I am getting an error while calling GET /system/ping
{
"error": {
"statusCode": 500,
"name": "Error",
"message": "error trying login and get user Context. Error: error trying to enroll user. Error: Enrollment failed with errors [[{\"code\":400,\"message\":\"Authorization failure\"}]]",
}
}
I have made the participant
Blockchain Participant
{
'$class': 'org.optum.blockchainv5.Participant',
ParticipantId: 'ParticipantId:2',
Name: 'Vipul Bajaj'
}
Then issued an identity to the participant
System Identity
{
userID: 'ParticipantId:2',
userSecret: 'dPJbJBsaOLaf'
}
And then added that identity to default wallet
Wallet Identity
{
enrollmentID: 'ParticipantId:2',
enrollmentSecret: 'dPJbJBsaOLaf',
id: 3
}
And then set this wallet identity default by calling the POST /wallets/1/identities/3/setDefault
Got response code 204
And after calling GET system/ping gave me error.
just following up - if you're still getting this error, could you attach a trace log setting export DEBUG=composer:* ` then re-running the rest server - the log file is in a 'logs' directory (from where you start the composer-rest-server). Then we can see what's going on with the POST.
I had a similar issue.
I was trying to deploy a composer hlfv1 network instance locally. I was running the ./createComposerProfile.sh script. This script has this line cp "${DIR}"/hlfv1/composer/creds/* ~/.hfc-key-store
This copies all the credentials on your creds folder and overrides the ones created by composer identity import on your ~/.hfc-key-store
You could copy the credentials from ~/.hfc-key-store to the creds folder or comment out this line.
Related
I am trying to run a DatabricksStep. I have used ServicePrincipalAuthentication to authenticate the run:
appId = dbutils.secrets.get(<secret-scope-name>, <client-id>)
tenant = dbutils.secrets.get(<secret-scope-name>, <directory-id>)
clientSecret = dbutils.secrets.get(<secret-scope-name>, <client-secret>)
subscription_id = dbutils.secrets.get(<secret-scope-name>, <subscription-id>)
resource_group = <aml-rgp-name>
workspace_name = <aml-ws-name>
svc_pr = ServicePrincipalAuthentication(
tenant_id=tenant,
service_principal_id=appId,
service_principal_password=clientSecret)
ws = Workspace(
subscription_id=subscription_id,
resource_group=resource_group,
workspace_name=workspace_name,
auth=svc_pr
)
The authentication is successful since running the following block of code gives the desired output:
subscription_id = ws.subscription_id
resource_group = ws.resource_group
workspace_name = ws.name
workspace_region = ws.location
print(subscription_id, resource_group, workspace_name, workspace_region, sep='\n')
However, the following block of codes gives an error:
model_name=<registered-model-name>
model_path = Model.get_model_path(model_name=model_name, _workspace=ws)
loaded_model = joblib.load(model_path)
print('model loaded!')
This is giving an error:
UserErrorException:
Message:
Operation returned an invalid status code 'Forbidden'. The possible reason could be:
1. You are not authorized to access this resource, or directory listing denied.
2. you may not login your azure service, or use other subscription, you can check your
default account by running azure cli commend:
'az account list -o table'.
3. You have multiple objects/login session opened, please close all session and try again.
InnerException None
ErrorResponse
{
"error": {
"message": "\nOperation returned an invalid status code 'Forbidden'. The possible reason could be:\n1. You are not authorized to access this resource, or directory listing denied.\n2. you may not login your azure service, or use other subscription, you can check your\ndefault account by running azure cli commend:\n'az account list -o table'.\n3. You have multiple objects/login session opened, please close all session and try again.\n ",
"code": "UserError"
}
}
The error is Forbidden Error even though I have authenticated using ServicePrincipalAuthentication.
How to resolve this error to run inference using an AML registered model in ADB?
The Databricks workspace need to be present in the same subscription as your AML workspace.
This notebook demonstrates the use of DatabricksStep in Azure Machine Learning Pipeline.
Here is the Model class register.
