I'm trying to connect to Solr (non cloud) which has Kerberos enabled from my SolrJ application running in Karaf container.
With Kerberos disabled, I'm able to connect fine.
With Kerberos enabled, I'm able to connect outside of Karaf by running a simple SolrClient class.
But its not working from within karaf.
Code:
System.setProperty("java.security.auth.login.config", "<path to jaas.conf file>");
String urlString = "http://<IP>:8983/solr/test";
SolrServer server = new HttpSolrServer(urlString);
QueryResponse sresponse = server.query( squery );
Exception in Karaf on trying to query:
2016-12-15 15:02:17,969 | WARN | l Console Thread | RequestTargetAuthentication | ? ? | 271 - wrap_mvn_org.apache.httpcomponents_httpclient_4.3.2 - 0.0.0 | NEGOTIATE authentication error: No valid credentials p
rovided (Mechanism level: No valid credentials provided (Mechanism level: Invalid option setting in ticket request. (101)))
2016-12-15 15:03:10,731 | ERROR | l Console Thread | Error:org.apache.solr.client.solrj.impl.HttpSolrServer$RemoteSol
rException: Expected mime type application/octet-stream but got text/html. Apache Tomcat/6.0.44 - Error report HTTP Status 401 - Authentication requiredtype Status reportmessage Authentication requireddescription This request requires HTTP authentication.Apache Tomcat/6.0.44
Related
I installed ActiveMQ version 5.17.0, and I start it by using the CMD on Windows. It started, but when I access the admin console it shows 401 error message without popup to enter username/password.
This is the log when starting:
INFO | Connector stomp started
INFO | Listening for connections at: mqtt://VN-PF2MF5K6:1883?maximumConnections=1000&wireFormat.maxFrameSize=104857600
INFO | Connector mqtt started
INFO | Starting Jetty server
INFO | Creating Jetty connector
WARN | ServletContext#o.e.j.s.ServletContextHandler#40e60ece{/,null,STARTING} has uncovered http methods for path: /
INFO | Listening for connections at ws://VN-PF2MF5K6:61614?maximumConnections=1000&wireFormat.maxFrameSize=104857600
INFO | Connector ws started
INFO | Apache ActiveMQ 5.17.0 (localhost, ID:VN-PF2MF5K6-51292-1660105581127-0:1) started
INFO | For help or more information please see: http://activemq.apache.org
INFO | ActiveMQ WebConsole available at http://127.0.0.1:8161/
INFO | ActiveMQ Jolokia REST API available at http://127.0.0.1:8161/api/jolokia/
And when I access the admin console at localhost:8161/admin
HTTP ERROR 401 Unauthorized
URI: /admin
STATUS: 401
MESSAGE: Unauthorized
SERVLET: -
How can I resolve it?
I was trying to add an oauth2.0 authentication provider in our cas (v6.1.x). But I was getting the following error.
2020-11-15 10:03:30,675 INFO [org.apereo.cas.web.flow.DelegatedClientAuthenticationAction] - <Credentials are successfully authenticated using the delegated client [OauthClient]>
2020-11-15 10:03:36,492 ERROR [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - <Authentication has failed. Credentials may be incorrect or CAS cannot find authentication handler that supports [ClientCredential(credentials=#OAuth20Credentials# | code: c.lKObb15ip36uiWfOYaTXEfQ | accessToken: com.github.scribejava.core.model.OAuth2AccessToken#5ca28902 |, clientName=OauthClient, typedIdUsed=true, userProfile=null)] of type [ClientCredential]. Examine the configuration to ensure a method of authentication is defined and analyze CAS logs at DEBUG level to trace the authentication event.>
2020-11-15 10:03:36,509 ERROR [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - <[OauthClient]: [id cannot be blank]>
2020-11-15 10:03:36,513 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN
=============================================================
WHO: NotYetAuthenticated-e111ad8e-8e6f-4edd-9de7-d2eae5040704
As you can see the credentials are successfully authenticated. After that redirected back with unauthorized access on the browser UI with the above error.
The properties I used for delegated authentication is given below:-
cas.server.name=http://localhost:8080
cas.server.prefix=http://localhost:8080/cas
cas.authn.pac4j.oauth2[0].id=${CLIENT_ID}
cas.authn.pac4j.oauth2[0].secret=${CLIENT_SECRET}
cas.authn.pac4j.typedIdUsed=true
cas.authn.pac4j.principalAttributeId=email
cas.authn.pac4j.name=OauthClient
cas.authn.pac4j.order=0
cas.authn.pac4j.lazyInit=true
cas.authn.pac4j.oauth2[0].autoRedirect=false
cas.authn.pac4j.oauth2[0].principalAttributeId=email
cas.authn.pac4j.oauth2[0].enabled=true
cas.authn.pac4j.oauth2[0].authUrl=${AUTH_URL}
cas.authn.pac4j.oauth2[0].tokenUrl=${TOKEN_URL}
cas.authn.pac4j.oauth2[0].profileUrl=${PROFILE_URL}
cas.authn.pac4j.oauth2[0].profileVerb=GET
cas.authn.pac4j.oauth2[0].scope=profile,email,roles
cas.authn.pac4j.oauth2[0].clientName=OauthClient
Thanks in advance.
I'm completely new to RabbitMQ and now I'm looking for a configuration error. The client doesn't receive any messages from RabbitMQ and I debugged it as far as possible.
