkYvLb1AcgX3Z3njZg0qPPZjd5XMT7ENQSYiBr1thpOiUlLzYKkmt5-2qG304QgYEpWE8csezSIJ-4qHiFFeGbJpILbgzUw7DBoNMVMPcF-OfMbZ5orqgKwBCCajFVKdgQeukivSq4r3hBFY89lgto4co_dacDR1Dt7AWDM
After user credential validation, OAuth provider layer is redirecting the request to call back URL with code and state as query parameter:
https://bltcon4gold1.actiance.local:9444/connections/opensocial/gadgets/oauth2callback?code=477885dfb80644958cd4bae049bc2b9f&state=WcSdxX0BvPkwiOli2VFnlsIWEWzAprpT6DW2I9RXEjDtUpD-faNVQkYvLb1AcgX3Z3njZg0qPPZjd5XMT7ENQSYiBr1thpOiUlLzYKkmt5-2qG304QgYEpWE8csezSIJ-4qHiFFeGbJpILbgzUw7DBoNMVMPcF-OfMbZ5orqgKwBCCajFVKdgQeukivSq4r3hBFY89lgto4co_dacDR1Dt7AWDM
Response shows http status code 200.
But the Problem is IBM-Connection server is not making further call for request Token.
Please advise me.
check your systemout.log for PXIX or other SSL errors
if you are using a self signed certificate, you should import the key into the trust store.
Login to your Deployment Manager
Go to Security > SSL certificate and key management
Click on Key stores and certificates
Select CellDefaultTrustStore
Click Signer Certificates
Click Retrieve from port
Give it a name localhttp
type in the ip:port
click retrieve from port
you can also turn on trace in your deployment manager