Hybris multi-tenant exception - sap-commerce-cloud

I want to build a multi-tenant application with different store and database for each slave tenant. I followed the instructions here: https://wiki.hybris.com/display/release5/Multi-Tenant+Systems , but when I try to open the slave tenant store - ge.telco.local:9001/getelcostorefront - , I have this exception:
Given current tenant is master but returned servlet context related web context (Root WebApplicationContext - /getelcostorefront: startup date [Mon May 04 14:43:24 EEST 2015]; parent: hybris Application context - ge) is attached to other tenant ge
tenant_ge.properties:
website.telco.http=ge.telco.local:9001 website.telco.https=ge.telco.local:9002
telcostorefront.webroot=/getelcostorefront storefrontContextRoot=/getelcostorefront
How can I call telcostorefront from the slave tenant context?
Thanks!

I Believe Multi-Tenant has been Deprecated in Hybris Version 5.+.

Related

Access ADLS2 from PowerBI service with Guest user credentials

I've tried to give access to an Active Directory external user (with Guest type). ADLS2 enables to use of such users for RBAC or ACL tables.
But when I tried to access ADLS2 as a guest user from the Power BI service I've got an error:
"The credentials provided for the AzureDataLakeStorage source are invalid.":
Failed to update data source credentials: The credentials provided for the AzureDataLakeStorage source are invalid. (Source at https://hasodl2westeurope.dfs.core.windows.net/mycontainer/samplefolder.)
Hide details
Activity ID: 269cbc1b-c50a-4078-a408-6f64246d0a19
Request ID: caabe243-c75a-5507-1610-88cc41b19ae6
Status code: 400
Time: Thu Jan 09 2020 12:27:37 GMT+0200 (Eastern European Standard Time)
Service version: 13.0.11747.315
Client version: 1912.2.031
Cluster URI: https://wabi-west-europe-b-primary-redirect.analysis.windows.net/
Is this behavior a bug or a feature?
Is a way to access ALDS2 as a Guest user?
ADLS only supports AD users from the same tenant, not guest users - source.

Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'. - MSI ( managed identity )

I have followed this tutorial to secure Azure SQL Database connection from App Service using a managed identity.
Everything is working as expected in Azure, but when I am trying to debug the code locally I am getting below error message while opening the connection.
Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'.
I found few references where they have mentioned we can use 'Azure Service Authentication' extension to debug locally.
I have logged into my Azure account in 'Azure Service Authentication' extension. But, still I am getting the error.
public IActionResult GetData()
{
var result = "connection opened.";
var test = config.GetSection("ConnectionStrings")["MyDbConnection"];
SqlConnection sql = new SqlConnection();
sql.ConnectionString = test;
sql.AccessToken = (new AzureServiceTokenProvider()).GetAccessTokenAsync("https://database.windows.net/").Result; //No issues while fetching the token.
try
{
//Getting exception here when running locally...
//Same code is working in Azure Webapp.
sql.Open();
}
catch (Exception ex)
{
result = $"Error : {ex.Message}";
}
finally
{
if ( sql != null && sql.State == System.Data.ConnectionState.Open )
{
sql.Close();
}
}
return Ok(result);
}
Other Details:
Visual Studio 2019 Community - Version 16.1.0 Preview 3.0
.NET Core 2.2
UPDATE 1:
This post talk about connectionString parameter for AzureServiceTokenProvider class. I tried providing RunAs=Developer; DeveloperTool=VisualStudio value for connectionString but still facing same issue.
Got below answer on Microsoft forum
Hello Hemant
I can see from the screenshot that you are logged in to Visual Studio with your Live ID.
Is the database created in a tenant associated with a work account?
Which user is set as AAD Admin on the Azure SQL Server?
The user account with which you are logged in to VS should be added as a user on the database for the authentication to work.
Alternatively, in the same article the you referenced, there is a section that talks about creating an AAD group and granting appropriate permissions.
You can add your user to the AAD group as well.
Please let us know if you have further questions.
Proposed as answer by Kalyan Chanumolu-MSFTMicrosoft employee, Moderator Wednesday, May 22, 2019 3:55 AM
Marked as answer by Hemant.Shelar Wednesday, May 22, 2019 4:22 AM
Wednesday, May 22, 2019 3:55 AM
Note: I was able to get it done by creating AAD group and granting appropriate permissions.
UPDATE 1:
I have followed below steps to get it work. Let me know if there exists any other possible solution
Created a AAD group e.g. 'hemantdotnetcore1'
Add users to this group ( generally these users will be developers
in DEV environment who want to access the database during
development )
Navigate to the SQL server instance and set 'Active Directory
admin'. In this example I have added 'hemantdotnetcore1' as a
active directory admin.
In visual studio navigate to 'Azure Service Authentication' and
log in with any one user who is part of group 'hemantdotnetcore1'
which is my Azure Active Directory Admin'
Now I can use below toke to open connection with the SQL Server.
sql.AccessToken = (new AzureServiceTokenProvider()).GetAccessTokenAsync("https://database.windows.net/").Result;

