My jdbcRealm has somehow gotten deleted by magic from GlassFish. Now when I try to add it back in, I get the following error.
SEVERE: SEC1111: Cannot load group for JDBC realm user [admin].
WARNING: WEB9102: Web Login Failed: com.sun.enterprise.security.auth.login.common.LoginException: Login failed: Security Exception
WARNING: Exception
com.sun.enterprise.security.auth.login.common.LoginException: Login failed: Security Exception
at com.sun.enterprise.security.auth.login.LoginContextDriver.doPasswordLogin(LoginContextDriver.java:394)
Based on the other answers I've seen on here, the culprit is usually a reserved word being used as a column name but this doesn't seem to be the problem in my case (see screenshot below). We recently had some database model changes so I had to reconfigure the mappings for roles to groups in web.xml and glassfish-web.xml. There are five roles and they are a 1:1 mapping between users.
Related
Am trying to configure the latest ariflow 1.10.10 with the new RBAC UI, wanted it to be single sign on.
tried the DB/LDAP options but this required user id/password to login.
trying to set up REMOTE_USER but not able to find good documentation or examples on how get it working.
enabled the below setting the airflow_webserver.cnfg file
AUTH_TYPE= AUTH_REMOTE_USER
and enabled kerberos in core section on airflow.cnfg file, when restarted the webserver it gives the below error
{decorators.py:113} WARNING - Access is Denied for: can_index on: Airflow
need help to resolve this .
When I first tried to access the UI without logging in (i.e. as a Public user), I got the {decorators.py:113} WARNING - Access is Denied for: can_index on: Airflow. Adding can_index to Public role should allow the UI to load so you can then log in. I'm unfamiliar with using a REMOTE_USER, but I imagine adding similar permissions to a role and assigning it to the REMOTE_USER would help.
I' am trying to set LDAP Auth on Pet Store REST API in IBM App Connect v11.0.0.6 In order to do so, I have followed this guide:
Creating a security profile for LDAP
I made a BAR file out of my "pet" REST API, deployed policy to the same Integration Node, then in flow properties tried to pick my ldapPolicy but it was not present. When I enter it manually and deploy I end up with this error:
Begin running task [Deploying [pet.bar] to integration server [InteriorIntegration]]
The BAR file C:/WorkDir/workspace/pet/pet.bar has been deployed to InteriorIntegration but there were one or more failures which may mean the deployed resources will be unable to execute.
The following message was received:
BIP9339W: The values defined in the policy(s) 'ldapPolicy' in policy project 'ldapTest' match the values of the existing policy(s). Any deployed resources using the policy(s) will not be affected by the redeploy of the policy project.
BIP4761E: The message flow attempted to use 'SecurityProfiles' policy 'ldapPolicy', which has not been defined in the integration server.
BIP9320E: Message Flow 'gen.pet', 'gen.pet' encountered a failure and could not start.
BIP4761E: The message flow attempted to use 'SecurityProfiles' policy 'ldapPolicy', which has not been defined in the integration server.
BIP4761E: The message flow attempted to use 'SecurityProfiles' policy 'ldapPolicy', which has not been defined in the integration server.
BIP9320E: Message Flow 'gen.pet', 'gen.pet' encountered a failure and could not start.
BIP4761E: The message flow attempted to use 'SecurityProfiles' policy 'ldapPolicy', which has not been defined in the integration server.
BIP9333W: RestAPI 'pet' has been changed but contains errors which has prevented some resources from starting.
BIP1096E: The source 'pet.bar' has been deployed but there were one or more failures which may mean the deployed resources will be unable to execute.
The task did not complete successfully: The deployment was partially successful. Check error messages for explanation.
And here is my Policy XML:
<?xml version="1.0" encoding="UTF-8"?>
<policies>
<policy policyType="SecurityProfiles" policyName="ldapPolicy" policyTemplate="SecurityProfiles">
<authentication>LDAP</authentication>
<authenticationConfig>ldap://example.com:389/ou=example</authenticationConfig>
<mapping>NONE</mapping>
<mappingConfig></mappingConfig>
<authorization>LDAP</authorization>
<authorizationConfig>ldap://example.com:389/ou=example</authorizationConfig>
<propagation>false</propagation>
<idToPropagateToTransport>Message ID</idToPropagateToTransport>
<transportPropagationConfig></transportPropagationConfig>
<keyStore>Reserved for future use</keyStore>
<trustStore>Reserved for future use</trustStore>
<passwordValue>PLAIN</passwordValue>
<rejectBlankpassword>true</rejectBlankpassword>
</policy>
</policies>
What am I missing?
