I was facing issue while login to Carbon Management Console
Version; WSO2 IS 5.10. 0 as Key Manager
Changes:
I have made Mysql database changes for WSO2AM_DB, WSO2Shared_DB,WSO2User_db in deployment.toml file.
When i tried login Management Console with default admin/admin credentials, I am getting error in UI:
Login failed! Please recheck the username and password and try again.
ERROR {org.wso2.carbon.core.services.authentication.AuthenticationAdmin} - System error while Authenticating/Authorizing User : com.mysql.cj.jdbc.exceptions.CommunicationsException: Communications link failure
Also user store changes in deployment.toml cause error
Changes:
[user_store]
type = "database"
[user_store.properties]
TenantManager="org.wso2.carbon.user.core.tenant.JDBCTenantManager"
ReadOnly=false
ReadGroups=true
WriteGroups=true
scim_enabled = true
[realm_manager]
data_source = "WSO2USER_DB"
com.mysql.cj.jdbc.exceptions.CommunicationsException: Communications link failure normally means the configured database is not accessible.
Did you define the database.user configuration in the deployment.toml according to WSO2 jdbc user configuration guidelines? If this is already configured, check the configured connection url and network connectivity from WSO2-IS to userstore database.
Related
Update 2: this solved the issue for me: https://dba.stackexchange.com/questions/83984/connect-to-postgresql-server-fatal-no-pg-hba-conf-entry-for-host
Also had to make sure I added an https address in the Urls entry in appsettings.json
Update: if checked Postgres logs and found this:
2022-05-09 21:57:59.816 PKT [11284] FATAL: password authentication failed for user "safzal"
2022-05-09 21:57:59.816 PKT [11284] DETAIL: Role "safzal" does not exist.
Connection matched pg_hba.conf line 89: "host all all ::1/128 scram-sha-256"
"safzal" is my PC username but not the username I configured in connection string. Why isn't dotnet using my connection string?
I am making a Blazor wasm (hosted) app with Postgres db. During development, I put connection string without mentioning userid or password in appSettings.json. I used user secrets to store userid and password and linked them in Program.cs. This approach worked fine, I was able to use dotnet ef migrations add myMigration and dotnet ef database update. I was able to use the app normally during development.
However, when I publish, I cannot get the db connection to work. The app loads fine but as soon as I attempt data access it shows "An unhandled error has occured." with option to Reload.
I get the following http 500 internal server error error in browser console:
I was initially using IIS to attempt to run the app. When I tried to run it via Kestrel it shows this error:
fail: Microsoft.EntityFrameworkCore.Database.Connection[20004]
An error occurred using the connection to database 'fistepsdb' on server ''.
fail: Microsoft.EntityFrameworkCore.Query[10100]
An exception occurred while iterating over the results of a query for context type 'fisteps.Server.Data.AppDbContext'.
Npgsql.NpgsqlException (0x80004005): No password has been provided but the backend requires one (in SASL/SCRAM-SHA-256)
I have already tried:
Putting userId and password directly in connection string
Putting connection string in VS2022 Publish dialog > Show all settings > Settings > Databases > [Password, PostgreSqlConnection, UserId]
Putting connection string in IIS > Sites > Default Web Site > Management > Configuration Editor > Section: connectionStrings (though I am unsure about providerName here).
Any help would be most appreciated.
OpenAM version -12 , Agent version 3.5 and 3.3 , tomcat version 7
I have tried to follow the link https://forums.alfresco.com/forum/installation-upgrades-configuration-integration/authentication-ldap-sso/sso-openam-06052012 to set up my J2EE Agent. Let me paste the steps after asking the question(see at the end)
but I am getting the error as asked below
Not able to configure J2ee agent on adding my customized data store for users
I have tried to use 3.5 version installed and uninstalled multiple times and tried previous version.
There is a nice discussion on this topic at http://database.developer-works.com/article/16009911/%22Cannot+obtain+Application+SSO+token%22+error
but it did not help me much.
I am using LDAP so I have used LDAP realm and subjects are showing up ok. Also I am observing that the policy tab has changed quite a bit from how it is described in the Blogs.
Now with the roadblock I am not sure how to proceed as the error is not giving me any clue what to do. I even added the file named AMConfig.properties in the classpath with username and password of the agent and tried the username and password of the OpenAM admin too as suggested in the discussion mentioned. but that too did not help.
The issue is the Tomcat now is not starting and giving error that AMConfig.properties properties are needed
I know the OpenAM Realm setup is good as I am able to login via this realm to another application (Liferay) where I just have to give the URL for use OpenAM integration. but after uninstallation of the agent the tomcat starts without any error and i am able to login to the application
-------------------Step copied from 1st link(modified)--------------------------
1. Configure your OpenAM agent (tried both 3.5 and 3.3 version on tomcat 7)
a. Log into OpenAM as the admin user and navigate to "Access Control -> (Your Realm) - where in my case LDAP Realm (other application using it without issue)
b. Select Policies -> New Policy
c. Enter Share as the policy name and then create 2 new URL Policy agent rules
d. 1st Resource Name = http://:/share/*
e. 2nd Resource Name = http://alfresco.domain.com:8080/share/*?*
f. Add a subjects - already part of LDAP Realm
g. Now select Agents -> J2EE - > (your J2EE agent)
h. Select the Application tab
i. Login Processing -> Login Form URI - add /share/page/dologin
j. Logout Processing -> Application Logout URL - add Map Key = share - Corresponding Map Value = /share/page/dologout
k. Not Enforced URI Processing - Add 2 entries - /share and /share/
l. Profile Attributes Processing - Select HTTP_HEADER and add Map Key = uid - Corresponding Map Value = SsoUserHeader (This is what I called my header in the alfresco-global.properties file - see below)
Auth chain
authentication.chain=external1:external,alfrescoNtlm1:alfrescoNtlm
alfresco.authentication.allowGuestLogin=true
SSO settings
external.authentication.enabled=true
external.authentication.defaultAdministratorUserNames=admin
external.authentication.proxyUserName=
external.authentication.proxyHeader=SsoUserHeader
NOTE- It does not seem possible to configure SSO where the Guest login has been disabled. There are webscripts used on the Alfresco repository that need guest login.
