AssertionConsumerServiceURL from AuthnRequest not from Config - itfoxtec-identity-saml2

Noticed that the Saml2AuthnResponse Destionation is set based on the relyingParty.SingleSignOnDestination which is retrieved from a "configuration" (harcoded relyingParties array).
I think the Destination should be based on what is set in the AuthnRequest samlp:AuthnRequest -> AssertionConsumerServiceURL and use the relyingParty Destination maybe as a fallback if its missing from the AuthnRequest, but from what I see every AuthnRequest contains the ACS URL.
Or is there a reason why it is implemented this way ?
Thanks

It is part of the security only to replay known URLs/domains. Therefore it is important to configure the relyingParty.SingleSignOnDestination for each relying party.
To have a dynamic response URL you can extend the code to verify that the authnRequest.AssertionConsumerServiceUrl starts with the value in relyingParty.SingleSignOnDestination.
E.g. the value in relyingParty.SingleSignOnDestination could be "https://somedomain.com"
and thereby accept different authnRequest.AssertionConsumerServiceUrl like "https://somedomain.com/auth/AssertionConsumerService" or "https://somedomain.com/acs"

Related

What templating parameters does Flink Stateful Functions URL Path Template support?

When deploying Flink Stateful Functions, one needs to specify what the endpoints for the functions are, i.e. what URL does Flink need to hit in order to trigger the execution of a remote function.
The docs state:
The URL template name may contain template parameters that are filled
in based on the function’s specific type. For example, a message sent
to message type com.example/greeter will be sent to
http://bar.foo.com/greeter.
endpoints:
- endpoint:
meta:
kind: http
spec:
functions: com.example/*
urlPathTemplate: https://bar.foo.com/{function.name}
What other templating values does the urlPathTemplate support and where are these values taken from?
The only template value supported at the moment is the function name. i.e. the last value after the last forward slash /. You can place it wherever you would like in the template as long as it would resolve to a legal url at the end.
For example, this is also a valid template:
http://{function.name}.prod.svc.example.com
Then, a message address to com.example/greeter (in your example, with my new template) would resolve to:
http://greeter.prod.svc.example.com
If you are missing any other template parameters, feel free to connect with the Flink community over the user mailing list/JIRA. I'm sure they would be happy to learn about new uses cases ;-)

Passing parameters to SSPRS Report through the URL doesn't work

I'm trying to access a SSPRS report that has the option to select the year and the month by adding the parameters in the URL as &param=value but I always get the default.
This are the parameters and I know I'm sending the correct values in the URL.
This is the report panel where I can select the Year and Month, I'm trying to get the specific report that I need by passing those parameters in the URL.
What could I be doing wrong?
Thank you everyone.
There are a couple of ways these go wrong, I'm guessing your problem is URL encoding of your date parameter, but I'll give you other stuff too. Here is a working URL with 3 parameters: a date, a string, and an integer.
https://db01.MyCompany.com/ReportServer_Prod?/Reports/R440_OutstandingRecp&paramDateEnd=12%2f31%2f2015&paramPropLiab=Property&paramRepPeriod=1
The key parts of this URL:
"https://db01.MyCompany.com/ReportServer_Prod?/" - db01.MyCompany.com is our database VM, and I'm using the "Prod" (production) instance of SQL on it.
NOTE: Check your Reporting Services Configuration application and look at the "Web Service URL" to get what "ReportServer_Prod" is on your installation.
"?/Reports/" is the path to the virtual directory, note that this is different from the path a browser would normally use. Normally my path would be "ReportServer_Prod/Pages/Report.aspx?ItemPath=%2fReports%2fR440_OutstandingRecp" if I was just viewing this from the Reporting Services interface.
Parameters are separated by "&" and it's "ParamName" "=" "ParamValue" so "&paramPropLiab=Property&paramRepPeriod=1" are the string and integer parameters respectively.
Lastly, parameter values are URL encoded if necessary. Mostly it doesn't show up, but for dates and some strings, it becomes necessary. We can't send something like "12/31/2015" because it looks like part of the path, we need a URL encoded string like "12%2f31%2f2015"
Hopefully one (or more) of these were what you needed, reply in the comments if it's still not working or if you need more explanation of why the parts are what they are.
EDIT: One more thing, if a parameter has a "Display" and a "Value" (i.e. in a drop down list) you must pass the value, not the display.
EDIT: I can't make the comment stop hiding my URL, so I'll put it here
WHAT WAS TRIED
https://slo2000/Reports_TECOVA?/Reports/TEXO%20CVA%20Reports%2fTEXO_London_B_CVA_Report&ReportMonth=January&ReportYear=2020
https://slo2000/Reports_TECOVA?/Reports/TEXO%20CVA%20Reports/TEXO_London_B_CVA_Report&ReportMonth=January&ReportYear=2020
https://slo2000/ReportServer_TECOVA?/Reports/TEXO+CVA+Reports/TEXO_London_B_CVA_Report&ReportMonth=January&ReportYear=2020
WHAT WORKS (From #Nacho in comments, brought here for visibility)
http://slo2000/ReportServer_TECOVA/Pages/ReportViewer.aspx?%2TEXO+CVA+Reports%2fTEXO_London_B_CVA_Report&rs:Command=Render&ReportMonth=January&ReportYear=2020

How to use Camel's Exchange setProperty in content enrich()?

