Seems like archiva 2.2 is completely ignoring Security properties
I am following this document:
I have set up the security.properties file under
D:\Apache\Archiva-2.2.0\conf
When I am setting a new password for a user in Archiva UI I am still getting:
You must provide a password containing at least 1 numeric character(s).
security.properties content:
# Security Policies
#security.policy.password.encoder=
security.policy.password.previous.count=9999
security.policy.password.expiration.days=99999
security.policy.password.expiration.enabled=false
security.policy.allowed.login.attempt=3
# Password Rules
security.policy.password.rule.alphanumeric.enabled=false
security.policy.password.rule.alphacount.enabled=false
security.policy.password.rule.alphacount.minimum=0
security.policy.password.rule.characterlength.enabled=true
security.policy.password.rule.characterlength.minimum=3
security.policy.password.rule.characterlength.maximum=0
security.policy.password.rule.musthave.enabled=false
security.policy.password.rule.numericalcount.enabled=false
security.policy.password.rule.numericalcount.minimum=0
security.policy.password.rule.reuse.enabled=false
security.policy.password.rule.nowhitespace.enabled=true
Stop her running and make a backup of your conf/archiva.xml file.
example:
service archiva stop
cp archiva.xml archiva.xml.orig
Edit the config values you want to modify within the main XML configuration file: conf/archiva.xml
Changing the numeric character count:
<numericalcount>
<minimum>0</minimum>
<enabled>false</enabled>
</numericalcount>
Changing the password expiration limit:
<expiration>
<enabled>false</enabled>
<days>999999</days>
</expiration>
These values should already be in your config file (they were in mine). Perhaps they were copied there after my unsuccessful attempts to configure them through the web UI.
Additionally, prevent any user caching behaviour while you're making changes:
<useUsersCache>false</useUsersCache>
Start her up again:
service archiva start
I found a workaround...
stop Archiva
Open the Archiva DB using squirrel sql
Go to SA/JDOUSER table
Column LAST_PASSWORD_CHANGE
Right click to make editable
Modify the value to 10 years from now...
Restart Archiva
Get your 10 years of quiet....
Related
We are having some difficulty when adding basic authentication to Solr 8.6.1. We are following this document, and we have created security.json file, which is successful (since Solr instance will ask userId and password when it starts.) Our difficulty happens when trying to enable the global authentication settings: we did pass the -Dsolr.httpclient.builder.factory=org.apache.solr.client.solrj.impl.PreemptiveBasicAuthClientBuilderFactory system property,and we also set the -Dbasicauth=username:password property as follows:
// the following is the last time of our Solr Dockerfile:
CMD ["solr-foreground", "-Dsolr.httpclient.builder.factory=org.apache.solr.client.solrj.impl.PreemptiveBasicAuthClientBuilderFactory", "-Dbasicauth=username:secret"]
However, the calls to retrieve data from Solr all come back with Error 401 require authentication.
Could someone please kindly let us know what did we miss?
You'll have to set the correct options on the client - not on the server. This is a setting that affects how the client that connects to Solr authenticates.
So when running your application, give the parameter to the java command (or configure it to be the default parameter through ant/maven/gradle/etc.
Setting it on the docker container will not do anything useful.
I'm working on an apache module that can check the libipset API to test if an IP is in a list. This is being used as a backup firewall for proxied connections.
I've managed to get everything working up until the C script calls type = ipset_type_get(session, cmd);. After testing, I believe the main problem is that libipset requires higher permissions. I'm not getting a permission error, just a null value. However, when I run the C script directly using apache as the user, I can get it to work when I grant sudo privileges to apache for the script.
I've tried 1 and 2 in the answers here and they've both failed. Is there any other way to force root for the ipset API call?
This action might need cap_net_admin.
If using systemd to control the process, you can add it like this:
[Service]
...
CapabilityBoundingSet=CAP_NET_ADMIN
Another approach would be to set the binary executable's capabilities.
setcap cap_net_admin=ep /usr/sbin/apache2
If using apparmour, you coould instead set up a profile for apache and include the line
capability net_admin,
in the file ( /etc/apparmor.d/usr.sbin.apache2 )
( see here : https://serverfault.com/questions/932410/enabling-apparmor-for-apache2-in-ubuntu-18-04 )
I recently upgraded Shibboleth from versionShibboleth-sp-2.5.6.0-win64 to Shibboleth-sp-2.6.0.0-win64 and Apache web server from 2.4.16 to 2.4.23.
