svcutil giving "HTTP Get Error" when generating proxy - https

I am trying to generate proxy code using svcutil.exe. Service is running on the same box.
Here is console output. Any idea what's wrong?
SvcUtil.exe https ://xyz:xxx/servicename/wsdl?wsdl
Attempting to download metadata from 'https://xyz:xxx/servicename/wsdl?wsdl' using WS-
Error: Cannot obtain Metadata from https ://xyz:xxx/servicename/wsdl?wsdl
WS-Metadata Exchange Error
URI: https ://xyz:xxx/servicename/wsdl?wsdl
Metadata contains a reference that cannot be resolved: 'https ://xyz:xxx/servicename/wsdl?wsdl'.
There was no endpoint listening at https://xyz:xxx/servicename/wsdl?wsdl that could accept the message. This is often caused by an incorrect address or SOAP action. See InnerException, if present, for more details.
The remote server returned an error: (404) Not Found.
HTTP GET Error
URI: https ://xyz:xxx/servicename/wsdl?wsdl
The document was understood, but it could not be processed.
The WSDL document contains links that could not be resolved.
There was an error downloading 'https ://localhost:xxx/servicename/wsdl?wsdl=wsdl1'.
The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.
The remote certificate is invalid according to the validation procedure.

Are you sure that's the right address for the wsdl?
What are xyz and xxx? Is xxx a port number?
For example, if you browse to it using your web browser, can you see the wsdl correctly?
You can try different urls like:
http://domain/servicename
http://domain/servicename?wsdl
https://domain/servicename
https://domain/servicename?wsdl
Do any of those work in your browser and\or using svcutil.exe?
Which version of svcutil.exe are you using?
What type of web service is it that you are trying to connect to?

Related

How can I forward server response error to client with Jetty proxyservlet.Transparent?

I have implemented a proxy extending jetty's ProxyServlet.Transparent.
However upon testing I noticed there is a difference on error messages the user sees when the server returns an error.
For example, when connecting directly to one of our application server with an invalid user credential, the server should return something more specific with instructions on the auth as we have set it this way. When connecting to the proxy server the error is in its most generic form like Authentication failed: Unauthorized
I suspect at some stage jetty checks on the server response and set the proxy response with minimal information so I am looking into the Transparent class code and its parent classes to find which method I can override to intercept the original server response and forward the information in the proxy response, assuming my understanding on these two responses are correct.
Thanks for the help.

Twilio Room-events status callback handler

I have deployed the java service (Spring-boot) under the docker container and have been using embedded tomcat with SSL configurations specified in application.properties file.(I am using cert.pem file generated by let's encrypt authority.)
Before making the service https, I was receiving webhooks from Twilio but as soon as I make my services https secured, I stopped receiving callbacks.
In Twilio console, debugger events shows following error:
Twilio was unable to fetch content from: https://example.com:8081/twilio/room-events
Error: Handshake failure: certificate exception
While sending events -> Twilio receiving error:
Msg "Video: Callback request was unsuccessful"
httpResponse "502"
and in header:
X-Twilio-WebhookAttempt 2
X-Twilio-WebhookRetriable true
X-Twilio-Reason Certificate exception: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Content-Length 462
Content-Type text/html
I won't be able to find any solution as I don't have idea about what is happening here.
To resolve the error, I have tried adding certificates in the keystore to resolve the issue (DigicertGlobalRootCA.cert) (source:https://support.twilio.com/hc/en-us/articles/360007853433-Troubleshooting-Certificate-Errors-from-the-Twilio-REST-API)
But it is not resolved yet.
I am using this MultiValueMap<String,String> as a request parameter with POST request to receive the events.
PS : When I am using it in a local with the ngrok setup. it's working perfectly fine.
Thank you for your help.
I was using the cert.pem file provided by the Let's encrypt. Instead of cert.pem, fullchain.pem needs to be used in order to communicate with the external world.(In java keystore)
Used the below URL to find out the SSL validation:
https://www.sslshopper.com/ssl-checker.html
Took reference from this wonderful article for getting information about the certificate chain.
https://medium.com/#superseb/get-your-certificate-chain-right-4b117a9c0fce

