I am sitting in front of the following log, and I don't know where the Error 401 comes from:
Scanning for SCP urls for the current computer Site=Berlin
Adding (prio 1) 'https://SERVER3.CONTOSO.DE/Autodiscover/Autodiscover.xml' for the 'Site=Berlin' from 'LDAP://CN=SERVER3,CN=Autodiscover,CN=Protocols,CN=SERVER3,CN=Servers,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=CONTOSO,DC=DE' to the top of the list (exact match)
Determining which endpoints are enabled for host server3.contoso.de
Request error: Der Remoteserver hat einen Fehler zurückgegeben: (401) Nicht autorisiert.
Host returned enabled endpoint flags: Legacy, Soap, WsSecurity
Which server is returning the 401 there? And which URL is called?
Furthermore, I sometimes have SCP lookups failing. Then, the query is:
Determining which endpoints are enabled for host contoso.de
Request error: Die Verbindung mit dem Remoteserver kann nicht hergestellt werden.
No Autodiscover endpoints are available for host contoso.de
Which server returns the request error? (Or which URLs should I try from browser to nail down which server is failing?) Since I have to wait for a 40sec timeout, I would like to fix the server that EWS can't connect to.
It appears that server3.contoso.de is failing in the first example, and that contoso.de is failing in the second.
Related
I am configuring CAS 6.2.0-RC1 with LDAP on the same machine Ubuntu 18.04
All authentication tests fail, i noticed after launching Wireshark that CAS sends to LDAP the SHA-1
hash of the password and when comparing LDAP returns False response.
When i display the LDAP entries i've found that effectively the password hash does not match.
Here is my cas.properties configuration and the displayed authentication error.
cas.properties:
cas.server.name=https://127.0.0.1:8443
cas.server.prefix=${cas.server.name}/cas
logging.config: file:/etc/cas/config/log4j2.xml
cas.authn.accept.users=
cas.authn.ldap[0].type=AUTHENTICATED
cas.authn.ldap[0].ldapUrl=ldap://127.0.0.1:389
cas.authn.ldap[0].useSsl=false
cas.authn.ldap[0].subtreeSearch=true
cas.authn.ldap[0].baseDn=ou=groups,dc=localhost,dc=slapd
cas.authn.ldap[0].searchFilter=uid={user}
cas.authn.ldap[0].bindDn=cn=admin,dc=localhost,dc=slapd
cas.authn.ldap[0].bindCredential=1234
cas.authn.ldap[0].principalAttributePassword=userPassword
cas.authn.ldap[0].principalAttributeList=cn,uid,givenName
Error:
2020-01-13 02:45:21,729 ERROR [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - <Authentication has failed. Credentials may be incorrect or CAS cannot find authentication handler that supports [UsernamePasswordCredential(username=user, source=null, customFields={})] of type [UsernamePasswordCredential]. Examine the configuration to ensure a method of authentication is defined and analyze CAS logs at DEBUG level to trace the authentication event.>
I have two instances:
keyrock
Poi with wilma-proxy
Trying to create a poi in instance, allways the response is 401 Permission denied. But token is correct as said proxy log:
2016-10-14 09:40:30.132 - INFO: IDM-Client - Token in cache, checking timestamp...
2016-10-14 09:40:30.135 - INFO: IDM-Client - Token in cache expired
2016-10-14 09:40:30.136 - INFO: IDM-Client - Checking token with IDM...
2016-10-14 09:40:30.342 - INFO: Root - Access-token OK. Redirecting to app...
Refused to set unsafe header "content-length"
2016-10-14 09:40:30.366 - ERROR: HTTP-Client - Error: 401 Permission denied.
So, i think the problem is the authenticate.html file. The only lines i changed are:
<meta name="fiware_lab-signin-client_id"
content="8dc5826cdaea4729a4f43a01d01cb32e">
<meta name="fiware_lab-signin-host" content="http://myserver.com:8000">
fiware_lab-signin-client_id has the client_id of application POI created in my keyrock instance.
the fiware_lab-signin-host has the server AND port of horizon.
Is that correct? I try with 5000 port (keystone) without results.
Also, I found this in add_poi.php:
$session = get_session();
$user_id = $session['user'];
$add_permission = $session['permissions']['add'];
if(!$add_permission) {
header("HTTP/1.0 401 Unauthorized");
die("Permission denied.");
}
If comment these lines, all proccess seems to be correct until the sql insert. (needs the $session['user'] and other parameters that are null)
I dont understand why these lines are there. also, the function get_session() returns a hardcoded array and not the session (which may not have)
I'm so confused how to use this enabler. Anyone knows how to use?
