When deleting a profile via web service Sabre_OTA_ProfileDeleteRS / EPS_EXT_ProfileDeleteRQ the profile cannot be opened/viewed in Sabre Red. The purge date is set to 7 days.
Request:
<Sabre_OTA_ProfileDeleteRQ Version="6.73.2" RequestTrackingID="c5b2e9b8-11d3-4fc4-b245-4389feeb953e">
<Delete xmlns="http://www.sabre.com/eps/schemas">
<Profile PurgeDays="7">
<TPA_Identity ClientCode="TN" ClientContextCode="SRW" UniqueID="468190118" ProfileTypeCode="TVL" ProfileName="NOTPROFILENAME" DomainID="NOTPCC" />
</Profile>
</Delete>
</Sabre_OTA_ProfileDeleteRQ>
Response:
<Sabre_OTA_ProfileDeleteRS TimeStamp="2022-11-17T16:15:59.176Z" Version="6.75" RequestTrackingID="c5b2e9b8-11d3-4fc4-b245-4389feeb953e">
<ResponseMessage xmlns="http://www.sabre.com/eps/schemas">
<Success />
</ResponseMessage>
<Delete xmlns="http://www.sabre.com/eps/schemas">
<Profile>
<TPA_Identity ClientCode="TN" ClientContextCode="SRW" UniqueID="468190118" ProfileTypeCode="TVL" ProfileName="NOTPROFILENAME" DomainID="NOTPCC" />
</Profile>
</Delete>
</Sabre_OTA_ProfileDeleteRS>
Sabre Red Error (popup message):
7100: A system error has been encountered.
Details: R::NPPP-US-CENTRAL2T20221117172255SR::Cannot read object with status DL (567)
Sabre Red Steps:
Sign in to Sabre.
Open Sabre Profile form via Admin menu.
Search for profile by profile name.
Other Info:
Since there is only one profile, Sabre Red attempts to skip the search results list and open the profile detail pages. This is where the error message displays and hangs up the Sabre Profile form.
I searched by email address (knowing there were multiple profiles with same value) and was presented with a list of profiles (2 profiles). One of the profiles is the one deleted via web service and has "Purge on 24-Nov-22" in red under the action links in the 5th column. I can click "Edit" and the detail view/form displays.
Is this a bug in Sabre Red or am I sending an incorrect delete request via web service?
Related
We have set up AD FS as an identity provider in our B2C login flows. Interactive login works just fine, but whenever we execute acquireTokenSilent with MSAL-JS in our Single Page Applications (SPA), we get an error:
Refused to display 'https://mytenant.b2clogin.com...' in a frame because it set 'X-Frame-Options' to 'deny'.
This only happens for the implicit flow. Applications using the authorization code grant work just fine. Local accounts work with both flows. From reading up on the documentation, this should not happen because I should have a session.
https://learn.microsoft.com/en-us/windows-server/identity/ad-fs/operations/customize-http-security-headers-ad-fs#x-frame-options
Note that non-interactive logins can be performed via iFrame due to prior session level security that has been established.
What can I do to fix this error?
After double checking my policies and the documentation, the error became obvious. For some reason, we had this code in our policy for the SAML technical profile:
<UseTechnicalProfileForSessionManagement ReferenceId="SM-Noop"/>
So basically the user had a session with B2C, and a session with ADFS, but B2C did not have a session with ADFS.
Everything started working once we used the SamlSSOSessionProvider as indicated in the documentation.
<UseTechnicalProfileForSessionManagement ReferenceId="SM-Saml-idp" />
....
<ClaimsProvider>
<DisplayName>Session Management</DisplayName>
<TechnicalProfiles>
<TechnicalProfile Id="SM-Saml-idp">
<DisplayName>Session Management Provider</DisplayName>
<Protocol Name="Proprietary" Handler="Web.TPEngine.SSO.SamlSSOSessionProvider, Web.TPEngine, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" />
<Metadata>
<Item Key="IncludeSessionIndex">false</Item>
<Item Key="RegisterServiceProviders">false</Item>
</Metadata>
</TechnicalProfile>
</TechnicalProfiles>
</ClaimsProvider>
When investigating this a bit more, we discovered that the documentation originally contained the same error, which is how we got the code in the first place. The documentation was fixed one month ago!
We're running Application Insights on some of our sites and we want to aggregate logs from the windows event log. We are running on windows server 2016.
I know that other log-shippers like elastic has the possibility to send logs from the windows event log. Is it possible from Application Insights?
Edit 22.10.2018
After #cijothomas's comment I tried adding the EtwCollector nuget package from Microsoft and added a few providers to the config.
<Add ProviderName="Microsoft-Windows-Crashdump" Level="Warning"/>
<Add ProviderName=".NET Common Language Runtime" Level="Warning" />
<Add ProviderName="ASP.NET Events" Level="Warning" />
<Add ProviderName="Microsoft-Windows-IIS-IISReset" Level="Warning" />
<Add ProviderName="Microsoft-Windows-HttpLog" Level="Warning" />
In Application Insights, I now get a trace from the application.
AI: Failed to enable provider for the EtwTelemetryModule. Access Denied.
and for example for the Microsoft-Windows-IIS-IISReset provider.
AI: Failed to enable provider Microsoft-Windows-IIS-IISReset for the EtwTelemetryModule.
I've added the applications user process to the "Performance Log Users" group in windows. Is it any other setting that I need to add to allow the logs to be shipped from this provider?