Google OAuth 2 authorization - Error: Redirect Uri Mismatch

JSON File
{"web":{"auth_uri":"https://accounts.google.com/o/oauth2/auth",
"client_secret":"c-kaafSexciO7It3QcKxx3BO",
"token_uri":"https://accounts.google.com/o/oauth2/token",
"client_email":"xxx678964-tjkl572knihtgocll9tnadvsdngmnld6#developer.gserviceaccount.com",
**"redirect_uris":["http://www.alfrosia.com"]**,
"client_x509_cert_url":"https://www.googleapis.com/robot/v1/metadata/x509/798911678964-tjkl572knihtgocll9tnadvsdngmnld6#developer.gserviceaccount.com",
"client_id":"xxx1678964-tjkl572knihtgocll9tnadvsdngmnld6.apps.googleusercontent.com",
"auth_provider_x509_cert_url":"https://www.googleapis.com/oauth2/v1/certs",
"javascript_origins":["[http://www.alfrosia.com][1]"]}}
I am specifying proper redirect url in the json file above, but during authentication it is giving wrong url message on browser. While I have given, this as Redirect Uri in json file.
In the error message it says that
redirect_uri=http://localhost:57826/authorize/
is uri_mismatch while I have not specified it in json
But Google OAuth2 authorization Failed ,this error message occurs during authentication process
- Error: redirect_uri_mismatch.
Request Details
scope=https:[//www.googleapis.com/auth/youtube.readonly][3]
response_type=code
redirect_uri=http://localhost:57826/authorize/
access_type=offline
pageId=none
client_id=xxxxx964-tjkl572knihtgocll9tnadvsdngmnld6.apps.googleuserconten
redirect_uri must exactly match what you have set in the Google Developer console. My guess is that your code / client library / IDE is automatically setting the redirect URI based upon the url you are browsing from.
Visual studio for example has a habit of randomly changing the port.
Option 1:
Fix your redirect uri in the Google developer console to
http://localhost:57826/authorize/
option 2:
assuming you are using visual studio fix the project settings so it stops adding a random port.
option 3:
assuming you are using java or visual studio IDE that may be adding this random port. Create a Client ID for native application instead of a Client ID for web application and use that for testing on local host. Do not release Client ID for native application to your live webserver.
"localhost" is not working in Google developer console.
Try 127.0.0.1 as redirect URI and don't use symbols in the URI.

Error Message: No peer endpoint available to which to send SAML response

I installed Shibboleth SP on my mac. I try to make a connect with the test shib. However, I get this error after I login.
Error Message: No peer endpoint available to which to send SAML response
Here's my Shibboleth2.xml
<Sessions lifetime="28800" timeout="3600" relayState="ss:mem"
checkAddress="false" handlerSSL="false" cookieProps="http">
<SSO entityID="https://idp.testshib.org/idp/shibboleth"
discoveryProtocol="SAMLDS" forceAuthn="true">
SAML2 SAML1
</SSO>
<MetadataProvider type="XML" uri="http://www.testshib.org/metadata/testshib-providers.xml"
backingFilePath="testshib-two-idp-metadata.xml" reloadInterval="180000">
</MetadataProvider>
here's my metadata
<md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://localhost/Shibboleth.sso/SAML2/POST" index="1"/>
<md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign" Location="https://localhost/Shibboleth.sso/SAML2/POST-SimpleSign" index="2"/>
<md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:PAOS" Location="https://localhost/Shibboleth.sso/SAML2/ECP" index="3"/>
<md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://localhost/Shibboleth.sso/SAML/POST" index="4"/>
Why I am getting this error?
This message indicates a mismatch between the configuration of the Testshib Identity Provider and your Shibboleth Service Provider you tried logging in to. I would suspect a problem caused by using the name "localhost" in the Assertion Consumer Service URL provided with your metadata. The IDP is trying to send the SAML response to https://localhost/Shibboleth.sso/SAML2/POST, but there is of course no Assertion Consumer Service because "localhost" is in this case the IDP itself.
So, I would start by removing everything from Testshib, changing your SP's entityID to make it more unique (Use your IP address instead of localhost) and re-add updated metadata for your SP to TestShib.
Try the request, then Testshib's idp logs at https://idp.testshib.org/cgi-bin/idplog.cgi?lines=300. For me, there was an error message like this:
05:15:03.350 - WARN [org.opensaml.saml2.binding.AuthnResponseEndpointSelector:206] -
Relying party 'my.entity.id' requested the response to be returned to endpoint with ACS
URL 'https://wrong-host/Shibboleth.sso/SAML2/POST' and binding 'urn:oasis:names:tc:
SAML:2.0:bindings:HTTP-POST' however no endpoint, with that URL and using a supported
binding, can be found in the relying party's metadata
But my metadata said
<md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
Location="https://right-host/Shibboleth.sso/SAML2/POST" index="1"/>
As you can see, shibd asked to be redirected to the wrong place. The problem is that shibd uses the host name from Apache. (I assume you're using Apache. The setup is probably similar if not.)
The solution is to go to /etc/apache2/sites-enabled/default-ssl.conf and set ServerName to the correct host:port that matches your metadata. Then, open /etc/apache2/apache2.conf and make sure UseCanonicalName is On.
This is detailed in the docs, which I recommend reading carefully.

Tasker HTTP Get returns file not found

I'm attempting to use tasker to go back and forth with the ecoBee API. In doing so, I've been unable to get past the first step due to an issue I'm running into with tasker.
Here's my setup:
Server:Port - https://api.ecobee.com:443 (I've also tried without the port, and without the https://
Path - /1/authorize
Mime Type - application/json
Trust Any Certificate
When running this i get a Tasker toast message that states "Input/Output error for https://api.ecobee.com:443/1/authorize : java.io.FileNotFoundException: https://api.ecobee.com:443/1/authorize"
Going to that URL works from the phone browser and a computer browser. Am I missing something obvious?
Try using https://api.ecobee.com/authorize URL instead. Seems like your URL is wrong. You can also see valid URL's for Authorize call here: Authorization Endpoints

Resources