I was able to get the information returned by Shibboleth through the program deployed above IIS (code below).
<% # Page Language="C#" %>
<%
Response.Write("<h3>Server Variables</h3>");
Response.Write("mail= " + Request["mail"] + "<br>");
Response.Write("name = " + Request["name"] + "<br>");
%>
However, I can't get the authentication information when I jump to glassfish with the following Settings
<httpRedirect enabled="false" destination="https://glassfish.fujitsu.com:8443/info" exactDestination="true" httpResponseStatus="Found" />
After investigation, it was found that when IIS, the information returned by shibboleth could only exist in the request header.
What can I do to make the information available to glassfish's application
My environment is as follows
OS: windows 2016
IIS: 10
GlassFish: 5.1.0
and my shibboleth2.xml is as follows:
<ISAPI normalizeRequest="true" safeHeaderNames="true" useHeaders="true">
<SSO entityID="http://adfs-srv.fujitsu.com/adfs/services/trust"
discoveryProtocol="SAMLDS" discoveryURL="https://ds.example.org/DS/WAYF">
SAML2
</SSO>
...
attribute-map.xml's setting is as follow:
<Attribute name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" id="mail" />
<Attribute name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name" id="name" />
The browser returns the result of the iis program is as follow:
Server Variables
mail= ***#cn.**.com
name= y*
thanks!!
waiting for your help!
Related
I am working on WEB API Windows Authentication. I have added below config in web.config
Getting this issue:
This configuration section cannot be used at this path.
This happens when the section is locked at a parent level. Locking is either by default (overrideModeDefault="Deny"), or set explicitly by a location tag with overrideMode="Deny" or the legacy allowOverride="false"
Please help me on this. Please provide steps how to achieve window authentication in web api
The reason why this error encounters is probably because of the
settings to enable windowsauthentication in IIS via the
web.config file. To resolve this you have to adjust the applicationhost.config file of the IIS server. You need to tell IIS that his own configuration may be overwritten:
For IIS Express follow these instructions
For IIS Server follow 'section applicationhost.config'
Below steps (simple scenario) to allow windows authentication
Assure the webapi project is using windows authentication.
<system.web>
<authentication mode="Windows"></authentication>
</system.web>
Set IIS to windowsAuthenthication and nothing else by configuring the config file
<system.webServer>
<security>
<authentication>
<windowsAuthentication enabled="true" />
<anonymousAuthentication enabled="false" />
<basicAuthentication enabled="false"/>
</authentication>
</security>
</system.webServer>
Adjust the applicationhost.config of IIS like described above.
We are upgrading our ColdFusion 9 non-ssl application to ColdFusion 11 ssl enabled setup using Websphere.
We have a few flex components that utilize Flex2Gateway to call remote services. The application/Flex2gateway calls work fine with http but not on https.
The following urls give me a blank page which as per Adobe forums mean that Flex2Gateway is setup right:
http://example.com/flex2gateway
https://example.com/flex2gateway
The app calls the non-ssl url(not sure why):
http://example.com/flex2gateway and then gets redirected to
https://example.com/flex2gateway
When I look at the browser developer tools(IE, Chrome) the redirection from
http://example.com/flex2gateway to https://example.com/flex2gateway
seems to be working fine. Can anybody provide some insights on a possible solution?
Here is my remoting-config.xml
<?xml version="1.0" encoding="UTF-8"?>
<service id="remoting-service"
class="flex.messaging.services.RemotingService"
messageTypes="flex.messaging.messages.RemotingMessage">
<adapters>
<adapter-definition id="cf-object"
class="coldfusion.flash.messaging.ColdFusionAdapter" default="true"/>
<adapter-definition id="java-object"
class="flex.messaging.services.remoting.adapters.JavaAdapter"/>
</adapters>
<default-channels>
<channel ref="my-cfamf-secure"/>
</default-channels>
<destination id="ColdFusion">
<channels>
<channel ref="my-cfamf-secure"/>
</channels>
<properties>
<source>*</source>
</properties>
</destination>
I do see the following in services-config.xml and I did uncomment the WebsphereLoginCommand option but saw no difference.
<security>
<login-command class="flex.messaging.security.JRunLoginCommand" server="JRun"/>
<!-- Uncomment the correct app server
<login-command class="flex.messaging.security.TomcatLoginCommand" server="Tomcat"/>
<login-command class="flex.messaging.security.WeblogicLoginCommand" server="Weblogic"/>
<login-command class="flex.messaging.security.WebSphereLoginCommand" server="WebSphere"/>
-->
UPDATE: I got https disabled on our server and receive the below error now when I try to access flex component:
faultCode:Client.Error.MessageSend faultString:'Send Failed' faultDetail:'Channel.Connect.Failed error NetConection.Call.Failed: HTTP: Failed:url: 'http://example.com/flex2gateway/"
I enabled SSL in Visual Studio 2015 in order to implement Facebook and Google login locally.
I changed the project URL in the Web tab of the project's properties to https://localhost:44300/ and decorated the controller with the RequireHttps attribute - ref #msdn.