Have you configured the auth_conf.json file with the root user(s) of the POI-DP? Configuring hard users The POI-DP considers the Keystone as a general identity provider (as Google+). You have to separately give permissions to the POI-DP users, first configuring the root users with all privileges and then they can call other users using user_management.html . Site Administration
Please, use the tag fiware-poi for quicker response to POI-DP questions.
I have a wordpress blog in a VPS (Centos 6.8 x86) which some pages have a soundcloud embed. Whenever I try to view one of this pages, I receive a timeout error (http://prntscr.com/bpmm90).
GET
http://soundcloud.com/oembed
?maxwidth=0
&maxheight=0
&url=https%3A%2F%2Fsoundcloud.com%2F10de10%2Fsemana-dos-10-20-270616
&format=json
Operation timed out after 5000 milliseconds with 0 bytes received
Ok, I thought maybe I was doing something wrong in Wordpress, so I tried to 'wget' the same URL and... ERROR 500.
wget 'http://soundcloud.com'
--2016-07-06 18:46:01-- http://soundcloud.com/
Resolving soundcloud.com... 72.21.91.127
Connecting to soundcloud.com|72.21.91.127|:80... connected.
HTTP request sent, awaiting response... 500 Internal Server Error
2016-07-06 18:46:31 ERROR 500: Internal Server Error.
However, it all works fine if I try the same things on another server. I've already thought about if I was somehow blocked from accesing soundcloud through my VPS, but I barely did any call to the service.
The url in question is: http://soundcloud.com/oembed?maxwidth=0&maxheight=0&url=https%3A%2F%2Fsoundcloud.com%2F10de10%2Fsemana-dos-10-20-270616&format=json
Time ago we set up a PEP proxy to secure the API our widgets are using. All have being working correctly until today, that we are receiving a 502 Bad Gateway error code for every call going through the proxy.
We have checked the requests are reaching our server and it is responsing correctly to them. The parameters added by the proxy (x-nick-name, x-display-name...) are defined correctly too.
We have also checked the requests outside wirecloud and all go well: we get the token properly and use it in the subsequent calls without problem.
We do not know where this error comes from, any ideas?
EDIT 06/11/2015
After Alvaro's new setting we are receiving the following error in the response body:
{
"description": "Connection Error",
"details": "('Connection aborted.', error(104, 'Connection reset by peer'))"
}
EDIT 09/11/15
Today, the code received in the request's response is different: 504 GATEWAY TIMEOUT
{
"description": "Connection Error",
"details": "('Connection aborted.', error(104, 'Connection reset by peer'))"
}
EDIT 16/11/15
Answering to Mr. Alonso's question:
1.- If we request directly to the server, the response is correctly displayed in the application.
2.- Here you can see the logs from the PEP Proxy with the new line added. As you can see the request is redirected correctly but the info is not displayed in the app.
Seems that the problem is in the PEP proxy side.
I've checked using other tools like curl (I obtained the connection details from the server log). Making the same request using curl gives the same result than using WireCloud: connection reset by peer. Also, if I make the request without the X-Auth-Token header, your service responds with an 401 error code. This is important, because it means that there is not a communication problem between the Mashup portal and your server. I don't know why, but the PEP proxy seems to be crashing when making the authenticated request from the Mashup portal (the same command works executing it from my machine).
I suggest you to restart the PEP proxy. If the problem persist, please attach any available info about the crash from the PEP proxy logs.
You can check three things to give us more information:
Try to remove the PEP and send the request directly to your service.
Introduce a new log in PEP to print the headers of the response: line 41 of lib/HTTPClient.js, log.debug("Headers: ", headers);
Try to send a request to the root path (directly to the tomacat or apache)
If not perhaps we can talk in private to check more information
Our mediawiki installation on windows server 2012 causes this error message when trying to upload:
"Die Datei C:\Windows\Temp\php84DE.tmp konnte nicht unter mwstore://local-backend/local-public/d/dc/Far_logo_cont.gif gespeichert werden."
How to ensure that image upload is working?
You should set read write and execute permissions for the Internet Guest Account (IUSR_MachineName of IIS < 7, or IUSR for IIS >= 7) on windows temp folder%SystemRoot%\TEMP