MobileFirst: At Public IP- Unable to Call adapter from application - ibm-mobilefirst

On Production I am receiving the error below.
POST http://publicIP:9080/AppName/apps/services/api/proj/common/query
403 (Forbidden ( The server denied the specified Uniform Resource
Locator (URL). Contact the server administrator. ))worklight.js:1099
window.WLJSX.Ajax.Request.WLJSX.Class.create.requestworklight.js:1062
window.WLJSX.Ajax.Request.WLJSX.Class.create.initializeworklight.js:526
klassworklight.js:3410
window.WLJSX.Ajax.WLRequest.WLJSX.Class.create.sendRequestworklight.js:3278
window.WLJSX.Ajax.WLRequest.WLJSX.Class.create.initializeworklight.js:526
klassworklight.js:8580 __invokeProcedureworklight.js:8623 (anonymous
function) worklight.js:5061
[/AppName/apps/services/api/AppName/common/query] failure. state: 403,
response: The server was unable to process the request from the
application. Please try again later.worklight.js:5061
WL.Logger.__logworklight.js:5445 PUBLIC_API.(anonymous
function)worklight.js:3559
window.WLJSX.Ajax.WLRequest.WLJSX.Class.create.onFailureworklight.js:3522
window.WLJSX.Ajax.WLRequest.WLJSX.Class.create.onWlFailureworklight.js:958
(anonymous function)worklight.js:1181
window.WLJSX.Ajax.Request.WLJSX.Class.create.respondToReadyStateworklight.js:1114
window.WLJSX.Ajax.Request.WLJSX.Class.create.onStateChangeworklight.js:958
(anonymous function)
I am using
IBM MobileFirst 6.3 Consumer Edition
Liberty profile 8.5.3
Scenarios Run
This App is running on Localhost and within internal Network perfectly well.
But at Public IP, I am unable to access the httpadapter from Application.
//********ERROR Browser LoG On Calling App
Blockquote
Denied Connection
INTERNALTMG 2/26/2015 1:43:12 PM
Log type: Web Proxy (Reverse)
Status: 12202 Forefront TMG denied the specified Uniform Resource Locator (URL).
Rule: mobileapps
Source: Internal (10.39.30.64:52151)
Destination: Local Host (worklightsvr.local.machine 132.20.68.46:9080)
Request: POST http://132.20.68.46:9080/AppName/apps/services/api/example/common/query
Filter information: Req ID: 0a68784f; Compression: client=Yes, server=No, compress rate=0% decompress rate=0%
Protocol: http
User: anonymous
Description: C:\Program Files\Microsoft Forefront Threat Management Gateway\UI_HTMLs_image\general\minusImg.gifAdditional information
1. Client agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.115 Safari/537.36
2. Object source: Internet (Source is the Internet. Object was added to the cache.)
3. Cache info: 0x51c0000 (Response includes the CACHE-CONTROL: NO-CACHE or PRAGMA: NO-CACHE header. Response includes the CACHE-CONTROL: NO-STORE header. Response includes either the CACHE-CONTROL: MUST-REVALIDATE or CACHE-CONTROL: PROXY-REVALIDATE header. Response includes the EXPIRES header. Response includes the WWW-AUTHENTICATE header.)
4. Processing time: 1 MIME type:
Blockquote

As the error says, verify with your IT department that you are not blocking the URL/domain somewhere in your corporate firewall.

