Getting Host requires authentication while sending WMS GetMAP API request in QGIS - geoserver

I am very new to QGIS tool.While sending WMS GetMAP API request using QGIS tool I am getting
#Error
Host requires authentication
However when run that url in browser I am getting the expected MAP.
How can I get rid of such error.Kindly advice.Thanks.

You would need to turn of whatever security rules you have set on the WMS. Or you can fill in and store the user name and password that the service requires in QGIS.

Related

How to get Access Token for Client Based Application for Zoho API?

Does this mean Zoho API documentations are wrong?
I'm following the "client based applications" as my app is a ReactJS based app. Unfortuantely im getting a fetch failed type of error when trying to request an authentication token using response_type = token.
Very frustrating indeed.
What is the proper way to get an auth token for ReactJs apps?
You can get it by chrome(or firefox)
Get format (make single line)
https://accounts.zoho.com/oauth/v2/auth?
client_id={your client id}&
response_type=token&
scope=AaaServer.profile.Read&
redirect_uri={your app redirect URI}
This is steps
Get client_id and redirect_uri from my Zoho Setting
https://api-console.zoho.com/
Make single line string with upper format
put that string and enter from Chrome
The client id and redirect URI should be match your App settings.
Click the Accept button with checked Grant access checkbox
Will get the access token at address editor in Chrome
Get new access token with this format
http://localhost:3000/#&
access_token={get-new-access-token}&
expires_in=3600&
location=us&
api_domain=https%3A%2F%2Fwww.zohoapis.com&
granted_for_session=true
You can make your React app for getting access token with this steps.

Access GitHub API from Nifi

I'm trying to access info within GitHub's API from a NiFi Process. Essentially, I'm using GenerateFlowFile to set the target URL and the Authorization header for the token. I then pass it to the InvokeHTTP and every time it gets a 401 error saying it needs to be authenticated, despite providing my personal token (the one I use when programming locally and with Terminal). Any tips on how I can get this working? I can provide more detail if needed
I'm not sure which endpoint you're trying to access in the GitHub API, but it appears you are using an endpoint from GitHub Enterprise 2.22 from the error message.
The docs for authentication show you should prefix the token with token i.e:
Authorization: token OAUTH-TOKEN
In your specific case, this means you should set the Authorization header to token ${github_token}.

Changing SSL Certificate and associated domain gives a 401 when it didn't before

I have an application with multiple services. One of them is the auth service that takes care of creating the jwt after checking that the client id (i.e. browser or app) is valid and provided username/password is also valid.
I have another service (gateway) that redirect to other services any requests from the users using the jwt token for authentication.
All this works and has been working for a few years. It is based on Spring Boot using Spring Security (starter v2.1.5). It is soon time to renew our certificate and at the same time move to our new domain. The new certificate has been applied to the Google Cloud Platform load balancer.
The call for health check using the Spring Actuator is responding with the proper "UP" (in json) response. When I try to make the call from same Postman request (with new domain name used) I get the following response with a 401 code:
{
"error": "unauthorized",
"error_description": "Full authentication is required to access this resource"
}
I do have the proper clientid and password/secrete encoded using base64 (hey it worked before and nothing else was changed).
I tried to debug setting #EnableWebSecurity(debug = true), but it generates zero logs from the request.
If I switch back the certificate to old one (and old domain), it works again without any other changes. This has been driving me a bit on the crazy side to say the least. Any help, suggestion, ideas would be appreciated.
It ended up being an error on my part. When I added a A class resources during the copy paste of Load Balancer IP, I put the same IP for both of my services (i.e. one of the copy didn't stick). Ending up in calling security on the gateway service when asking for the auth token.
Thanks for the comment #Boris-Treukhov

Sqaure Payment Gateway Checkout API CORS Issue

I tried to integrate Square Payment gateway in my application, but i'm getting following error enter image description here
I've tested it through postman. It's working fine in postman.
It looks like you're attempting to do the HTTP request from the frontend browser (JavaScript). Square doesn't allow that with one of the most important reasons being that anyone would be able to access your personal access token and thus have access to your account.
With that said, you need to create your HTTP request in a back-end service using something like PHP/Java/Ruby/Node.js, etc.

Spring Security Kerberos SSO for a REST API (Tomcat)

Here is my problem:
Context :
-Windows Server 2012 with ActiveDirectory
-Tomcat
-Rest API (Spring)
I'm currently trying to restrict REST request. I want that only specific groups of the AD could access to specific resources. I'm restricted to Kerberos authentication.
System configuration
Create a user in domain "Tomcat"
setspn -a HTTP/apirest.domain#DOMAIN
Generate a tomcat.keytab using ktpass
API rest configuration
I'm using the spring security sample on github that you can find here :
https://github.com/spring-projects/spring-security-kerberos/tree/master/spring-security-kerberos-samples/sec-server-win-auth
I know that there is an EntryPoint and this is not needed in my context (API Rest). I've chosen this sample because it seems to use the windows authentication context and use it to automatically authenticate me in the spring security context. Right after, an ldap request is send to extract all information about the user logged. In my case, I need to extract the group.
I'm also using :
https://github.com/GyllingSW/kerberos-demo
To extract the role of the user with the class "RoleStrippingLdapUserDetailsMapper.java" instead of the "ActiveDirectoryLdapAuthoritiesPopulator". This implementation also offers localhost authentication but the issue with the NTLM token seems to be fixed in last commit of spring security.
I'm not really sure if this is the right way to do what I want.
My authentication seems to fail and I only have one things going wrong in my logs..
"Property 'userDn' not set - anonymous context will be used for read-write operations"
Questions
Do I have to run my tomcat service using the tomcat account ? (Seems to be, yes)
Am I doing the right things with Kerberos security ?
How can I get rid of the anonymous context?
The anonymous context seems to be set just right after Tomcat start. I want to get a context just after that my user (For instance, user1) requests the rest API (EntryPoint or whatever)
If there is something unclear let me know, I will try to reformulate!
Thanks,
You do not need to query LDAP to get information about which groups does user belong to. Active Directory already adds this information to the Kerberos ticket which is sent from browser to Tomcat.
You just need to extract this information from the token for example using Kerb4J library. It comes with Spring integration inspired by spring-security-kerberos project so it should be pretty easy to switch to it.
If you still want to query LDAP you need to authenticate in LDAP before you can make any queries. Again there's no need to use end-user accounts for it - you can use the keytab file for Kerberos authentication in LDAP and query groups using "Tomcat" account
I found a way to fix my issue.
In a REST API context, you have no entry point. I tried to set my entry point to an unmapped URL, just to do the negociation. By doing this, you will receive an HTTP response with the error code 404 (Not found) but with the right header was added by spring security (WWW-Authenticate).
The web browser will not send the ticket service if the error code is not 401.
To solve this problem, you have to create a CustomEntryPoint class (implements AuthenticationEntryPoint) and you need to override the "commence" method to return a 401 HTTP code with the right header.
I hope that could help. If there is a better way, let me know !

Resources