I am getting a 403 forbidden error when trying to add a JDBC secondary user store in WSO2 APIM 3.2.0 from the carbon console. Though the connection is healthy on clicking the test button, but unable to add the user store. Any hints or suggestions to resolve this issue is appreciated.
Thanks,
Suman
I think need check server policy and permissions or application path .... because the HTTP 403 Forbidden response status code indicates that the server understands the request but refuses to authorize it.
Related
I'm trying to integrate open distro ELK with OpenID Connect by following the guide here (https://opendistro.github.io/for-elasticsearch-docs/docs/security/configuration/openid-connect/#kibana-single-sign-on), specifically by updating the kibana.yml and config.yml files as shown.
The behavior I'm seeing is:
Visit ${KIBANA_URL}
Get redirected straight to ${KIBANA_URL}/auth/openid/login with 401
I'm checking the network requests, and I'm not sure why it's not redirecting to the IDP (Okta) first. What should I check next?
I am trying to use Microsoft flow to retrieve Microsoft Bookings data. Im doing this by using the HTTP with azure AD connector. I have set up all permissions. it was working perfectly fine before till yesterday the connector said i'm unauthorized to retrieve the data. i can't even hit https://graph.microsoft.com/beta/bookingBusinesses/page_id/appointments anymore. Is there some issue with Microsoft ??? or is there an issue on my side.i’ve used graph explorer and im able to successfully retrieve the bookings api. could someone provide some feedback as this is becoming business critical as i need to obtain the data for reporting. Or maybe guide me on how i can retrieve an access token that never expires. It would be much appreciated if someone can really help me out. I've attached a screenshot of my flow failing.
Screenshot of HTTP with Azure AD failing . I've just also found out that i can query https://graph.microsoft.com/beta but i cant hit the BookingBusinesses api
Screen shot of https://graph.microsoft.com/beta working using connector
What i have already tried:
Deleted the connection and created it again
Created a connection using another account
Created App registrations and used the Client_id, tenant_id and client_secret to Created a connection using the HTTP request. but still doesn't work
Screenshot of HTTP Request Connector, but this still failed
App registration Permissions
For this problem, I test it by "Invoke an HTTP request" first but as I'm not familiar with this action, I didn't request it success. But we can also use "HTTP" action in microsoft flow to get the access token and use the access token to do the request as you mentioned in comments.
The reason for you failed to use the access token to request the graph api is you set the grant_type as client_credentials when you request for the access token. Since the permissions you added are "delegated" type but not "application" type, so we can not use "client_credentials" grant to get the access token. We need to use "password" as the grant_type (shown as below screenshot).
Then use "Parse JSON" action to parse the response of the "HTTP" request above to get the access token. And use the access token to request the graph api.
My guess is the flow connector lost its refresh token or something to that effect. you may need to just refresh your flow connector. either by switching accounts or smoething or deleting the azure ad connector and reconnecting it.
give that a try
I'm working on a web api project which is secured by Azure AD endpoint v2.0. However, I get tons of 401 errors, even I copy the code from the working examples for Github.
My question is how can I debug the 401 error in a most efficient way? As there is little information for the error message:
{
"Message": "Authorization has been denied for this request."
}
You can use Fiddler to dig into the details of exactly what is being sent and received, when.
Have you made sure the user you're attempting to authenticate with does not have multifactor authentication enabled? You'll get 401's for seemingly no reason if MFA is enabled and you try to auth programmatically. If you have already disabled it, post up your auth code here and we'll take a close look.
I'm trying to use Skype for Business online WebSDK. I'm following the instructions located here - https://msdn.microsoft.com/Skype/WebSDK/docs/DevelopWebSDKappsForSfBOnline.
I'm trying to authenticate user with Office 65 online but I have problems while executing app.signInManager.signIn command.
Browser sends several requests:
Request URL:https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root
Request Method:GET
Status Code:200 OK
Request URL:https://webdir2e.online.lync.com/Autodiscover/AutodiscoverService.svc/root/oauth/user
Request Method:OPTIONS
Status Code:200 OK
Request URL:https://webdir2e.online.lync.com/Autodiscover/AutodiscoverService.svc/root/oauth/user
Request Method:GET
Status Code:401 Unauthorized
The last request is failing with an error:
401 - Unauthorized: Access is denied due to invalid credentials.
You do not have permission to view this directory or page using the credentials that you supplied.
I'm authenticating with admin user and with an account that has Skype for Business online subscription.
Can you help me with this problem? What am I doing wrong? Are there any other prerequisites to be able to successfully log in?
I did everything from scratch following the guide here https://github.com/OfficeDev/skype-web-sdk-simple-sample-for-SfB-online. Created a Microsoft account, got a free O365 tenant, signed up for free Azure Active Directory trial account. Associated my O365 account with Azure AD as described here https://msdn.microsoft.com/en-us/office/office365/howto/setup-development-environment#associate-your-office-365-account-with-azure-ad-to-create-and-manage-apps. Then I registered the new app in Azure Active Directory to use Skype for Business.
Then I updated config.js in the skype web sdk simple sample for SfB online application.
And again no luck, the same error - 401 - Unauthorized: Access is denied due to invalid credentials.
I was trying to run the index.html page on the localhost in the htdocs/skype directory. Of course I was setting the reply url accordinly as http://localhost/skype/index.html.
Then I tried to move everything in skype directory to the root - to the htdocs folder. And also changed reply url to http://localhost/index.html. And very strangly but it helped. Now I can successfully login using Skype WebSDK.
I don't know the reason for why it is working only this way. If someone have an idea you are welcome to comment.
I have a node based sample rest based application in Nodejs which is accessible by the url http://localhost:8288/api/users.
I have configured APIM and I was able to hit some sample services like https://www.googleapis.com/books/v1/volumes?q=isbn:0747532699 and get the response back.
But when I try to hit my localhost rest service via API Manager using API Console, I am getting
Response Body no content
Response Code 0
Response Headers{
"error": "no response from server"
}
I have no error in the logs.But Neither call is reaching the backend rest service. Should i make some changes to access my localhost urls in API Manager.This API Manager installation and rest service is in the same machine.
Please help.
This can happen if the browser does not trust the certificate of the APIM endpoint. Ideally what should happen is that you should install APIM certificate in your browser.
As a workaround, you can tell the browser to accept the certificate. For that, copy API URL to a new browser tab and accept the certificate.
Then try again in API console. It should work.