Can someone help if they implemented kerberos on OCP. Tried via quarkiverse site and able to generate ticket for principal but while connecting with soap getting unauthorized exception.
Anyway to implement side car approach?? How do we do it??
Related
I worked on extracting data from Jira, using the kingswaysoft Rest Api. It workes fine while on Visual Studio but, once i deploy it to Management Studio, i get an error stating:
Data Flow Task:Error: An error occurred with the following error
message:
"KingswaySoft.IntegrationToolkit.ProductivityPack.Rest.RestServiceException:
Basic authentication with passwords is deprecated. For more
information, see:
https://confluence.atlassian.com/cloud/deprecation-of-basic-authentication-with-passwords-for-jira-and-confluence-apis-972355348.html
(SSIS Productivity Pack, v21.1.0.1551 - ISServerExec,
v13.0.5026.0)KingswaySoft.IntegrationToolkit.ProductivityPack.Http.HttpServiceException
: The remote server returned an error: (401) Unauthorized. (Error Type
/ Reason: Unauthorized, Detailed Message: Basic authentication with
passwords is deprecated. For more information, see:
https://confluence.atlassian.com/cloud/deprecation-of-basic-authentication-with-passwords-for-jira-and-confluence-apis-972355348.html
)System.Net.WebException (Status Reason: Unauthorized): The remote
server returned an error: (401) Unauthorized.".
I have tried changing the connection string multiple times (Adding the API key, encoding it to Base64), but so far with no success. Example of one of my tries:
ServiceName=Jira;PathToTokenFile=;AuthenticationMode=Basic;ConsumerKey=;ServerUrl=linkurl;ApiThrottleRate=0;CertificatePath=;Username=username:apitoken;ProxyMode=Manual;ProxyUsername=proxyusername;ProxyServer=proxyserver;ProxyServerPort=proxyport;ServiceTimeout=120;RetryOnIntermittentErrors=True;IgnoreCertificateErrors=False
Any suggestions on how to solve this issue?
It looks like the error is thrown due to the Basic authentication deprecation in Jira, and we support API Token and OAuth in the connection manager, which is what we would recommend using since you are running into such errors. For more details on OAuth authentication, please refer to the below documentation. However, if you need assistance in configuring these, please contact our support team.
List item
Configuring OAuth Consumers - JIRA 4.2 - Atlassian Documentation
Using CAS 4.0.1 and successfully build with maven cas webapp and cas management app.
Accessing the cas-management app shows the services gui with the following error:
"The CAS management webapp is Unavailable
There was an error trying to complete your request. Please notify your support desk or try again."
I am able to solve my problem and I hope it might help you as well.
The reason behind this error is the security certificate was not in the VM parameter for my CAS server, namely
-Djavax.net.ssl.trustStore=truststore -Djavax.net.ssl.trustStorePassword=trustword"
If the CAS server has both cas and cas-management, then it requires the client certificate of this server to be part of the VM param.
The link http://docs.oracle.com/javase/7/docs/technotes/guides/security/jsse/JSSERefGuide.html#CreateKeystore shows how to create server and client certificates.
Im trying to make my Bonita account authentication openID- enable login through a google account.
Here http://documentation.bonitasoft.com/single-sign-cas they provide the way of doing it("Configure Bonita client for CAS"). My question is: how should I get the following parameters specified in the link: ip_address:port from google(gmail)?
as probably noticed, im newly to be in this section. Any help will be deeply appreciated.
Bonita BPM will not interact with OpenID protocol out of the box.
However it supports the CAS protocol in the subscription editions.
What you probably need to do is to configure your CAS server to act as an authentication proxy.
Here is how it could work in theory (not sure it is feasible):
Bonita BPM relays user authentication to your CAS server using the CAS protocol.
Your CAS server delegates the user authentication to an OpenID provider such as google. Here is how you could activate OpenID support on the CAS server:
http://jasig.github.io/cas/4.0.x/protocol/OpenID-Protocol.html
An alternative solution could also be to implement a specific Bonita authentication service for OpenID (this requires Java development). In that case you would no longer need CAS. I know for a fact that this is possible.
Be aware that both solutions are technically not trivial to put in place.
Cheers,
You can integrate the BonitaBPM Subscription Edition with a Jasig CAS server:
http://documentation.bonitasoft.com/single-sign-cas-0
The CAS server can be configured to get it's authentication from OpenID as can be found here:
http://jasig.github.io/cas/4.0.x/protocol/OpenID-Protocol.html
I could integrate Bonita Community 7.7.4 with Apereo CAS. Details are here: https://github.com/sparse91/bonita-community-cas.
I have developed an Windows Store App consumes WCF service deployed in another server(not mine) everything works fine until i have disabled the Anonymous Authentication to off getting an error message
"The HTTP request is unauthorized with client authentication scheme 'Anonymous'.
The authentication header received from the server was 'NTLM,Negotiate'."
I have googled and found some of the solutions applied but none of the solutions worked for me.The same WCF service accessing in another project it works fine no complains but when i'm using with windows 8 store apps i'm getting the above error.
Any Solution or Explanation is much appreciated.
[Hi Dinesh Haraveer,
Please try using Enterprise authentication.
Windows domain credentials enable a user to log into remote resources using their credentials, and act as if a user provided their user name and password. The enterprise Authentication capability is typically used in line-of-business apps that connect to servers within an enterprise.
You don't need this capability for generic communication across the internet.
Please try looking into http://msdn.microsoft.com/en-us/library/windows/apps/hh464936.aspx
I have few ssrs 2008 reports.I have created group of users and gave all required permissions to that group.
Now when I am running those reports I am getting strange error.
Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'
I don't know from where it came.
I got suggestion that its a issue related to Kerberos authentication. Please some one knows how to solve this let me know.
Or some one knows to solve this kerberos issue also tell me in steps if possible.
Thanks
Vik
Are your reports using pass-through integrated authentication, defined user integrated authentication, or sql user authentication? I suspect the first, in which case you're dealing with the difference between impersonation and delegation.
When connecting to a web server using integrated authentication, behind the scenes you are actually using NTLM or Kerberos. Both allow the process running your web server to act as you. NTLM's impersonation via security token prevents the server from connecting to yet another server as you (that is, to the DB server) and there acting as you again—this is the "double-hop" problem. Kerberos instead uses delegation, passing a ticket around that each server can check for validity and allow.
To get Kerberos working there are several requirements.
If you're connecting to the web server using a name other than its main DNS name (using as an alias) you have to register the alias as valid for the machine with SetSPN. You can have problems with the SPN (Service Principal Name) even without this. Check the SPN on your servers carefully to see if it matches what you expect.
The server you initially connect to must be "trusted for delegation" in your domain policy.
The user that your web server is running under must be "trusted for delegation" as well.
You can work around all this stuff by just making your reports have stored credentials of some sort rather than using pass-through authentication.
The difference between dev and test could be the IIS user, or the data source.
Now, I am assuming here that you're not using SharePoint and are just doing a normal SSRS web install. So if that is not correct please say so.