I have this strange issue while pushing one of my application to PCF.
I wants to implement blue-green deployment for my service and I want to deploy app-v2 version with no-route and then add temp route after deployment done.
because I need to bind one marketplace service UAA Single Sign-on(Provides identity capabilities via UAA as a Service) service at application startup time.
This UAA service is causing issue while pushing.
cf command using for deployment
cf push -f manifest-dev.yml --no-route
Error screenshot:
PCF version 2.x
I have a couple ideas that might help to get around this.
Don't use --no-route. You said I want to deploy app-v2 version with no-route and then add temp route after deployment done, so just skip the --no-route part and put the temp route directly into your manifest-dev.yml file. If you already have a route in that file, you could make a copy and call it manifest-dev-v2.yml and put the route there.
Split this up. Remove your service from the manifest-dev.yml file. Run cf push -f manifest-dev.yml --no-route --no-start. Then map the temp route. Then bind the service. Then run cf start. You could alternatively drop the manifest all together, and just script your cf cli actions in a shell script or something like that.
You could look at using one of the blue/green plugins for the cf cli. There's a few and I can't recommend one over another. You can see them all here (search for blue/green).
http://plugins.cloudfoundry.org/
For a little background on the error that's being reported, the authorization code grant (Oauth2) cannot work without a redirect URL. For this flow, a user get's redirected to the login page and then get's redirected back to your redirect URL once login has occurred. Without that redirect URL, users can't complete the flow. It appears to be failing since you don't have any routes and thus cannot have a redirect URL.
Hope that helps!
Related
I use ngrok to test my flask app with OKTA. For which my ngrok public URL gets changed time to time. I need to change my OKTA application integration setting based on the current URL as given below
Single Sign On URL http://4e4f-103-97-210-83.ngrok.io/saml/sso/example-okta-com
Recipient URL http://4e4f-103-97-210-83.ngrok.io/saml/sso/example-okta-com
Destination URL http://4e4f-103-97-210-83.ngrok.io/saml/sso/example-okta-comAudience
Restriction http://4e4f-103-97-210-83.ngrok.io/saml/sso/example-okta-com
it is very tedious jobs to change URL everywhere when there is only change in string "4e4f-103-97-210-83"
is there any macro facility to define in OKTA app integration something like below
# url_part 4e4f-103-97-210-83
http://${url_part}.ngrok.io/saml/sso/example-okta-com
I just need to change url_part macro based on ngrok output, and it is good to go.
Any idea?
You can use Okta API to make this change for your app config, or Terraform which uses the same under the hood.
Or you can get a plan from ngrok, which allows to keep public URL permanent
I have deployed a very basic web app to JFrog that I created using Maven. It has a basic JSP file that says "Hello World" I deployed a .war file manually. After deployment, I was able to see the link like
localhost:8082/artifactory/MyWebApp/
But, when I hit it, it redirects me to 8082 and asks for a username and password which I never set up. I tried the login name and password but this does not seem to work. I have not used any authentication in my application. Kindly help
So, I resolved it. As it was a new installation, I generated a new token and gave it permission to access. I was thus able to access the path and download the artifact.
This seems to be a permission issue to me. Generate a new token with proper access. Should work.
I try do auto-deploy for some project, when somebody push to git, deploying occurred for the branch and jenkins setup project and do deploy stuff on a server. For example:
|Branch |URL (will be created) |
|--------|---------------------------------------|
|master |http://master.my-project.example.com/ |
|some |http://some.my-project.example.com/ |
|dev-2e |http://dev-2e.my-project.example.com/ |
all is fine, but project need use google OAuth2, and there is a key, client id, client secret.
So I need setup not just one or just five redirect URIs for google authorization, I need template:
http://*****.my-project.example.com/oauth2redirect
When I try do this, I have error without any reason or explanation. When I just omit all URIs, no one URI is work, but I even agree with turning off this restriction.
Is there any ability to do this? Or programmatic API for adding new URI?
I didn't found any standard way to solve this problem.
How do I add "authorized redirect URIs" to Google OAuth2 using an API?
Says: I need create own proxy server, that will be do redirects. And has the only allowed redirect URI in google console.