Related

Vue Firebase Verify ID Token CORS issue

I am trying to verify an ID Token using the Firebase Admin SDK as per instructions. My current auth code looks like this (in Vue):
// Auth.vue, inside the firebaseui config callback
signInSuccessWithAuthResult: function(authResult, redirectUrl) {
authResult.user
.getIdToken(/* forceRefresh */ true)
.then(function(idToken) {
// Send token to your backend via HTTPS
// ...
console.log(idToken);
})
.catch(function(error) {
// Handle error
console.log(error);
});
The login works fine and I can get authResult perfectly. However, it seems the function getIdToken is the problem, as I get the following error on my console:
Cross-Origin Request Blocked:
The Same Origin Policy disallows reading the remote resource at
https://securetoken.googleapis.com/v1/token?key=AIzaSyApp5yu051vMJlNLoQ1ngVSd-f2k7Pdavc.
(Reason: CORS request did not succeed).
In my request list, the one hanging is an OPTIONS method, with the following headers:
OPTIONS /v1/token?key=AIzaSyApp5yu051vMJlNLoQ1ngVSd-f2k7Pdavc HTTP/1.1
Host: securetoken.googleapis.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:62.0) Gecko/20100101 Firefox/62.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.8,pt-BR;q=0.5,de;q=0.3
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: x-client-version
Origin: http://localhost:8080
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
I am not even sure where the problem lies. Is it coming from the Vue side? I am running it in a dev server (by simple yarn serve, vue cli 3). Would the solution be when I run Vue on a production server where I can actually configure cors?
Any light on the matter is extremely welcome...
Thanks!!
Figured it out.
I was calling it in the wrong place. What helped was this thread, which pointed me out to Preflighted Requests which is what the OPTIONS request is:
"preflighted" requests first send an HTTP request by the OPTIONS method to the resource on the other domain, in order to determine whether the actual request is safe to send. Cross-site requests are preflighted like this since they may have implications to user data.
So I realized I should not be sending this request within my Post request where I got the authorization in the first place. Moving it to another method made it work.

FIWARE CEP (Proton) REST ouput authentication error

I'm training to send an output event from FIWARE CEP (Proton), using the REST consumer, to an ActiveMQ queue. The credential for access the ActiveMQ queue are included in the URL, as http://user:passwrd#X.X.X.X:xxxx/api/message/myqueue, but I have the following error:
com.ibm.hrl.proton.webapp.resources.EventResource submitNewEvent
INFO: events sent to proton runtime...
org.apache.commons.httpclient.auth.AuthChallengeProcessor selectAuthScheme
INFO: basic authentication scheme selected
org.apache.commons.httpclient.HttpMethodDirector processWWWAuthChallenge
INFO: No credentials available for BASIC 'ActiveMQRealm'#X.X.X.X
com.ibm.hrl.proton.server.executorServices.SimpleThreadFactory$ProtonExceptionHandler uncaughtException
SEVERE: Uncaught exception in thread: Thread[4,5,main],exception: com.ibm.hrl.proton.adapters.rest.client.RESTException: com.ibm.hrl.proton.adapters.rest.client.RESTException: Could not perform POST of event instance: ...
with request headers:
Content-Type: text/plain
User-Agent: Jakarta Commons-HttpClient/3.0
Host: X.X.X.X:xxxx
Content-Length: 389
to consumer http://user:passwrd#X.X.X.X:xxx/api/message/myqueue, responce result: 401
Seems like that Proton doesn't extract the credential from the URL.
Anyone else had the same problem?
You can add to the CEP REST consumer definition an AuthToken parameter.
From the CEP user guide (can be found here):
AuthToken – an optional parameter. When set, it is added as an X-Auth-Token
HTTP header of the request.

X-P2P-PeerDist header: where does it come from?

I'm seeing this HTTP header on some requests made to my server:
X-P2P-PeerDist: Version=1.0
I'm aware of this: http://www.faqs.org/patents/app/20110016220#ixzz3g3X8lSYF, but I would like to know what are the known clients sending that header.
Any idea?
UPDATE: as requested, i'm including the other headers sent with the request (I've obfuscated some private stuff that are related to our customer with ***):
GET http://***.com/ HTTP/1.1
Accept: application/x-ms-application, image/jpeg, application/xaml+xml, image/gif, image/pjpeg, application/x-ms-xbap, */*
Connection: Keep-Alive
Accept-Language: en-US
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; InfoPath.3; .NET4.0C; .NET4.0E)
X-P2P-PeerDist: Version=1.0
UA-CPU: AMD64
Accept-Encoding: gzip, deflate, peerdist
Host: ***.com
Cookie: SMSESSION=***; OrgName=***; authCookie=***; ASP.NET_SessionId=***
Pragma: no-cache
Cache-Control: no-cache
The user agent seems to indicate IE11 (Trident/) in IE7 mode (compatible; MSIE 7.0), but I'm not getting the X-P2P-PeerDist header when I'm using this config, so I don't think it's directly related.
It is one of the headers used in the PeerDist peer content caching protocol. It has never been standardized and are not even registered with the IANA registry for HTTP headers.
It is known to be sent from some recent versions of Internet Explorer, .NET HTTP clients and SilverLight HTTP clients.
I’m relatively certain that this header is send when if the client is configured to use BranchCache and a request is made using WinHTTP. About BranchCache:
To optimize WAN bandwidth, BranchCache copies content from your main office content servers and caches the content at branch office locations, allowing client computers at branch offices to access the content locally rather than over the WAN. (Source).
When testing here locally, a client that has BranchCache enabled sends the X-P2P-PeerDist header, while a brand new client (no BranchCache configured) does not sent it.
The underlying protocol seems for is Peer Content Caching and Retrieval (MS-PCCRTP), as the section Message Syntax from the protocol description defines X-P2P-PeerDist as one of the HTTP header extension it uses.
However, the document BranchCache Deployment Guide for Windows Server 2008 R2 and Windows 7 lists other MS-PCCx protocols but not MS-PCCRTP. So I don't have an external evidence that this header is caused by a BranchCache enabled client.
I have seen this in IE11 + compatibility mode on Windows 7, connected to an intranet application and downloading a docx file. The request only appears when downloading a document. All requests are going through an F5 load balancer. In other non-download requests on the same browser and same application, the X-p2p-peerdist header is missing.

