I am trying to integrate rally with java project using rally api version 2.2.1 but I am getting an exception:
javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated exception.
Related
We have a python Cloud Run service that's CI/CD managed via the repo in Github.
It deployed without any issues, but after adding the firebase sdk and the firebase_config.json configs into the service, the CI/CD failed with this error:
"Push": denied: Token exchange failed for project 'phre-promgt'. Access denied.
The added features of utilizing firebase within the service works locally (checked the firebase auth side to make sure it's working), but it seems to throw this error when we redeploy it via the CI/CD.
Any ideas?
We have notice a security breach when implementing/testing the authentication module with MFP 8.0.
We are building a MobileFirst 8 web-based app using MFP Web SDK and we implemented the security check as per the credentials validation security check:
https://mobilefirstplatform.ibmcloud.com/tutorials/en/foundation/8.0/authentication-and-security/credentials-validation/
In the client side, after a user is authenticated, we found out that MFP Web SDK is using LocalStorage to save the following entries :
com.mfp.browser.uniqueid, com.sample.pincodeweb.com.mfp.oauth.application.data and com.sample.pincodeweb.com.mfp.oauth.clientid
The problem is when we took the clientid key/value pair from an authenticated user's browser and inserted them in a whole new different browser, unfortunately we found out that the user is being fully authorized and authenticated in the new browser even though we didn't provide any user credentials nor redirected to login.
We have tried it on the PinCode sample:
https://github.com/MobileFirst-Platform-Developer-Center/PinCodeWeb/tree/release80
Even the user authentication share the same problem.
I am trying to use MobileFirst Server as a OAuth Server. The knowledge center provide detail step on how any external application can validate the token sent by Mobile client via MobileFirst Token validator end point. But not able to find proper documentation for request a new authorization token from mobile client from MFP Server.
In development environment we have a testtoken endpoint.
http://localhost:10080/OAuthExternalServer/authorization/v1/testtoken
{ "Authorization": "Bearer eyJqcG ......... }
How to get similar token from MFP production server on mobile client.
MFP Version: Server version: 7.1.0.00.20170330-0917
Thanks
With the OAuth security model, MFP server is your OAuth token provider. Upon completing the challenge server gives you an OAuth token. You need not do anything special in the ChallengeHandler for OAuth token. Refer to the samples here: https://mobilefirstplatform.ibmcloud.com/tutorials/en/foundation/7.1/authentication-security/
If you are looking to use OAUTH for authenticating an external resource , refer the steps here https://mobilefirstplatform.ibmcloud.com/tutorials/en/foundation/7.0/authentication-security/using-mobilefirst-server-authenticate-external-resources/
Here is an example token validator which uses introspectionData to validate https://mobilefirstplatform.ibmcloud.com/tutorials/en/foundation/8.0/authentication-and-security/protecting-external-resources/jtv/
Basically Introspection Endpoint can be invoked to validate the token provided by MFP server
General OAuth flow with 7.1 for a default flow can be referred here https://mobilefirstplatform.ibmcloud.com/tutorials/en/foundation/7.0/authentication-security/authentication-concepts/oauth-based-security-model/ .
I am configuring WSO2 API Manager 1.10 with Prepackaged Identity server 5.0.
Have followed all steps in https://docs.wso2.com/display/CLUSTER44x/Configuring+the+Identity+Server+5.1.0+as+a+Key+Manager+with+API+Manager+1.10.0.
I am able to do SSO with Identity server and API Manager. I am able to generated API tokens with Identity server.
When i try to regenerate it fails with error - Token revoke failed : HTTP error code : 400
Below are logs from Identity server
[2016-06-16 06:26:19,875] ERROR {org.wso2.carbon.identity.oauth.endpoint.token.OAuth2TokenEndpoint} - Error while creating the Carbon OAuth token request
OAuthProblemException{error='invalid_request', description='Missing grant_type parameter value', uri='null', state='null', scope='null', redirectUri='null', responseStatus=0, parameters={}}
at org.apache.oltu.oauth2.common.exception.OAuthProblemException.error(OAuthProblemException.java:59)
at org.apache.oltu.oauth2.common.utils.OAuthUtils.handleOAuthProblemException(OAuthUtils.java:167)
at org.wso2.carbon.identity.oauth2.model.CarbonOAuthTokenRequest.initValidator(CarbonOAuthTokenRequest.java:91)
at org.apache.oltu.oauth2.as.request.OAuthRequest.validate(OAuthRequest.java:60)
at org.apache.oltu.oauth2.as.request.OAuthRequest.<init>(OAuthRequest.java:52)
at org.apache.oltu.oauth2.as.request.AbstractOAuthTokenRequest.<init>(AbstractOAuthTokenRequest.java:34)
at org.apache.oltu.oauth2.as.request.OAuthTokenRequest.<init>(OAuthTokenRequest.java:55)
at org.wso2.carbon.identity.oauth2.model.CarbonOAuthTokenRequest.<init>(CarbonOAuthTokenRequest.java:58)
at org.wso2.carbon.identity.oauth.endpoint.token.OAuth2TokenEndpoint.issueAccessToken(OAuth2TokenEndpoint.java:109)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
Anyone faced same issues? any help is appreciated.
I am trying to connect to rally through rally rest api for fetching a user. I am facing IO Exception while connecting to the rally URL https://rally1.rallydev.com.
Here is an example of how to connect to Rally using Rally REST toolkit for Java:
String host = "https://rally1.rallydev.com";
String apiKey = "_abc123";
RallyRestApi restApi = new RallyRestApi(new URI(host),apiKey);
where _abc123 is a placeholder for a valid ApiKey.
ApiKeys and Rally authentication is general (Rally username/password) cannot be used with your company's SSO. If your organization is using SSO to connect to Rally, and if your SSO configuration allows exceptions, your username has to be added to the exceptions list. If a user account is on the SSO exceptions list it can be used to connect to Rally using Rally authentication (username/password or ApiKey).