I need to create an openrdf:SailRepository in which to authenticate with basic authentication with username and password to a service. I tried the following configuration of the repository, but I don't know how to set the username and password to connect to the service.
PREFIX repo: <http://www.openrdf.org/config/repository#>
PREFIX reposail: <http://www.openrdf.org/config/repository/sail#>
PREFIX ephedra: <http://www.metaphacts.com/ontologies/platform/ephedra#>
PREFIX sail: <http://www.openrdf.org/config/sail#>
PREFIX rdfs: <http://www.w3.org/2000/01/rdf-schema#>
PREFIX : <http://www.metaphacts.com/ontologies/platform/service/custom#>
[] a repo:Repository ;
repo:repositoryID "rest-api-wrapper" ;
rdfs:label "Repository to connect to a remote REST API." ;
repo:repositoryImpl [
repo:repositoryType "openrdf:SailRepository" ;
reposail:sailImpl [
sail:sailType "metaphacts:RESTService" ;
ephedra:serviceURL "http://example.org/rest/service/api" ;
ephedra:httpMethod "POST" ;
ephedra:httpHeader [
ephedra:name "Authorization";
ephedra:value "Basic Auth"
] ;
ephedra:implementsService ephedra:service-name
]
] .
I looked over the documentation on hhttps://rdf4j.org/documentation/reference/configuration/#SailRepository but I don't find any example with the basic authorization concept. Also I need to be able to also configure the body of the POST request. How could I change the template above to add the username, password and the body parameters of the request?
Related
Hello im new to auth0 and i want to know why is this working:
im making a post request to /dbconnections/signup with this body :
{
"client_id" : "CLIENT_ID",
"email" : "myemail",
"username" : "myuser",
"password" : "mypass",
"connection" : "Username-Password-Authentication"
}
this returns “connection is disabled” because i have it disabled for the client but for some reason when i leave the client_id empty it says the account is created :
{
"client_id" : "id_generated",
"email_verified" : false,
"email" : "myemail"
}
thanks
why does it work when client_id is empty
i asked the same question on the auth forum and the reason why is this working is because apparently client_id is not actually required for the /dbconnections/signup endpoint despite what the documentation said: https://community.auth0.com/t/please-why-does-this-work-when-client-id-is-empty-here/96211
I have a CAS system for authenticate some applications by SSO withing CAS protocol.
All apps can authenticate in CAS by a LDAP provider. I tried to add some differents authentications origins for each application, more specifically their own database.
When I add the identifiers/names for the requires authentication handlers in each service definition (https://apereo.github.io/cas/development/services/Configuring-Service-Required-AuthN.html#configure-service-required-authentication).
The apps can't validate the ticket because CAS always response: "[INVALID_SERVICE] The ticket not match supplied service". But the both services (the suplied and the original) are the same, as you can see in next log:
CAS_AuthenticationException thrown CAS URL:
https://mycasserver.or/cas/p3/serviceValidate?service=http%3A%2F%2Fxxx.xx.x.xxx%2Fwp-login.php%3Fredirect_to%3Dhttp%253A%252F%252Fxxx.xx.x.xxx%252Fwp-admin%252F%26reauth%3D1&ticket=ST-19--K-ObBsa-WssIZQ56Ev-WCT26FAubuntuserver
Authentication failure: Ticket not validated Reason: [INVALID_SERVICE]
CAS error: The ticket 'ST-19--K-ObBsa-WssIZQ56Ev-WCT26FAubuntuserver'
not match supplied service. The original service was
'http://xxx.xx.x.xxx/wp-login.php?redirect_to=http%3A%2F%2Fxxx.xx.x.xxx%2Fwp-admin%2F&reauth=1'
and the suplied service was
'http://xxx.xx.x.xxx/wp-login.php?redirect_to=http%3A%2F%2Fxxx.xx.x.xxx%2Fwp-admin%2F&reauth=1'.
CAS response: The ticket
'ST-19--K-ObBsa-WssIZQ56Ev-WCT26FAubuntuserver' not match supplied
service. The original service was
'http://xxx.xx.x.xxx/wp-login.php?redirect_to=http%3A%2F%2Fxxx.xx.x.xxx%2Fwp-admin%2F&reauth=1'
and the original service was
'http://xxx.xx.x.xxx/wp-login.php?redirect_to=http%3A%2F%2Fxxx.xx.x.xxx%2Fwp-admin%2F&reauth=1'.
