When the kura published to localhost:1883 on Kapua, I got the following errors:
WARN o.e.k.b.c.p.KapuaSecurityBrokerFilter - User 1:kapua-broker
(kapua-broker - tcp://10.0.2.2:56178 - conn id is not authorized to
write to: topic://VirtualTopic.hahaha.kapua
1840321435420579455)-broker.DHT11Sensor.DHT11Data 13:26:43.493
[ActiveMQ NIO Worker 5] WARN o.a.a.b.TransportConnection.Service -
Security Error occurred on connection to: tcp://10.0.2.2:56178, User
1:kapua-broker (kapua-broker - tcp://10.0.2.2:56178 - conn id
1840321435420579455) is not authorized to write to:
topic://VirtualTopic.hahaha.kapua-broker.DHT11Sensor.DHT11Data
13:26:43.493 [ActiveMQ NIO Worker 5] WARN
o.a.a.t.mqtt.MQTTProtocolConverter - Failed to send MQTT Publish:
13:26:48.495 [ActiveMQ NIO Worker 6] WARN
o.e.k.b.c.p.KapuaSecurityBrokerFilter - User 1:kapua-broker
(kapua-broker - tcp://10.0.2.2:56178 - conn id 1840321435420579455) is
not authorized to write
As I know, Kapua has a ACL access rules that define who can publis / subscribe / admin different topics/channels on broker.
If you connected to Kapua with user that has broker privileges, than you could write only to topic:
topic://VirtualTopic.{account-name}.{client-id}
now in you case that would mean that you have account hahaha and client with id kapua-broker. Is that the case? If not set the topic accordingly.
For example to something like this:
topic://VirtualTopic.kapua-sys.client-1.DHT11Sensor.DHT11Data
and when you connect wiht kapua-broker user specify client-1 as client id. Kapua-broker user is under kapua-sys account (that is a bit confusing as kapua-sys is als
o a user).
Does this help you?
I cannot comment #uros-mesaric question. Its answer is correct.
Below there is just a clarification
In Kapua you are allowed to publish/subscribe according to your user permission.
If your user has only broker:connect permission you can publish/subscribe only on topic:
{account-name}/{connectionClientId}/{semanticTopic}
In your specific case you should publish/subscribe on topic:
kapus-sys/1840321435420579455/DHT11Sensor/DHT11Data
kapua-sys is the account name to which the user kapua-broker belongs,
while 1840321435420579455 is the clientId used to create the connection.
Please note that username used to connect and account name are two different things in Kapua. An account has multiple users.
Related
I'm trying to setup the mTLS authentication process for an endpoint created in the SICF transaction on ABAP-based software. I'm not using SAP HANA.
I've already imported the certificates into the STRUST transaction (SSL server Standard),
Inside the service on SICF, I've put the following settings in Logon Data tab:
But when I receive the HTTP request, the connection is returning the 401 status code.
Is that the right way to achieve this goal? If not, is there any documentation, where I can find a step by step on how to configure this type of authetication?
I hope you are doing fine :)
I have the following problem/problems.
I have created a dummy (robot) user. In Azure AD there is an App Registration with some Power BI delegated permission services.
I want to automate the deletion of a push dataset via a HTTP request.
For this, I need to authenticate against that App Registration from Azure AD. With postman, everything worked perfectly, I got the token as a response.
Then, I tried to make the same request using the HTTP connector in PowerAutomate.
I get the following error
{"error":"invalid_request","error_description":"AADSTS900144: The request body must contain the following parameter: 'grant_type'.\r\nTrace ID: e6d68953-ce1c-4217-856c-ae3aada82e00\r\nCorrelation ID: f50db4d9-d5bb-4396-af11-214717721f43\r\nTimestamp: 2022-10-26 19:12:48Z","error_codes":[900144],"timestamp":"2022-10-26 19:12:48Z","trace_id":"e6d68953-ce1c-4217-856c-ae3aada82e00","correlation_id":"f50db4d9-d5bb-4396-af11-214717721f43","error_uri":"https://login.microsoftonline.com/error?code=900144"}
The connector looks like this->
I have tried other ways as well.
The following error ->
{"error":"invalid_grant","error_description":"AADSTS50126: Error validating credentials due to invalid username or password.\r\nTrace ID: fec65949-0701-4727-af3b-2c2b8eb73a00\r\nCorrelation ID: 42c6c04b-98be-477d-8d36-52a01a473a40\r\nTimestamp: 2022-10-26 19:23:50Z","error_codes":[50126],"timestamp":"2022-10-26 19:23:50Z","trace_id":"fec65949-0701-4727-af3b-2c2b8eb73a00","correlation_id":"42c6c04b-98be-477d-8d36-52a01a473a40","error_uri":"https://login.microsoftonline.com/error?code=50126"}
I get from the the next HTTP connector inputs. I tried creating a query out of the previous json. It says the username or password are invalid but I logged in successfully for a number of times with those exact credentials. That I am sure of.
The dummy inputs in the picture are used to avoid the real ids, username and password.
