I have a problem with runing a custom grant in wso2.
I'm add the following lines to my deployment.toml:
[[oauth.custom_grant_type]]
name="Grant_u80"
grant_handler="com.mm.eee.libs.wso2.b002_oauth2.grant_u80.GrantHandler"
grant_validator="com.mm.eee.libs.wso2.b002_oauth2.grant_u80.GrantValidator"
IdTokenAllowed=true
Also I add token's new library in /home/wso2carbon/wso2am-4.1.0/repository/components/lib/, added library properties to /home/wso2carbon/wso2am-4.1.0/repository/conf/custom/ and verify the following default.json line is uncommented:
"oauth.token_renewal.renew_access_token_per_request": true
That it's the point:
If i run wso2 on my local computer, the token works correctly in
carbon and devportal.
If i run wso2 on docker image in my local computer, the token works correctly too.
But, if I run the same docker image in kubernetes, the custom token appears only in carbon, and not in devportal.
¿Anybody knows why the custom grant token doesn't appear in devportal applications?
Thanks you!
Related
I am using Business Central SaaS. In Visual Studio Code, I can run "Download Symbols" to download the Application and System app shipped by Microsoft. I now want to do this outside of Visual Studio Code within a github workflow. In VS Code, I can see that the URL looks like this
GET https://api.businesscentral.dynamics.com/v2.0/Dev/dev/packages?publisher=Microsoft&appName=Application&versionText=18.0.0.0
I use a HTTP-Client to test the URL, but I always get an HTTP 401 Unauthorized as response. I tried the folowing credentials:
bcuser | bcpassword
bcuser | Web Service Access Key
The user I am testing this is a SUPER user on the sandbox. It is the same user I use when I download symbols within VS Code. I tested it with and without domain name.
Any ideas what I am doing wrong?
You have to add the Tenant-Id in the URL and also have to use oauth.
https://api.businesscentral.dynamics.com/v2.0/<your tenant id>/sandbox/dev/packages?publisher=Microsoft&appName=Application&versionText=18.0.0.0
See Postman Screenshot of GET Request
See Postman Screenshot of Auth
JenKoc's answer put me on the right track. I had to add the Tenant-ID to the URL. Downloading Symbols does work with Basic Auth. This is how it works:
Get Credentials from Business Central's User page. If the Web Service Access Key is empty, just click on the three dots and craete a new one.
Create a HTTP GET Request with Basic Auth
User: <User Name>
Password: <Web Service Access Key>
URL:
https://api.businesscentral.dynamics.com/v2.0/<tenant-id>/<sandboxname>/dev/packages?publisher=Microsoft&appName=Application&versionText=18.0.0.0
I have hosted the instances of wso2 api manager as well as wso2 analytics in the same parent directory. wso2 api manager is working great, but I cannot access even the login screen of wso2 analytics after the configuration. When I inspected in the network tab of the browser, I can see the Exception occurred :java.security.cert.CertificateException: No subject alternative names matching IP address 10.12.2.5 found executing GET https://10.12.2.5:9443/api/am/admin/v1/custom-urls/carbon.super error. I am using version 3.2.0 for both apim and analytics. I have configured both of them to point to the same apim db. Also, I have enabled the ssoEnabled to true in auth.configs section in deployment.yaml file. How can this error be resolved?
The above error may have occurred due to the hostname verification process [1] of the dashboard server when connecting to the Publisher profile of the APIM server.
As a temporary solution, you can set the hostnameVerificationEnabled to false in the <WSO2_API-M_ANALYTICS_HOME>/conf/dashboard/deployment.yaml file of the dashboard profile which will skip the hostname verification process.
(But skipping the hostname verification is not recommended in the prod environment, and hence you have to configure hostnames of the deployment according to your Common Name(CN)/Subject Alternative Name(SAN))
[1] https://lightbend.github.io/ssl-config/HostnameVerification.html
I make use of the cloudstack API, to integrate into a 3de party portal. I would like to access the console proxy via the API, cant find the API methods to do so.
Ie get the session token for the specific virtual machine and open up the ajax window from our 3de party portal.