NSURLConnection and Authenticating to webservices behind ssl?

I'm currently trying to connect to a webservice placed on https://xxx.xxx.xx/myapp
It has anonymous access and SSL enabled for testing purposes atm.
While trying to connect from the 3G network, i get Status 403: Access denied. You do not have permission to view this directory or page using the credentials that you supplied.
I get these headers while trying to connect to the webservice locally:
Headers
Request URL:https://xxx.xxx.xx/myapp
Request Method:GET
Status Code:200 OK
Request Headers
GET /myapp/ HTTP/1.1
Host: xxx.xxx.xxx
Connection: keep-alive
Authorization: Basic amViZTAyOlE3ZSVNNHNB
User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/535.11 (KHTML, like Gecko) Chrome/17.0.963.56 Safari/535.11
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: sv-SE,sv;q=0.8,en-US;q=0.6,en;q=0.4
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Response Headers
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Thu, 16 Feb 2012 12:26:13 GMT
Content-Length: 622
But when accessing outside the local area, we get the big ol 403. Which in turn wants credentials to grant the user access to the webservice.
However, i've tried using the ASIHTTPRequest library without success, and that project has been abandoned. And they suggest going back to NSURLConnection.
And i have no clue where to start, not even which direction to take.
-connection:(connection *)connection didRecieveAuthenticationChallenge:(NSURLAuthenticationChallenge *)challenge
The above delegate method of NSURLConnection doesnt even trigger. So i have no idea what so ever how to authenticate myself.
All i get is the parsed results of the xml elements of the 403-page.
I needs dem seriouz helps! plx.
This was all just a major f-up.
The site had ssl required and enabled, and setting ssl required for the virtual directories does some kind of superduper meta-blocking.
So, by disabling ssl required for the virtual directories, it runs over ssl and is not blocking 3G access..

WCF Server returning "Content-Length: 0"

Greetings,
I create a new project (in VS2010) using;
File -> New Web Site -> .NET Framework 3.5 -> WCF Service
Service works great via Cassini, can view the WSDL metadata with success. Then I attempt to setup the application to be served via IIS. Using a .NET 2.0 application pool with "Integrated" pipeline.
I made sure the svc handler is setup on the application (both managed and script) and ran this command as well:
"%windir%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelReg.exe" /r
Then when I attempt to view the service metadata via the IIS service I get this (text from a Fiddler session);
GET http://localhost/WCFService2/Service.svc HTTP/1.1
Host: localhost
Connection: keep-alive
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
HTTP/1.1 200 OK
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Wed, 12 Jan 2011 19:04:43 GMT
Content-Length: 0
I was getting a HTTP Error 500 but I changed the permissions on all the files in the folder to "EveryOne" and "full" - just to remove any security issues. Its after this action that the error 500 stopped but the empty content started.
I am using Windows 7 64 bit, VS2010 and have v2.0, v3.0, v3.5 and v.4.0.30319 frameworks installed. I hoped that it would work as simple as this screencast, silly me.
Any suggestions?
Try enabling static content support from "Windows features on or off", this is most likely what is causing the problem.
If the "Static Content" is not enabled the IIS will return a response with Content-Length = 0
Go to Control Panel >>
Programs And Features >>
Turn Windows features on or off >>
Internet Information Services >>
World Wide Web Services >>
Common HTTP Features >>check Static Content.