Internal Server Error when creating Conditional Access Policy - azure-active-directory

I referred to this documentation to make a POST request.
Below is the error while making a POST request to create a conditional access policy
{
"message": "There was an internal server error while processing the request. Error ID: 2dbb1530-4ce6-44f5-9c63-08de28d7218a",
"innerError": {
"request-id": "2dbb1530-4ce6-44f5-9c63-08de28d7218a"
}
}
Payload being passed with the request is below:
{
"displayName": "Test Policy",
"state": "enabled",
"conditions": {
"clientAppTypes": ["modern", "browser"],
"applications": {
"includeApplications": ["None"]
},
"users": {
"includeUsers": [
"08290005-23ba-46b4-a377-b381d651a2fb"
]
},
"locations": {
"includeLocations": ["All"],
"excludeLocations": ["AllTrusted"]
}
},
"grantControls": {
"operator": "OR",
"builtInControls": ["approvedApplication"]
}
}
I've tried using this endpoint to get a policy:
https://graph.microsoft.com/beta/{tenant_id}/conditionalAccess/policies
Which successfully returns an existing policy. However, the above POST request is not working.

The "approvedApplication" requirement only supports the iOS and Android for device platform condition. See details here.
You need to add "includePlatforms" iOS and android into the json body.
{
"displayName": "Test Policy",
"state": "enabled",
"conditions": {
"clientAppTypes": ["modern", "browser"],
"applications": {
"includeApplications": ["None"]
},
"users": {
"includeUsers": [
"08290005-23ba-46b4-a377-b381d651a2fb"
]
},
"platforms": {
"includePlatforms": [
"iOS", "android"
]
},
"locations": {
"includeLocations": ["All"],
"excludeLocations": ["AllTrusted"]
}
},
"grantControls": {
"operator": "OR",
"builtInControls": ["approvedApplication"]
}
}

Related

Cores fail when trying to add requestHandler in Solr

I am new to Solr and am trying to add the Suggest Search Component via the Config API.
My Solr 9.0.0 setup is as follows:
bin/solr start -e cloud with _default config
Add the search component with a POST request to http://localhost:8983/api/collections/collection_name/config:
{
"add-searchcomponent": {
"name": "suggest",
"class": "solr.SuggestComponent",
"lookupImpl": "FuzzyLookupFactory",
"dictionaryImpl": "DocumentDictionaryFactory",
"field": "name",
"suggestAnalyzerFieldType": "string",
"buildOnStartup": "false"
}
}
Until here everything is fine and I receive a responseHeader with status 0.
Add the request handler with a POST request to http://localhost:8983/api/collections/collection_name/config:
{
"add-requesthandler": {
"name": "/suggest",
"class": "solr.SearchHandler",
"defaults": {
"suggest": "true",
"rows": "10"
},
"components": "suggest"
}
}
In step 3 I receive a responseHeader with status 500 and the following error message:
1 out of 2 the property overlay to be of version 4 within 30 seconds! Failed cores: [http://localhost:8983/solr/collection_name1_replica_n1/]
What am I doing wrong?
I could solve it. My error was not adding “components” in the add-requesthandler as an array.
original:
{
"add-requesthandler": {
"name": "/suggest",
"class": "solr.SearchHandler",
"defaults": {
"suggest": "true",
"rows": "10"
},
"components": "suggest"
}
}
correct:
{
"add-requesthandler": {
"name": "/suggest",
"class": "solr.SearchHandler",
"defaults": {
"suggest": "true",
"rows": "10"
},
"components": [“suggest"]
}
}