The management server should expose the Console Proxy to use via the API, then I assume you should acquire a token based on login credentials, or via the API for the specific Virtual Machine you have access to.
If someone done this before, would be appreciated to share some detail related to this request.
Looking at the source for Console Proxy I solved this problem per below :
Use the same authentication procedure the normal cloudstack api use defined her - http://docs.cloudstack.apache.org/en/latest/developersguide/dev.html
Use the same API Key and sign the request with API Secret provided from Cloudstack:
The Console proxy endpoint are as follow - /console?cmd=access&vm=xxx, on success a Url will be returned with a token to access the virtual machine.
Test Results -
Request:
CloudstackRequestClientFilter -> cmd=access&vm=29603248-6d8a-4582-aa9a-4d1bfb4d7714&apikey=3NRrdrhDTwggQ_oQny11dD39-XRWJxCd0dh2xqtMNShrz_jb4ZdhHtmRh7NYiOfRzLNwPcBVAfT9FHh9v96vzg&response=json&signature=u4c7QZNQNcN+2s3fhRNSHTyl7+Q=
Response :
frame src="http://172.16.90.99/ajax?token=TCbfnguNvsHEkga3jPJEfZctqiPHTEynM6sAG2K8iIuioKHU8UU1QAWuQLHATd0dznP9vXPggHJp9km_1bmmStiD1PPKr6nZeid0NVI7kUt8_vOGkOK4vdM2d388KFj8oA280mQ-ZjPHWPgU4gCn47nLVb-2cVxNgOijOjdgDEDj5vlqFkzz2YhcqkLt6CIVdFcAJ1g1gqvhrO530ubjLZsiQvxs_kn9X8eXMafhRm_qugu3k6lLuG38zXsK9jKNWkmqoAV2EBBZh-r6agm4dQ">
Hope this helps, took met sometime to figure this out, source for the console proxy can be found here :
https://github.com/apache/cloudstack/blob/master/server/src/main/java/com/cloud/servlet/ConsoleProxyServlet.java
I am running Juypter Notebook version 6.0.0 on a remote server. There is password authentication in place and according to the docs if this is so then token authentication is disabled. However I need to enable token authentication so I can set up Google Colab(which requires token based authentication) with a local runtime on the remote server. While there are several links describing how to disable authentication, I couldn't find any on how to enable it.
The output of jupyter notebook list does not show any tokens. Even resetting the password does not generate a token.
I see that your notebook provider has disabled tokens. In this doc the steps to disable token is given, so I applied exactly opposite steps and it worked. Since you have a remote server, if you somehow manage to restart jupyter notebook remotely, then you can do the same.
Steps:
Edit the config file, jupyter_notebook_config.json
Add this line to the config, as in the picture
"token": "YOUR_TOKEN",
You can use token consisting of hex characters (0-9, a-f) as a token
Remove the line that contains password
Now you need to restart the server
Exit by clicking 'Quit'
After you log back next time, give the token instead
Location of config file:
Windows: "C:\Users\Username\.jupyter\"
Linux: "/home/user/.jupyter"
I've programmed a task using Windows task manager. It consists of accessing BigQuery data via bigrquery library. I've stored my credentials in a local file httr-oauth.
I'm using these libraries:
library(bigrquery)
library(assertthat)
library(httpuv)
The task has been working for a few weeks and suddenly I see this message in the log file (.Rout):
Waiting for authentication in browser...
Press Esc/Ctrl + C to abort
Please point your browser to the following url:
https://accounts.google.com/o/oauth2/auth?client_id=....
It looks like token needs to be refreshed, but if I run the script manually everything is ok and my httr-oauth works fine.
Any idea about what's happening? Thanks in advance!
In short you need to use a service account.
Find out how to configure the library driver to authenticate the connection with a Google service account. When you authenticate your connection this way, the driver handles authentication on behalf of the service account, so that an individual user account is not directly involved and no user input is required.
To authenticate your connection this way, you must provide a Google service account email address and the full path to a private key file for the service account. You can generate and download the private key file when you set up the service account.
More here: https://developers.google.com/identity/protocols/OAuth2ServiceAccount