Reset elastix when acces the "unembedded freepbx" page - elastix

I run Elastix 2.5 on a "HP proliant ml3103 gen8 v2 " server.
when i want to access "unembedded freepbx" page on my elastix admin page, the Elastix WUI reset and i can't access the freePBX and Elatix pages.
I should re-login to my elastix WUI.

I can't quite tell, but are you referring to attempting to access the unembedded FreePBX through the PBX tab of Elastix. Perhaps you're getting this message:
Unauthorized
You are not authorized to access this page. Enable direct access (Non-embedded) to FreePBX in "Security >> Advanced Security Settings" menu.
If so, the security switch to enable the "Unembedded FreePBX" is under System -> Advanced Settings. Once the switch is turned ON, the Unembedded FreePBX page becomes accessible.

Related

Apply Windows authentication on ASP.NET core 2.2 published site without getting chrome Sign in dialog box

Trying to implement windows authentication on my published asp.net core 2.2 application.
Hosting server is Windows server 2016 (IIS).
I would like to use the active directory logged in user account to authenticate the user on my application.
I'm getting the user details by these methods:
User.Identity.Name; //return null in local host, worked when IIS
System.Security.Principal.WindowsIdentity.GetCurrent() // local host
I keep getting in the browser, the Sign in dialog box (although I would like to get rid of it, even when entering credentials - <username> + password - it doesn't authenticated).
I would like to get rid of it
Stop getting error 401 - unauthorized
I've configured what ever I was advised - both IIS and browser, but still - keep getting it:
Browser:
Browser security - Entered the host IP address to the trusted sites
IIS:
Set Authentication => enable Windows Authentication to true.
Through web.config - set "forwardWindowsAuthToken" to "true".
Site Configuration:
In the IIS site configuration (applicationHost) - system.webserver -> Security -> Authentication -> windows authentication -> "UseKernelmode" = "true"
ApplicationPool:
.NET CLR Vesrion = "No Managed Code"
Managed Pipeline Mode = " Integrated"
event tried to change in the "advanced settings" the Identity from "ApplicationPoolIdentity" to "NetworkService"
NTFS permissions:
Set basic and defaults Permissions to the account<Server host Name>\IIS_IUSRS on the server published code directory: Read & Execute, List folder contents, Read.
Maybe the problem is here - because the IIS_IUSRS account is defined in the server and not in the domain ?
You can try this method to solve the problem:
Open iis and in Windows Authentication, Right-Click to set the Providers, set the NTLM to be FIRST.
Check that under Advanced Settings... the Extended Protection is Accept and Enable Kernel-mode authentication is checked.

Using Google oauth in a deployment

I've set up an ASP.Net Core project to use Google OAuth signin from this tutorial
I created a client ID & secret using the settings 'Web server' with address 'https://localhost:5001/signin-google' and exposed the secrets to the app as described in the tutorial. I have a basic view which is just the minimum required HTML & JS to show a 'Sign in with Google' button and allow authentication (verified working on localhost).
I created a deployment in a docker container on a Raspberry Pi on the local network. When I navigate to the view with the Google sign in button and click it, I get an error of
Error: invalid_request
Permission denied to generate login hint for target domain.
In the error details it specifies the redirect URL as:
redirect_uri=storagerelay://http/x.x.x.x:8000?id=auth572720
where x.x.x.x is the address of the Pi on our local network
I am assuming this is because the client expects a redirect URL of 'https://localhost..etc' but is getting 'http://x.x.x.x'.
I am unsure how to solve this, it seems like I may need to create another token to enable authentication on my Raspberry Pi (e.g. create another 'web server' OAuth sign in using the re-direct address 'http://x.x.x.x.etc/signin-google' but when I try this I get an error of 'Must be a top private domain'.
All in all this is very frustrating, and I would appreciate any help.
There is no need to create a new credential, just add the new redirect URL to the existing credential.
The redirect URL domain must be a TLD. Choose something like localhost.mydomain.com and then add an entry in your /etc/hosts file to resolve localhost.mydomain.com to x.x.x.x

ReflectPermission("suppressAccessChecks")

I'm having problem with ReflectPermission("suppressAccessChecks"). Whenever I login with authenticated user (user name and password) and try to access a .jsp or any other page in my web application I get
java.security.AccessControlException: access denied ("java.lang.reflect.ReflectPermission" "suppressAccessChecks").
This happens only when I have "Security Manager" enabled by checking it in GlassFish Security properties. When I uncheck this option the web application works.
I would like to know what causes this reason and how to solve it? I think it is not recommended to uncheck Security Manager in Security properties.
While I have checked Security Manager in GlassFish Security section, I tried to add following code above my .jsp code
ReflectPermission refperm = new ReflectPermission("suppressAccessChecks", "");
AccessController.checkPermission(refperm);
However that didn't helped either.
I am not sure about the glassfish server but, i fixed the same issue in tomcat7 by editing the catalina.policy file and adding the line
permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
under grant permissions.

Destroyed my LifeRay+CAS installation

I'm using LifeRay in version 6.1 in combination with CAS. For testing purposes, I wanted to deactivate CAS temporarily and use the native login functionality of LifeRay instead. Therefore, I deactivated CAS in the Portal Settings. Now, I cannot login myself in LifeRay, because even if I click on "sign in" I got "You do not have permission to view this page." Where can I activate CAS again in the config-files or database OR how can I return to the native login functionality of LifeRay? Thank you!
Add the following in your portal-ext.properties(You can also create property hook, but since this is temporary, i would recommend you to change this for the moment do the clean up and then remove the property) and restart the server
auto.login.hooks=com.liferay.portal.security.auth.CASAutoLogin,com.liferay.portal.security.auth.FacebookAutoLogin,com.liferay.portal.security.auth.NtlmAutoLogin,com.liferay.portal.security.auth.OpenIdAutoLogin,com.liferay.portal.security.auth.OpenSSOAutoLogin,com.liferay.portal.security.auth.RememberMeAutoLogin,com.liferay.portal.security.auth.SiteMinderAutoLogin,com.liferay.portal.security.auth.ParameterAutoLogin
Once server is restarted add the following parameters to any of liferay's url
?parameterAutoLoginLogin=test#liferay.com&parameterAutoLoginPassword=test
Change credentials to your admin credentials

Cannot connect to SharePoint 2010 Web Site whilst on the server locally - Access denied

I am getting the error below while getting the Search Crawlers to work:-
The start address sts4://mysites/contentdbid={3d198865-7f27-4633-bd71-902795032d78} cannot be crawled.
*Context: Application 'Search_index_file_on_the_search_server', Catalog 'Search'*
Details:
Access is denied. Verify that either the Default Content Access Account has access to this repository, or add a crawl rule to crawl this repository. If the repository being crawled is a SharePoint repository, verify that the account you are using has "Full Read" permissions on the SharePoint Web Application being crawled. (0x80041205)
I have checked all permissions and they appear to be in order.
While investigating this problem I discovered that when I RDP to the SharePoint server and connect to the sites whilst on the server (locally to the server) I get access denied.
The Central Administration works just fine, but all the other Web Applications (intranet & mysites) will not allow me to login. I get prompted to enter username and password (like I do when connecting to CA) but it never accepts the login. These sites work without any problems when accessed from client workstations.
When I check the site log file it is reporting a http 401 Unauthorised error.
Note: The sites are not using Claims Authentication
Any ideas on how to fix this?
Thanks,
Andrew
You're probably having the loopback issue problem. Follow instructions in this KB article: http://support.microsoft.com/kb/896861