Authorization pop up while running spring boot application on tomcat 8 - tomcat8

Required Authorization for executing application, which I am not sure what I need to put
Popped up message: The server localhost is asking for username and password.The server reports that it is from spring.
Warning: Your username and password will be sent using basic authentication on a connection that is not secure

You should add security.basic.enabled=false in application.properties file and put it under src/main/resources path.

Related

Which app pool & authentication to select on IIS when using itfoxtec-identity-saml2 library

I am getting error when using below line from itfoxtec-identity-saml2 library. When i am on localhost and usin iisexpress, it works with proxy server id,password & port i.e. 127.0.0.0 / port. But when i load the application on companies IIS server [no internet], i get below error
return ReadIdPSsoDescriptor(webClient.DownloadString(idPMetadataUrl));
webClient.DownloadString(idPMetadataUrl) is giving below error.
Access Denied (authentication_failed)
Your credentials could not be authenticated: "Credentials are missing.". You will not be permitted access until your credentials can be verified.
Why I need internet on the IIS server? & what proxy settings I should provide in prod release which will go on IIS where there is no internet connection.
When loading the application on the IIS server what application pool I should set to the application [.net core 3.1 web-based application which will be hosted on AWS ec2 windows system] & under IIS authorization which mechanism I should select [windows/anonymous ?]. I am currently using SAML so selected anonymously.
Please guide, thanks in advance !!
You have configured to download the IdP metadata online, therefor your server need access to the place where the IdP metadata is hosted. Alternatively, you can download the metadata manually and place it as a file on the server.

Deploying .NET 5 to IIS Server with SSL disabled

I am currently working on an .NET 5 & SignalR application and in localhost everything seems to be working fine. When I try to deploy it to IIS pre-production Server which doesn't have a SSL certificate configured, pages other than Login are showing the message "This site can’t provide a secure connection". In the login page from the browser console I can see that most of me javascript and css files aren't loaded with the error "Failed to load resource: net::ERR_SSL_PROTOCOL_ERROR". Also from what I can see after user logs in, the request is redirected to Https.
I have removed app.UseHttpsRedirection(); from the Startup and disabled SSL in the Debug properties of the application. That seems to be a wired behavior because I used to deploy applications in .NET CORE before and didn't have these kind of problems. is there any way around this problem, except configuring an SSL certificate?
From the suggestions in server fault, configuring a self-signed certificate provided by IIS itself seems to be the problem solver. Still I don't get why the application was making that https redirection, but anyways in case someone else has this kind of issue.

Configure Apache2.4 as "secure scheme"

I have a java web application which I am trying to host on a home computer running windows server 2012. I have configured it so that Apache and Tomcat communicate with each other and I am able to access the website fine. The issue arrises when the form that I built asks the user to log in to Microsoft for Outlook REST API. After logging in, microsoft gives an error and will not redirect, because it is only compatible with a "secure scheme". How can I set up my server to be a "secure scheme"? I included a screen shot of the error page:
Secure Scheme = "HTTPS". You need to secure your site with an SSL certificate.

Tomcat 401 exception even though valid credentials are passed

We have tomcat 8 hosted on a VM on which we have deployed a couple of services which requires authentication to be passed in the header (LDAP authentication enabled). Sometimes we do observe 401 exceptions from the service. Initially we thought it was the LDAP authentication going for a toss. But on checking the tomcat localhost access log, we see that the username (which generally appears if we pass a user name in the header is not listed) even though basic authentication headers are passed. This happens intermittently. How to go about debugging this?
Turns out the answer was present in catalina.out all along. The LDAP server was unreachale intermittently and hence were facing the issue.

How to authenticate websocket client in jetty?

I am using embedded jetty on server side which will accept both http and websocket requests. I am using org.eclipse.jetty.security.authentication.FormAuthenticator for authenticating user. After user gets logged-in, my javascript code will open up a websocket connection with server. I want to know how server can authenticate this websocket client, to avoid accepting websocket connections from un-authorized clients(say, java client).
Assuming you have setup the embedded jetty properly, it would use the same security constraints system of a normal webapp to validate the user role assigned to the url pattern for that websocket.
This would prevent the websocket upgrade from even occurring (being attempted on the server side) if the user isn't authenticated and setup with an authorized role for that websocket.
Know however that browsers behave very differently in scenario. You will likely not get a decent error message out of the javascript WebSocket object if there is an authentication or authorization issue. It will just fail anonymously with a client side only close code (such as 1006) and no close reason.