This worked for me ...
Add a header setting Content-Type to application/x-www-form-urlencoded and add the URL form encoded content string like thus ...
client_id=<CLIENT_ID>c&grant_type=password&username=<USERNAME>&password=<PASSWORD>&scope=User.read
If you're using the password grant type approach, you shouldn't need a client secret, just the client ID.
The Peoplesoft Database, Application Server, and Web Server are up and running.
Unable to login to PIA as VP1 because of Authorization Error -- Contact your Security Administrator.
Below are the Application Server Logs:
PSAPPSRV.10180 (26) [2020-02-04T01:49:30.513 GetCertificate] z9skwzRuICAUWA 3282132548821545985 - (3) Returning context. ID=VP1, Lang=ENG, UStreamId=014930507_10180.26, Token=PSFT_EP/2020-02-03-17.49.30.000001/VP1/ENG/nE8KiNyFebhVeORMN7uI+lf5Xwo=
PSMONITORSRV.15420 [2020-02-04T02:21:55.691] - - - (2) (PerfMon Agent) Registered successfully
PSAPPSRV.10180 (29) [2020-02-04T02:58:16.275 GetCertificate] wLjLvrMO3yG3uQ 2085807486657797121 - (3) Returning context. ID=VP1, Lang=ENG, UStreamId=025816275_10180.29, Token=PSFT_EP/2020-02-03-18.58.16.000000/VP1/ENG/uXTGd2i5x206untuoiqPMRHPfgQ=
You usually get that error message when the users does not have any roles. Ensure that VP1 has roles assigned to it.
if you have database access, the following SQL may help:
-- Check if they have roles
select * from PSROLEUSER where ROLEUSER = 'VP1'
-- Check to see what permission lists the roles assigned to the user grant them.
select * from PSOPRCLS where OPRID = 'VP1'
I want to send email in RunBaseBatch, but I get error 0x80040211 (unknown).
I found in google that means:
The message could not be sent to the SMTP server.
The transport error code was %2. The server response was %1
public void SendReport(str email)
{
SysMailer sm = new SysMailer();
;
sm.quickSend("axmail#domain.eu", email, "Test", strfmt("body"));
}
This method is called in Run method. And if I copy this source code into job that works. Additionally in Run method I use,
permissionSet = new Set(Types::Class);
permissionSet.add(new InteropPermission(InteropKind::ClrInterop));
permissionSet.add(new InteropPermission(InteropKind::ComInterop));
permissionSet.add(new InteropPermission(InteropKind::DllInterop));
CodeAccessPermission::assertMultiple(permissionSet);
Because your email seems to work in a job (client side), your email settings in AX are not the issue.
This is most likely an authentication issue.
Take a look at this article, which describes what your are experiencing.
On the client side, your current windows user is used to authenticate with the SMTP server.
In batch, the emails are sent from the AOS. That means that the account used for authentication, is the account under which the AOS service runs.
Your mail server probably doesn't accept connections from everyone.
Take a look here on how this is achieved.
You'll have to allow the user that runs your AOS service, to authenticate to your mail server.
I'm currently working on a website developed with Symfony2 and I need to send messages in an Amazon SQS. In order to do that I added to my composer.json:
"aws/aws-sdk-php": "2.4.*"
Then when I try to create a queue or list queues I've got a 403 error saying:
Access to the resource https://sqs.us-west-2.amazonaws.com/ is denied.
EDIT:
added the full error message
AWS Error Code: AccessDenied, Status Code: 403, AWS Request ID:
2fe34c11-7af8-5445-a768-070159a0953e, AWS Error Type: client, AWS
Error Message: Access to the resource
https://sqs.us-west-2.amazonaws.com/ is denied., User-Agent:
aws-sdk-php2/2.4.11 Guzzle/3.7.4 curl/7.25.0 PHP/5.4.3
Here is a sample code of what I do:
$aws = Aws::factory(array(
'key' => 'my-key',
'secret' => 'my-secret',
'region' => 'us-west-2'
));
$sqs = $aws->get('sqs');
return new Response(var_dump($sqs->listQueues()));
What do I do wrong to get this error ?
After digging I discovered that the account I was using wasn't granted the access to SQS service.
To give a SQS access to an account you have to go to the amazon management console. Then click on IAM. Under this section click on Users and then you can manage permission for each account you created.
Make sure that both the following policies allow access to the SQS queue
Resource (SQS) based policy: The SQS queue should allow your identity to use the queue. You define this using the queue policy (https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/quickref-iam.html#scenario-sqs-policy). The default queue policy will allow access only to the owner of the queue (owner of the queue is the identity that created the queue).
Identity based policies: The policy for the identity that is accessing the queue should have permission to invoke operations on the queue.
Make sure that the access is not restricted by either one of them.
https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-using-identity-based-policies.html
I had the same strange issue, I had everything set up including policies and permission, after a couple of hrs I found out I was getting 403 error because of wrong aws region was configured in my application it was supposed to be ap-south-1 by default it was us-east-1