Inside my laravel application, when a binding exception, or any LDAP exception occurs it prints my credentials to the log:
[2016-07-14 19:30:35] local.ERROR: exception 'BindException' with message 'Can't contact LDAP server'
Stack trace:
#0 Guard.php(102): ldap_bind('admin', 'password', '', '#corp.acme.org')
Is there a way to avoid this rather then catching all exceptions?
Maybe a way to 'pre-hash' the password to send through the bind request so it's not readable from the logs? Is this possible?
Or is this something I shouldn't be worried about because the logs are only accessible from people who have physical / remote access to the server?
Related
I am trying to deploy a fullstack application however I am not able to send my backend.
My /api route fails to resolve and I get this error message from heroku logs:
Reason: 'accessDenied.invalidIp',
Message: 'Invalid authorization: API key does not allow access from IP xx.xxx.xxx.xx'
I have recognized my request is failing because I am required to provide authorization. I am able to configure this locally and get it to work however I cannot configure how I can do this for public deployment.
I have tried the CORS module in order to whitelist my IP however it still doesn't work.
If anyone can provide some advice or a solution to effectively resolve this it would be much appreciated.
i have not working restcontrolleradvice, when service throwing exception, exception handle should catch it and return bad request code, but it never haping. When i try in postman create user with username or email existed i get error in console, and user not save in base but i still get created response :/
Here is my code of not working service: https://github.com/misterrevo/ProjectOrganizer/tree/master/auth-service
I am trying to integrate a Shibboleth IDPV3.4.1 with my SP which is a server called as ClearPass. I am using the Linux platform of the Shibboleth IDP. I configured the relyingparty.xml, attribute-filter.xml, attribute-resolver.xml,ldap.properties, and also the and uploaded the metadata to the /metadata/sp-metadata.xml also updating the metadata-providers.
I am trying to use the password authentication flow with LDAP, however the issue is that I never get the login page when I initiate the SAML transaction from my SP. I get an error saying "Web Login Service -Stale Request". I have attached the screenshot of the error
Stale Request
I attempt to do a resolver test using the
http://shib.nslab.com:8080/idp/profile/admin/resolvertest?requester=https://chandracppm.nslab.com/networkservices/saml2/sp&principal=chandu
requester "https://chandracppm.nslab.com/networkservices/saml2/sp"
principal "chandu"
attributes
0
name "sAMAccountName"
values
0 "chandu"
and I get the attributes from AD in return, which shows the connection to AD is working.
However the authentication page does not appear from the IDP when I try to access the resource in my SP, I only get the Stale request Error.
The error that I see in the logs/idp-process.log is as follows
2018-12-10 19:26:08,222 - 10.23.20.81 - ERROR [org.opensaml.profile.action.impl.DecodeMessage:73] - Profile Action DecodeMessage: Unable to decode incoming request
org.opensaml.messaging.decoder.MessageDecodingException: Shibboleth Authentication Request message did not contain the providerId query parameter.
at net.shibboleth.idp.saml.profile.impl.BaseIdPInitiatedSSORequestMessageDecoder.getEntityId(BaseIdPInitiatedSSORequestMessageDecoder.java:128)
2018-12-10 19:26:08,223 - 10.23.20.81 - WARN [org.opensaml.profile.action.impl.LogEvent:105] - A non-proceed event occurred while processing the request: UnableToDecode
2018-12-10 19:26:08,224 - 10.23.20.81 - DEBUG [org.opensaml.saml.common.profile.logic.DefaultLocalErrorPredicate:143] - No SAMLBindingContext or binding URI available, error must be handled locally
I am new to setting up Shibboleth IDP, not sure what I am missing.
Any inputs would be appreciated
Shibboleth fails to decode the message. This behavior is to be seen if the AuthnReq is being sent to POST endpoint instead of Redirect or vice versa or if any of both endpoints are not configured properly. On UI, the error you will notice for this is "StaleRequest". I got a similar error in idp-process.log file "org.opensaml.messaging.decoder.MessageDecodingException: This message decoder only supports the HTTP GET method". The issue is pertaining to incorrect or misconfigured endpoints.
I was able to get this working by installing an IDP docker image from here
https://docs.google.com/document/d/1qb5XTde1nulCdA_8QUei48CxDj0lQs7ShD622Ze_4II/edit
The authentication flow is working now
I've downloaded the code from Spring's Get Started Guide - Accessing Twitter Data the https://spring.io/guides/gs/accessing-twitter/ .
I set up my credentials in application.properties and made no other changes. I run the app, and when it attempts to connect to Twitter, it fails with an exception on ConnectController line 240:
ResourceAccessException:
org.springframework.web.client.ResourceAccessException: I/O error on
POST request for "https://api.twitter.com/oauth/request_token":cannot
retry due to server authentication, in streaming mode; nested
exception is java.net.HttpRetryException: cannot retry due to server
authentication, in streaming mode
I have checked that the credentials are being read by the app. They are valid - I use them to connect with another application I've written with twitter4j, although in that case I use a Token and Token Secret in addition to the Consumer Key and Consumer Secret.
Any ideas?
Thanks
I had exactly the same issue as you : it happened because I did not set my callback URL in the twitter setting.
Just check in your twitter app settings that the callback field is set (I used the same URL as the website field).
Hi I met the following problem when achieve a function "send an email to members" in my membership application. I did some research and add
<system.web>
<securityPolicy>
<trustLevel name="Full" policyFile="internal"/>
</securityPolicy>
</system.web>
to my Web.config, then deployed to server again, but the problem still exists. Any ideas? Thanks in advance.
Server Error in '/TestApp' Application.
Security Exception
Description: The application attempted to perform an operation not allowed by the security policy. To grant this application the required permission please contact your system administrator or change the application's trust level in the configuration file.
Exception Details: System.Security.SecurityException: Request for the permission of type 'System.Net.Mail.SmtpPermission, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.
Source Error:
An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.
When sending the email you might be specifying the SMTP port number which might not be allowed.
Here is an example of what I'm talking about:
SecurityException: Request for the permission of type 'System.Net.Mail.SmtpPermission'