Trying to get AAD and Azure SQL Authentication Working

I'm trying get integrated authentication working between my app, and azure SQL. The app is running on a VM that is joined to an Azure AD domain (Domain Services) on IIS.
I have followed this official MS document on setting up auth:
https://learn.microsoft.com/en-us/azure/sql-database/sql-database-aad-authentication-configure (Note - we are not using managed instances for SQL).
1) The admin group has been added via the portal
2) The contained database user (also part of the admin group) has been created, per the doc.
3) The IIS application pool is running as the same user as well.
Attempts to connect to the site return this error:
[AdalException: Integrated Windows authentication supported only in federation flow.]
ADALNativeWrapper.ADALGetAccessToken(String username, IntPtr password, String stsURL, String servicePrincipalName, ValueType correlationId, String clientId, Boolean* fWindowsIntegrated, Int64& fileTime) +829
System.Data.SqlClient.<>c__DisplayClass2_0.<AcquireTokenAsync>b__0() +132
System.Threading.Tasks.Task`1.InnerInvoke() +121
System.Threading.Tasks.Task.Execute() +47
[AggregateException: One or more errors occurred.]
System.Threading.Tasks.Task.ThrowIfExceptional(Boolean includeTaskCanceledExceptions) +4323177
System.Threading.Tasks.Task`1.GetResultCore(Boolean waitCompletionNotification) +12865803
System.Threading.Tasks.Task`1.get_Result() +33
System.Data.SqlClient.<>c__DisplayClass134_1.<GetFedAuthToken>b__0() +39
System.Threading.Tasks.Task`1.InnerInvoke() +121
System.Threading.Tasks.Task.Execute() +47
[AggregateException: One or more errors occurred.]
Our web.config is using this as a connection string:
name="LocalSqlServer" connectionString="Server=tcp:XXXXX;Initial Catalog=XXXXX;Persist Security Info=False;MultipleActiveResultSets=False;Encrypt=True;TrustServerCertificate=False;Authentication='Active Directory Integrated';" />
We're hoping to be able to remove any mention of plain-text passwords within our web.config, and azure authentication should be able to provide that.
Any help would be appreciated!
EDIT:
In an attempt to start fresh, I migrated the application to another fresh Azure VM. This time, the process initially lead to this error:
Unable to load adalsql.dll (Authentication=ActiveDirectoryPassword). Error code: 0x2.
After installing the .dll, it then leads me to the same error I posted above. Not sure if this initial error could shed some light on the underlying problem.
The error message is "Integrated Windows authentication supported only in federation flow"
From the portal, if you select "Azure Active Directory" and then select "Custom Domain names"
Do you have a single line on the list with "Primary" Selected?
If that is the case, you could try adding a new custom domain, mark that as federated and then use a user from that domain for the integrated authentication.
Recheck if the VM is on-premise or on-cloud because if your machine is on-prem and it is a joined AD, you should see it as a device in Azure Active Directory. Otherwise, when the machine is not integrated with ADFS, you will end up with the exception message "Integrated Windows authentication supported only in federation flow".
There are two possibles solutions:
- Integrate the machine into ADFS
- Use Active Directory Password with a valid account on Azure Active Directory.
In my scenario, I couldn't move the machine so I use an AD account.

