I am trying to use OAuth mediator for validating an API . I am using WSO2IS as my IAM server . OAUth mediator is configured to connect WSO2IS server . using URL 'https://localhost:9443/services' while invoking i get followign exceptions . Please see Exception stack below
[
2020-05-27 13:47:27,939] WARN {org.apache.synapse.commons.util.MiscellaneousUtil} - Error loading properties from a file at from the System defined location: nhttp.properties
[2020-05-27 13:48:01,105]
INFO {org.apache.axis2.transport.http.HTTPSender} - Unable to sendViaPost to url[https://localhost:9443/services/OAuth2TokenValidationService]
javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
at sun.security.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:450)
at org.apache.commons.httpclient.protocol.SSLProtocolSocketFactory.verifyHostName(SSLProtocolSocketFactory.java:276)
at org.apache.commons.httpclient.protocol.SSLProtocolSocketFactory.createSocket(SSLProtocolSocketFactory.java:186)
at org.apache.commons.httpclient.HttpConnection.open(HttpConnection.java:707)
at org.apache.commons.httpclient.MultiThreadedHttpConnectionManager$HttpConnectionAdapter.open(MultiThreadedHttpConnectionManager.java:1361)
at
I have updated keystore and it was working
Related
when starting up a quarkus service (v2.1.1), and trying to connect to a keycloak instance (v15.0.1) I am getting the following exception stack trace:
ERROR [io.qua.run.Application] (Quarkus Main Thread) Failed to start application (with profile dev): io.quarkus.oidc.common.runtime.OidcEndpointAccessException
at io.quarkus.oidc.runtime.OidcProviderClient.getJsonWebKeySet(OidcProviderClient.java:75)
at io.quarkus.oidc.runtime.OidcProviderClient.lambda$getJsonWebKeySet$0(OidcProviderClient.java:54)
at io.smallrye.context.impl.wrappers.SlowContextualFunction.apply(SlowContextualFunction.java:21)
at io.smallrye.mutiny.operators.uni.UniOnItemTransform$UniOnItemTransformProcessor.onItem(UniOnItemTransform.java:36)
at io.smallrye.mutiny.vertx.AsyncResultUni.lambda$subscribe$1(AsyncResultUni.java:35)
at io.vertx.mutiny.ext.web.client.HttpRequest$10.handle(HttpRequest.java:717)
at io.vertx.mutiny.ext.web.client.HttpRequest$10.handle(HttpRequest.java:714)
at io.vertx.ext.web.client.impl.HttpContext.handleDispatchResponse(HttpContext.java:371)
at io.vertx.ext.web.client.impl.HttpContext.execute(HttpContext.java:358)
at io.vertx.ext.web.client.impl.HttpContext.next(HttpContext.java:336)
at io.vertx.ext.web.client.impl.HttpContext.fire(HttpContext.java:303)
at io.vertx.ext.web.client.impl.HttpContext.dispatchResponse(HttpContext.java:265)
at io.vertx.ext.web.client.impl.HttpContext.lambda$null$8(HttpContext.java:520)
at io.vertx.core.impl.AbstractContext.dispatch(AbstractContext.java:96)
at io.vertx.core.impl.AbstractContext.dispatch(AbstractContext.java:59)
at io.vertx.core.impl.EventLoopContext.lambda$runOnContext$0(EventLoopContext.java:37)
at io.netty.util.concurrent.AbstractEventExecutor.safeExecute(AbstractEventExecutor.java:164)
at io.netty.util.concurrent.SingleThreadEventExecutor.runAllTasks(SingleThreadEventExecutor.java:472)
at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:497)
at io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:989)
at io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74)
at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30)
at java.base/java.lang.Thread.run(Thread.java:832)
Here are the configs I have put:
# OIDC Configuration
quarkus.oidc.auth-server-url=https://<HOST>/auth/realms/<REALM_NAME>
quarkus.oidc.client-id=<CLIENT_ID>
# quarkus.oidc.application-type=service
quarkus.oidc.credentials.secret=<SECRET>
quarkus.oidc.tls.verification=required
# Enable Policy Enforcement
quarkus.keycloak.policy-enforcer.enable=true
Anyone got an idea what's wrong here?
