Idp initiated SAML2 implementation across 2 weblogic boxes - saml-2.0

We are trying to implement IdP initiated SAML2 flow for weblogic. Here is our configuration
PingFederate is the IdP
Weblogic 12c hosts our application with below configuration
Box a (has apps1 and apps2 in cluster) .apps1 has 19 applications deployed and apps2 has 5 applications deployed
Box b (has apps1 and app2 in cluster) .apps1 has 19 applications deployed and apps2 has 5 applications deployed
These boxes are load balanced by load balancer (F5)
We got the entire flow working with only box a running. The moment we bring up box b I am getting 403 error on the webpage for url /SAML2/ACS/POST.
Not sure if we need any additional configurations in weblogic to get this working. In help in this would be greatly appreciated as we found this issue in UAT and soon we have a prod movement planned.

Related

Azure app insights are not working after the application is being deployed to Azure App Service

Azure app insights are not working after the application is being deployed to Azure App Service but it's totally looking good on the local.
I have added the Instrumentation key on ApplicationInsights.config file that's being provided by the Azure App Service on the local app and saw the requests are logging on the portal.
In some articles, it suggests that we should not keep some DLLs like
Microsoft.ApplicationInsights.dll
Microsoft.AspNet.TelemetryCorrelation.dll
System.Diagnostics.DiagnosticSource.dll
But seems like it's essential for the App insights. I am not sure where I am missing. Could anyone of you guide me on this?
Here are few reasons and solutions that you can have a look why application insights aren't working after deployment.
SCENARIO - 1
Disabled Application insights on portal
Like #Vinez mentioned You can enable them from your appinsights overview page. Scroll down on the same page to see the left pane that shows an option of Application Insights and then “Turn On Application Insights”.
SCENARIO - 2
Missing AppInsights settings
You can navigate to Configuration -> Application settings and check if the appinsights settings (i.e.. APPINSIGHTS_INSTRUMENTATIONKEY, APPLICATIONINSIGHTS_CONNECTION_STRING, ApplicationInsightsAgent_EXTENSION_VERSION, XDT_MicrosoftApplicationInsights_Mode) have been added or not with appropriate values.
SCENARIO - 3
ApplicationInsights.Config not deployed with the application.
You can go to App Service Editor (preview) and check whether the AppInsights.config file is being deployed.
You can check this similar thread which deals with build and publish.
SCENARIO - 4
Due to restricted firewall.
Please try checking Enable Azure Application Insights on the VM-Series Firewall
Further you can log the traces and act accodingly using perfview.
REFERENCES :
App Insights for web application not working when deployed to Dev server
Troubleshooting no data - Application Insights for .NET.

Replacing the existing Project on Google Cloud Platform

I have deployed a Java Web application on Google Cloud platform and have purchased a domain and SSL Certificate from GoDaddy.com.
Its a simple application with a login page and a registration, where a specific(only one user) will have login credentials and post login will submit a form which will be saved in google DATASTORE in Google Cloud Platform(GCP).
I have two queries here :
1)
My application works perfectly,on my machine and even few machines around my home (as i have verified in few cyber centres around) but not at a client place located in different city(150 miles away). I'm not sure,as the client is not running any firewall or any browser plugin, as i have not visited the client place yet.
The call is as below.
Domain purchased from godaddy.com is : "ABC.in"
App engine project linked to this domain is : "web-abc"
If we hit "ABC.in" in browser it will in-turn call "web-abc.appspot.com".
in the background.Now though the login page loads,the client complains that the next subsequent pages does not load and page becomes blank.But for me in my system it works perfectly,as i can see the updated DATASTORE in GCP.
2)
Once i configure my DNS at GoDaddy.com, i'm unable to make any changes to the project hosted on GCP app engine.So i decided to create a new project and host it on the GCP. But GCP app engine page does not show any option to replace a project as it showed me during my first project setup.
I need to replace project "web-abc" linked to "ABC.in" with "web-pqr".
Please Please help...!
Thanks
To answer your second query you can just rest your CNAME record in the GODADDY DNS configuration and add the web-pqr reqq. That should work. Rest of the question< i really don't get it. Please share some error message or the screenshot when you try make change to your exiting project.

