Using MSAL in CloudShell - azure-active-directory

I've validated the MSAL auth path using the desktop PowerShell 5.1 and 7.0 applications. However, all of the authentication paths which worked on the desktop are not working in CloudShell -
PS /home/michael/CSTest/0.0.2/MicrosoftTeams> connect-microsoftteams
Connect-MicrosoftTeams: One or more errors occurred. (Unable to open a web page using xdg-open. See inner exception for details. Possible causes for this error are: xdg-open is not installed or it cannot find a way to open an url - make sure you can open a web page by invoking from a terminal: xdg-open https://www.bing.com )
Connect-MicrosoftTeams: Unable to open a web page using xdg-open. See inner exception for details. Possible causes for this error are: xdg-open is not installed or it cannot find a way to open an url - make sure you can open a web page by invoking from a terminal: xdg-open https://www.bing.com
Connect-MicrosoftTeams: No such file or directory
Connect-MicrosoftTeams: One or more errors occurred. (Unable to open a web page using xdg-open. See inner exception for details. Possible causes for this error are: xdg-open is not installed or it cannot find a way to open an url - make sure you can open a web page by invoking from a terminal: xdg-open https://www.bing.com )
PS /home/michael/CSTest/0.0.2/MicrosoftTeams> connect-microsoftteams -UseDeviceAuthentication
To sign in, use a web browser to open the page https://microsoft.com/devicelogin and enter the code BRZPG2UNE to authenticate.
Connect-MicrosoftTeams: One or more errors occurred. (Windows Data Protection API (DPAPI) is not supported on this platform.)
Connect-MicrosoftTeams: Windows Data Protection API (DPAPI) is not supported on this platform.
Connect-MicrosoftTeams: One or more errors occurred. (Windows Data Protection API (DPAPI) is not supported on this platform.)
PS /home/michael/CSTest/0.0.2/MicrosoftTeams> connect-microsoftteams -AccountId miluong#microsoft.com
Connect-MicrosoftTeams: One or more errors occurred. (Federated service at https://msft.sts.microsoft.com/adfs/services/trust/13/windowstransport returned error: )
Connect-MicrosoftTeams: Federated service at https://msft.sts.microsoft.com/adfs/services/trust/13/windowstransport returned error:
Connect-MicrosoftTeams: Federated service at https://msft.sts.microsoft.com/adfs/services/trust/13/windowstransport returned error:
Connect-MicrosoftTeams: One or more errors occurred. (Federated service at https://msft.sts.microsoft.com/adfs/services/trust/13/windowstransport returned error: )
How do I enable support for managed identity?
How do I get interactive auth flow to work without xdg-open? Currently CloudShell does not install xdg-open
Is there a recommended path to try to acquire a token without DPAPI? CloudShell works in a Linux environment and DPAPI only supports Windows.
Do you know of any PS modules which use MSAL that are working in CloudShell?

xdg-open does not work and is not planned to be supported in CloudShell
The DPAPI error was because I was trying to protect the token by encrypting it at rest
Integrated Windows Authentication is not a supported workflow in CloudShell because it's a Linux based environment.

Related

Cannot use chectl auth:login or server:shutdown

I am attempting to restart my local eclipse che server after editing some configuration. I attempted to run chectl server:stop, but got this error:
» Error: E_SHUTDOWN_CHE_SERVER_FAIL - Failed to shutdown Eclipse Che server. Login context is not set. Please login
» first.
So I attempted to login with chectl auth:login, but was again presented with an error:
Using https://che-che.169.254.109.208.nip.io/api server API URL to log in
Error: Command failed with exit code 1: oc status
error: you do not have rights to view project "default" specified in your config or the project doesn't exist
I've looked through the documentation, and couldn't find how to create a "default" project
I used chectl server:deploy --platform=docker-desktop to start my server.
I have tried other methods of deploying che, but it only worked when using Docker desktop without helm.
I am using Windows 10 home, and deploying it using Docker desktop (Engine v19.03.13) and kubernetes version v1.19.3.
Edit: I have filed a bug report on github: https://github.com/eclipse/che/issues/18355

Error - Failed to register Fiddler as the system proxy

When I try to run FiddleApplication.Startup(startupConfig)
FiddlerCoreStartupSettings startupSettings = newFiddlerCoreStartupSettingsBuilder()
.ListenOnPort(0)
.RegisterAsSystemProxy()
.DecryptSSL()
.Build();
FiddlerApplication.Startup(startupSettings);
In my log events I see:
Starting FiddlerCore/4.6.20191.7809 (NoSAZ)...
** LogString: !WARNING: The DefaultLAN Gateway information could not be obtained.
** NotifyUser: Error - Failed to register Fiddler as the system proxy.
I'm running the process as administrator.
Note: When I run the normal Fiddler UI application everything works fine. Even running an older FiddlerCore version (2.3) is able to register itself as the system proxy.
P.S - I also see a warning in Visual Studio - "Please use Telerik.NetworkConnections.NetworkConnectionsManager to register the FiddlerCore Proxy as the system proxy." But I couldn't find any documentation/examples using NetworkConnectionsManager and I couldn't figure out how to use it.

