Attempting to work through the quickstart guide on IdentityServer4. I was following instructions in the following document: Protecting an API using Client Credentials. I got to the point in the document "Navigating to the controller https://localhost:6001/identity on a browser should return a 401 status code." Instead I received the following error:
InvalidOperationException: No authenticationScheme was specified, and there was no DefaultChallengeScheme found. The default schemes can be set using either AddAuthentication(string defaultScheme) or AddAuthentication(Action configureOptions).
Any idea what would cause this issue?
Do you have these two lines in your startup class?
app.UseAuthentication();
app.UseAuthorization();
Related
I have existing connection using http4(proxyAuthScheme=http4 and endpoint starts with https://<>) and using proxy and using sslContextParametersRef. it was working fine before.
now we have upgraded our new proxy with new proxy and i am started seeing HTTP 401 Error.
all the credentials correct and working before.
https4://test.org/DownloadHandler.ashx?proxyAuthHost=&authPassword=&bridgeEndpoint=true&authUsername=&proxyAuthScheme=http4&proxyAuthPort=&
throwExceptionOnFailure=true&sslContextParametersRef=sslContextParameters&proxyAuthPassword=&disconnect=true&okStatusCodeRange=200-299&
proxyAuthUsername=
sslContext is configured with correct key store and trust store and with TLSv1.2.
all this configuration working before and with new proxy server entry, i am getting HTTP 401 Error.
also i removed proxyAuthScheme=http4 from endpoint uri and i was getting ssl unverified error which is same as in this post. ( https://camel.465427.n5.nabble.com/Using-the-HTTP4-component-to-make-a-HTTPS-call-behind-proxy-sever-td5719105.html )
any help here would be appreciated.
I try to use the PahoEndpointBuilder
PahoEndpointBuilder endpoint = paho (topic).brokerUrl (brokerUrl);
but starting the route based on that endpoint always leads to an exception.
Caused by: org.apache.camel.ResolveEndpointFailedException: Failed to resolve endpoint: paho:myTestTopicMandant9?brokerUrl=tcp%3A%2F%2Flocalhost%3A1883 due to: There are 1 parameters that couldn't be set on the endpoint. Check the uri if the parameters are spelt correctly and that they are properties of the endpoint. Unknown parameters=[{brokerUrl=tcp://localhost:1883}]
at org.apache.camel.support.DefaultComponent.validateParameters(DefaultComponent.java:351)
at org.apache.camel.support.DefaultComponent.createEndpoint(DefaultComponent.java:169)
at org.apache.camel.impl.engine.AbstractCamelContext.doGetEndpoint(AbstractCamelContext.java:952)
Is this a bug?
Its a bug in Camel 3.2 that has been logged in JIRA: https://issues.apache.org/jira/browse/CAMEL-14921
Is there a way to programatically via API to set the manifest property "accessTokenAcceptedVersion" to 2? This is required due to issue explained here - our code is expecting the new STS, fails with:
WWW-Authenticate: Bearer error="invalid_token", error_description="The
audience is invalid"
due to being old sts: "iss": "https://sts.windows.net/.../". Similarly looking to set the "signInAudience" property as well so that we can have our apps show up in B2C:
{
...
"accessTokenAcceptedVersion": 2,
...
"signInAudience": "AzureADandPersonalMicrosoftAccount",
...
}
Not seeing anything in powershell, cli or api(see also)
If i capture the portal network traffic i can see the PATCH to graph.windows.net/myorganization/aplicaitons/{GUID}?api-version=2.0 where it sets the JSON properties:
"accessTokenAcceptedVersion":2,
and
"signInAudience":"AzureADandPersonalMicrosoftAccount",
But it also sets some another property - and appears to be not documented way of doing things?
"logo#odata.mediaContentType":"application/json;odata=minimalmetadata"
and the signinaudience change sets:
"supportsConvergence":true,
check out the beta Graph APIs:
Application Object
API property of application object
SignInAudience is direct property of the application object
Update Application
Please note that this is still only available under the beta API of the Microsoft Graph.
By using the below code snippet, able to set both accessTokenAcceptedVersion & signInAudience as desired.
ApiApplication api = new ApiApplication();
api.requestedAccessTokenVersion = 2;
Application application = new Application();
application.displayName = oAuthClientVO.getClientName();
application.signInAudience = "AzureADandPersonalMicrosoftAccount";
application.api = api;
For this, used the below libraries.
<dependency>
<groupId>com.microsoft.graph</groupId>
<artifactId>microsoft-graph</artifactId>
<version>[5.4.0,)</version>
</dependency>
<dependency>
<groupId>com.azure</groupId>
<artifactId>azure-identity</artifactId>
<version>[1.3.6,)</version>
</dependency>
If you want to accomplish setting the "accessTokenAcceptedVersion" = 2 you can try something like this
$uri = "https://graph.microsoft.com/v1.0/applications/<app objectId>"
az rest --method PATCH --uri '$uri' --headers 'Content-Type=application/json' --body '{\""api\"":{\""requestedAccessTokenVersion\"":2}}'
This would work.
Nb: if you are facing some error like this
ERROR: Please run 'az login' to setup account.
you can try with login using this code.
az login --service-principal --username ${your_client_id} --password ${your_client_secret} --tenant ${your_app_tenant_id}
Hope this helps someone in future.
Happy Coding :)
I am self learning SAML. I am learning using picket link quick starts: https://github.com/jboss-developer/jboss-picketlink-quickstarts.
I deployed picketlink-federation-saml-idp-basic-wildfly.war in wildfly 9.0.2 running in port 9080 and picketlink-federation-saml-sp-post-basic-wildfly.war deployed in wildfly 9.0.2 running in port 8080. I also updated standalone.xml to update security domain for IDP and SP.
