I'm facing an error 401 when I do a request from my application to CAS Server. I saw that this meaning that the time between the servers are different. So I found this link, showing how configure it.
I'm using spring-cas-client to do the connection between my app and CAS Server. In this example shows how to configure in the web.xml. There are a way to configure in my applicationContext-security.xml.
Tks a lot !
Only for document, I found the error. And the simplest way to fix this error is synchronize servers with the same NTP Server.
Related
I am new to Keycloak. I have installed a Docker container with Keycloak 19.0.2. Then created a new realm, client and user. As described in various tutorials it says.
Now I tried to connect my Spring Boot application with Keycloak. But I always get the error connection reset.
I have now tested something around and found out something strange.
When I call the URL /realms/rName/.well-known/openid-configuration with Chrome or Edge I see a JSON string, same URL in Firefox I get the error page load error. Also Insomnia gets an error Error: Failure when receiving data from the peer.
I suspect that my Spring Boot application is also getting this. Now where can I set the permissions in Keycloak to allow everyone to talk to the endpoint?
Many greetings
EDIT: Same situation on Root Page. http://localhost:8080/. The Welcome Site is shown on Edge and Chrome but not in Firefox or Insomnia
please excuse my question. I have been able to find the problem. Another process was also listening on the same port. Why there was no error that the port is already in use, I don't know. Now I set Keycloak to another port and it works with all clients. That it is technically possible at all, I wonder, especially why it is program dependent. Well, it works now. Thanks to all who helped.
I can't get my backend to send data after switching to secure connection.
I was able to successfully configure SSL with ssl_mod on Apache web server that serves my Angular app on AWS Linux 2 instance, the site is secure - but my Spring Boot backend is not responding, it is not sending any data. When I additionally convert .crt and .key files to PK12 that Spring understands and I use it in Spring app - I get this error:
net::ERR_SSL_PROTOCOL_ERROR
I've tried using AWS Load Balancer, but same thing happens, frontend is loaded in secure environment, but backend is not sending any data even after I change backend calls from http to https://my-site.com. I've tried following documentation and added this to my backend app properties file:
server.tomcat.remoteip.remote-ip-header=x-forwarded-for
server.tomcat.remoteip.protocol-header=x-forwarded-proto
and security configuration upgraded with this:
http.requiresChannel().anyRequest().requiresSecure()...
but to no avail.
Lastly, I created a new instance on EC2 and this time I didn't configure apache for the frontend on linux, I just used SSL certificate on my backend app with following properties:
server.ssl.enabled=true
server.ssl.key-store=/etc/ssl/mydomain_com.p12
server.ssl.key-store-password=******
server.ssl.key-alias=mydomain
To no avail, now my site doesn't load at all. I'm despearate, struggling with this for a week now. What is the procedure for a full stack app? How do I do it?
Let me respond because on the same day I asked the question - I found a solution. The solution was - converting free SSL certificate with the help of this website:
https://www.sslshopper.com/ssl-converter.html
After I've plugged it in my Spring Boot app - it works. Before that, I made the conversion with OpenSSL on Windows, and it seems it was faulty. I'm so happy now... I read so many articles on this website on my one and a half year journey of learning to code - and got stuck on the last step. I'm so happy. Thank you all for this amazing website and all the help. I love you! I'm proud of being a part of this programming community... the best humor, the best people!
Peace
After successfully setting up a cloud config server and confirming that all works as expected I ran into this issue but I'm not sure if it's supported or the best way to go.
We follow the database-per-service pattern so as an experiment I committed a dev and staging file containing the db connection details of each service so that if we needed to make changes to the server address and credentials we only needed to do it in the config repo.
I have set this up correctly and I confirm that the changes are indeed being propagated from the config server to the clients.
It was only after doing all of this did I notice that even though the services got the updated database details it DID NOT switch its connection.
Is this possible? The only way I could do this was if I restarted the service and that kinda defeats the purpose of having all of this in place. I tried toying with the connection timeouts but it didn't help. The service was still connected to the previous connection.
So it appears a simple addition of the #RefreshScope to my controller did the trick. Thanks to Spring's David Syer for the insight.
I am a newbie at play, and I am trying at least to use HTTPS on a login and sign up pages in order to have more security on sensitive user data.
I have a range of questions regarding this:
I have configured my play application to use https on the application.conf file with the https.port property. However in my development environment I cant seem to start the server with https capability unless I use the command: play -Dhttps.port=<port>
Why does this happen? I would think that I could use a dev.conf (right now is the application.conf) file in order to do this. Can't I start the server in dev mode while using this kind of settings specified on the configuration file?