Thanks to a comment above I found this quarkus config here to be helpful:
quarkus.log.min-level=DEBUG
quarkus.log.category."io.quarkus.oidc".level=DEBUG
Which gave me this error:
Caused by: org.keycloak.authorization.client.util.HttpResponseException: Unexpected response from server: 400 / Bad Request / Response from server: {"error":"invalid_client","error_description":"Bearer-only not allowed"}
So clearly, I had misconfigured the client inside keycloak. Too bad the original error message didn't give me that information by default.
I am using Apacheknox version 1.0.0. I have tried to authenticate knox uiusing Ldap user. I have tried with following changes in knox
In ambari --> knox-->config-->Advanced topology
<param>
<name>main.ldapRealm.userDnTemplate</name>
<value>cn=admin</value>
</param>
<param>
<name>main.ldapRealm.contextFactory.url</name>
<value>ldap://x.x.x.x:10390</value>
</param>
First Iam trying for single user only.I have tried different user search But no luck I am always getting same error like below.
2021-01-29 10:22:07,266 ERROR knox.gateway (KnoxLdapRealm.java:doGetAuthenticationInfo(206)) - Shiro unable to login: javax.naming.AuthenticationException: [LDAP: error
code 49 - INVALID_CREDENTIALS: Bind failed: Invalid authentication]
LDAP: error code 49 - INVALID_CREDENTIALS Means, three things, Username/password is incorrect or the account is locked. You are having this error for Bind user.
You need to verify you systemUsername and systemPassword in configured topology.
A tool ldapsearch can be useful to verify credentials for Bind user.
main.ldapRealm.userDnTemplate should be like following
<param>
<name>main.ldapRealm.userDnTemplate</name>
<value>cn={0},ou=hadoop,ou=personal,ou=accounts,dc=example,dc=com</value>
</param>
In my hadoop cluster . we had to authenticate the web UI components so started to search and find this option
https://streever.atlassian.net/wiki/spaces/HADOOP/blog/2014/03/07/491558/Securing+Hadoop+HDP+Web+UI+Component+s
I had used the authentication described above and got it working as it requests a username and password when i connect to the webui .
My problem now is that when i look into the namenode logs it is shows an unauthorized error when the namenode connect to the journalnode
I looked up online , but it all links point to enable kerberos authentication . But i cannot do that as my manager told that it will require considerable amount of time to get it working in our cluster .
So my question is there a setting in namenode or hdfs for that matter where i can specify the JETTY authentication credentials.
Like i can connect to the journalnode using
curl -u username:password http://192.168.14.22:8480
or using authorization header
curl -H "authorization: Basic ZGF2aWQ6aGFkb29w" http://192.168.14.22:8480
The unauthorized error
org.apache.hadoop.hdfs.server.namenode.TransferFsImage$HttpGetFailedException: Fetch of http://node1.qaperf.flytxt.com:8480/getJournal?jid=flycluster&segmentTxId=6938&storageInfo=-63%3A2141723110%3A0%3ACID-26cc5859-c0e5-4ddb-acfd-c96c7a10b238 failed with status code 401
Response message:
Unauthorized
at org.apache.hadoop.hdfs.server.namenode.EditLogFileInputStream$URLLog$1.run(EditLogFileInputStream.java:471)
at org.apache.hadoop.hdfs.server.namenode.EditLogFileInputStream$URLLog$1.run(EditLogFileInputStream.java:456)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAs(Subject.java:422)
at org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1754)
at org.apache.hadoop.security.SecurityUtil.doAsUser(SecurityUtil.java:448)
at org.apache.hadoop.security.SecurityUtil.doAsCurrentUser(SecurityUtil.java:442)
at org.apache.hadoop.hdfs.server.namenode.EditLogFileInputStream$URLLog.getInputStream(EditLogFileInputStream.java:455)
at org.apache.hadoop.hdfs.server.namenode.EditLogFileInputStream.init(EditLogFileInputStream.java:141)
at org.apache.hadoop.hdfs.server.namenode.EditLogFileInputStream.nextOpImpl(EditLogFileInputStream.java:192)
at org.apache.hadoop.hdfs.server.namenode.EditLogFileInputStream.nextOp(EditLogFileInputStream.java:250)
at org.apache.hadoop.hdfs.server.namenode.EditLogInputStream.readOp(EditLogInputStream.java:85)
at org.apache.hadoop.hdfs.server.namenode.EditLogInputStream.skipUntil(EditLogInputStream.java:151)