The only change I had todo in sample, was to update dependency of picketlink-jbas7, since the version in sample 2.8.0.Beta1-SNAPSHOT cannot to resolved. The maven dependency I am using in IDP is:
<dependency>
<groupId>org.picketlink.distribution</groupId>
<artifactId>picketlink-jbas7</artifactId>
<version>2.7.0.Final</version>
<scope>provided</scope>
</dependency>
The issue I am facing is, when I login to IDP and click on the SP link I get following exception in SP logs:
23:05:55,833 ERROR [org.picketlink.common] (default task-5) Service Provider could not handle the request.: java.lang.NullPointerException
at org.picketlink.identity.federation.web.handlers.saml2.SAML2IssuerTrustHandler$SPTrustHandler.handleStatusResponseType(SAML2IssuerTrustHandler.java:143)
at org.picketlink.identity.federation.web.handlers.saml2.SAML2IssuerTrustHandler.handleStatusResponseType(SAML2IssuerTrustHandler.java:70)
at org.picketlink.identity.federation.web.process.SAMLHandlerChainProcessor.callHandlerChain(SAMLHandlerChainProcessor.java:67)
at org.picketlink.identity.federation.web.process.ServiceProviderSAMLResponseProcessor.processHandlersChain(ServiceProviderSAMLResponseProcessor.java:106)
at org.picketlink.identity.federation.web.process.ServiceProviderSAMLResponseProcessor.process(ServiceProviderSAMLResponseProcessor.java:88)
at org.picketlink.identity.federation.bindings.wildfly.sp.SPFormAuthenticationMechanism.handleSAML2Response(SPFormAuthenticationMechanism.java:516)
at org.picketlink.identity.federation.bindings.wildfly.sp.SPFormAuthenticationMechanism.handleSAMLResponse(SPFormAuthenticationMechanism.java:306)
at org.picketlink.identity.federation.bindings.wildfly.sp.SPFormAuthenticationMechanism.authenticate(SPFormAuthenticationMechanism.java:268)
at io.undertow.security.impl.SecurityContextImpl$AuthAttempter.transition(SecurityContextImpl.java:339)
at io.undertow.security.impl.SecurityContextImpl$AuthAttempter.transition(SecurityContextImpl.java:356)
at io.undertow.security.impl.SecurityContextImpl$AuthAttempter.access$100(SecurityContextImpl.java:325)
at io.undertow.security.impl.SecurityContextImpl.attemptAuthentication(SecurityContextImpl.java:138)
at io.undertow.security.impl.SecurityContextImpl.authTransition(SecurityContextImpl.java:113)
at io.undertow.security.impl.SecurityContextImpl.authenticate(SecurityContextImpl.java:106)
at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:55)
at io.undertow.server.handlers.DisableCacheHandler.handleRequest(DisableCacheHandler.java:33)
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at io.undertow.security.handlers.AuthenticationConstraintHandler.handleRequest(AuthenticationConstraintHandler.java:51)
at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
at io.undertow.servlet.handlers.security.ServletSecurityConstraintHandler.handleRequest(ServletSecurityConstraintHandler.java:56)
at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:58)
at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:72)
at io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50)
at io.undertow.security.handlers.SecurityInitialHandler.handleRequest(SecurityInitialHandler.java:76)
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:282)
at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:261)
at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:80)
at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:172)
at io.undertow.server.Connectors.executeRootHandler(Connectors.java:199)
at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:774)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)
Please let me know what I am doing wrong.
Thanks
I faced the same issue learning from picketbox quickstarts. I am working with wildfly 10.1.0.Final.
The first thing I noticed was that in order to get the "Basic" working is necessary (https://github.com/jboss-developer/jboss-picketlink-quickstarts):
IDP: picketlink-federation-saml-idp-basic
SP(s): picketlink-federation-saml-sp-post-basic and picketlink-federation-saml-sp-redirect-basic
I deployed all generated .war in one container for simplicity.
There were two things that helped me find what was going on:
enable TRACE debug
version of picketlink is 2.5.5.SP2 in Wildfly 10 and SAML2LoginModule was not found in that package in picketlink-wildfly8-2.5.5.SP2.jar.
In particular I had a problem with login module getting this error:
Class org.picketlink.identity.federation.bindings.wildfly.SAML2LoginModule not found from Module "deployment.picketlink-federation-saml-sp-post-basic-wildfly.war:main" from Service Module Loader
Login failure: javax.security.auth.login.LoginException: unable to find LoginModule class: org.picketlink.identity.federation.bindings.wildfly.SAML2LoginModule
What I did was change login module to: org.picketlink.identity.federation.bindings.jboss.auth.SAML2LoginModule and the quickstart started working.
I gave up on picketlink.
I used openSAML, and I was able to develop IDP initiated and SP initiated flows with no issues.
References:
https://wiki.shibboleth.net/confluence/display/OpenSAML/OSTwoUserManual#
https://github.com/rasmusson/webprofile-ref-project
I am trying to upload some data to my local datastore in appengine.
The command I am using is the next one:
appcfg.py upload_data --config_file="C:\config.yml" --filename="C:\mycsv.csv" --url=http://localhost:8888/remote_api --kind=MyEntity
The problem is that I'm working behind my company proxy and I am getting the next ERROR even trying to connect to the localhost server:
Error Code: 502 Proxy Error. The ISA Server denied the specified Uniform Resource Locator (URL). (12202)
It seems the authentication is ok, but somehow the proxy tries to filter my connection to my own computer.
Some ideas about how can I solve this?
Thanks.
Remove/disable proxy settings of your network then try the above command.
I was facing the similar issue and this issue resolved when i disable my proxy settings.