Authorization error while deploying web app to azure

Deploying my web app results in this error:
Web deployment task failed. (Connected to the remote computer ("websitenamehere.com") using the Web Management Service, but could not authorize. Make sure that you are using the correct user name and password, that the site you are connecting to exists, and that the credentials represent a user who has permissions to access the site. Learn more at: http://go.microsoft.com/fwlink/?LinkId=221672#ERROR_USER_UNAUTHORIZED.)
Make sure the site name, user name, and password are correct. If the issue is not resolved, please contact your local or server administrator.
Error details:
Connected to the remote computer ("websitenamehere.com") using the Web Management Service, but could not authorize. Make sure that you are using the correct user name and password, that the site you are connecting to exists, and that the credentials represent a user who has permissions to access the site. Learn more at: http://go.microsoft.com/fwlink/?LinkId=221672#ERROR_USER_UNAUTHORIZED.
The remote server returned an error: (401) Unauthorized 0
The application works correctly when used locally.
The error happens when building the angular bundle :
0% compiling 10% building modules 0/1 modules 1 active ...b\unikyte\src\Unikyte.SPA\src\main.ts
10% building modules 1/1 modules 0 active1 0% building modules 1/2 modules 1 active ...kyte\src\Unikyte.SPA\src\polyfills.ts 10% building modules 2/2 modules 0 active 10% building modules 2/3 modules 1 active ...nikyte\src\Unikyte.SPA\src\styles.css
How can I not be authorized?
To avoid this error you may download the publish profile file (which includes the correct user name and password) from the Azure portal and then import this xxx.PublishSettings file for Web deployment in your Visual Studio.

MVC File Download asking for Authentication

I encountered a weird scenario. I have created an MVC2 Application and deployed it to IIS7, to 2 web sites (Default Web Site and another manually created "Test Web Site" ... they are using different application pools targeting v2.0). I am using SQL 2008 R2 Filestream feature to store files.
The problem I have is that I have a feature where the user browsing the site can download a document. The document is created in the server and the server then streams that to the client. The problem is, Default Web Site asks for authentication when user tries to download.
This doesn't happen for Test Web Site and it downloads fine.
Now, I do not have a clue what setting I need to change? The only different things I recall is that I manually created Test Web Site compared to just reusing the Default Web Site and also that I allowed inbound connections to Test Web Site (it was on port 8080).
What are the configurations needed to change so that user can download files from Default Web Site without going through authentication?
Try changing authentication settings in IIS Site->Authentication->Anonymous Authentication set to Enable
Turns out it was conflicting with the SQL Server Reports Manager.
Found this out from here: source

One Cloud Service, Two Web Sites - securing communication between the two

Question: How can I communicate between two web sites using HTTPS within one Azure Cloud Service deployment?
Details:
I have architected an Azure Cloud Service deployment (one “subdomain.cloudapp.net”) in such a way as to run two separate web sites inside the deployment by using different ports.
Site 1 is what I’m calling a Service Site that is a standard ASP.NET site that hosts a bunch of WCF Services with no HTML or ASPX pages (except for a default.aspx page that redirects to site 2). Site 1 is running on port 80.
Site 2 is my main site and hosts a Silverlight application that uses the services from Site 1 to access the database and process results. It is only accessible by way of HTTPS and uses port 443.
Both of these sites are defined in a Visual Studio Azure solution with two endpoints, one for each port. Further, each endpoint is associated with the two web site project insides of the VS Solution by way of the ServiceDefinition.csdef configuration file in the Azure project.
I have purchased my security certificate and associated it with a domain name that I am using with Site 2 by way of domain name redirecting and CName mapping at my DNS.
Accessing site 2 using the mapped domain name and an encrypted connection works well via HTTPS. However, when I try to make a service call internally from Site 2 to Site 1, I am going from an HTTPS connection to an HTTP connection because I don’t have a SSL Certificate at Site 1. As a result, when site 2 makes a service call to Site 1, it tries to serve clientaccesspolicy.xml. This causes Internet Explorer to display the ‘Mixed Content’ message (Because of the HTTPS/HTTP mix). Bottom line is I need to get rid of this pop-up prompt. I know it can be disabled on the client end but with over a thousand users, I can’t depend on them being able to turn the message off. I need to make the message go away on the server side.
Back to the question, so is there a way to access site 1 using SSL from site 2 all within the one Azure Cloud Service? What it sounds like I need to do is assign an SSL Certificate to site 1. However, I’m hitting two roadblocks. First, I can’t assign an SSL Certificate to a wildcard.clouapp.net domain name. Second, I can’t assign a second domain name to the Azure Cloud Service since I can’t do domain name forwarding to a specific port (remember that Site 2 is already using domain forwarding anyway).
I could accomplish a solution by breaking out the two sites into their own cloud services but I would rather not because it would double my cost. Are there any suggestions on how to accomplish getting this “Mixed Content” message to go away, either by way of securing site 1 or some other method?

Resources