I am trying to connect to IBM MQ running on cloud using REST API. I started with the documents link1 and also refereed link2 but looks like these document talk about on-prem instance of IBM MQ. I generated LTPA token and when i execute send message API, i get below error with 403 http error code. I understand that here the user i am using has no proper rights. I am not getting any documentation which explain how i can configure the user roles for IBM MQ running on cloud. Anyone has tried it and can shed some light ?
"explanation": "The authenticated principal is not authorized to perform the requested REST API operation.",
"message": "MQWB0103E: Not authorized to put to 'queue1'.",
As #habercode states your starting point should be the "Invoking the queue manager REST APIs" documentation For IBM MQ on Cloud - https://cloud.ibm.com/docs/mqcloud?topic=mqcloud-mqoc_qm_rest_api
As the doc states you will need a MQ username and API key to authenticate.
Get your MQ username and API key from your service instance in IBM
Cloud, then ...
base64 encode the combination, before using it with basic authentication.
Once you can authenticate, you can use the REST API documentation to configure your API calls.
Related
We have a windows service that collects mail from via an imap connector and then processes that email and attachments into a database. Is there a way that we can do this using OAuth2 when exchange online removes support for basic authentication? There is no user interface to the service or user access to teh system when it is running beyond the start and stop of the service.
We are currently using Chilkat's excellent Imap component.
Yes, Microsoft have finally released support and documentation for this in Exchange Online. See the following Microsoft document:
Authenticate an IMAP, POP or SMTP connection using OAuth
I am new to OpenID connect & security domain. I have configured Nifi to use OpenID for authentication using online documentation. And to automate a few nifi related tasks we are using nipyapi.
I have already written python code which does automated flow deployment for basic nifi installation (unsecured & without user authentication)
Now, I have to move the code to secured Nifi installation. How to authenticate to OpenID connect using nipyapi/rest API ?
AS per discussion with Bryan, i am planning to use client certificate for authentication but it started giving authorization error. and have created another question with the details.
Nifi - Client Certificate Authorization Error
OpenID Connect generally requires that you follow a flow of re-directs, typically in the browser. NiFi re-directs you to the login page of the OIDC provider, upon completion, the OIDC provider redirects you back to NiFi. I'm not exactly sure how, or if you even can, perform this login process from scripts. An easy alternative would be to just generate a client certificate to represent an automation user for any NiPyApi scripts. Client certificate authentication is always enabled by default for NiFi.
I am trying to create jmeter script for login in to iphone native app. App is using cognito to authenticate the user.
As response of first page of app I am getting SALT and Secret block.
I am passing this secret block in and other required parameters in next request, however I got error message as "User name or password is in correct".
Did anyone worked successfully on similar things which can help me.
Looking into Amazon Cognito page:
Social and enterprise identity federation
With Amazon Cognito, your users can sign in through social identity providers such as Google, Facebook, and Amazon, and through enterprise identity providers such as Microsoft Active Directory via SAML.
Standards-based authentication
Amazon Cognito User Pools is a standards-based Identity Provider and supports identity and access management standards, such as Oauth 2.0, SAML 2.0, and OpenID Connect.
You will not be able to record and replay none of the mentioned protocols, depending on underlying identity provider mechanism you will either need to apply advanced correlation or a way to provide the required Bearer Token.
So you need to identify which identity mechanism is used under the hood and amend your JMeter test accordingly.
Reference material:
How to Load Test SAML SSO Secured Websites with JMeter
OpenID Connect - How to Load Test with JMeter
How to Run Performance Tests on OAuth Secured Apps with JMeter
Our current API use seesionID for the authentication. We plan to use Azure API management to manage our web api. However Azure web api management has their own authentication. How can we link those two together. Our customer can use the same logon information.
Conversations about authentication and identity in Azure API Management can get tricky because there can be three different identities and then there are the different contexts of runtime requests vs management requests. So, to be sure I'm answering the right question, let me try and get some terms defined.
The three identities:
API Provider: This is the Azure user who has created an API Management instance.
API Consumer: This is a developer who is writing some client software to consume the API.
End User: The user of the application written by the API Consumer and will be the one who actually initiates runtime requests to the API.
I am assuming that you are the API Provider. What I'm not sure about is whether your customers are the API Consumers or the End Users.
Azure API Management provides identity services for API Consumers. Consumers can either manually create a username/password account or use some social identity provider to create an account. They then can get a subscription key that will allow Azure API Management to associate requests to the API Consumer.
I think you are asking if you can connect the sessionID, which I am guessing you use to identify End Users, to a subscription key used to identify API Consumers. If that is correct, then the answer is no (except for the scenario described below), because we need to identify the API Consumer key before any policies are run to ensure we run the correct policies.
You can change our Api Consumer subscription key. So, if you only have a low quantity of customers/End Users you could create an Api Consumer account for each End User. However, you would only be able to map sessionID to API Consumer Subscription Key if sessionID was a constant value. I'm presuming based on the name, that value changes at each login.
Although Azure API Management provides identity services of API Consumers, it does not provide full identity management for End Users. We leave that to external partners like Azure AD, Thinktecture Identity Server and Auth0. I'm assuming that your existing system is already using some kind of identity provider to generate the sessionId. What you can do with Azure API Management is validate that sessionId using policies in the API Management Gateway. To do that we would need to know more about the format of the sessionId.
Sorry for the long post but it is a confusing topic and I wanted to be as clear as possible.
I have configured composer-rest-server. I had also provided fabric username/password while configuring composer-rest-server (WebAppAdmin or admin). Now, I can able to access REST API without providing any credentials (through postman or loopback).
I would like to understand how we can secure composer-rest-server. Though, I have understood that we can add participant and issue identity, but not able to connect logical dots in context of how everything will work.
How to secure composer-rest-server while accessing REST API?
When and How we are going to use "username/secret" registered against any participant?
When to authenticate composer-rest-server API and When to use participant identity to access business network?
Please see the documentation on this subject:
https://hyperledger.github.io/composer/integrating/enabling-rest-authentication.html