I have a camel route that splits and aggregates according to some ids. When an id is retrieved, a call is made to another endpoint to retrieve the project information according to this id. After retrieving the project information i had to enrich it by calling multiple enrich() methods on it. In the first enrich method i have to do some xpath processing wherein ill be able to retrieve a primaryOrgId value that i will set as a property in the exchange, dont worry about the xpath processing, i had that sorted out but my problem is when I set the property (primaryOrgId) inside the 1st enrich. The property value doesn't get persisted when the route goes to the 2nd enrich part. When I log the primaryOrgId value, the original value of "testValue" (this was set in the direct:createSomeIds route) is the one getting displayed instead of "changeTheValueHere" which was set in the 1st enrich part.
I am using Camel 2.15 based on Fuse 6.2.1.
I went to the camel site and read this part from http://camel.apache.org/content-enricher.html . I'm not sure I understood how to implement... "For that you must set the filename in the
endpoint URI" .. this text was talking about the header, i'm thinking its also applicable to the properties in the exchange.
pollEnrich or enrich does not access any data from the current
Exchange which means when polling it cannot use any of the existing
headers you may have set on the Exchange. For example you cannot set a
filename in the Exchange.FILE_NAME header and use pollEnrich to
consume only that file. For that you must set the filename in the
endpoint URI.
Here is my code:
from("direct:createSomeIds")
.routeId("createSomeIds")
.process(new IdCreatorProcessor()
.setProperty("primaryOrgId").constant("testValue")
.split(xpath("/TempProjects/TempProject/Code/text()").namespaces(ns) , new IdStrategy())
.to("direct:splitRouteById")
.end();
from("direct:splitRouteById")
.routeId("splitRouteById")
.to("direct:getProjectByID")
.to("xquery:template/AllProjectToSingleProject.xq") //xquery template
.convertBodyTo(Project.class)
.enrich("direct:getAdditionalInfo", new ProjectStrategy(ProjectStrategy.AggregatorType.AdditionalInfo))
.enrich("direct:getSecondaryInfo", new ProjectStrategy(ProjectStrategy.AggregatorType.SecondaryInfo))
.end();
from("direct:getAdditionalInfo")
//some xpath stuff here
.setProperty("primaryOrgId").constant("changeTheValueHere")
.end();
from("direct:getSecondaryInfo")
.log("Value of primaryOrgId = " + "${exchangeProperty.primaryOrgId}")
.end();
If you can provide some code example, that would be helpful.
If you read a bit further down you will see that it's recommended that you instead use RecipientList with an AggregationStrategy.
.recipientList("direct:getAdditionalInfo", "direct:getSecondaryInfo")
.aggregationStrategy(new ProjectStrategy())
The setting of filename in your endpoint URI would only be applicable if you were to access some file on an FTP or some other file area.
Edit:
I now see that you need the property from the first enrichment in your second enrichment. However, if you're not modifying the message body in the first enrich then I don't actually see the need for it at all.
If you are in fact modifying the body then you can still use the RecipientList but instead you use two separate ones calling only one endpoint in each.

Apache Camel Interceptor with regular expression

This is my route. I want to send a file to an Azure blob. I want to set the name of the blob as the file name without extension. I also want to filter out the whitespaces from the file names. I am thinking of using an interceptor
from("file://C:/camel/source1").recipientList(simple("azure-blob://datastorage/container1/${header.fileName}?credentials=#credentials&operation=updateBlockBlob"))
I want to invoke the interceptor only for updateBlockBlob operatin
interceptSendToEndpoint("^(azure-blob:).+(operation=updateBlockBlob)").setHeader("fileName",simple("${file:onlyname.noext}")).convertBodyTo(File.class)
The above code works with interceptFrom().
I tried replacing the regular expression with wild card like azure* i.e interceptSendToEndpoint("azure*"). It did not work
Whats wrong with the above code? Is it because of recipientList?
Also what features does simple have to remove white space?
Is there a better way to generate blob names dynamically?
Here is the documentation from camel on interceptors.
http://camel.apache.org/intercept.html
interceptFrom that intercepts incoming Exchange in the route.
interceptSendToEndpoint that intercepts when an Exchange is about to
be sent to the given Endpoint.
So I suspect the Exchange is already formed and camel expects the url to be resolved.
So the header needs to be set before the exchange is created for the Azure end point.
I did the following. To set the header, I use the interceptFrom, and to convert the object into File I used the inteceptSendToEndPoint
interceptSendToEndpoint("^(azure-blob:).+(operation=updateBlockBlob)").convertBodyTo(File.class)
interceptFrom().setHeader("fileName",simple("${file:onlyname.noext}".replaceAll("[^a-zA-Z\d]")))
Managed to get rid of the whitespace too

Intercepting Camel Endpoint Dynamically

I am trying to intercept an endpoint where the value of the URI matches some information in the exchange header.
Let say I have a field in the header called DatabaseName. I want to enforce that a specific route is only writing to the database specified in the header.
Can I do something like this?
interceptSendToEndpoint("mock:${in.header.DatabaseName}")
I tried that but it does not seem to work. What are my options?
I was also thinking of doing something like:
interceptSendToEndpoint("mock:*").when(...)?
But in this case, I am not sure if I can reference the URI of the intercepted node in the when expression.
Thanks
You can intercept using a wildcard and combine that with when to do what you want, see details at: http://camel.apache.org/intercept
The is a header on the Message with the key Exchange.INTERCEPTED_ENDPOINT (CamelInterceptedEndpoint) that has the endpoint uri that was intercepted. You can use that in the when to match the predicate. Something a like:
interceptSendToEndpoint("mock:*")
.when(simple("${header.CamelInterceptedEndpoint} == ${in.header.DatabaseName}"))
...
Use the recipientList instruction for this: http://camel.apache.org/how-do-i-use-dynamic-uri-in-to.html

Resources