Everything worked fine locally.
I reverted settings to HTTP to test something else and that caused me a problem when I tried to get back to HTTPS.
I found this SO question and tried almost every suggested solution.
Error detail:
Failed to register URL "url" for site "site" application "path".
Error description: Access is denied. (0x80070005).
I had to issue this command in DOS to solve the problem in VS 2015:
netsh http add urlacl url=http://{ip_addr}:{port}/ user=everyone
Strangely this was only needed when I moved the project to a different PC. On the original PC I didn't need it.
Turned out this very answer on the same question thread by Cayne led me to the solution.
The port change didn't work because applicationhost.config file, located in .vs folder specific for VS2015, kept bindings combo of old port for Http and Https as a default setting. No matter how many times did I change port to something else while trying with Http (only got clogged with mass of new web site bindings in the config file) as soon as I wanted to switch back to SSL it ended up with the first bindings combo. The port it complained about that can't be registered any more.
Once I deleted that first bindings combo everything was fine.
I hope this will help someone in the future.
Go to C:\Users{username}\Documents\IISExpress\config and open the applicationhost.config file.
Search for the <sites> tag in the document. You will see some lines similar to the following.
<site name="WebSite1" id="1" serverAutoStart="true">
<application path="/">
<virtualDirectory path="/" physicalPath="%IIS_SITES_HOME%\WebSite1" />
</application>
<bindings>
<binding protocol="http" bindingInformation="*:8080:localhost" />
</bindings>
</site>
Replace the line <binding protocol="http" bindingInformation="*:8080:localhost" /> as follows.
<binding protocol="http" bindingInformation="*:{required_port_number}:*" />
I think you can even remove the * marks in bindingInformation.
Then restart IIS Server (remove all IIS server related operations using Task Manager and go to C:\Program Files\IIS Express folder and run iisexpress.exe: you might need to Run as Administrator).
A console will open and if all went well, following lines will be displayed.
Successfully registered URL "http://*:{required_port_number}/" for site "Website1" application "/"
...
Also check in browser whether the required URL works now.
Here's a very useful resource...
I have an application that connect to an external web service.
The application works fine but with one client I can't get through their proxy.
Since the proxy is configured on the computer i started with
<binding useDefaultWebProxy="true" ... >
With this I get the error message:
The remote server returned an error: (407) Proxy Authentication Required.
Then I tried to add:
<security mode="Transport">
<transport proxyCredentialType="Windows"
realm="" />
</security>
but the error message did not change
With some googling I found out that the default setting is to not send credentials to the proxy. The following setting is supposed to enable sending credentials:
<system.net>
<defaultProxy useDefaultCredentials="true" />
</system.net>
However, I now get another error message:
Insufficient permissions for setting the configuration section 'defaultProxy'.
Request for the permission of type 'System.Net.WebPermission, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.
I don't understand this message. The application is running on the local computer so it should have full trust. Checked with caspol -m -l and it shows
1. All code: Nothing
1.1. Zone - MyComputer: FullTrust
Now I am out of ideas.
I don't know how to add WebPermission to an assmebly running on the local computer and I don't know if this solves the original problem with proxy authentication.
Some other details which I don't know if it matters.
Windows 7 64-bit
webservice uses https (I can reach the service via internet explorer)
user is local admin
I am getting an error while accessing the core service on SDL Tridion 2011 SP1. When I am trying to browse /webservices/CoreService2011.svc from IIS server, it shows the following error:
This collection already contains an address with scheme http.
There can be at most one address per scheme in this collection. If your service is being hosted in IIS you can fix the problem by setting 'system.serviceModel/serviceHostingEnvironment/multipleSiteBindingsEnabled' to true or specifying 'system.serviceModel/serviceHostingEnvironment/baseAddressPrefixFilters'.
Parameter name: item
Can any one help, how it can be rectified.
I believe you have multiple hostnames setup for your Tridion CME. Or at least you are trying to connect to your Content Manager (in this case with Core Service) using multiple hostnames.
Can you try the following:
connect using localhost (obviously when you are local on the server) E.g. http://localhost/webservices/CoreService2011.svc
If above doesn't work, try looking up what host name is registered in IIS for your SDL Tridion 2011 website (in IIS 7, Right click the website, then choose Edit Bindings...). Try connect to the Core Service using the hostname defined in the website bindings
If above still doesn't solve it, try editing your web.config under "Tridion_Home\webservices" and add the following node under configuration / system.ServiceModel
Node:
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true">
<!-- The attribute "multipleSiteBindingsEnabled" was introduced in .net 4 and removes the need of http module: Tridion.Web.ServiceModel.HttpSvcPortFunneler -->
<!-- For https protocol and/or multiport configuration, uncomment this.
There should be a <add /> entry for each unique combination of protocol and hostname that is configured in IIS Bindings.
<baseAddressPrefixFilters>
<add prefix="http://hostname:portnumber"/>
<add prefix="https://hostname"/>
</baseAddressPrefixFilters>
-->
</serviceHostingEnvironment>