Note:
BIP9339W: The values defined in the policy(s) 'ldapPolicy' in policy project 'ldapTest' match the values of the existing policy(s). Any deployed resources using the policy(s) will not be affected by the redeploy of the policy project.
EDIT:
I think the above error occurs because ldapTest is already deployed (?). If so then why I cannot choose this policy in security profile dropdown?
Error from event logs:
( Int.Server ) The message flow attempted to use ''SecurityProfiles'' policy ''ldapPolicy'', which has not been defined in the integration server.
Policies need to be set on the integration server. Use the administrative REST API to check that a '''SecurityProfiles'' policy called ''ldapPolicy' exists.
Use the toolkit to create the required policy and deploy it to the integration server, or adjust the message flow to avoid requiring the policy.
After few days of trying to find an answer in docs and going trough trial and error I found out that to set Security Profile Name field you have to use special syntax:
{PolicyProjectName}:PolicyName
So for example if you create and deploy MyPolicies project and you want to use MyPolicy policy you have to type in Security Profile Name:
{MyPolicies}:MyPolicy
I have been following after this guide step by step:
https://github.com/Azure-Samples/active-directory-angularjs-singlepageapp-dotnet-webapi
The only thing that I didn't do (not sure if its related) is the following line:
"Also in the ToGoAPI project, open the file Controllers/ToGoListController.cs. In the [EnableCors...] attribute, enter the location of the To Do SPA client. By default it is https://localhost:44326. Make sure to omit the trailing slash.
"
The reason I didn't do it is simply because I can't find any [EnableCors...] in the code. I did try to enable CORS in a different way though. following this:
https://learn.microsoft.com/en-us/aspnet/web-api/overview/security/enabling-cross-origin-requests-in-web-api#enable-cors
Anyway, I get the following error:
"Error :invalid_resource
adal.js:973 Error description:AADSTS500011: The resource principal named https://yorecisraportsco.onmicrosoft.com/ToGoAPI was not found in the tenant named yorecisraportsco.onmicrosoft.com. This can happen if the application has not been installed by the administrator of the tenant or consented to by any user in the tenant. You might have sent your authentication request to the wrong tenant.
Trace ID: 64213edc-4b12-4caa-aa4e-b9ec82bd3000
Correlation ID: 607d25c1-d915-46eb-ba48-67adb70ddab8
Timestamp: 2019-03-04 12:41:33Z"
I am not sure why this is happning as I followed the guide - configured everything in Azure like it said and also configured it in the code.
I have a requirement to delete some roles from an app registration.
Have tried to do this on the Azure portal both directly in the manifest editor and by downloading / editing / uploading the manifest JSON.
I get the following error:
Failed to update application xxxxxx. Error details:
CannotDeleteEnabledEntitlement.
I also tried to set "isEnabled" property to "false" and delete the roles after that with no success.
Anyone have any pointers on how to overcome this issue?
As you mentioned in your post, the deletion of any OAuth2Permission is a 2 step process:
You must first disable the permission, and push that to the directory.
Then you can delete the permission.
The error message you are showing in your post is a result of you not disabling the permission first. You will need to share details about the error you get if trying to delete the disabled permission fails as well.
Getting the following message when accessing a site that should redirect to the OpenAM login page:
No such Organization found.
Contact your system administrator.
Return to Login page
i took a look at the debug logs (Authentication) but just getting null pointer exception:
amAuth:02/18/2014 08:26:12:659 AM GMT: Thread[http-bio-8181-exec-53,5,main]
ERROR: Error creating logFailed message
java.lang.NullPointerException
at com.sun.identity.authentication.service.LoginState.getSSOToken(LoginState.java:1926)
Organization in OpenAM is a REALM. Are you using a REALM in your URL e.g:
http://bla.bla.com/bla?realm=MYREALM
If yes make sure that REALM exists in the OpenAM server.