Connecting with the Azure SFTP ApiApp Connector - azure

I have been playing around with the Azure SFTP connector for API Apps and Logic Apps (under the new preview site (portal.azure.com)) but have not had much luck getting it to work.
The Connector requires the following package settings to be set: ServerAddress, ServerPort, SSH Server HostKey, Root Folder, Accept Any SSH Server HostKey (bool), and Encrypt Cipher. It does not ask for a user name, and after activating the API app and attempting to use it I get the expected response of HTTP 400 with:
[
"User Name Value cannot be null, empty, or cannot contain only white-space characters."
]
The Swagger api definition does not define any way to pass in the username and I cannot see anyway to define it in the connector settings, does anyone know how to set the username?

You can configure the user and pass at the security component in your App API panel, select it an then you can set the user and password.
Check this url for more info: http://azure.microsoft.com/en-gb/documentation/articles/app-service-logic-connector-sftp/

Related

Domino App Service Pack Installation , failed to startup IAM services as tutorial

I had Configure the Domino Credential Store.
I had modified the Domino Proton Server settings that enable client authentication.
I created the Vault ID.
I created the IAM-store.nsf from template with error message.
Error executing agent 'DeleteExpiredDocs' in 'iam-store.nsf'. Agent signer 'Domino Template Development/Domino': You are not authorized to perform that operation
I gave the IAM's functional ID access to the database.
I installed the IAM services for domino with the following message.
result screen of install domino-iam-service-2.2.0.tgz
Since I would like to config the iam-services for my testing server.
I select to setup the pilot mode.
According to the tutorial, https://doc.cwpcollaboration.com/appdevpack/docs/en/iam_landing_page.html
I could access the demo database, with anonymous setting of proton server.
C:\src\domino-db\package>npm run ptest -- read serv.org.com:3003/App\node-demo.nsf -q "Form = 'Contact' and LastName = 'Moody'"
read the content of demo database
Config the pilot mode successfully.
What is doing wrong?
Error, when try to startup pilot mode of IAM Service
I have put all the certificates to the folder config/certs,
in which the certificates are created by create_certs.cmd from the tutorial.
And I have convert the ca.crt into ca.pem.
Besides, I also put the keys created by ProtonCA into the config/certs.
Keys created by ProtonMicroCA
According to the tutorial, I modified the make_certs.cmd as the following:
make_certs.cmd
the certificates are posted to the config/certs directory
I'm not sure about your complete setup, a support ticket would help us diagnose this better. There should be a ca folder in the config/certs directory that contains any root certs you're using (like the ca.pem you have)

Db2 (Warehouse) on Cloud: How to use APIKEY or ACCESSTOKEN to connect from CLP?

I have an instance of Db2 on IBM Cloud. I would like to use my local CLP to connect to it. I set everything up to be able to connect using a username and password. Now, however, I would like to make use of either an APIKEY or ACCESSTOKEN as documented.
My attempts result in either
SQL30082N Security processing failed with reason "25" ("CONNECTION
DISALLOWED"). SQLSTATE=08001
or
SQL30082N Security processing failed with reason "24" ("USERNAME
AND/OR PASSWORD INVALID"). SQLSTATE=08001
I have successfully create an APIKEY and also was able to generate an access token using that API key. But what is needed to connect?
connect to clouddb ACCESSTOKEN "my long token here"
It was a matter of the right setup and correct steps:
IAM support only works with SSL connections
for SSL, I had to use the right port number (50001) and keywords (security ssl) when cataloging the node and database
my Db2 client required additional setup for GSKit and encryption key database
I wrote up a blog post with all the steps and a collection of error message on how to setup a Db2 client to authenticate using either API key or access token. Basically, it is to catalog the server:
db2 catalog tcpip node Db2oCfra remote db2host-fra02-xxx.services.eu-de.bluemix.net
server 50001 security ssl
Then catalog the database:
db2 catalog db bludb as fradb at node db2ocfra
Thereafter, connect:
db2 connect to fradb APIKEY myIBMCloudplatformApiKey
There might be additional steps in order to install GSKit and properly configure SSL support.

Box - Webhook v2 - 403 Forbidden with Box CLI

I am trying to create a Webhook V2 associated to a folder with the Box CLI (Powershell) but I return this error:
Unexpected API Response [403 Forbidden | wncdt6fz7hr7j3tk] access_denied_insufficient_permissions - Access denied - insufficient permission
I follow these steps:
Create a Custom App with OAuth 2.0 with JWT Authentication
Set Enterprise as Application Access.
Enable/Check all Application Scopes options.
Activate Perform Actions As Users and Generate User Access Token at Advanced Features.
Generate a Public/Private Keypair and download the JSON to set in my Box CLI.
Authorize the custom application using the Client ID at Admin Console.
At Box CLI, create the environment with the JSON configuration downloaded at step 5. Set that environment as default.
Get the Token to use to create the Webhook with the following command:
box tokens:get --user-id $user_number
Create the Webhook:
box webhooks:create folder test_lab -T FILE.UPLOADED -a http://test-lab.us-e2.cloudhub.io/lab -t e66kxXI1MyGtXTs7888uy8hutPrreH9R
When I try to create it, returns the 403 Forbidden error. What can I need to solve the permissions problem?
In order to set Box Webhook endpoints you need to set the url as https and not http
Can you give that a try?

