I am getting CSRF Failure issue while login OPenfire Admin Panel. While accessing server with IP Address I am able to login OPenfire admin panel. But while accessing the same server with sub domain at login time I am getting "CSRF Failure" error.
Do I need to enable anything in server configuration or domain configuration?
Any help is appreciated.
Related
I have two keycloak servers running on Docker containers locally on my machine. One on port 8080 and the other one on 8888. What I am trying to do is to connect the one with port 8080 to the one with 8888. I want to do that because I want to federate users. This scenario should be a test for a much larger scenario where I want to connect multiple Keycloak servers to one main keycloak servers.
This main keycloak server should be the entry point for all authentication requests. I am currently trying to solve this problem by setting up User Federation on the main keycloak server (Port 8888) using ldap. The following picture shows my configuration:
As you can see, when testing the connection url, it succeeds. However when trying to import users or even when clicking on "Test authentication", it just goes into an endless process which fails with "LDAP Query Failed". I suspect that something is wrong with the credentials (Users DN, Bind DN and Bind Credentials).
I did not found out how keycloak's ldap structure looks like, maybe some of you can help me configure this correctly. The Bind DN I tried is called "remote" (Bind Credentials is same as username), because I thought this must be the default admin account that is created when setting up Keycloak. Because the authentication fails, I suspect that this is not the right way to configure this whole scenario.
I hope I described the problem well and someone of you can help me out on this. Maybe you also have the correct page in the documentation for me to read about that?
Have a great day & Thank you kindly in advance!
I'm having a weird issue in IIS 10. I have a website that is public facing website and hosted in AWS. The website can browse thru http, but when browse in https it's prompt to ask for credential. If I click on cancel will get 401 unauthorized.
The SSL is get from win-acme.v2.1.6.773.x64.pluggable
Able to access in http
Cannot access in https
Given full control to Application Pool Identity
Given full control to Everyone as well
Anonymous authentication is the only enabled and tried IUSR and Application Pool Identity also failure
I've figured the issue is because of the newly installed Windows Admin Center and cause all the https (443) port route to Admin Center which redirect all the https to Admin Center site.
Do take not that after uninstall the Windows Admin Center, the 443 port is still reserved and cause the https get 503 error. There is another step to unreserved those 443 port by following https://stackoverflow.com/a/50103815/13356372 answer.
I am running Keycloak on an OpenShift project, and I have 4 pods running:
keycloak (v8.0.1 configured to listen on 8443 with TLS),
keycloakdb (PostgreSQL DB),
proxy (Apache 2.4 reverse proxy), and
portal (our app that we developed to handle connecting to other applications).
The keycloak pod also contains two jar files that we “borrowed” that implements PKI authentication as part of the log on.
The routes configured in OpenShift are
apache: tcp/443 to tcp/8443 on the apache pod
keycloak: tcp/443 to tcp/8443 on the keycloak pod, and
Current state:
A connection to https://proxy.domain.com is redirected to https://keycloak.domain.com for authentication
https://keycloak/domain.com which requests my certificate for a 2-way TLS authentication
then redirected to https://keycloak.domain.com/auth/auth?response_type=code&scope=openid&client=potal&state=&redirect_uri=https://proxy.domain.com/redirect_uri&nonce=
The browser displays a page which give details of my certificate and my user account name with a button to continue
Clicking the continue button, POSTs to https://keycloak.domain.com
The browser is then redirected to https://proxy.domain.com:8443
Since there is no route to https://proxy.domain.com:8443 the connection times out.
The question is how do I get keycloak to redirect the browser to https://proxy.domain.com on tcp/443?
For redirecting to particular URL after authentication, you can use URL redirection setting in client settings.
The problem is the redirect_uri in the authentication request. It points to proxy.domain.com instead to the portal.
The redirect_uriis set by the OAuth 2.0 client code in the portal. Probably, the portal software thinks its own URL starts with proxy.domain.com.
So investigate and fix the OAuth 2.0 code in the portal (probably just a configuration issue).
I have a website host on IIS 10 and installed wild card SSL. The website is working fine on all other machines and on the server as well. When i access it on my window 10 machine, it is asking to confirm the security certificate and credentials. If i press the ok button the site went to 403 Forbidden error.
This issue was related to the server. My Hosting provider has made the following changes at IIS.
IIS -> Websites -> Go to website -> SSL settings
client certificate to ignore
I set up an ADFS environment Windows Server 2012 R2 by the following steps:
creating a certificate file;
Install ADFS through Server management;
Configure ADFS with the certificate file created in #1
the above 3 steps runs successfully but I cannot access the endpoint https://[DomainControllerName]/adfs/ls. Sometimes it shows 503 error page and sometimes it just says "the webpage is not available".
Does anyone encounter the similar problem? Please help. Really appreciated!
That's not a valid endpoint.
ADFS is expecting protocol parameters after that.
Try the metadata endpoint:
https://myserver.domain.com/FederationMetadata/2007-06/FederationMetadata.xml