we want to disable the ldap configuration in our ICP (CE). We did the following: https://www.ibm.com/support/knowledgecenter/en/SSBS6K_2.1.0.3/troubleshoot/ldap_superadmin.html
But if we restart the master, the ldap-configuration comes back. It is not possible to remove the ldap config forever?
Thx
You can remove the ldap-configuration by manually using the HTTP API. Here is the specific command:
curl -k -X POST --header "Authorization: Bearer $ACCESS_TOKEN" 'https://<cluster_lb_address>:8443/idmgmt/identity/api/v1/directory/ldap/offboardDirectory'
The response should be {"count":1} if the operation was successful. Also, returning to the "Manage > Authentication" page through the web UI should now display the "No LDAP connection found" page, indicating it was successfully removed.
You will need to know the cluster IP address, and retrieve the cluster administrator access token using the instructions on this page: https://www.ibm.com/support/knowledgecenter/en/SSBS6K_2.1.0.3/apis/access_api.html
Related
I just defined the user in Elasticsearch (through Kibana UI) and want to test the user can reach and authorize in Elastic.
What endpoint can I use for testing a user is known to Elastic from the user's perspective? (no high privileges admin API)
All I tries required some kind of roles, requests looked like:
curl --basic --user user:pass https://evil.com:9200/_cat/indices
UPDTE With curl -v I see 401 / 403 to differentiate if password is correct, I'd like to have some endpoint that returns 200 for the correct password and 401 for incorrect or non existing user...
If I am understanding right so you just want to check if kibana is opening only with defined username and password or not.
So you can just hit
https://your_ip or kibana_ip_whichever_given:5601
or
http://your_ip or kibana_ip_whichever_given:5601
if you have used xpack.security in it then try https otherwise try it with http
You can use the X-Pack API to test if the user is known to the Elasticsearch cluster, without requiring high privileges. The API is available at the endpoint /_xpack/security/user/<username> and will return a 200 status code if the user is known and an error code (e.g. 401 or 403) if the user is not known or not authorized.
for more... https://discuss.elastic.co/t/216937
How might I authenticate GET requests to an elasticsearch API using Jmeter GUI. I know using curl I can authenticate using something like
curl -u user:password http://www.example.com
but Jmeter only has the following options
The Authorization Manager lets you specify one or more user logins for web pages that are restricted using server authentication. You see this type of authentication when you use your browser to access a restricted page, and your browser displays a login dialog box. JMeter transmits the login information when it encounters this type of page.
Some developer posted an example of basic auth here.
I want to use Bitbucket's Rest API with Bitbucket's two-factor authentication enabled, so I can administer my account using curl via the terminal. Previously, I made REST API calls without 2FA and now I want to make this transition.
With 2FA enabled, you need to use the OAuth 2.0 protocol to make API calls; rather than the standard REST API invocations you'll find on the Bitbucket site.
Now, I got as far as creating a so-called consumer, on the Bitbucket website. This generates a Key and a Secret.
The part where I got stuck is in the following. With this Key and Secret, you can obtain a so-called access token (which expires after an hour) via
https://bitbucket.org/site/oauth2/authorize?client_id={client_id}&response_type=code
, which you can do via a the curl command
$ curl -X POST -u "client_id:secret" \
https://bitbucket.org/site/oauth2/access_token \
-d grant_type=authorization_code -d code={code}.
I don't know how to obtain this access token; i.e., the step from invoking the curl command to having it in a Bash variable.
Once we've obtained our access token we can make API requests by including it in our curl command, according to the Bitbucket documentation. I presume, something like,
curl -u "client_id:secret" https://api.bitbucket.org/2.0/[API Request] --data-urlencode "access_token=$[Access_token]" --data "[api_request_data]=[Api_request_data]"
, where $[Access_token] is our Bash variable holding our unexpired access token.
I want to create two functions implemented in Bash: one to obtain an access token; and, one to refresh the access token. Or is there a more simple way?
Anyhow, a quick outline on how to make REST API calls with 2FA enabled, would be highly appreciated.
You can use a Bitbucket "app password". More info here.
What I Did
First I accept that I am lacking in spring security knowledge.
I am trying secure rest services for one of our product. I am using spring security OAuth2 JWT. I want to allow anonymous as well as registered users to access my resources.
Suppose I have one service "http://localhost:8282/melayer/articles" and when I run following command
(1). curl -X POST -vu melayer:12345 http://localhost:8282/melayer/oauth/token -H "Accept: application/json" -d "password=melayer&username=melayer&grant_type=password&scope=write&client_secret=12345&client_id=melayer"
I am able to receive access_token, refresh_token etc. Everything works fantastic, even I can access url http://localhost:8282/melayer/articles with received acces_token
(2). curl http://localhost:8282/melayer/articles -H "Authorization: Bearer eyJhbGciOiJIUzI1NiJ9.eyJleHAiOjE0NjA3NzY5NDIsInVzZXJfbmFtZSI6ImVjb2tyeXB0IiwianRpIjoiNWI5ZmE4NjYtMTBlNS00NDA2LTgxYmMtYjM3NWVmNGE0ZmQ1IiwiY2xpZW50X2lkIjoiZWNva3J5cHQiLCJzY29wZSI6WyJ3cml0ZSJdfQ.4jO9euBz4TSSNh7M3l2YBD1QPblE0ZyOfGm4VtyFMFY"
What I want to understand
I want to receive access_token anonymously i.e. I dont want to pass user name, password or client secret, I want to run curl command in following way
curl -X POST http://localhost:8282/melayer/oauth/token -H "Accept: application/json"
My one of the concern is, I want access_token with or without user credentials I am trying to achieve this from last week, Am I missing something ? is it possible ? what is correct way to do this ?
It is kind request to help me on this :)
If anyone want to see my code please refer Git repo https://github.com/aniruddhha/spring-security-oauth2-jwt
I think you Misunderstood the access token concept, access tokens are meant to be used on behalf of authenticated user.
OAuth2 supports different grants types (password, authorization_code, etc) , check the spec Oauth2 Spec
In order to authenticate used you can use any one of those grants or could create your own (eg: login with Google token ) but you must send some form of user credentials to identify the user and the client credentials to identify the client.
Access token cannot be used as some kind of ApiKey used to access public api
I connecting the google spreadsheet API. I have already granted permission to the user and retrieved the code. I would like to refresh the token with the refresh token, but cannot find the url. can anyone point me to the url needed? I cannot use the libraries since I am using an ETL tool and not a code to connect to the service.
Thank you
Nir
This worked for me:
curl https://www.googleapis.com/oauth2/v4/token \
-d client_id=$CLIENT_ID \
-d client_secret=$CLIENT_SECRET \
-d refresh_token=$REFRESH_TOKEN \
-d grant_type=refresh_token
For the first authorization code exchange, a refresh token is obtained in offline scenarios. In these cases, your application may obtain a new access token by sending a refresh token to the Google OAuth 2.0 Authorization server.
As discussed in the documentation, to obtain a new access token, your application sends an HTTPS POST request to https://www.googleapis.com/oauth2/v4/token.