Frontend messages:
Message 1:
CONNECT
login:frontend_listener
passcode:xxx
accept-version:1.0,1.1,1.2
heart-beat:20000,0
Message 2:
ERROR
message:Bad CONNECT
content-type:text/plain
version:1.0,1.1,1.2
content-length:30
Virtual host '/' access denied
There are two vHosts: / and someVhost and there are different users like frontend_listener. Now I found a way to access the log file.
RabbitMQ log file:
2020-02-11 15:50:53.579 [warning] <0.798.0> STOMP login failed for user "frontend_listener"
2020-02-11 15:50:53.579 [error] <0.798.0> STOMP error frame sent:
Message: "Bad CONNECT"
Detail: "Access refused for user 'frontend_listener'\n"
Server private detail: none
...
2020-02-11 15:51:25.349 [info] <0.850.0> Creating user 'frontend_listener'
2020-02-11 15:51:30.374 [info] <0.857.0> Setting permissions for 'frontend_listener' in 'someVhost' to '$', '$', 'client-notification.*'
2020-02-11 15:51:54.980 [warning] <0.867.0> STOMP login failed - not_allowed (vhost access not allowed)~n
2020-02-11 15:51:54.980 [error] <0.867.0> STOMP error frame sent:
Message: "Bad CONNECT"
Detail: "Virtual host '/' access denied"
Server private detail: none
2020-02-11 15:52:56.427 [warning] <0.875.0> STOMP login failed - not_allowed (vhost access not allowed)~n
It reads like the permissions are wrong. Can someone help me out interpreting that correctly?
I try to read it: User frontend_listener wants to access the vHost /, but it hasn't sufficient permissions (don't know what $ here mean other than a part of regular expression). The thing is, that I don't know if that is the correct vHost. How do I find out the URL of each vHost?
I'm asking this because I believe that the mapping to the vHost is wrong or something is missing.
Edit:
After adding host: 'someVhost' to my stomp-config.ts I was able to subscribe to the queues. Now I get the following error in the log:
2020-02-12 16:32:25.913 [error] <0.5159.1> Channel error on connection <0.5149.1> (127.0.0.1:58136 -> 127.0.0.1:15674, vhost: 'someVhost', user: 'frontend_listener'), channel 1:
operation basic.consume caused a channel exception access_refused: access to queue 'stomp-subscription-SZ3-PO1-PbZroPol-WXSQw' in vhost 'someVhost' refused for user 'frontend_listener'
2020-02-12 16:32:26.022 [error] <0.5145.1> STOMP error frame sent:
Message: access_refused
On the frontend I don't get a message or error.
You need to also pass host information in the STOMP CONNECT frame..
this is what the specifications says and clients MUST set this header
host : The name of a virtual host that the client wishes to connect to. It is recommended clients set this to the host name that the socket was established against, or to any name of their choosing. If this header does not match a known virtual host, servers supporting virtual hosting MAY select a default virtual host or reject the connection.
So this is how your CONNET frame should look
CONNECT
login:frontend_listener
passcode:xxx
accept-version:1.0,1.1,1.2
host: someVhost
heart-beat:20000,0
I have IIS FTPS Server setup and am trying to connect from a Camel route. But I'm getting the error:
22 Sep 2019 08:59:51,650 | WARN | Camel (Test) thread #202 -
ftps://test#test1834:21/BO/Salary | FtpConsumer | 248 -
org.apache.camel.camel-core - 2.17.0.redhat-630347 | Cannot
connect/login to: ftps://test#test1834:21. Will skip this poll.
I can connect via FileZilla client and perform any read/write operation.
Credentials have been verified.
Camel-Core version 2.17.0
Is anyone familiar with this issue?
this flag "isImplicit=true" is no longer valid for Camel version 3.7.0
The new flag is "implicit=true"
Take a look at the endpoint configuration, you probably should set the security mode isImplicit=true
I have 2 servers running activeMQ, one is master, the other is slave, via zookeeper.
I run the following:
Downloads\apache-activemq-5.9.1-bin\apache-activemq-5.9.1\bin\win64>activemq.bat
some WARN here:
jvm 1 | WARN | SASL configuration failed: javax.security.auth.login.LoginException: No JAAS configuration section named 'Client' was found in specified JAAS configuration file: '../../conf/login.config'. Will continue connection to Zookeeper server without SASL authentication, if Zookeeper server allows it.
jvm 1 | INFO | Opening socket connection to server "server1"
jvm 1 | WARN | unprocessed event state: AuthFailed
jvm 1 | INFO | Socket connection established to blabla.local/10.112.0.17:2181, initiating session
jvm 1 | INFO | Session establishment complete on server blabla.local/10.112.0.17:2181, sessionid = 0x14651b3478a0005, negotiated timeout = 4000
My '../../conf/login.config' looks like :
activemq {
org.apache.activemq.jaas.PropertiesLoginModule required
org.apache.activemq.jaas.properties.user="users.properties"
org.apache.activemq.jaas.properties.group="groups.properties";
};
My "username" and "password" are configured in '../../conf/activemq.xml' via "simpleAuthenticationPlugin ", not in '../../conf/login.config'
anyone knows about the WARNING i have above?
Thanks
Make zookeeper client version the same with zookeeper server version:
zookeeper client jar location:
[ActiveMQ]/lib/optional/zookeeper.jar