I have very little experience with APIs which is something that I'm trying to change so I'm trying to get started with the Tumblr api. I've installed the tumblr_client gem (documentation here) and am following the instructions. I've created an application on a new Tumblr account and have the necessary OAuth information (consumer_key, consumer_secret, ect.) Actually getting it to do something is proving difficult, so like a good little programmer I'm trying to get the console going to explore a bit.
This requires a bit of setup, so I'm following the instructions here:
The first time that you go to use the irb console, if you have no
.tumblr file, it will walk you through the process of generating one.
You will be prompted for your consumer_key and consumer_secret (which
you can get here: http://www.tumblr.com/oauth/register) and then sent
out to the site to verify your account. Once you verify, you will be
redirected to your redirect URL (localhost by default) and copy the
oauth_verifier back into the console. Then you're all set!
I'm prompted for my key and secret, then I go to the URL where I'm supposed to give authorization. Tumblr gives me a popup which reads "Is it alright for this application to access some of your data and make posts to your account? You are logged in as example#example.com" and the options to cancel or allow. I hit allow and it just takes me into the account itself, at no point am I ever given any kind of verification code that I can put in to get the console working.
At this point I'm stuck and can't go any further so I'm activating the network. Any ideas as to where I'm going wrong?
Did you specify a redirect or callback url at any point in the oauth config process? It's probably done on tumblr's API website. This url would be your app's endpoint to which Tumblr sends a request to with the user's data. By the way, oauth can sometimes be confounding to set up. You won't be able to use localhost as a callback url, for example, though you can get a temporary domain name with a free local tunneling app.
edit To go into more detail on some of these points ...
callback url: To reiterate, this cannot be localhost. Setting the correct callback url will get you unstuck from your current predicament. Instead of redirecting to the tumblr homepage, you want the confirmation page to redirect to your app. Anyway, I think you're totally sensible to want to test it out before you deploy. But unless you deploy or use a local tunnel, your local application doesn't actually have a URL that can be reached from anywhere except your computer.
local tunnelling services: ngrok, localtunnel. To give an example with ngrok: Say you have a Rails server running on port 3000. Then in another terminal you run ngrok 3000 and you get a url which exposes your local server to the real internet. Note that this changes every time you restart ngrok (unless you pay them). In your application, you should make a unique route for the callback. Say you have a route which matches /oauth_callback to the oauth_callback controller action. Then the route you'd provide as your callback url would be http://MY_CUSTOM_NAME.ngrok.com/oauth_callback.
The controller action: I don't specifically know how Tumblr sends user data to the callback. Perhaps the information is in the headers or maybe it's in the body. It might be JSON or XML. Whatever it is, you can explore the data by placing a breakpoint in your controller action. You can inspect the params, headers, etc. I'd expect that they'd give you some token credentials and probably a user name/email as well.
I have a c#.net MVC3 application running on Windows Server 2008 R2 Datacenter.
If I deploy the application as an application under the main site (i.e. www.mysite.com/crm) it works perfectly.
If I deploy the application as a sub-domain to the main site (i.e. crm.mysite.com) it appears to work as expected, with the exception of one endpoint (crm.mysite.com/reports/view). That path returns the following authentication notice:
Authentication Required
The server http://crm.mysite.com:80 requires a username and password.
I am not aware of anything special for that endpoint and, as I mentioned, it works without issues when deployed under the main site.
What would cause this? How do I remove/prevent it?
I don't even know what code to provide to help diagnose the problem. Please let me know if you want to see parts of the code for any section related to this issue.
UPDATE:
I don't move the path to the application files for either situation and they both use the same application pool. The only difference is how a user access the files via IIS.
UPDATE2:
If I authenticate a user, I get this error:
Server Error in '/Reports' Application.
The resource cannot be found.
Description: HTTP 404. The resource you are looking for (or one of its dependencies) could have been removed, had its name changed, or is temporarily unavailable. Please review the following URL and make sure that it is spelled correctly.
Why would it think the resource doesn't exist when clearly it does?
If you have authentication on the main site, it won't automatically carry authentication across to the sub-domain. You would have to develop a mechanism to handle that such as SSO (single sign on).
Another potential issue is permissions for the directory/application (eg. c:\inetpub\wwwroot\crm.mysite.com)