Salesforce changes to TLS v1.1 and higher protocols has forced us to initiate a change on our Mule Installation setup, hosted on Mule Standalone version 3.4 with JDK 6. Post the JDK 7 update and enabling the HTTPS Protocol parameters I am seeing a issue performing a connection to Salesforce
Unexpected element.Test connection failed: Unexpected element. Parser was expecting element 'urn:partner.soap.sforce.com:orgDisallowHtmlAttachments' but found 'urn:partner.soap.sforce.com:orgDefaultCurrencyLocale' org.mule.api.ConnectionException: Unexpected element. Parser was expecting element 'urn:partner.soap.sforce.com:orgDisallowHtmlAttachments' but found 'urn:partner.soap.sforce.com:orgDefaultCurrencyLocale' at org.mule.modules.salesforce.SalesforceConnector.reconnect(SalesforceConnector.java:381) at org.mule.modules.salesforce.SalesforceConnector.connect(SalesforceConnector.java:342)
Related
I'm build a project using SignalR.
As Front I'm using .Net Core, as Back I'm using React.
So in my localhost the project is working, but when i deploy this project i get an error.
In azure I have created:
2 web application - one used for cliend, and the other one for server.
1 Azure SignalR service (i tested it online and it worked)
1 Azure SQL Database
So when i try to invoke Method it now working and show me this error. Someone know how to solve this problem?
Please check this ASP.NET Core SignalR connection
troubleshooting | Microsoft Docs which helps to check errors
that can occur when trying to connectto an ASP.NET Core SignalR hub.
One common cause is that app enforce HTTPS by calling
UseHttpsRedirection in Startup, or enforces HTTPS via URL rewrite
rule.
So If it is the cause try to change the URL on the client side from
"http" to "https". like > .withUrl("https://xxx/HubName")
Also please go through c# - Could not connect to Azure SignalR Hub -
Stack Overflow And check if the signalR url endpoint for client
is correctly given
var signalrUrl = "https://myazuresignalr.service.signalr.net/client/?hub=yourHubName"
Please note that sending the exception this way to the client is
insecure .So try to either throw a HubException or set
EnableDetailedErrors on the server.See HandleErrors when :Use
hubs in ASP.NET Core SignalR | Microsoft Docs
Reference:
Invoke hub's method which throw ArgumentException, client gets
HubException: An unexpected error occurred · Issue azure-signalr ·
GitHub
So the problem was that my Database was empty... the migration did not upload, Update the database solved it.
I was working on one poc which will connect to salesforce account . The mule version is 6.3.2 and sales force version is 6.3.2. Till 2 [![enter image description here][1]][1]days back it was working fine.
I came to know that last weekend sales force as done TLS upgrade to 1.1 from 1.0. When i was testing my flow getting the below exception:
Root Exception stack trace:
[UnexpectedErrorFault [ApiFault exceptionCode='UNSUPPORTED_CLIENT'
exceptionMessage='TLS 1.0 has been disabled in this organization. Please use TLS 1.1 or higher when connecting to Salesforce using https.'
]
]
When i saw the mule documentation it says that sales force connector 7.1.2 as addressed this issue and I update my connector in studio and retried the scenario which is not working.
Can some one help me out on this.
Regards
Vikram
I previously had to set the following property in the application settings:
https.protocols=TLSv1.1,TLSv1.2
And -Dhttps.protocols=TLSv1.1,TLSv1.2 in my wrapper.conf for Mule standalone.
You can put your configuration in tls-default.conf in MULE_ESB/conf/ folder
and then put the value inside like below:
enabledProtocols=TLSv1.1, TLSv1.2
enabledCipherSuites=TLS_KRB5_WITH_3DES_EDE_CBC_MD5, TLS_KRB5_WITH_RC4_128_SHA, SSL_DH_anon_WITH_DES_CBC_SHA
Or if you want to test from your anypoint studio, just create the tls-default.conf and put under your resources folder
Another information I can add is try to input your url destination to https://www.ssllabs.com/ssltest/ to make sure the TLSv1.1 is enabled by your endpoint or the chiper suite enable too
Similar is answered in https://forums.mulesoft.com/questions/41012/getting-error-when-hitting-a-rest-api-via-https.html#answer-43960
Below is the answer I posted.