That concludes the setup for Alfresco and OpenAM
For Share you need to have the following section uncommented in your share-config-custom.xml
alfresco/web-extension/alfresco-system.p12
pkcs12
alfresco-system
alfrescoCookie
Alfresco Connector
Connects to an Alfresco instance using cookie-based authentication
org.alfresco.web.site.servlet.SlingshotAlfrescoConnector
alfrescoHeader
Alfresco Connector
Connects to an Alfresco instance using header and cookie-based authentication
org.alfresco.web.site.servlet.SlingshotAlfrescoConnector
SsoUserHeader
alfresco
Alfresco - user access
Access to Alfresco Repository WebScripts that require user authentication
alfrescoHeader
http://alfreso.domain.com:8080/alfresco/wcs
user
true
Notice I am not using the SSL cert and in my alfrescoHeader connector I have used SsoUserHeader (as setup in OpenAM) and the endpoint uses the alfrescoHeader connector
Now you need to add the OpenAM filter to the Share web.xml file
Add the following filter just before the Share SSO authentication support filter
Agent
com.sun.identity.agents.filter.AmAgentFilter
Add the following filter mapping to the filter-mapping section
Agent
REQUEST
INCLUDE
FORWARD
ERROR
----- End ----------
The error message is a bit misleading: the Cannot obtain application SSO token in general means that the agent was unable to authenticate itself. When you install the agent, the agent asks for a profile name and a password file, those values need to correspond to the agent profile configured within OpenAM.
To test if you can authenticate as the user, you could simply try to authenticate as the agent by making the following request:
curl -d "username=profilename&password=password&uri=realm=/%26module=Application" http://aldaris.sch.bme.hu:8080/openam/identity/authenticate
In the above command the realm value needs to be the same as the value for the "com.sun.identity.agents.config.organization.name" property defined in OpenSSOAgentBootstrap.properties (under the agent's install directory).
Having bad username/password combination is only one of the possible root causes for this exception though. It is also possible that during startup the agent was unable to connect to OpenAM to authenticate itself. In those cases the problem could be:
network error, firewall issues preventing the agent from contacting OpenAM
SSL trust issues: agent's JVM does not trust the certificate of OpenAM's container (only problem if you've installed the agent by providing OpenAM's HTTPS URL and the certificate is self-signed or just simply not trusted by the JVM)
I am using Oracle SQL Developer to connect to Oracle Express 11g and create a new user. I keep on getting the same error when I try to create a new connection (and test it) or when I try to login with a newly created username and password (mad by right-clicking "other users" table in default connection "xe")
The error-
Failure - Test Failed: ORA-01017: invalid username/password; logon denied
How can I fix this issue ?
Seems you're using an user with not enough privilegies, try with "system" user.
That should solve your problem.
Verify the priviligies of the user you created.
I've been trying to installing JDeveloper and Weblogic server , and when trying to login as first time as Administrator in console of weblogic ,
The Server give me this error A required MBean Server is disabled which prevents the proper operation of the Weblogic Administration Console Please enable the DomainRuntimeMBean Server and the Edit MBean Server in this domain's configuration.
also I was maked search in "Oracle Forums" i found answer like that :
Also check to make sure there were no errors in the server log during
startup or when you connected to the MBean Server. Sometimes errors can
occur that cause the MBean Server to appear to be disabled. but that answer doesn't help me.
The question is "How to enable **DomainRuntimeMBean**?"
As per this link, try to delete the pending folder within your domain root and restart the server. The default domain has got some corruption in the console settings.
instead of using PC_NAME use URL
e.g. instead of My_PC:7001/console --> use 127.0.0.1:7001/console - Amartya Bandyopadhyay
I am calling a remote service and authenticating using a certificate. When testing with a Console App, everything works fine. When calling from an ASP.NET Website (.NET 4.0, IIS7) I receive a response code of 401 -- Unauthorized.
I am adding the certificate using code such as:
var client = new TheGeneratedProxy();
client.ClientCertificates.Add(new X509Certificate("D:\cert.pfx", "myPassword"));
(NOTE: I have also loaded the .pfx into the local Certificate Store using IE. The certificate is loaded into my "Personal" store -- so I suspect this to be the problem, since the Website will be running under a different account.)
I think the problem is that your IIS user (Network Service / ASPNET) doesn't have access to the certificate. In order to grant Network Service to access the certificate in the store, download the following tool: winhttpcertcfg (http://www.microsoft.com/downloads/details.aspx?familyid=c42e27ac-3409-40e9-8667-c748e422833f&displaylang=en)
Now open command prompt and type:
winhttpcertcfg –g –c LOCAL_MACHINE\My –s ORGNAME –a "Network Service"
Please note that "Network Service" can be substituted with any other account. I.e. if you you have configured a custom user for your app pool, you should put this user as the value for the -a parameter.
ORGNAME should be substituted with the Organisation name you specified during the creation of your cert.