I am trying to do the following;
From salesforce.com I call http get or post and post a json object using httpRequest system class. but I am getting following exception (it is https):
java.security.cert.CertificateException: No name matching issue mywebsite.com found
I have configured this website in the remote host already. Does anyone have some idea what could be wrong here?
Are you missing a call to req.setClientCertificateName?
I have APEX code where Salesforce calls out to a web service on my site. I protected it with client-side SSL. My website, the host, authorizes the client cert from Salesforce.com (vs traditional web SSL where the browser client authorizes the server cert). You can create a self-signed certificate in Salesforce Admin under Certificate and Key Management and then reference it with a call to req.setClientCertificateName. Here is some code from my production org:
HttpRequest req = new HttpRequest();
req.setMethod('POST');
req.setHeader('Host', 'www.mywebsite.com');
req.setEndpoint('https://www.mywebsite.com/post.asp');
try {
req.setClientCertificateName('Cert_For_MyWebSite');
} catch (System.CalloutException e) {
// The cert doesn't make it to the sandbox
}
req.setHeader('Connection', 'keep-alive');
req.setHeader('content-type', 'text/plain');
req.setHeader('Content-Length', body.length().format());
req.setBody(body);
Http http = new Http();
HttpResponse res = http.send(req);
System.debug(res.toString());
System.debug('STATUS:' + res.getStatus());
System.debug('STATUS_CODE:' + res.getStatusCode());
On the server (IIS 7.5) I enabled the self-signed cert with this web.config:
<configuration>
<system.webServer>
<security>
<access sslFlags="Ssl, SslNegotiateCert, SslRequireCert" />
<authentication>
<iisClientCertificateMappingAuthentication enabled="true" oneToOneCertificateMappingsEnabled="true">
<oneToOneMappings>
<!-- production salesforce -->
<add enabled="true"
userName="salesforce"
password="[enc:AesProvider:aaa...aaa:enc]"
certificate="MIIEaaa...aaa=" />
</oneToOneMappings>
</iisClientCertificateMappingAuthentication>
</authentication>
</security>
</system.webServer>
</configuration>
In my other answer I was thinking about the Salesforce client cert because I remember having headaches sorting it out originally, but maybe the error is with your web server's cert. This might be a simple name matching issue. For example, the cert your server presented to Salesforce was issued to a.company.com but you're trying to use it at b.company.com. That produces a very similar java error message as talked about here and here. Does your browser give any errors when you try your service over SSL?
If you think Salesforce isn't verifying your web server's cert you can try some of the tricks suggested over here for a similar javax.net.ssl.SSLPeerUnverifiedException error. They even point to a list of CAs that are trusted by Salesforce.
Related
I am trying to setup saml sso configuration for my application which is deployed in websphere.
Idp- Azure AD
SP - Websphere application server when my target application deployed
Done TAI configuration as per the Ibm document . But when I hit the test button from idp I could see the saml response in network tab. but i couldn't login to my application and also didn't get any trace related to saml in log files also however i have enabled logs for saml in Troubleshoot. My doubt is sometimes am getting trace which are related to TAI during server stop. For each request should i be getting TAI trace ? and why my saml response not getting intercepted in TAI. How exactly the interception happen with saml response and how do we get to know that saml response got validated.
[15/4/21 16:18:42:855 IST] 00000096 TrustAssociat A SECJ0121I: Trust Association Init class com.ibm.ws.security.web.saml.ACSTrustAssociationInterceptor loaded successfully
acs url -> https://localhost:/browserTest (which is my actual target application url)
metadata and signing certificates also imported correctly.
Thanks for your help.
The acs URL has format like this:
https://<hostname>:<sslport>/samlsps/<any URI pattern string>
if you want to use your application URL
https://localhost:/browserTest
as acs URL, this UR must be able to accept HTTP POST.
I am trying to create an API on Google App Engine which can be called by a .NET client with authentication.
The .NET client authenticates the user using
UserCredential credential = await GoogleWebAuthorizationBroker.AuthorizeAsync(
new ClientSecrets
{
ClientId = "<client id>",
ClientSecret = "<client secret"
},
new[] { "email", "profile", "https://www.googleapis.com/auth/devstorage.read_write" }, "user", CancellationToken.None);
and that works fine.
I have a servlet which is protected by
<security-constraint>
<web-resource-collection>
<web-resource-name>servlet</web-resource-name>
<url-pattern>/servlet/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>*</role-name>
</auth-constraint>
</security-constraint>
So it is only accessible to authenticated users, which is how I want it.
I want to be able to get the current user using
User currentUser = UserServiceFactory.getUserService().getCurrentUser();
but I can't get the .NET client to authenticate to the servlet.
