I have just installed Oracle SOA Suite 12.1.3.0.0.
Have created the integrated server and standalone server.
Problem : I'm not able to login to sbconsole.As soon as I hit enter after giving the userName/password, all I see is -
Error 401--Unauthorized
From RFC 2068 Hypertext Transfer Protocol -- HTTP/1.1:
10.4.2 401 Unauthorized
The request requires user authentication. The response MUST include a WWW-Authenticate header field (section 14.46) containing a challenge applicable to the requested resource. The client MAY repeat the request with a suitable Authorization header field (section 14.8). If the request already included Authorization credentials, then the 401 response indicates that authorization has been refused for those credentials. If the 401 response contains the same challenge as the prior response, and the user agent has already attempted authentication at least once, then the user SHOULD be presented the entity that was given in the response, since that entity MAY include relevant diagnostic information. HTTP access authentication is explained in section 11.
Although, I'm able to login to weblogic and em with same credential.
Same behavior is observed in standalone and integrated server.
Any thoughts ??
Thanks in advance.
There are known login issues when using JDK8 with OSB. Is that the JDK that you're using? If so, rolling back to a supported JDK (JDK 1.7.0_55+) might fix things.
Configuring your WL server domain with JDK 1.7.0_5 will also work.
i.e Point your SUN_JAVA_HOME & DEFAULT_SUN_JAVA_HOME to jdk1.7.0_79 in
%Domain%\bin\setDomainEnv.cmd & restart server
This is caused by using an incorrect JDK version.
JDK 1.8 / 8 is not certified for Oracle SOA Suite 12c 12.1.3.
Please Note: you must install above soa suite jars using JDK 1.7 , because if you install it using JDK 1.8 and even if you replace the jdk version in MIDDLEWARE_HOME config. files will not work.
Related
System Info:
Ubuntu 18.04.1
Apache 2.4.29
PHP 7.2.19
Server always reports that a csrf token on a login form is invalid. I have followed the symfony guide a couple Symfony guides https://symfony.com/doc/current/security/csrf.html#csrf-protection-in-login-forms and https://symfony.com/doc/current/security/form_login_setup.html
I have searched all over and cannot seem to find things to look at. I have check all sorts of file permissions and the only thing I can think of is to use php version 7.1 where i know it works.
Here you can see the token generated on the /login and
And the same data in authenticator
PHP did not have write access to its session storage.
Environment:
Windows Server 2012 R2
JRE 1.8.0_101
IBM WAS Liberty Core 8.5.5.5
IBM MFP 8.1
Apache Web server
We have set up the UAT with the above environment. We have deployed our application on the server, have deployed adapter for user authentication and a resource adapter to fetch the data.
When we invoke an adapter procedure without security (unprotected) the app is fetching the data. But when we try to invoke an adapter procedure with default scope or with a custom scope Instead of triggering the challenge handler, we are getting failure response with error status ‘201’ and error message ‘Created’.
Another observation is that, when the WLAuthorizationManager.ObtainAccessToken is invoked with default scope or with push.mobileclient, it is giving the same failure response with error status ‘201’ and error message ‘Created’. The same application works fine in the development environment.
When I try to obtain a token from postman using https://domain:port/mfp/api/az/v1/token and pass the scope, grant_type and the necessary authorization header, it is providing the valid response with token. But from the app when we try by obtain token it is given failure response.
Failure response
{"status":201,"statusText":"Created","responseText":"","responseHeaders":{"connection":"Keep-Alive","content-language":"en-US","content-length":"0","date":"Fri, 17 May 2019 05:42:45 GMT","keep-alive":"timeout=5, max=100","location":"/mfp/api/registration/clients/1e746550-e804-4ee7-88ba-b99896qqqqpwo","server":"Apache/2.4.39 (Win64) OpenSSL/1.1.1b","via":"1.1 ","x-powered-by":"Servlet/3.0"},"errorMsg":"Created","errorCode":"201"}
201 is not a response code that is expected from the /token endpoint. This is very likely coming from an intermediate element in your topology. You've mentioned about the Apache Web Server as part of the configuration - is this sending the 201 ?
Moreover, the actual response from the server shows "server":"Apache/2.4.39 (Win64) OpenSSL/1.1.1b"
So, here is what you can do
a. Try bypassing the web server and see if resolves the issue - in all likeliness, it should.
b. Validate the configuration settings of the Apache Web server to see why the 201 is being returned.
Late to the party, but for anyone that is still running into this error:
Install the following interim fix: 8.0.0.0-MFPF-IF202006151151
This solved the error for me. Seems to be a bug in MobileFirst, took me ages to find.