When I click "Set Me Up" in Artifactory is generates a gradle.properties file something like this:
artifactory_user=my_artifactory_user
artifactory_password=WAklvc9LXWDsVcoVILbKyebkQG5uBxos6rIrmi8HjMTB3xicLJbxstmEQwRwIoGN6pBnK3T91I
artifactory_contextUrl=https://artifactory.company.com/artifactory
However, when I run ./gradlew artifactoryDeploy I get this error:
> Task :artifactoryDeploy FAILED
Could not build the build-info object.
org.jfrog.build.util.VersionException: Error occurred while requesting version information: Response message: {
"errors" : [ {
"status" : 401,
"message" : "Bad credentials"
} ]
}
...
stacktrace
...
FAILURE: Build failed with an exception.
* What went wrong:
Execution failed for task ':artifactoryDeploy'.
> java.io.IOException: Could not publish build-info: Error occurred while requesting version information: Response message: {
"errors" : [ {
"status" : 401,
"message" : "Bad credentials"
} ]
}
I'm confused because Artifactory is generating this encrypted password but the docs use an example with plain text.
https://www.jfrog.com/confluence/display/JFROG/Working+With+Gradle#WorkingwithGradle-ConfiguringGradle
Is the artifactory_password supposed to be encrypted like this or is it supposed to be plain text?
The artifactory_password parameter can be used for:
clear text passwords
encrypted passwords
API key
If you are getting a Bad credentials error, one of the possible reasons is using an encrypted password when Artifactory is configured with Password Encryption Policy set to Unsupported (not respecting encrypted passwords).
A few things you can do to debug this issue:
Verify the Password Encryption Policy is set to Supported or Required (requires admin) in Administration -> Security -> Settings
Test the user and password by trying to call the REST API using a client such a cURL. Make sure you use an API method which requires and authenticated user
I am trying to run a .NET Core 3.1 Application in Docker locally in Visual Studio. The application needs to access a Azure Key Vault.
When I run the application I get the following error:
One or more errors occurred. (Parameters: Connection String: [No
connection string specified], Resource: https://vault.azure.net,
Authority:
https://login.windows.net/53d4d1e1-3360-4735-8aad-21c6155f528a.
Exception Message: Tried the following 3 methods to get an access
token, but none of them worked.
Parameters: Connection String: [No
connection string specified], Resource: https://vault.azure.net,
Authority:
https://login.windows.net/53d4d1e1-3360-4735-8aad-21c6155f528a.
Exception Message: Tried to get token using Managed Service Identity.
Access token could not be acquired. Connection refused
Parameters:
Connection String: [No connection string specified], Resource:
https://vault.azure.net, Authority:
https://login.windows.net/53d4d1e1-3360-4735-8aad-21c6155f528a.
Exception Message: Tried to get token using Visual Studio. Access
token could not be acquired. Environment variable LOCALAPPDATA not
set.
Parameters: Connection String: [No connection string specified],
Resource: https://vault.azure.net, Authority:
https://login.windows.net/53d4d1e1-3360-4735-8aad-21c6155f528a.
Exception Message: Tried to get token using Azure CLI. Access token
could not be acquired. /bin/bash: az: No such file or directory
Note: it works fine using IIS Express! Please help! :D
Please set the required environment variables when using DefaultAzureCredential to authenticate Azure key vault.
In this scenario, it means to set the environment variables in Dockerfile.
ENV AZURE_CLIENT_ID=<Your AZURE CLIENT ID>
ENV AZURE_CLIENT_SECRET=<Your CLIENT SECRET>
ENV AZURE_TENANT_ID=<Your TENANT ID>
In an attempt to avoid the accepted answer (because of obvious security issues), and to simplify and automate E. Staal's answer (on a duplicate question), I came up with this:
Update your .gitignore file, by adding the following line to the bottom of it:
appsettings.local.json
Right click on the project in Solution Explorer, and click on Properties; in the Build Events tab, find the Pre-build event command line text box and add the following code:
cd /d "$(ProjectDir)"
if exist "appsettings.local.json" del "appsettings.local.json"
if "$(ConfigurationName)" == "Debug" (
az account get-access-token --resource=https://vault.azure.net > appsettings.local.json
)
In your launchSettings.json (or using the Visual Editor under project settings) configure the following values:
{
"profiles": {
// ...