I have tried
var httpClient = new HttpClient();
httpClient.DefaultRequestHeaders.Add("Authorization", $"Bearer {credential.Token.AccessToken}");
httpClient.PutAsync("http://<my app>/servlet", content);
however this fails as the put returns a 302 redirect to a URL starting with https://www.google.com/accounts/ServiceLogin..., which the .NET HTTP client presumably follows, as it then ends up with a 405 method not allowed.
I've also tried
Google.Apis.Http.HttpClientFactory httpClientFactory = new HttpClientFactory();
Google.Apis.Http.CreateHttpClientArgs httpClientArgs = new CreateHttpClientArgs();
Google.Apis.Http.ConfigurableHttpClient httpClient = httpClientFactory.CreateHttpClient(new CreateHttpClientArgs());
credential.Initialize(httpClient);
(credential is the UserCredential gained above from GoogleWebAuthorizationBroker.AuthorizeAsync)
however that does the same thing - issues a redirect to google/accounts/ServiceLogin URl - which fails.
Is what I'm trying to do even possible?
Surely there must be a way for a servlet to be able to authenticate users that are calling it programatically via an API rather than from the web?
I will provide you a couple of links that might turn useful for you:
There are three methods to authenticate in App Engine using the Java Client Library. Find their description here.
Find here a pom.xml sample using Java Client Library and Oauth authentication method.
I expect that you will find an answer there. I don't want to be more specific since I don't really understand the pipeline you are using.
I am trying to post a file to a URL programmatically. This URL is protected by its own username/password.
I have inherited this URL (or application) - so it is in my ownership. It is basically a web application used to host some files.
I have created an HttpClient which takes HttpPost consisting of the URL and file to be uploaded.
this.httpClient = new DefaultHttpClient();
this.httpClient.getCredentialsProvider().setCredentials(new AuthScope(this.host, this.port), new UsernamePasswordCredentials(this.username, this.password));
HttpResponse response = this.httpClient.execute(httpPost, this.context);
HttpEntity resEntity = response.getEntity();
log("Received HTTP response: " + response.getStatusLine().getReasonPhrase(), LogLevel.INFO.getLevel());
But somehow weblogic authentication blocks it and I receive "Unauthorized" response. If I use the username/password of weblogic admin console, then authentication is fine but fails while uploading since the URL is protected by a different credential(Same as the one I am trying to upload with).
Any idea what am I doing worng? Why weblogic is asking for its own authentication?
I found the solution for this issue. I needed to set enforce-valid-basic-auth-credentials equal to false in domain config.xml . This bypasses weblogic authentication and the application authentication kicks in.
I am creating an API with URI template patient/{name} and production URL to http://localhost:8888/patient/{uri.var.name} in WSO2 APIM. Also adding this sequence
<sequence xmlns="http://ws.apache.org/ns/synapse" name="TestSequence">
<property name="REST_URL_POSTFIX" scope="axis2" action="remove"/>
</sequence>
The target URL is not being invoked with this. Can you please let me know what is the issue?
This error can occur due to Invalid URI provided by you, make sure you are using valid endpoint url for the Production Endpoint.
I am a very beginner in ESB. So, kindly excuse me for this basic question.
Currently we have web services created with Apache CXF and Spring running. Now, we need to create proxy services for these in WSo2 ESB. Can someone please let us know how can we do this?
I created Pass Through proxy and use wsdl definition as from URL, but when i use try it option i get he endpoint reference (EPR) for the Operation not found is /services/ and the WSA Action = null.
If this EPR was previously reachable,please contact the server administrator.
Since ESB 4.6, pass-through transport is enabled by default : The message body is not build so, SOAP Body based dispatching is not supported => in this case, the error you're speaking about is thrown
One solution could be to add this parameter in your proxy conf : <parameter name="disableOperationValidation" locked="false">true</parameter>
Have a look there for other options : Using WSO2 ESB PassThrough Proxy on WebLogic (Spring) Web Service
How did you create the proxy service? If you have the wsdl of the Backend service you can use it to create the proxy service like follows.
<proxy xmlns="http://ws.apache.org/ns/synapse" name="testProxy2" transports="https,http" statistics="disable" trace="disable" startOnLoad="true">
<target>
<outSequence>
<send/>
</outSequence>
<endpoint>
<wsdl service="SimpleStockQuoteService"
port="SimpleStockQuoteServiceHttpSoap11Endpoint"
uri="http://localhost:9000/services/SimpleStockQuoteService?wsdl"/>
</endpoint>
</target>
<description/>
</proxy>
The ESB gets the endpoint url from the Service name and Port defined in the WSDL. For SOAP 1.1 the WSA action will be the SOAPAction header and for SOAP 1.2 the WSA action goes with the action element of Content-Type header. For example,
Content-Type: application/soap+xml;charset=UTF-8;action="TheSoapAction"
Try to use a SOAP client like SOAPUI to test your proxy service.