at org.apache.hadoop.hdfs.server.namenode.RedundantEditLogInputStream.nextOp(RedundantEditLogInputStream.java:178)
at org.apache.hadoop.hdfs.server.namenode.EditLogInputStream.readOp(EditLogInputStream.java:85)
at org.apache.hadoop.hdfs.server.namenode.EditLogInputStream.skipUntil(EditLogInputStream.java:151)
at org.apache.hadoop.hdfs.server.namenode.RedundantEditLogInputStream.nextOp(RedundantEditLogInputStream.java:178)
at org.apache.hadoop.hdfs.server.namenode.EditLogInputStream.readOp(EditLogInputStream.java:85)
at org.apache.hadoop.hdfs.server.namenode.FSEditLogLoader.loadEditRecords(FSEditLogLoader.java:190)
at org.apache.hadoop.hdfs.server.namenode.FSEditLogLoader.loadFSEdits(FSEditLogLoader.java:143)
at org.apache.hadoop.hdfs.server.namenode.FSImage.loadEdits(FSImage.java:898)
at org.apache.hadoop.hdfs.server.namenode.FSImage.loadFSImage(FSImage.java:753)
at org.apache.hadoop.hdfs.server.namenode.FSImage.recoverTransitionRead(FSImage.java:329)
at org.apache.hadoop.hdfs.server.namenode.FSNamesystem.loadFSImage(FSNamesystem.java:984)
at org.apache.hadoop.hdfs.server.namenode.FSNamesystem.loadFromDisk(FSNamesystem.java:686)
at org.apache.hadoop.hdfs.server.namenode.NameNode.loadNamesystem(NameNode.java:586)
at org.apache.hadoop.hdfs.server.namenode.NameNode.initialize(NameNode.java:646)
at org.apache.hadoop.hdfs.server.namenode.NameNode.<init>(NameNode.java:820)
at org.apache.hadoop.hdfs.server.namenode.NameNode.<init>(NameNode.java:804)
at org.apache.hadoop.hdfs.server.namenode.NameNode.createNameNode(NameNode.java:1516)
at org.apache.hadoop.hdfs.server.namenode.NameNode.main(NameNode.java:1582)
Please Help.
iam trying to connected to remote broker url in activeMQ (activemq installed in unix vm)
iam able to connect from browser from my laptop.
while running springboot iam getting this error
--- [ActiveMQ Task-1] o.a.a.t.failover.FailoverTransport : Failed to connect to [tcp://http://199.247.18.11:61616] after: 8 attempt(s) continuing to retry.
what could be the issue?
Please remove https:// from your connection string. Port 61616 is expecting JMS connections.
Your connection string should be tcp://199.247.18.11:61616 or something similar. There is a rest API that (I think) goes through the built in HTTP server but it's not going to listen on 61616 and it's going to have a much longer URL. Something like
http://admin:admin#localhost:8161/api/message?destination=queue://myqueue
still issue
yml file
activemq:
broker-url: failover:(tcp://http://199.247.18.11:61616)?initialReconnectDelay=1000&maxReconnectDelay=60000&warnAfterReconnectAttempts=2
error:
2018-05-01 07:41:51.312 WARN 6560 --- [ActiveMQ Task-1] o.a.a.t.failover.FailoverTransport : Failed to connect to [tcp://http://199.247.18.11:61616] after: 2 attempt(s) continuing to retry.
I am trying to push the company app into Pivotal Cloud Foundry. The app should be bound with service registry. I didn't do any changes in application.yml file. I had have service-registry service in my Pivotal apps manager console. After I pushed my company app into PCF and binded with service-registry service. I did restage my company app. The app is not registered in the service registry console.
2016-06-06T11:25:36.72+0530 [APP/0] OUT Caused by: org.springframework.web.client.ResourceAccessException: I/O error on POST request for "https://p-spring-cloud-services.uaa.******.com/oauth/token":sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to fin
d valid certification path to requested target; nested exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.securit
y.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
and
2016-06-06T05:49:35.000+00:00 [APP] OUT 2016-06-06 05:49:35.668 ERROR 22 --- [pool-5-thread-1] com.netflix.discovery.DiscoveryClient : DiscoveryClient_COMPANY/https://p-spring-cloud-services.uaa.******.com/oauth/token:****** - was unable to refresh its cache! status = Error requesting access token.
How to solve these issues?
The cause of problem is ssl certification for PCF. I think you are not uploaded ssl certificate to your environment.
Your PCF instance should have valid root certificates of your apps installed at their side and vice versa....