"Docker": {
"commandName": "Docker",
"environmentVariables": {
"DOTNET_ENVIRONMENT": "Development",
"AZURE_TENANT_ID": "<YOUR-AZURE-TENANT-ID-HERE>"
}
}
}
}
In your Program.cs file find the CreateHostBuilder method and update the ConfigureAppConfiguration block accordingly -- here is mine as an example:
Host.CreateDefaultBuilder(args).ConfigureAppConfiguration
(
(ctx, cfg) =>
{
if (ctx.HostingEnvironment.IsDevelopment())
{
cfg.AddJsonFile("appsettings.local.json", true);
}
var builtConfig = cfg.Build();
var keyVault = builtConfig["KeyVault"];
if (!string.IsNullOrWhiteSpace(keyVault))
{
var accessToken = builtConfig["accessToken"];
cfg.AddAzureKeyVault
(
$"https://{keyVault}.vault.azure.net/",
new KeyVaultClient
(
string.IsNullOrWhiteSpace(accessToken)
? new KeyVaultClient.AuthenticationCallback
(
new AzureServiceTokenProvider().KeyVaultTokenCallback
)
: (x, y, z) => Task.FromResult(accessToken)
),
new DefaultKeyVaultSecretManager()
);
}
}
)
If this still doesn't work, verify that az login has been performed and that az account get-access-token --resource=https://vault.azure.net works correctly for you.
I am following below tutorial
https://hyperledger.github.io/composer/integrating/enabling-rest-authentication.html
I am able to complete the steps till setting up default wallet identity. After this when i try system ping method I get the error.
{
"error": {
"statusCode": 500,
"name": "Error",
"message": "Error trying to ping. Error: Error trying to query chaincode. Error: chaincode error (status: 500, message: Error: The current identity has not been registered:maeid1)",
"stack": "Error: Error trying to ping. Error: Error trying to query chaincode. Error: chaincode error (status: 500, message: Error: The current identity has not been registered:maeid1)\n at _checkRuntimeVersions.then.catch (/home/praval/.nvm/versions/node/v6.11.1/lib/node_modules/composer-rest-server/node_modules/composer-connector-hlfv1/lib/hlfconnection.js:696:34)"
}
}
The same error I get while testing from access token.
curl -v http://localhost:3000/api/system/ping?access_token=xxxxx
Though I can run network ping successfully.
composer network ping -p hlfv1 -n 'digitalproperty-network' -i maeid1 -s NfUhmXtiaSUH
Thanks for help.
The problem you are seeing is described by this issue
https://github.com/hyperledger/composer/issues/1761
Both the CLI and Rest server have enrolled the user but this results in both environments storing certificates for the same identity that differ (for example issue and expiry dates). Whichever environment used their certificate first for that identity and activated that identity/participant in the runtime has their certificate registered. When the other environment presents their certificate it isn't found (because it is different to the first environment) and so reports that the identity is not registered.
The way to address this is if you plan to use the identity in the rest server, don't ping it from the CLI first.
when i follow the steps from https://developers.google.com/sheets/api/quickstart/go
and
run as go run quickstart.go
I got Error as below
2017/08/03 12:29:22 Unable to retrieve data from sheet. Get https://sheets.googleapis.com/v4/spreadsheets/14FXalPXVUHZ2SyNBUWJpfSzUSSimYYIR5mUU36r6_BQ/values/A%3AC?alt=json: oauth2: cannot fetch token: 401 Unauthorized
Response: {
"error" : "unauthorized_client"
}
exit status 1
We have to delete credential file in our system because after 1 day or certain time access token of oauth2 protocol got expired.For new access token,you need to delete credential file and run program again.