My complete service deffinition is:
{
"id" : 109,
"#class" : "org.apereo.cas.support.oauth.services.OAuthRegisteredService",
"serviceId" : "^http://xxx.xx.x.xxx/.*",
"clientId" : "45rtXXXXXXXXX5d5hfg2gui",
"clientSecret" : "XXXXXXXXXXXa36j7esahr51478268XXXXXXXXXXX",
"name" : "My App",
"description" : "My APP description",
"evaluationOrder" : 1,
"bypassApprovalPrompt": true,
"attributeReleasePolicy" : {
"#class" : "org.apereo.cas.services.ReturnAllowedAttributeReleasePolicy",
"allowedAttributes" : [
"java.util.ArrayList",
["sn",
"cn",
"principalLdapDn",
"givenName",
"email",
"uid",
"authenticationMethod"]
]
},
"accessStrategy" : {
"#class" : "org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy",
"unauthorizedRedirectUrl" : "http://mycasserver.or/cas/error",
"enabled" : true,
"ssoEnabled" : true,
"requiredAttributes" : {
"#class" : "java.util.HashMap",
"authenticationMethod" : [ "java.util.HashSet", [ "ldap", "database" ] ]
}
},
"requiredHandlers" : [ "java.util.HashSet", ["ldap", "database"] ]
}
Here my configuration of ldap and database in 'cas.properties' file:
# LDAP Authentication
cas.authn.ldap[0].ldapUrl=ldap://xxx.xx.x.xx:389
cas.authn.ldap[0].baseDn=dc=ldap,dc=myorganization,dc=com
cas.authn.ldap[0].searchFilter=uid={user}
cas.authn.ldap[0].bindDn=cn=admin,dc=ldap,dc=myorganization,dc=com
cas.authn.ldap[0].bindCredential=mypass
cas.authn.ldap[0].useSsl=false
cas.authn.ldap[0].name=ldap
cas.authn.ldap[0].order=0
# Database Authentication
cas.authn.jdbc.query[0].user=adminuser
cas.authn.jdbc.query[0].password=adminpassword
cas.authn.jdbc.query[0].driverClass=com.mysql.cj.jdbc.Driver
cas.authn.jdbc.query[0].url=jdbc:mysql://xxx.xx.x.xx:3306/mydatabse
cas.authn.jdbc.query[0].dialect=org.hibernate.dialect.MySQL57InnoDBDialect
cas.authn.jdbc.query[0].sql=SELECT * FROM mydatabse.users WHERE username=?
cas.authn.jdbc.query[0].fieldPassword=password
cas.authn.jdbc.query[0].name=database
cas.authn.jdbc.query[0].order=1
cas.authn.jdbc.query[0].passwordEncoder.type=org.example.cas.myCustomPasswordEncoder
Can we create a user in vault API using special characters. For example below POST url is used to create users.
POST : http://localhost:8200/v1/auth/userpass/users/myuser-1#beta_1.0$
Paylod :
{
"password": "myPassword",
"policies": "myuser-1#beta_1.0$",
"ttl": "120",
"max_ttl": "120"
}
Result :
{
"errors": [
"1 error occurred:\n\t* unsupported path\n\n"
]
}
the user myuser-1#beta_1.0$ contains special characters # _ $. I think the # $ chars should be encoded before passing to vault. However there is no information about url encoding in below documentation.
https://www.vaultproject.io/api/auth/userpass/index.html
Is encoding supported here or should it be replaced with other char before sending it to vault??
Note: Removing # $ chars, api works fine.
We are trying to use UCWA 2.0 API for integrating Skype for Business Online. Using MS developer account(Azure AD tenant) with free trial.
After home pool server discovery when we create the application resource we get limited resources links in the response of POST
UCWA 2.0 API documentation mentions many resources and links for all of them are not provided in the response of above POST.
Quesiton -1 : Are all UCWA 2.0 REST resources available for use with Skype for Busines Online? If not then which are not exposed and when they will be available?
Question 2:
We are struggling specially with conversationlogtranscript. Objective is to get the chat transcript of chat conversation in a meeting .