I'm using spring-saml2-sample app to connect to a Shibboleth IDP. I finally managed to send the correct saml request to the IDP using http post, but after login I get back the following on the SP side:
org.springframework.security.web.context.HttpSessionSecurityContextRepository - HttpSession returned null object for SPRING_SECURITY_CONTEXT
There was a post like this one where the problem was resolved by moving to spring security version 3.1.2, but that is the version that comes with the saml2-sample app.
Am I missing something? I haven't changed much in the saml2-sample app, the web.xml is the same, libs are the same.
Any help will be very appreciated.
While debugging, we observe following behavior:
1) When trying to get encryption key from server then error on both (iOS or Android) platform
response [https://xxxx.xxxx.com:443/worklight/apps/services/random]
success: Exception thrown by application class
'com.ibm.ws.webcontainer.session.impl.HttpSessionContextImpl.checkSecurity():685'
SESN0008E: A user authenticated as anonymous has
attempted to access a session owned by user:NewRealm/CN=test
user,OU=Temporary Users,OU=Acc,DC=xxxx,DC=com.
2) When trying to read a stored value error on android is [Logcat]
Android Message: Uncaught 9 at
file:///data/data/com.xxxx.xxxxapp/files/www/default/wlclient/js/encryptedcache.js:63
Where try to call WL.EncryptedCache.read
Worklight version used is 5.0.5 Consumer Edition (with Oracle 11i) on
Windows 2008 R2
WebSphere Liberty profile
Worklight server is sitting behind IBM Datapower XI52. All SSL calls to the server are going via DP.
Authenticator - WebSphereFormBasedAuthenticator & LoginModule - WASLTPAModule
The following is not really an answer, since I'm not familiar with authentication (LTPA, FormBasedAuth, Data Power, etc.)... just a couple of comments that could help you debug/isolate the issue.
Looks like a problem with authentication:
A user authenticated as anonymous has attempted to access a session
owned by user:NewRealm/CN=test user,OU=Temporary
Users,OU=Acc,DC=xxxx,DC=com.
Not with the Encrypted Offline Cache (EOC).
EOC will try to get a random token calling the following function:
WL.EncryptedCache.secureRandom(function (data) {
console.log(data);
});
It should output something like this:
response [/apps/services/random] success: 9053bdcfd902aac3dfb59a9874c9cf55223b7d17
9053bdcfd902aac3dfb59a9874c9cf55223b7d17
You can view the functions source code typing the following in a JS console:
WL.EncryptedCache.secureRandom
If you're using Google Chrome developer tools there's a checkbox for Log XMLHttpRequests when you click on the gear icon > General > Console.
You can also try to request the URL directly. Assuming the host is localhost, port is 10080 and project name is wlproj:
http://localhost:10080/wlproj/apps/services/random
9053bdcfd902aac3dfb59a9874c9cf55223b7d17
You can view HTTP traffic with Wireshark or Charles Proxy.
I imagine this will fix the EOC issue for you, if you don't mind generating the random token locally (less security, AFAIK):
WL.EncryptedCache.secureRandom = function(callback){callback(Math.random()+"")}
For example:
Notice it never goes to the server, everything is done locally.
A user authenticated as anonymous has attempted to access a session owned by user:NewRealm/CN=test user,OU=Temporary Users,OU=Acc,DC=xxxx,DC=com.
This usually means that there is a conflict with the session sent by the user (the session cookie) belongs to a user (in this case), but the LTPA token sent as a cookie was not sent or was not valid. There could be a few causes of this. This best way is to do a trace between datapower and the worklight server to make sure an LTPA token is even being sent to the worklight server. If it is, verify all of the LTPA requirements are met (synchronized time, same private key on both machines).
I am writing an application using data from Redmine. I use its REST API to get data.
It works fine with projects or issues, but when I try to access users' data I just can't because it asks for credentials in the browser, and it responds with HTTP error code 401 to my HTTP request from my program.
How do I find a solution to this problem?
Environment:
Redmine version 2.1.2.stable
Ruby version 1.8.7 (i386-mingw32)
Ruby on Rails version 3.2.8
Environment production
Database adapter MySQL
I've figured out. It is described very detailed on the Redmine wiki.
There are a couple of options to authenticate yourself.
The easiest is to include a plus field in your query, named key. You must include your user's REST API key there in each query.
Like:
localhost/redmine/users.xml?key=eaksdnynkdnasdfnaskdsar
It is very interesting because in earlier versions (2.1.0) it asks for the authentication for each XML file. But in my version, 2.1.3, it doesn't ask, only if I request users data.