Alexa skills events not firing when hosted in web service

I have custom skill that calls web service i created. I am able to launch and get other intent, but i am not getting notification when permission for notification is changed by user of my skill. I need he notification event to get user id for sending push notifications later by other service.
Below is my json file:
{
"manifest": {
"apis": {
"custom": {
"endpoint": {
"uri": "https://pathToMyService",
"sslCertificateType": "Wildcard"
},
"interfaces": []
}
},
"events": {
"publications": [
{ "eventName": "AMAZON.TrashCollectionAlert.Activated" },
{ "eventName": "AMAZON.MessageAlert.Activated" }
],
"subscriptions": [
{ "eventName": "SKILL_PROACTIVE_SUBSCRIPTION_CHANGED" },
{ "eventName": "SKILL_ENABLED" },
{ "eventName": "SKILL_DISABLED" },
{ "eventName": "SKILL_PERMISSION_ACCEPTED" },
{ "eventName": "SKILL_PERMISSION_CHANGED" },
],
"regions": {
"NA": {
"endpoint": {
"uri": "https://pathToMyService",
"sslCertificateType": "Wildcard"
}
}
},
"endpoint": {
"uri": "https://pathToMyService",
"sslCertificateType": "Wildcard"
}
},
"manifestVersion": "1.0",
"permissions": [
{ "name": "alexa::devices:all:notifications:write" }
],
"publishingInformation": {
"locales": {
"en-US": { "name": "Test Events" }
}
}
}
}
Below is the Launch request: I have truncated applicatioId, userID, consentToken, deviceId, apiAccessToken
{"version":"1.0","session":{"new":true,"sessionId":"amzn1.echo-api.session.60ad1e76-0872-4e10-b79d-7144cdf3e1c9","application":{"applicationId":"amzn1.ask.skill.59d60703"},"user":{"userId":"amzn1.ask.account.AGB7EOY","permissions":{"consentToken":"eyJ0eXAiOiJKV1"}}},"context":{"System":{"application":{"applicationId":"amzn1.ask.skill.59d60703"},"user":{"userId":"amzn1.ask.account.AGB7EOY","permissions":{"consentToken":"eyJ0eXAiOiJKV1Qi"}},"device":{"deviceId":"amzn1.ask.device.AFNXDZOAEMFDFKK","supportedInterfaces":{}},"apiEndpoint":"https://api.amazonalexa.com","apiAccessToken":"eyJ0eXAiOiJKV1Qi"}},"request":{"type":"LaunchRequest","requestId":"amzn1.echo-api.request.adb318af-1977-4b36-b8ad-0bb4352fa563","timestamp":"2020-03-22T23:37:55Z","locale":"en-US","shouldLinkResultBeReturned":false}}
Thanks
I resolved the issue: When I updated by skill.json file using
ask api update-skill -s amzn1.ask.skill.59d6 -f Test.json
it didn't update properly. I noticed today when I got latest
ask api get-skill -s amzn1.ask.skill.59d6 >Test2.json
the event section was missing. I added back and reapplied and it's working now.

AWS IoT JITPovisioning template with Fn::Join

I am trying to add registrationConfig for my CA certificate in AWS IoT. I would like to do some manipulation of data for Thing attributes. But I can't seem to get that JITP to work if the template body has Fn::Join in it.
Following are extract of the template body (string unescaped for reading purpose)
NOT working:
"Resources": {
"thing": {
"Type": "AWS::IoT::Thing",
"Properties": {
"ThingName": {
"Ref": "AWS::IoT::Certificate::CommonName"
},
"ThingTypeName" : "w2-device",
"ThingGroups" : ["w2-devices"],
"AttributePayload": {
"location": {
"Fn::Join":["",["ThingPrefix_",{"Ref":"SerialNumber"}]]
},
"organization": {
"Ref": "AWS::IoT::Certificate::Organization"
},
"version": "w2",
"country": {
"Ref": "AWS::IoT::Certificate::Country"
}
}
}
},
In the above when I have Fn::Join in AttributePayload/location it fails to create the Thing during JITP. I don't see any errors in CloudWatch either.
Working:
"Resources": {
"thing": {
"Type": "AWS::IoT::Thing",
"Properties": {
"ThingName": {
"Ref": "AWS::IoT::Certificate::CommonName"
},
"ThingTypeName" : "w2-device",
"ThingGroups" : ["w2-devices"],
"AttributePayload": {
"location": {
"Ref": "AWS::IoT::Certificate::StateName"
},
"organization": {
"Ref": "AWS::IoT::Certificate::Organization"
},
"version": "w2",
"country": {
"Ref": "AWS::IoT::Certificate::Country"
}
}
}
},
Note: I have also asked this in aws forum but without any answer there yet.
Provisioning templates for JITP define a set of parameters beginning with AWS::IoT::Certificate.
The AWS::IoT::Certificate::SerialNumber parameter should be used instead of just SerialNumber in the attribute payload. e.g.
"AttributePayload": {
"location": {
"Fn::Join":["",["ThingPrefix_",{"Ref":"AWS::IoT::Certificate::SerialNumber"}]]
},
https://docs.aws.amazon.com/iot/latest/developerguide/jit-provisioning.html lists the defined parameters for JITP as:
AWS::IoT::Certificate::Country
AWS::IoT::Certificate::Organization
AWS::IoT::Certificate::OrganizationalUnit
AWS::IoT::Certificate::DistinguishedNameQualifier
AWS::IoT::Certificate::StateName
AWS::IoT::Certificate::CommonName
AWS::IoT::Certificate::SerialNumber
AWS::IoT::Certificate::Id
The SerialNumber examples in the AWS documentation (without the AWS::IoT::Certificate prefix are used for the Bulk Registration process.

