I am trying to use spring config server with cross account as I am deploying config server in kubernetise with aws backed.
but due to DefaultAWSCredentialsProviderChain I am unable to get connected to s3 bucket and gets 403 error.
In DefaultAWSCredentialsProviderChain as per logs WebIdentityTokenCredentialsProvider try to get credentials get 403 error.
but when I am try to connect with my awss3 client with STSAssumeRoleSessionCredentialsProvider it gets connect.
Is there any way so that I can provide STSAssumeRoleSessionCredentialsProvider instead of DefaultAWSCredentialsProviderChain
Related
I'm running two keycloak docker instances and configured cluster as specified here https://hub.docker.com/r/jboss/keycloak/
I can able see logs related to clustering and two records in JGROUPSPING table. Also it works when authenticate(openid-connect) through Host1 and get access token/refresh token and able to retrieve new access_token using refresh token via Host2, which means I believe clustering setup is working.
But Im getting 401 error when I make API call to Host2 either using the access token I received from Host1 or access_token I got from Host1's refresh token. It works only when I use access_token received from same host.
My understanding is that these access_tokens doesn't related to cookie it should be working seamlessly. But it fails.
I had a problem with the verification of the access token signature.
The access token are signed by Keycloak with a keystore. If you don't have a certificate and key mounted in the docker, this keystore will be different between the nodes in your cluster, and a token generated by one node will not be valid for another node.
So you have to follow the "Setting up TLS(SSL)" part of the documentation of the docker.
I have a golang service which has an API exposed where we try to upload a CSV to a GCP bucket. On my local host, I set the environment variable GOOGLE_APPLICATION_CREDENTIAL
and point this variable to the filepath of service account json. But when deploying to an actual GCP instance, I'm getting the below error while trying to access this API. Ideally,the service should talk to GCP metadata server and fetch the credentials and then store them in a json file. So there are 2 problems here:
Service is not querying the metadata service to get the credentials.
If file is present(I created it manually), it's not able to access due to permission issues.
Any help would be appreciated.
Error while initializing storage Client:dialing: google: error getting credentials using well-known file (/root/.config/gcloud/application_default_credentials.json): open /root/.config/gcloud/application_default_credentials.json: permission denied
Finally, after long debugging and searching over the web, found out that there's already an open PR for the go-storage client which is open: https://github.com/golang/oauth2/issues/337. I had to make a few changes in the code using this method: https://pkg.go.dev/golang.org/x/oauth2/google#ComputeTokenSource where in basically we are trying to fetch the token explicitly from metadata server and then calling subsequent cloud API's.
I am currently working in a AEM 6.5 environment trying to setup the XTM Translation Connector. I have successfully configured this on my local environment by doing the following:
Installing the XTM Translation Connector content package
Configuring credential (Web Service URI, XTM Client Name, User ID, Password) into /mnt/overlay/cq/translation/cloudservices/editor.html/conf/corp/settings/cloudconfigs/translation/xtm/xtm-translation
When I click the Verify button I am prompted with the message:
Connection parameters correct.
That said when I follow these same steps in my dev, stage, prod environments in a different network than my local, I am prompted with the message:
Connection parameters incorrect.
I dove into the logs and found:
[com.xtm.translation.connector.xtm-for-aem.core:1.5.2.SNAPSHOT]
...
Caused by: java.net.SocketTimeoutException: SocketTimeoutException invoking Web_Service_URI: connect timed out
I happen to know that this network uses a proxy server for external connections and reaching out to the internet. So I tried configuring the Apache HTTP Components Proxy Configuration in /system/console/configMgr and then testing the XTM Translation Connector connection again but it doesn't even seems like the XTM Translation Connector is even trying to use the proxy when it tries connecting based on error.log messages.
How can I get this XTM Translation Connector to use this proxy ?
Any thoughts on this are welcomed.
Thanks.
I'm trying to connect to s4 hana system using s4 sdk. While executing calls via .execute() method in cloud foundry environment, i see below error logs:
Caused by: com.sap.cloud.sdk.cloudplatform.connectivity.exception.DestinationAccessException: Failed to get authentication headers. Destination service returned error: Missing private and public key for subaccount ******-****-****-***-*******.
Note: I've already configured trust between subaccount and S4Hana system and created respective communication and business user. The associated authentication method used in the destination is oAuth2SamlBearerAssertion. Note: The call executes fine in both local and cloud foundry environment with basic authentication.
Can someone please suggest what is wrong here.
As correctly pointed out by #Dennis H there was a problem in trust configuration between my subaccount and S4 Hana system, the configuration wrong in my case :
-> The certificate I downloaded for trust was using this URL:
https://.authentication.eu10.hana.ondemand.com/saml/metadata
This is incorrect we need to get the certificate from download trust button in destination tab at subaccount level
->Provider name was incorrect in the communication system.
We are developing a side-by-side extension app and deploying it to CF. Our app is trying to connect to S4HANA cloud system using oAUTH2SAMLBEARERASSERTION. But facing issues while doing it. We are getting below error in logs. Please be noted, we are able to connect to S4HANA Cloud using basic auth.
com.sap.cloud.sdk.cloudplatform.connectivity.exception.DestinationAccessException: Failed to access the configuration of destination
Our destination parameters look as attached screenshotenter image description here
Thank you.
I am getting the error while using google authentication in my web app, everything was working fine but suddenly it started showing the error "Permission denied to generate login hint for target domain." when I am trying to login to my web app.
I am hosting the web app in AWS EC2 instance and I have configured the ec2 public DNS name in my google API manager.
Any help will be much appreciated.
When you set up OAuth for your application, you will need a DNS name that refers to your instance's IP address. You can use the xip.io service to get one; this is a public service offered for free by Basecamp. For instance, the DNS name can be 54.84.49.254.xip.io.