How can I log into an Okta enabled site using curl? - authentication

I'm trying to use curl to log into an Okta-enabled site providing the user name & password using the parameter -u {username:password} and all I get back is the html content of the Okta redirect page.
How can I login into the app by providing my Okta credentials using curl?

You can use the following script, assuming you have installed jq (https://stedolan.github.io/jq/download):
sessionToken=$(curl -X POST -H "Accept: application/json" -H "Content-Type:
application/json" -d '{
"username": "[okta_username]",
"password": "[password]",
"options": {
"multiOptionalFactorEnroll": true,
"warnBeforePasswordExpired": true
}
}' "https://[yourorg].oktapreview.com/api/v1/authn" | jq '.sessionToken' -r)
curl -X GET "https://[yourorg].oktapreview.com/login/sessionCookieRedirect?token=${sessionToken}&redirectUrl=http://blah" -c "okta-cookie"
curl -X GET [OKTA_EMBED_LINK] -b "okta-cookie" -L -v
From the last line, you will need to grab the SAMLResponse form parameter and submit it to the action url of the same form.
I hope this helps!

Related

Triggering Airflow DAG via API

I have installed Airflow 2.0.1 on EC2 with PostgreSQL RDS as metadata db. I want to trigger DAG from Lambda so tried to test the code with curl but am receiving Unauthorized as response. What if anything should I be doing differently?
Steps:
Create user for lambda
airflow users create -u lambda_user -p some_pwd -f Lambda -l User -r User -e someone#nowhere.com
Define variables on shell (for lambda user, password and endpoint url)
Make the curl call
curl -H "Authorization: Basic Base64(username:password)" -H "Content-type: application/json" -H "Accept: application/json" -X GET --user "${LAMBDA_USER}:${LAMBDA_PWD}" "${ENDPOINT_URL}/api/v1/dags/sns_test/dagRuns"
Response I receive is this:
{
"detail": null,
"status": 401,
"title": "Unauthorized",
"type": "https://airflow.apache.org/docs/2.0.1/stable-rest-api-ref.html#section/Errors/Unauthenticated"
}
After revising call to
curl -H "Content-type: application/json" -H "Accept: application/json"
-X POST --user "${LAMBDA_USER}:${LAMBDA_PWD}" "${ENDPOINT_URL}/api/v1/dags/sns_test/dagRuns" -d '{"conf": {}}'
dag was triggered!
You are creating a user with the role User.
This is because you have -r User in the command.
Now Airflow requires at least Viewer permissions for the end point you are calling. You can find that information on the Apache Airflow website here.
If you change your command it will work.
Change it from
airflow users create -u lambda_user -p some_pwd -f Lambda -l User -r User -e someone#nowhere.com
to
airflow users create -u lambda_user -p some_pwd -f Lambda -l User -r Viewer -e someone#nowhere.com

Users can't be authenticated for _session

I'm facing a very odd problem that I can't use any user inside (_users) database to create a session through the route (/_session). It's always giving me error (bad credentials). It used to work fine in couchdb 1.6.1
For normal couchdb adminstrators, it works fine :
$ curl -X POST http://localhost:5984/_session -d 'name=my_main_admin&password=******'
{"ok":true,"name":"my_main_admin","roles":["_admin"]}
However for couchdb users (stored in _users), it doesn't work. I don't think it's about the roles.
So I first create the user :
$ curl -s -H "Content-Type: application/json" -X PUT "http://my_main_admin:*****#127.0.0.1:5984/_node/_local/_users/org.couchdb.user:my_new_user" --data '{"name": "my_new_user", "password": "my_new_user", "roles": [], "type": "user"}'
{"ok":true,"id":"org.couchdb.user:my_new_user","rev":"1-f1fa0870666d17d7324e54128dfbcacb"}
Then if I try to use this user to create a session, it never works :
$ curl -X POST http://localhost:5984/_session -d 'name=my_new_user&password=my_new_user'
{"error":"unauthorized","reason":"Name or password is incorrect."}
My CouchDB config looks fine :
"couch_httpd_auth": {
"allow_persistent_cookies": "true",
"auth_cache_size": "50",
"authentication_db": "_users",
"authentication_redirect": "/_utils/session.html",
"iterations": "10",
"require_valid_user": "false"
I used to create sessions with normal users on couchdb 1.6.1 , but it has never worked since I installed couchdb 3.1.1 . I can't find any relevant info in the documentation.
Am I missing something?
The problem is that you are creating the user through the _node/_local interface. The user should be created via the clustered API on the _users clustered database.
$ curl -s -H "Content-Type: application/json" -X PUT \
"http://my_main_admin:*****#127.0.0.1:5984/_users/org.couchdb.user:my_new_user" \
--data '{"name": "my_new_user", "password": "my_new_user", "roles": [], "type": "user"}' \
/
Now you should be able to log in with the new user using the _session endpoint.

How to import json report through automation using REST API and XRay for JIRA and Cucumber + Xray

I can manually import execution result(report.json) through jira and its giving proper status.But i want to achieve through automation i am unable to do so
How to do so
i tried using below curl command in terminal ..was unable to get expected result
curl -H "Content-Type: application/json" -X POST -u username:password --data #report.json http://myurl.net/rest/raven/1.0/import/execution/cucumber
Note that the curl request you showed is tailored for Xray on Jira server and from the screenshot you're showing, it seems that you're using Xray on Jira Cloud. That requires that you have a token that you need to obtain first of all using another request.
If you're doing it by "hand" (i.e. from the command line), you would need to so something like:
token=$(curl -H "Content-Type: application/json" -X POST --data #"cloud_auth.json" https://xray.cloud.xpand-it.com/api/v2/authenticate| tr -d '"')
curl -H "Content-Type: application/json" -X POST -H "Authorization: Bearer $token" --data #"report.json" https://xray.cloud.xpand-it.com/api/v2/import/execution/cucumber
My cloud_auth.json is something like:
{ "client_id": "215FFD69....","client_secret": "1c00f8f2c..." }
Please check in more detail the authentication API and the endpoint for importing cucumber results (there are two actually) in the cloud.

OneLogin API credentials

Im trying to make a basic call to the ONELOGIN API. After generating the cliend ID and secret with MANAGE ALL permissions, im still unable to connect
Generated correctly the ID and secret with the right permissions as per official documentation
curl 'https://api.us.onelogin.com/auth/oauth2/v2/token' \
-X POST \
-H "Authorization: client_id:, client_secret:" \
-H "Content-Type: application/json" \
-d '{
"grant_type":"client_credentials"
}'
i expected to connect, instaead the output is
{"status":{"error":true,"code":401,"type":"Unauthorized","message":"Authentication Failure"}}

Spring Cloud config server encryption decryption

I am using the below command to encryot the password.
curl -H "Content-Type: text/plain" lonrs03668:8888/encrypt -d Simple12$jedi
after decryting the password, the value after $ sign getting lost and it is only returning the Simple12.
The issue is that if string contains the $ sign it is not encrypting/decrypting correctly.
Try curl -H 'content-type: text/plain' localhost:8888/encrypt --data-raw 'your password'
Below is working for me by adding \ before $ .
curl -u root:s3cr3t -H "Content-Type: text/plain" lonrs03668:8888/encrypt --data-ascii Simple12\$jedi.