Credentials manager for Azure Data Factory not working

Good day!
I am working on moving files via Azure Data Factory from on-prem file store and/or ftp site to Azure Blob storage using Copy Data activity. When setting security access, I am using credential manager. However, when clicking 'Set credential' a string 'Preparing...' shows for a split moment, and then nothing happens and box is left blank. What is exactly credentials manager? Is is a separate application, which needs to be installed or Windows credentials manager available via Administrative tools? I used IE for this. In Chrome it tries to install ClickOnce app, which fails to install with this error log (googling it reveals nothing). Does anyone know the solution?
IDENTITIES
Deployment Identity : CredentialsManager.application, Version=1.1.6273.1, Culture=neutral, PublicKeyToken=c3bce3770c238a49, processorArchitecture=msil
APPLICATION SUMMARY
* Online only application.
* Trust url parameter is set.
ERROR SUMMARY
Below is a summary of the errors, details of these errors are listed later in the log.
* Activation of C:\Users\YToropov\Downloads\CredentialsManager.application resulted in exception. Following failure messages were detected:
+ Deployment and application do not have matching security zones.
COMPONENT STORE TRANSACTION FAILURE SUMMARY
No transaction error was detected.
WARNINGS
There were no warnings during this operation.
OPERATION PROGRESS STATUS
* [4/5/2017 5:50:08 AM] : Activation of C:\Users\YToropov\Downloads\CredentialsManager.application has started.
* [4/5/2017 5:50:08 AM] : Processing of deployment manifest has successfully completed.
* [4/5/2017 5:50:08 AM] : Installation of the application has started.
ERROR DETAILS
Following errors were detected during this operation.
* [4/5/2017 5:50:08 AM] System.Deployment.Application.InvalidDeploymentException (Zone)
- Deployment and application do not have matching security zones.
- Source: System.Deployment
- Stack trace:
at System.Deployment.Application.DownloadManager.DownloadApplicationManifest(AssemblyManifest deploymentManifest, String targetDir, Uri deploymentUri, IDownloadNotification notification, DownloadOptions options, Uri& appSourceUri, String& appManifestPath)
at System.Deployment.Application.ApplicationActivator.DownloadApplication(SubscriptionState subState, ActivationDescription actDesc, Int64 transactionId, TempDirectory& downloadTemp)
at System.Deployment.Application.ApplicationActivator.InstallApplication(SubscriptionState& subState, ActivationDescription actDesc)
at System.Deployment.Application.ApplicationActivator.PerformDeploymentActivation(Uri activationUri, Boolean isShortcut, String textualSubId, String deploymentProviderUrlFromExtension, BrowserSettings browserSettings, String& errorPageUrl)
at System.Deployment.Application.ApplicationActivator.ActivateDeploymentWorker(Object state)
COMPONENT STORE TRANSACTION DETAILS
No transaction information is available.
You may need to clean this folder and try again by using IE11.
C:\Users{account}\AppData\Local\Apps\2.0
if it still not work, you may need to reset the internet options.
Instead of trying to use the credentials manager, can I suggest you create your data factory in Visual Studio. Then simply deploy it to Azure with different sets of configuration files.
Check out this blog post on how.
https://www.purplefrogsystems.com/paul/2017/01/using-azure-data-factory-configuration-files/
This way credentials do not need to be copied into any portal blades and can be handled using other tools. Plus source controlled.
The JSON strings will also be masked if viewed via the Author and Deploy blade.
Plus any changes can be dealt with locally and your on prem linked service in ADF just redeployed.
Hope this helps.
The credential manager is a .NET ClickOnce application running on your OnPrem machine. When using the credential manager to set the username/password, it directly talks to the Gateway so there is no username/password data transfer over the wire. If you use "by web browser" option, the encrypted username/password will be transferred over the wire with a post request and then gets pushed to Gateway. In both options credentials are encrypted, but the Credential Manages saves the roundtrip through public network.
The reason why you get this error is because Chrome by default does not support the .NET ClickOnce application. It should work if you are using IE or Edge.
For this to work on Chrome, you can add an extention to enable ClickOnce application support in Chrome, like the below one
https://chrome.google.com/webstore/detail/meta4-clickonce-launcher/jkncabbipkgbconhaajbapbhokpbgkdc?hl=en
Solution: Clear the oneClick cache and try to install the application again. Here is the way to clear oneClick cache
From command line run: rundll32 dfshim CleanOnlineAppCache
If it doesn’t work, delete the real folder:
Windows Vista/7/8/10
C:\users[username]\AppData\Local\Apps\2.0\
Windows XP/2003
C:\Documents and Settings\username\LocalSettings\Apps\2.0\
for more information, you can look at this. it may be helpful.
http://codeketchup.blogspot.sg/2013/06/how-to-fix-deployment-and-application.html
======================================================
security zone

Application with identifier 'xxxx' was not found in the directory devlaundry.onmicrosoft.com

I am new in Azure. I am trying to create a desktop application like https://github.com/Cecildt/angular2-O365-desktop-app
Done Azure AD application Registration, then when I executed the command 'npm start' the Electron application is getting loaded and asked to sign in. While signing it it is showing the below error
Sorry, but we’re having trouble signing you in.
We received a bad request.
Additional technical information:
Correlation ID: 6e7a1536-861e-4919-8193-d7568c5f6a37
Timestamp: 2017-01-24 07:16:49Z
AADSTS70001: Application with identifier '41cs69e2-3912-4a4c-9e19-3198dfdefae8' was not found in the directory devlaundry.onmicrosoft.co
Am I missing something in settings? Please help

Resources