Remote implementation for app_identity_service.GetAccessToken failed at GAE PHP dev

Google App Engine SDK for PHP (at local environment) returns error on any try to use Google Cloud Storage. Error message is:
Fatal error: Uncaught exception 'google\appengine\runtime\RPCFailedError' with message 'Remote implementation for app_identity_service.GetAccessToken failed' in /media/data/home/vladimir/setup/gae/google_appengine/php/sdk/google/appengine/runtime/RemoteApiProxy.php on line 92
It exactly repeats the problem described here:
App engine update breaks CloudStorage in dev php env
Test code from the question above shows the same result.
I tried App Engine SDK for PHP versions 1.9.19, 1.9.20, 1.9.21 without success.
On Win10 this issue can be solved by generating an application-default credentials file:
D:\Workspace\Sourcecode>gcloud auth application-default login
Credentials saved to file: [C:\Users\Otje\AppData\Roaming\gcloud\application_default_credentials.json]
And then setting the environment in commandline:
D:\Workspace\Sourcecode>SET GOOGLE_APPLICATION_DEFAULT=C:\Users\Otje\AppData\Roaming\gcloud\application_default_credentials.json
Seems to me GAE on local just outputs limited error information when it can't find the right credentials to succesfully connect to remote endpoint.
It seems that it was GAE's server side issue. They fixed it. I discovered that it started to work as expected today without any changes applied by me.

running web2py with GoogleAppEngineLauncher

Trying to run my web2py app from the development server using GoogleAppEngineLauncher
Not sure if the on-line tutorials are out of date or I'm just missing something, but when I follow the link to download the GoogleAppEngine pythonSDK for OSX I get a dmg for the GoogleAppEngineLauncher.
I download and use that, which installs the proper executables, however after I setup my app.yaml file and run "dev_appserver.py myApp" I get this error:
fancy_urllib.InvalidCertificateException: Host appengine.google.com returned an invalid certificate (_ssl.c:503: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed):
I don't get the error if I try and launch the app from the launcher itself, however I can't launch the app because it says the directory already exists and I don't have write permissions. I even tried chmod 777 on the myApp directory.
Should I not be using the GoogleAppLauncher?
additionally I tried using the linux SDX and received the same "certificate" error. The error message directs me to a link mentioning that I need the "ssl" module, but that is included in python 2.7.2 which I am using.
The link also mentions: "appcfg uses SSL when connecting to the Admin Console by default, unless the --insecure flag is passed." But I cannot find that flag in the help menu.
Found this answer which solves the problem.
Basically:
rm google_appengine/lib/cacerts/cacerts.txt
From the SDK

Not able to install dotnetnuke in my windows vista system

I am trying to install dotnetnuke in my system. For that i have unzipped dotnetnuke installable zip at C:\inetpub\wwwroot\DotNetNuke and created this directory as virtual in iis. Any other than this i have to do to successfully install ddn. How to create and attach database with it. Currently i am gettting below error.
Server Error
HTTP Error 500.19 - Internal Server Error
Description: The requested page cannot be accessed because the related configuration data for the page is invalid.
Error Code: 0x80070021
Notification: BeginRequest
Module: IIS Web Core
Requested URL: http://localhost:80/dotnetnuke
Physical Path: C:\inetpub\wwwroot\DotNetNuke
Logon User: Not yet determined
Logon Method: Not yet determined
Handler: Not yet determined
Config Error: This configuration section cannot be used at this path. This happens when the section is locked at a parent level. Locking is either by default (overrideModeDefault="Deny"), or set explicitly by a location tag with overrideMode="Deny" or the legacy allowOverride="false".
Config File: \?\C:\inetpub\wwwroot\DotNetNuke\web.config
Config Source:
79:
80:
81:
More Information... This error occurs when there is a problem reading the configuration file for the Web server or Web application. In some cases, the event logs may contain more information about what caused this error.
Server Version Information: Internet Information Services 7.0.
Microsoft has a tool called Webmatrix which makes it very easy to install DotNetNuke (and other applications).

Resources