I resolved it in my system.
When it is not working in the Runtime that is attached in the Anypoint
studio then follow the below steps.
Navigate to the Anypoint studio installation directory
Search for "tls-default.conf" in the folder. This will show you all the files for all the Runtimes that you have installed.
there will be a property "enabledProtocols" make sure that it contains the TLSv1 in it as below
enabledProtocols=TLSv1,TLSv1.1,TLSv1.2
This above should apply to Cloud hub (Most of the times it is already
enabled) or on-premise systems.
Salesforce are now disabling TLS 1.0, forcing TLS 1.1 or higher.
For Java versions >= 1.8 this is not a problem, but for earlier releases you will want to set the SSLContext. This solution worked for me:
if (Double.parseDouble(Runtime.class.getPackage().getSpecificationVersion()) <= 1.7) // Java versions > 1.7 are compatible with TLS 1.1 or higher by default - we want TLSv1.2 for our needs
setSSLContext(SSLContext.getInstance(SSL_VERSION_TO_USE_FOR_SALESFORCE_LOGIN));
private static void setSSLContext(SSLContext context) {
SSLContext.setDefault(context);
try {
/* Either of the first two parameters may be null in which case the installed security providers will be searched for the highest priority implementation of the appropriate factory.
Likewise, the secure random parameter may be null in which case the default implementation will be used. */
context.init(null, null, null);
} catch (KeyManagementException e) {
// handle exception
}
}
Navigate to Setup
In the Quick Find bar, type in Critical Updates
Select Critical Updates
Locate the Require TLS 1.1 or higher for HTTPS connections under the Update Name column
Click on Deactivate.
We currently have ADFS 2.0 with hotfix 2 rollup installed and working properly as an identity provider for several external relying parties using SAML authentication. This week we attempted to add a new relying party, however, when a client presents the authentication request from the new party, ADFS simply returns an error page with a reference number and does not prompt the client for credentials.
I checked the server ADFS 2.0 event log for the reference number, but it is not present (searching the correlation id column). I enabled the ADFS trace log, re-executed the authentication attempt and this message was presented:
Failed to process the Web request because the request is not valid. Cannot get protocol message from HTTP query. The following errors occurred when trying to parse incoming HTTP request:
Microsoft.IdentityServer.Protocols.Saml.HttpSamlMessageException: MSIS7015: This request does not contain the expected protocol message or incorrect protocol parameters were found according to the HTTP SAML protocol bindings.
at Microsoft.IdentityServer.Web.HttpSamlMessageFactory.CreateMessage(HttpContext httpContext)
at Microsoft.IdentityServer.Web.FederationPassiveContext.EnsureCurrent(HttpContext context)
As the message indicates that the request is not well formed, I went ahead and ran the request through xmlsectool and validated it against the SAML protocol XSD (http://docs.oasis-open.org/security/saml/v2.0/saml-schema-protocol-2.0.xsd) and it came back clean:
C:\Users\ebennett\Desktop\xmlsectool-1.2.0>xmlsectool.bat --validateSchema --inFile metaauth_kld_request.xml --schemaDirectory . --verbose
INFO XmlSecTool - Reading XML document from file 'metaauth_kld_request.xml'
DEBUG XmlSecTool - Building DOM parser
DEBUG XmlSecTool - Parsing XML input stream
INFO XmlSecTool - XML document parsed and is well-formed.
DEBUG XmlSecTool - Building W3 XML Schema from file/directory 'C:\Users\ebennett\Desktop\xmlsectool-1.2.0\.'
DEBUG XmlSecTool - Schema validating XML document
INFO XmlSecTool - XML document is schema valid
So, I'm thinking that ADFS isn't playing full compliance with the SAML specification. To verify, I manually examined the submitted AuthnRequest, and discovered that our vendor is making use of the 'Extensions' element to embed their custom properties (which is valid, according to the SAML specification) (note: "ns33" below correctly namspaces "urn:oasis:names:tc:SAML:2.0:protocol" elsewhere in the request)
<ns33:Extensions>
<vendor_ns:fedId xmlns:vendor_ns="urn:vendor.name.here" name="fedId" value="http://idmfederation.vendorname.org"/>
</ns33:Extensions>
If I remove the previous element from the AuthnRequest and resubmit it to ADFS, everything goes swimmingly. And, in fact, I can leave the 'Extensions' container and simply edit out the vendor namespaced element, and ADFS succeeds.