Detecting when user unlinks alexa skill

I'm implementing an Alexa Smart Home skill and I want to know if a user is still using the app after a while.
Google Home, for example, sends a request when I unlink my app from the Google Smarthome app. I need to know it to disable sending updates to Amazon Alexa gateway if a user isn't using the skill anymore.
What the best way of doing it? Alexa documentation doesn't talk about it.
Can I rely on just checking if the user has a expired OAuth tokens? E.g. if expired for more than a day, mark user as inactive.
Another thing I'm going to test out tomorrow is just see the gateway response after having unlinked the skill. But for my case it wouldn't be good option anyway, as I will only know the user state after a physical change and trying to submit it and have it possibly fail. Which can happen after days or weeks, so it isn't that reliable.
You can integrate with Alexa Skill Events and get notification when user disables the Skill.
https://developer.amazon.com/docs/smapi/skill-events-in-alexa-skills.html#skill-disabled-event.
The SkillDisabled event only contains user_id (i.e. no access token). So you would also need to listen for the SkillAccountLinked event so you can link that user_id with your own user identifier.
Your Smart Home Skill manifest should look like this:
{
"manifest": {
"publishingInformation": {
"locales": {
"en-US": {
"summary": "...",
"examplePhrases": [
"Alexa, ...",
"Alexa, ...",
"Alexa, ..."
],
"keywords": [],
"name": "...",
"smallIconUri": "...",
"description": "...",
"largeIconUri": "..."
}
},
"isAvailableWorldwide": false,
"testingInstructions": "...",
"category": "SMART_HOME",
"distributionCountries": [
"US"
]
},
"apis": {
"smartHome": {
"endpoint": {
"uri": "arn:aws:lambda:..."
},
"protocolVersion": "3"
}
},
"manifestVersion": "1.0",
"permissions": [
{
"name": "alexa::async_event:write"
}
],
"privacyAndCompliance": {
"allowsPurchases": false,
"locales": {
"en-US": {
"termsOfUseUrl": "...",
"privacyPolicyUrl": "..."
}
},
"isExportCompliant": true,
"containsAds": false,
"isChildDirected": false,
"usesPersonalInfo": false
},
"events": {
"endpoint": {
"uri": "arn:aws:lambda:..."
},
"subscriptions": [
{
"eventName": "SKILL_ENABLED"
},
{
"eventName": "SKILL_DISABLED"
},
{
"eventName": "SKILL_PERMISSION_ACCEPTED"
},
{
"eventName": "SKILL_PERMISSION_CHANGED"
},
{
"eventName": "SKILL_ACCOUNT_LINKED"
}
],
"regions": {
"NA": {
"endpoint": {
"uri": "arn:aws:lambda:..."
}
}
}
}
}
}

"Send To Messenger" page scoped user id, different to messenger id

When using the "Send To Messenger" plugin, the response received is:
{
"object": "page",
"entry": [
{
"id": "410441912660258",
"time": 1506529761355,
"messaging": [
{
"recipient": {
"id": "410441912660258"
},
"timestamp": 1506529761355,
"sender": {
"id": "1388094137927363"
},
"optin": {
"ref": "login"
}
}
]
}
]
}
However, when I interact with Messenger using the same Messenger Account, Facebook sends:
{
"originalRequest": {
"source": "facebook",
"data": {
"sender": {
"id": "1271682282961502"
},
"recipient": {
"id": "1818762375111057"
},
"message": {
"mid": "mid.$cAAZ2J6JWBDZk9XGKQVexCxoKu27Y",
"text": "hi",
"seq": 17289
},
"timestamp": 1506529788481
}
}
}
Note that, despite using the same Messenger account, the sender/recipient IDs are different. So I can't match any users up from the Messenger Chat vs the Send To Messenger button.
I believe this is because the "Send To Messenger" button is using the Page Scoped User ID of the relevant Facebook Page, instead of the Facebook App. Is there any way to match these two IDs or, to tell the Send To Messenger button to use the APP ID instead of the Page ID?
You can use the ID matching API
https://developers.facebook.com/docs/messenger-platform/identity/id-matching

Resources