Spring Security SAML - Two host names issue - spring-saml

Our product uses two host names, one public (e.g. https://my-company.com:443) and private one for internal uses (https://localhost:443).
We manage to authenticate with the IDP using the public URL but when we try to load a resource after the login that try to use the private URL (localhost) we are getting this exception:
[02 May 2016 20:08:26,558] - SSL peer failed hostname validation for name: localhost
javax.net.ssl.SSLPeerUnverifiedException: SSL peer failed hostname validation for name:
localhost
Is there a way to overcome this?
Note: we use the MetadataGenerator to create the SP metadata.

At the end it wasn't spring security issue.
I managed to fix it by pointing the public domain to the localhost in the C:\Windows\System32\drivers\etc\hosts.

Hi resolve your company private ip your etc/hosts file and access the url https://localhost:443/

Related

Unable to connect to remote HTTPS API's without DNS - Istio

I have a Service which is running in Istio 1.16 with envoy sidecar injection enabled.
The service connect with a remote API every now and then to send the health information.
The remote end point is https but without having a domain name, yeah the endpoint have to be invoked like https://168.x.x.x/http/health. I could see the connection is working fine with another API but with a proper hostname.
So the issue is clearly with the DNS resolution, I am not great with networking. So, you folks should help me out.
This is the error i get from the server (of service).
x509: cannot validate certificate for because it doesn't contain any IP SANs
Istio version - 1.16
Kubernetes - 1.24
golang (service) - 1.19
Can we bypass this x509 SAN check using destination Rules?
The error "x509: certificate has expired or is not yet valid" usually occurs when the SSL certificate being used has expired or has not yet been activated. This error can also occur when the certificate being used is not valid for the domain or IP address that the request is being sent to.
To resolve this issue, you will need to either obtain a new valid SSL certificate or renew the existing certificate.
You can check your certificate expiration date by using the below command:
kubeadm certs check-expiration
Refer to this SO for more detailed steps.

NIFI is unable to connect to URL with https using invokeHTTP Processor, no certificate is required to access the site via browser(only user & pass)

NIFI is unable to connect to URL with https using invokeHTTP Processor, no certificate is required to access the site via browser(only user & pass).
The error observed is "Request Processing Failed: javax.net.SSLPeerUnverifiedException".
I have tried adding SSL Context with Java Truststore and nifi Keystore. But it is not working.Kindly suggest.
When using InvokeHTTP to connect to a HTTPS URL, you will need to add an SSLContextService which InvokeHTTP can use to verify the remote server. The SSLContextService will refer to a truststore which contains the public Certificate Authority. For example if connecting to stackoverflow with NiFi, you would need the CN = ISRG Root X1, O = Internet Security Research Group, C = US installed in a pkcs12 truststore, which is used by the SSLContextService. Another option is to use the truststore provided by Java, typically located at $JAVA_HOME/lib/security/cacerts, which will trust most publicly signed web domain certificates.
Please add more details of the error message if this still is not working.

Getting a 404 when trying to access Database Actions for my ADB with private endpoint

I am getting a 404 when trying to access Database Actions of an Autonomous Database with a private endpoint from my internal environment that is connected through VPN. Anyone know how to fix this?
All Autonomous Database tools are supported in databases configured with private endpoints, but additional configuration is required: to connect from your data center, to resolve the Autonomous Database private endpoint, you need a Fully Qualified Domain Name (FQDN), mapping the private endpoint IP to the FQDN. For that you either need to add an entry into your client's hosts files (e.g. /etc/hosts on Linux) or you can use hybrid DNS in the Oracle Cloud Infrastructure.
In addition to the name resolution, your dynamic routing gateway must allow the traffic to and from the Autonomous Database.
For what it's worth, if you want to learn more about the private endpoint setup, check the official doc and specifically the connection example

Is it possible to connect Shibboleth idp from localhost?

I installed Shibboleth service provider on localhost. I want to connect to shibboleth idp.
Error Message: No peer endpoint available to which to send SAML response
This is because I connect to IDP(idp.shibtest.org) from localhost?
samltest.id is good way to test shibboleth.
You cannot use localhost as SP to connect to remote IDp, that iDp won't find any SP to return to because localhost means it's own system so IDp would go in it's local system and find your given SP's entity ID. It won't find that entity ID so it would give such error.
These two approach may help you
Give your machine some public IP and try connect to IDp with that SP.
If you cannot make public IP, make both SP and IDp in your local system.
My this answer may help you.

How to change server certificate of HTTPS listener under Glassfish 2.1.1?

I have a preinstalled Glassfish domain, and I want to change the server certificate and private key of the https listener. How can I do that? Which file in config directory contains that key-pair?
The details on how to accomplish those tasks is in the admin guide, chapter 9.

Resources