Did you mean ETW events? if yes, then Application Insights has an adapter to send ETW events as Application Insights Traces.
https://learn.microsoft.com/en-us/azure/application-insights/app-insights-asp-net-trace-logs#using-etw-events
Alternately, you can always do manual TrackTrace() method to send any traces to Application Insights.
https://learn.microsoft.com/en-us/azure/application-insights/app-insights-api-custom-events-metrics#tracktrace
On one computer I have 2 projects - a client application and another that holds the identity server and identity manager. When I run the client site on this computer everything works. I am able to sign in, register etc. This project was already set up and working.
I made a copy of the projects and put them on another computer. I have set the sites up in IIS and created a self signed certificate.
When I run the client site and attempt to sign in I get the yellow asp.net error page with the message "The remote certificate is invalid according to the validation procedure". When stepping through with the debugger I also see: "The underlying connection was closed: could not establish trust relationship for the ssl/tls secure channel"
I figure the errors have to do with the certificate so in MMC I made sure that the certificates are installed in the trusted root certification authorties folder.
The other thing I did was check the web.config files in the projects.
In the client site I have something like:
<oidcClient clientId="codeclienthere"
clientSecret="secrethere"
signingCertificate="keythatmatches_certificate_hash_here"
issuerName="https://identityurlhere/issuer"
...
Then in the identity server and identity manager web.config files I have something like:
<appSettings>
<add key="owin:AppStartup" value="startup" />
<add key="Issuer" value="identity_url_here/issuer" />
<add key="Thumbprint" value="keythatmatches_certificate_hash" />
<add key="WebClientId" value="codeclienthere"/>
<add key="WebClientSecret" value="secrethere"/>
...
I changed the signing certificate and thumbprint values to match the certificate hash. For the attribute "issuerName" and key "Issuer" I tried leaving it the same, setting it the name of the certificate and prepending "CN=" to the name of the certificate. I am unsure what value should go here. I am also unsure what other things I should check.
The problem here was that there were hidden characters in the thumbprint that I did not notice. I had pasted in a text editor to compare or something and they got removed so when I pasted them back in the config file they did not match as needed.
I've just run the aspnet_regsql tool and setup aspnetdb on a test server. I've setup the Membership stuff in web.config, and I'm trying to administer it via "Project -> ASP.net Configuration" menu item in Visual Studio 2008.
The first few pages pull up just fine -- the default page and the security page. It shows me that I have 0 users and 0 roles. I was able to click on "Enable Role Manager" or whatever it said. In my connection string I'm connecting as the sa user.
When I click on "Create or Manage Roles" I get an error: "A network-related or instance-specific error occurred while establishing a connection to SQL Server. The server was not found or was not accessible." etc, about how the server may not be reachable.
Well, I think it is able to get to the server since it shows me that I have 0 users and roles. If it was unable to get there, in past experience, it would show blank instead of 0.
I know that there are many stored procs and functions installed in SQL to support membership, so is it possible that the sa user doesn't have the rights to execute these things? How would I check? I'm really not good at SQL security, as is evidenced by me using the SA username and password.
Any ideas?
according to my experience this thing is impossible. but if you insist on it you can check it your self .
check that sa user have the ASPNETDB owner privilege(by default sa user have all database owner privilege)
good luck dude
http://forums.asp.net/t/978442.aspx/1
Most of the way down the page, here is the code you need to have in your web.config
<roleManager enabled="true" defaultProvider="SqlRoleProvider">
<providers>
<clear/>
<add name="SqlRoleProvider" applicationName="TestItAll" connectionStringName="aspnetdbConnectionString" type="System.Web.Security.SqlRoleProvider"/>
</providers>
</roleManager>
I'm trying to run the following Web Deploy command:
msdeploy.exe -verb:dump -source:dirPath="C:\Deploy",wmsvc=localhost,username=<user>,password=<pass>
I have tried to run this with two users, John and Mary. John is a member of the Administrator group on the box, Mary isn't; the command works for John, but fails with a 401 for Mary.
I have the following set up:
Mary has full access to C:\Deploy via the ACLs (as does the Administrators group)
Both John and Mary have been granted access to the C:\Deploy dirPath in IIS using the delegation functionality (see below)
My administration.config entry:
<rule enabled="true" providers="dirPath" actions="*" path=".*" pathType="RegularExpression">
<runAs identityType="SpecificUser" userName="AnAdministrator" password="..." />
<permissions>
<user name="PC\John" isRole="false" accessType="Allow" />
<user name="PC\Mary" isRole="false" accessType="Allow" />
</permissions>
</rule>
When I add Mary to the Administrators group, the command works. But the whole point of delegation is to be able to run deployment commands as non-administrators. I'm able to run other commands (e.g. -verb:dump -source:appHostConfig="Default Web Site") fine for Mary - it's just dirPath that's not working.
WMSvc.log doesn't seem to contain any errors for the failing command - I can see the successful ones fine though. I do see the 401 for the HEAD request in the failed requests trace, but no indication as to why it's occurring...
Any pointers appreciated.
zcrar70, you are right: delegation only kicks in once a user has access to a site's scope. In your example, if you had given PC\Mary access to the site (via IIS Manager Permissions), then this would just work.
Can you explain your scenario a bit further? Are you trying to give a non-admin user permission to run specific providers on ALL sites?
Your RunAs identity "AnAdministrator" needs to have permissions to access c:\Deploy, since both Mary and John will be impersonated (if the original identity fails, which doesn't for John) as this user. ACL C:\Deploy for AnAdministrator user and try again.
You can also use ServerValidator tool to check whether your environment is ready for delegated deployment.