What we have tried is here:
Hit to POST https://webpoolmaain102.infra.lync.com/ucwa/oauth/v1/applications/10241512914/communication/makeMeAvailable ( to add modalities like messaging)
with body
{
"audioPreference" : "PhoneAudio",
"phoneNumber" : "4255552222",
"signInAs" : "BeRightBack",
"supportedMessageFormats" : [
"Plain",
"Html"
],
"supportedModalities" : [
"PhoneAudio",
"Messaging"
]
}
returns 204 No Content
Hit to PUT https ://webpoolmaain102.infra.lync.com/ucwa/oauth/v1/applications/10241512914/communication, (where we are trying to enable a specific parameter "conversationHistory")
returns :
428 Precondition Required with If-Match header as 3fc81bb8-98f5-48b3-8981-d2fbd05305f. or 1529525322 (communications etag value)
Response body in both base : {
"code": "PreconditionRequired",
"message": "Your request couldn't be completed."
}
here body of this PUT as below:
{
"simultaneousRingNumberMatch" : "Disabled",
"videoBasedScreenSharing" : "Disabled",
"rel" : "communication",
"audioPreference" : "PhoneAudio",
"conversationHistory" : "Enabled",
"lisLocation" : "samplevalue",
"lisQueryResult" : "Succeeded",
"phoneNumber" : "tel : +14255524222",
"publishEndpointLocation" : true,
"supportedMessageFormats" : [
"Plain",
"Html"
],
"supportedModalities" : [
"PhoneAudio",
"Messaging"
]
}
Header of this PUT is as below:
If-Match:3fc81bb8-98f5-48b3-8981-d2fbd05305f
Authorization:Bearer
Accept:application/json
Content-Type:application/json
Host:webpoolmaain102.infra.lync.com
Here we have tried "If-Match" header with both : (1) "3fc81bb8-98f5-48b3-8981-d2fbd05305fc": (this value comes with text "please pass this in a PUT request") and (2) "etag": "1529525322" . Both from "communication" section inside embedded of the application resources.
So both ways to enable conversationHistory settings through communication resources is giving 428 issue which shoudl not come as we are passing "If-Match" header already.
Can you pls suggest if we are doing something wrong here and how can we get "conversationLogTranscript" of a user's meetings
Regards,
Sourabh
We are running a web application (shiny-server, where coding is done in R) and want to add an authentication layer to it.
Rather than building something to do this in R, I thought of using meteor to create auth tokens and all that.
This is the way i was thinking of doing it:
A user logs in with meteor and meteor creates a database entry that looks something like this:
{ "createdAt" : 1372521823708,
"_id" : "HSdbPBuYy5wW6FBPL",
"services" : { "password" : { "srp" : { "identity" : "vKpxEzXboBaQsWYyJ",
"salt" : "KRt5HrziG6RDnWN8o",
"verifier" : "8d4b6a5edd21ce710bd08c6affb6fec29a664fbf1f42823d5cb8cbd272cb9b2b3d5faa681948bc955353890f645b940ecdcc9376e88bc3dae77042d14901b5d22abd00d37a2022c32d925bbf839f65e4eb3a006354b918d5c8eadd2216cc2dbe0ce12e0ad90a383636a1327a91db72cf96cd4e672f68544eaea9591f6ed102e1" } },
"resume" : { "loginTokens" : [
{ "token" : "t9Dxkp4ANsYKuAQav",
"when" : 1372521823708 } ] } },
"emails" : [
{ "address" : "example#example.com",
"verified" : false } ] }
The user is redirected to the "old application". Here we check local storage (should be the same local storage as meteor if we use the same outward facing host and port, correct?)
and find this information:
Meteor.loginToken: t9Dxkp4ANsYKuAQav
Meteor.userId: HSdbPBuYy5wW6FBPL
The local storage data is investigated by "the other application" and it does a simple database query against the meteor db to verify that the local storage information matches what is in the database. Perhaps also check some kind of expiration date. If this matches, the application renders, otherwise it doesn't.
Is this a decently safe way to do it? Will it work to share local storage between the applications?
Of course you'll have to make sure that your WebSockets are running over TLS. LocalStorage uses a simple Same-origin Policy. So yes it will work. LocalStorage is as secure as a cookie so that's ok.
TLDR:
Yes and Yes