Post the upgrade, when I try to access my application I get the following error:
shibsp::ConfigurationException
The system encountered an error at Fri Oct 14 20:19:51 2016
To report this problem, please contact the site administrator at root#localhost.
Please include the following message in any email:
shibsp::ConfigurationException at (https://xxxxxx.xxxx/)
No MetadataProvider available.
When I access, https:/xxxxx.xxxxx/Shibboleth.sso/Metadata, the metadata file is downloaded and the details seems correct.
Does any one know why does this error occur and how can we solve it?
If it can be of help, I was writing this:
<MetadataProvider type="XML" validate="true" file="/etc/shibboleth/idp-metadata.xml" />
instead of this:
<MetadataProvider type="XML" validate="true" path="/etc/shibboleth/idp-metadata.xml" />
The XML attribute is path. I'm using Shibboleth SP version 3.
Ensure that you have a section in the default as well as an override if there exists. For me, even though there was a section properly created for the override, it needed one in the defaults
Just for the record. Most configuration of your SP takes place in shibboleth2.xml. Locate this file on your server and edit settings to your comfort.
For Linux installations:
Be sure not to edit this file from your installation path, but in your distribution path (i.e. /etc/shibboleth/shibboleth2.xml), otherwise your changes will not be visible ...
A restart of shibd (systemctl restart shibd) is mandatory after changing shibboleth2.xml.
Try the following steps:
1) Go to shar.log and check what is the entity ID returning from the IDP's assertion message.
2) Go to the corresponding IDP'S metadata in SP side, compare both entity ID's.
3) Sure there must be some mismatch between the files, so that's why SP is unable to find the IDP to which it is talking and not able to proceed further.
Finally, update the entity ID in the IDP's metadata and restart shibd. It should work.
I have a java web app configured with apache v9.0 and eclipse IDE. What I need is to keep my database in C:\db so It cannot be access directly from outside and should be away from my webapp project directory. What I don't is how to let my web app know that if a user request for a file it should go and check it in my C:\db and reply back with the file.
Based in my research, some was saying to specify my directory in my webapp web.xml file and others was saying I need to specify it in my tomcat/conf/server.xml file.
I'd really appreciate if somebody tell me what to do?
Try adding your database path C:\db as JVM argument and accessing it in application. you may try this as two ways either set as system property and access when it required or set as JVM argument and access it.
SetSystemProperties
System.setProperty("database", "C:\\db");
.
.
access it as and when required
String databasepath= System.getProperty("database");
Setting as JVM Arguments.
Double Click on your tomcat server on which your web application is present.
Click on "Open launch configuration" link and go to Arguments Tab.
in vmArguments apend the entry like below.
-Ddatabase="C:\db"
A -D is placed in front of each system property that we are passing in as a VM argument, and following this is an equal sign followed by the value of that system property.
And access it in your project where its required like below.
String databasepath= System.getProperty("database");
The very first time I'm able to logging in into a web page and after that if I click any link its redirecting to login page.
I see the message in the logs as "Unable to process SMSESSION cookie" and there is no error other than this.
All technologies that I used are tagged for the question.
Could any one help me.
Here is the logic to fix the problem until to get the proper siteminder package:
Due to the siteminder package update, we got into this issue.
The siteminder setup needs to be changed after a MVN build. Hence MVN build will create a conf files every time.
Also every time you do a maven build, the settings go back to the ‘wrong’ one.
So after every maven build, the following steps must be followed:
Brief Steps:
1. In the web server- remove the redirect at the end
2. In the app server - remove the UAA,
3. In the app server - remove the context-param (devSecurityContext.xml part)
4. stop and start both web and app server's .
Detailed Steps:
Go to the config directory of the web instance and remove the line:
Redirect 307 /login.fcc
From this file config/redirects.conf
Go to the web.xml file and remove the UAA filter – i.e. the following lines:
Remove all the filter configurations.
`
In the same file above the UAA modify the context-param – remove the devSecurityContext :
Modify the line:
/WEB-INF/spring-af.xml,/config/spring/context-.xml,classpath:/config/spring/context-.xml,/WEB-INF/devSecurityContext.xml
To
/WEB-INF/spring-af.xml,/config/spring/context-.xml,classpath:/config/spring/context-.xml