Now, I guess I have 3 questions:
Why was the reference number not logged to the ADFS log? That really would have helped my early debugging efforts
Is it a known issue that ADFS's SAML handler cannot handle custom elements defined within the Extensions element, and if so, is there a way to add support (or at least not crash while handling it)? My vendor has offered to change the SAML AuthnRequest generated to omit that tag, but said that it 'may take some time'-- and we all know what that means...
Does anyone think that installing ADFS hotfix rollup 3 will address this situation? I didn't see anything in the doc to indicate the affirmative.
Thanks for your feedback.
When facing a MSIS7015 ADFS error, the best place to start would be enabling ADFS Tracing. Login to the ADFS server as admin and run the following command. If you have a very busy ADFS server, might be wise to do it when the server is not as busy.
C:\Windows\System32\> wevtutil sl “AD FS Tracing/Debug” /L:5
C:\Windows\System32\> eventvwr.msc
In Event Viewer select “Application and Services Logs”, right-click and select “View – Show Analytics and Debug Logs”
Go to AD FS Tracing – Debug, right-click and select “Enable Log” to start Trace Debugging.
Process your ADFS login / logout steps and when finished, go to the event viewer mmc find the sub tree AD FS Tracing – Debug, right-click and select “Disable Log” to stop Trace Debugging.
Look for EventID 49 - incoming AuthRequest - and verify values are not being sent with CAPs value. For example, in my case, it was I was receiving the following values: IsPassive='False', ForceAuthn='False'
In my case, to address the issue, all I needed to do was create incoming claim transformer rule - for the distinct endpoints.
Once the CAPs were transformed to lower case true and false, authentication started working.
I have been struggling with setting up Carrot2 for use PHP, on a local machine. The plan is to have Carrot2 retrieve cluster from Solr populated by Nutch. Currently Solr and Nutch are correctly configured and I have been able to access the information via Carrot2 Workbench. Carrot2-dcs-3.10.0 has been set up what I believed to be correctly deployed through the tomcat6 manager although the documentation on setting this up is horrible vague and incomplete. Changes to source-solr-attributes.xml were made according to https://sites.google.com/site/profileswapnilkulkarni/tech-talk/howtoconfigureandruncarrot2webapplicationwithsolrdocumentsource . Tomcat is set up on port 8080. The Carrot2 DCS php example example.php works and displays the test output correctly. Although, when I try to perform a cluster using localIPAddress:8080/carrot2-dcs/index.html I run into a problem. When I set document source to Solr and the query to : then click cluster I get the following error message.
HTTP Status 500 - Could not perform processing: org.apache.http.conn.HttpHostConnectException: Connection to localhost:8983 refused
type Status report
message Could not perform processing: org.apache.http.conn.HttpHostConnectException: Connection to localhost:8983 refused
description The server encountered an internal error that prevented it from fulfilling this request.
I have searched everywhere in the deployed webapp folder for carrot2 and can't find where it is getting localhost:8983 from.
Any assistance would be appreciated, thank you.
It turns out that the source-solr-attributes.xml file had an extra overridden-attributes. one was before the default block comment with the example parameters and the second was added in by me with the parameters needed for my config. Deleting one of the line so there was only one corrected the problem. Apparently with two of those it ignores the server settings and uses default values instead.
After few hours of working with new selenium 2.20 i get this error:
WARNING: Client requested session 1331671421031 that was terminated
due to FORWARDING_TO_NODE_FAILED
14.3.2012 5:46:55 org.openqa.grid.internal.ActiveTestSessions getExistingSession
what can be wrong. I never get this message with 2.19 version of selenium server.
There is also no other messages just this message all the time in console.
Per selenium wiki -
FORWARDING_TO_NODE_FAILED - The hub was unable to forward to the node. Out of memory errors/node stability issues or network problems
Are you sure you didn't have network related issue?