High Trust S2S Provider Hosted App with "App + User" Policy

I am relatively new to sharepoint app development.
Trying to create a on premises, High Trust provider hosted app with App + User Policy. I have followed below document to create a demo.
https://msdn.microsoft.com/library/office/fp179901(v=office.15)
http://blogs.msdn.com/b/russmax/archive/2014/06/23/part-1-intro-to-provider-hosted-apps-setup-the-infrastructure.aspx
I am facing few issue and I have some question to clarify, if anybody can help.
1) When I inspect my request in dev tools, it give me below form data.
SPAppToken:
SPSiteUrl:
SPSiteTitle:Home
SPSiteLogoUrl:
SPSiteLanguage:en-US
SPSiteCulture:en-US
SPRedirectMessage:EndpointAuthorityMatches
SPErrorCorrelationId:f069e89c-a0cd-20ce-a1c0-7db95db0334b
now when i inspect log with above corelation id, i am finding below errors.
-- Error when get token for app i:0i.t|ms.sp.ext|ab8ff461-bc75-4516-b475-b666ac47eec0#802f23e1-6e11-45d1-909c-07a7b0ab0ce2,
exception: Microsoft.SharePoint.SPException: The Azure Access Control
service is unavailable.
-- App token requested from appredirect.aspx for site: 92bfe5c4-7255-4b09-a89a-07e0e2b03622 but there was an error in
generating it. This may be a case when we do not need a token or when
the app principal was not properly set up.
-- Getting Error Message for Exception Microsoft.SharePoint.SPException: The Azure Access Control service is
unavailable.
a) I belive in high-trust app it shouldn't look for Azure ACS.
Is this error because of some incorrect configuration?
b) SPAppToken is null here. Is it null always in case of hig trust app?
2) Say I am logged into sharepoint with User A and trying to launch sharepoint app.
Within app code I want to get identity of logged in user(which is A). From below code i found that Request.LogonUserIdentity gives me identity of user A. But how can we sure that request is came from sharepoint only. I can copy the same app URL and paste in browser window and login with window credential and get the same result. So question is how can I verify if its legitimate request came from sharepoint only and no one is faking request.
ALos, when I inspect request in dev tools, its passing Authorization key in request header. What is use of this?
using (var clientContext = TokenHelper.GetS2SClientContextWithWindowsIdentity(hostWeb, Request.LogonUserIdentity)) { clientContext.Load(clientContext.Web, web => web.Title); clientContext.ExecuteQuery(); Response.Write(clientContext.Web.Title); }
3) Also what happens if my app doesnt support windows authentication and only support FBA, is there any way to get user identity in this case?
Any help would be much appreciated.
Thanks
For issue #1: It looks to me that the step # 9 (Configure authentication settings) in this section (from the first MSDN article you have referred) was missed, i.e., 'ACS Control service' was selected instead of 'Use a Certificate' option.
For issue #2: There are helper methods in TokenHelper.cs to validate the AccessToken from the HttpRequest, which identifies the validity of the request.

Web service authentication issue - using openam j2ee agent 3

I am new to openAM. I am trying to use openAM (954) to secure my web service using J2EE agent 3.0. I have deployed my webservice (using CXF) on Glass fish 3.1.x.
I have created necessary configuration given in URL http://docs.oracle.com/cd/E19575-01/820-4803/ghuqg/index.html
I want to authenticate using user id and password. I am passing this information (userid/password) using SOAP header. But when I try to access my web service in browser it gives access forbidden message.
Are there any additional configurations required? Please let me know, I am not able to find any other information on this anywhere.
Following is the request we are sending. I am not sure about UsernameToken wsu:Id whether it is correct? How do we get this value from OpenAM dynamically at each time when we send the request.
<wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="HTTPdocs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<wsse:UsernameToken wsu:Id="UsernameToken-27777511" xmlns:wsu="HTTPdocs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsse:Username>amadmin</wsse:Username>
<wsse:Password Type="HTTPdocs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">Amit4001</wsse:Password>
</wsse:UsernameToken>
</wsse:Security>
<demo:greetPerson>
<!--Optional:-->
<arg0>Ashish</arg0>
</demo:greetPerson>
Please help me solve this issue.
I want to authenticate using user id and password. I am passing this information (userid/password) using SOAP header. But when I try to access my web service in browser it gives access forbidden message.
I'm currently struggling to learn OpenAM as well and I think your specific problem is that you have not yet set up a policy (not a policy agent) after users have successfully authenticated.
If you haven't try the following steps:
Navigate to Access Control -> YourRealm -> Policies -> New Policy
Name: yourpolicyname
Rules (click new):
Name: URLPolicy
Resource Name: http:// your-webservice-url/*
Check allow get and post
Name: GetUrlPolicy
Resource Name: http:// your-webservice-url /* ? *
Check allow get and post
Subjects (click new)
Type = OpenAM Identity Subject
Name: UserAccess
Add users you want to be able to authenticate
You have to add in the * ? * if you have any GET parameters in your web page.
Hope that helps, I know the documentation around is terrible.
For your agent policy, in the Global tab: General section > Agent Filter Mode, remove ALL and add SSO_ONLY (leave Map Key blank and Map Value as SSO_ONLY). Note that this configuration isn't hot-swappable, so OpenAM has to be restarted to apply.
Here is a procedure for installing the agent on the server you want to protect:
http://openam.forgerock.org/openam-documentation/openam-doc-source/doc/jee-install-guide/index/chap-glassfish.html
Here is a good procedure for configuring the agent policy centrally on the OpenAM server:
http://openam.forgerock.org/openam-documentation/openam-doc-source/doc/admin-guide/index/chap-agents.html#create-agent-profiles
You might want to also control which URIs (webapps) to protect instead of the entire website. To do that, in the agent policy:
Application tab: Not Enforced URI Processing section > add the URI to protect, for example: /application1/*
Application tab: Not Enforced URI Processing section > check the "Invert Not Enforced URIs" checkbox so that it will actually enforce the "Not Enforced URI" values

Resources