Although I start the server with https capabilities, what is the correct way to use https on play? I already created a java key store that I use, and tried to redirect (from a controller) requests to a https url using redirect(securedIndexCall.absoluteURL(request, secure)). But it does not seem to work at least on my dev enviroment (localhost). The logs specify exceptions like:
java.lang.IllegalArgumentException: empty text
java.lang.IllegalArgumentException: invalid version format: M¥å/=<junk characters continue>
Should I use https on the whole application, or just securing the login and sign up requests is sufficient?
I feel the official documentation provided is rather insufficient and I am at a loss here trying to figure out how I should do this.
Any help would be really appreciated!
I agree with Fernando, I think it's easier to set up a front end web server. In my case I used Lighttpd and it was fairly straightforward to set up. I'd recommend:
Configure Lighttpd as per these instructions (at this stage, don't worry about HTTPS just get HTTP working): http://www.playframework.com/documentation/2.3.x/HTTPServer
Then configure HTTPS in Lighttpd: http://redmine.lighttpd.net/projects/1/wiki/HowToSimpleSSL. If you intend on buying an SSL certificate then there will be a few more options to set (e.g. intermediate certificate). The following page has more information: http://redmine.lighttpd.net/projects/1/wiki/Docs_SSL
Answers to your main questions:
1) Enabling HTTPS in Play
Yes, you have to explicitly say you want to use HTTPS when starting up
http://www.playframework.com/documentation/2.3.x/ConfiguringHttps
2) The "java.lang.IllegalArgumentException" error message
There might be an issue with the keystore. This SO article seems to discuss in more detail: Play framework 2.2.1 HTTPs fails on connection attempt
3) SSL for login page or whole app
Personally, I would go for the whole app. If you're taking the time to set up HTTPS I think you might as well cover the whole site. I guess there are slight performance overheads in running HTTPS but realistically it's not something you'd notice.
You should use a front end server for HTTPS, and use HTTPS for the whole application.
Please see Setting up a front end HTTP server and see the commented out nginx settings.
I am trying to setup a proxy configuration on a dev 853 domino server, so I can connect to a dev connections server from an XPage (using java).
It's an SSO environment, and both the domino server and connections server are protected by WebSEAL. I want to make server-side calls in java (using the Apache HTTP Client), so my XPages application can make a call across to the Connections server.
I followed some information I found in Niklas Heidloff's Social Enabler documentation: http://www.openntf.org/Projects/pmt.nsf/DA2F4D351A9F15B28625792D002D1F18/%24file/SocialEnabler111006.pdf
and also in here:
http://www.ibm.com/developerworks/lotus/library/inotes-full/index.html
I setup the proxy like this:
Context: /xsp/proxy/BasicProxy/
URL: https://connectionsserver.acompany.com
Actions: GET,HEAD,POST,DELETE,PUT
Cookies: -List of cookies-
Mime-types: *
Headers: User-Agent,Accept*,Content*,Authorization*,Set-Cookie
When I try the call, it gives me the following error:
2/28/13 12:34 PM: Exception Thrown
javax.servlet.ServletException: com.ibm.jsse2.util.g: No trusted certificate found
at com.ibm.domino.servlets.proxy.BasicProxy.throwServletException(BasicProxy.java:765)
at com.ibm.domino.servlets.proxy.BasicProxy.service(BasicProxy.java:357)..
...
Caused by: javax.net.ssl.SSLHandshakeException: com.ibm.jsse2.util.g: No trusted certificate found
I thought that passing the cookies across in this way should work (the cookies should work between both the domino-webseal and connections-webseal environments).
The error suggests that I need to import a certificate. I don't have access to the domino server to allow me to import certificates, so before I request that, I wanted to check I wasn't missing something from somewhere else.
Is there something else I am missing? Or any suggestions on doing this a different way?
Thanks,
Pam.
You have to import the certificates if they are not present. That is what the error message is indicating. There is IBM Technote 21588966 describing the necessary steps.
Furthermore (that could become the next showstopper after you sorted out SSL) you have to have a hard look how WebSeal is configured. The challenge here: WebSeal is designed to accommodate any possible backends and it is easy to get it almost working - almost as in: works for direct access via browser but fails on server-2-server or Ajax etc. The super-highly-recommended-ignore-on-your-own-risk setting for Connections/Domino is to use WebSeal's LTPA capabilities and not some ludicrous code injection.
Hth