I need to integrate my Pentaho Community dashboard report in a DotNet application. Now I am facing a problem.
I want the report to open on single click without the Pentaho server asking for authentication or log in. I tried to find out a solution and found that if I use userid and password in the url, it will work. So I did this
http://192.168.2.122:8085/pentaho/api/repos/:home:Time%20Sheet%20Reports:Project%20Effort%20Analysis%20Dashboard.wcdf/generatedContent&userid=admin&password=password
But this is not working for me and the browser is still asking for login credentials. I don't understand what went wrong.
Any help with the same will be most appreciated.
Thanks in advance.
Regards,
Ritesh.
You need the following user to be created under the Manage Users & Roles Perspective:
anonymousUser (notice the uppercase U)
You can give this user any password; this is only to make sure this user maps the user used in the configuration files inside pentaho-solutions/system
Make sure the Anonymous role has at least the Read Permission.
The Anonymous role should exist already in the BA Server (this is by default a system role in the Manage Users and Roles Perspective)
Under Public create a folder: in my case "OpenReports"
Select the "OpenReports" folder click properties > click Share > Uncheck > Inherits folder permissions
Make sure to add anonymousUser and role anonymous to it and they at least the Read permission
Click OK
Copy an Analyzer report to the new OpenReports folder
Verify the permissions for anonymousUser and Anonymous role were inherited; if not add them accordingly.
Stop BA Server
Locate the following file:
\pentaho\server\biserver-ee\pentaho-solutions\system\applicationContext-spring-security.xml
Add the following lines:
\A/i18n.*\Z=Anonymous,Authenticated
\A/js/utils.js\Z=Anonymous,Authenticated
\A/api/.*require-js-cfg.js\Z=Anonymous,Authenticated
\A/api/.*\Z=Anonymous,Authenticated
\A/api/repos.*\Z=Anonymous,Authenticated
\A/api/common-ui/resources/.*\Z=Anonymous,Authenticated
\A/api/common-ui/util/.*\Z=Anonymous,Authenticated
The following lines open the anonymous access to the OpenReports folder and its contents
\A/api/repos.*public.*openreports.*\Z=Anonymous,Authenticated
\A/api/repos.*public.*openreports.*/viewer/.*\Z=Anonymous,Authenticated
\A/api/repos.*public.*openreports.*/common-ui/.*\Z=Anonymous,Authenticated
\A/api/repos.*public.*openreports.*/common-ui/util/.*\Z=Anonymous,Authenticated
after:
\A/js/require-cfg.js\Z=Anonymous,Authenticated
and before:
\A/content/data-access/resources/gwt/.*css\Z=Anonymous,Authenticated
Add the following lines: (these open the URL access to the Analyzer plugin)
\A/content/pentaho-cdf/.*\Z=Anonymous,Authenticated
\A/content/common-ui/.*\Z=Anonymous,Authenticated
\A/content/analyzer/.*\Z=Anonymous,Authenticated
\A/content/analyzer/scripts/.*\Z=Anonymous,Authenticated
Make sure to add these lines:
After:
\A/content/data-access/resources/gwt/.*css\Z=Anonymous,Authenticated
and before:
\A/webcontext.js.*\Z=Anonymous,Authenticated
Locate the following
Change the following lines from:
\A/api/.*\Z=Authenticated
\A/plugin/.*\Z=Authenticated
to:
\A/api/.*\Z=Anonymous,Authenticated
\A/plugin/.*\Z=Anonymous,Authenticated
Save the file
Restart your BA Server
You should be able to successfully call the report by URL without having to authenticate through the login page; here is a sample URL:
http://192.168.2.122:8085/pentaho/api/repos/:public:OpenReports:Leading%20Product%20Lines%20(pivot%20table).xanalyzer/editor
Here the simplest way to bypass the log in :
http://pedroalves-bi.blogspot.pt/2015/02/useful-tips-easy-authentication-in.html
it's work for me, i'm using pentaho 5.4
don't forget to create anonymousUser and in "system Roles" check only "Read Content".
if you use admin user and then you try to access http://localhost:8080/pentaho/Home
it will automaticly login because the browser still have session login.
sorry for my bad english,
Related
I just installed a custom module in Odoo, and everything seems to be ok. But when I try to install other modules I receive the next error:
Sorry, you are not allowed to access this document. Please contact your system administrator if you think this is an error.
(Document model: ir.module.module.exclusion) - (Operation: read, User: 2)
I no longer have rights to install new modules
What is causing that error?
It seems like you don't have the right to access to the records of the models, try adding your user to the user groups provided by the module that have the right to access (setting -> users and companies) or become superuser.
Administration / Settings group users have all the permission (read, write, create, unlink) for ir.module.module.exclusion model. As you are trying to install apps, you are probably logged in as super user which has the group permission Administration / Settings. Probably the module you have installed is changing access right permission, you can look for base.access_ir_module_module_exclusion_group_system string in your custom modules code as that is the external id of the record for this particular model.
As per solution, you can go to Debug on Settings > Technical > Models > ir.module.module.exclusion, in form view go to access rights tab, edit and set all permission for Administration / Settings to checked, as Jorge suggested in the previous answer.
I want to install a TeamCity BuildAgend as a user. When entering my user credentials here:
I always get this error:
NOTE: My account (user) is Administrator with full permission!
How can I do this?
The error message says it does not have "enough rights to run as a service",
this is slightly different from just being an administrator.
Go to Control Panel> Administrative Tools> Local Security Policy.
Select Local Policies> User Rights Assignment.
Scroll down through the list of policies and look for Log on as a service.
Add the account you're using to the list of accounts with this right.
That should in theory be all you need to allow the service to run under that user.
The best powershell command that I have found for this is:
Grant-Privilege -Identity $SERVICE_USERNAME -Privilege SeServiceLogonRight
Requires use of the Carbon framework.
I'm a Windows 10 Home user and the steps above did not work for me, but the following did:
Enable gpedit.msc by running the batch file as explained here under Method 1: https://www.askvg.com/how-to-enable-group-policy-editor-gpedit-msc-in-windows-7-home-premium-home-basic-and-starter-editions/
Run gpedit.msc
Go to Local Computer Policy / Computer Configuration / Windows Settings / Security Settings / Local Policies / User Rights Assignment
Double-click Log on as a service
On the window that appears, click Add User or Group...
Enter your username and click the Check Names button
Your name will be modified, adding the machine name as the prefix. Click OK
Click OK on the Log on as a service Properties window to apply the change.
It is a little bit of a pain, but after doing that, I was able to continue installing TeamCity
We want to run two Jenkins instaces on the same server.
To log in Jenkins (using version 1.595) web GUI we are using the LDAP plugin (version 1.11). "Project-based Matrix Authorization Strategy" is selected and my user is granted admin access here. So once I am able to login I have admin rights. The symbol to the left of the users added in the matirx shows a "little man" so the user seems to be found on LDAP.
CASE 1: If I type in my credentials CORRECT I get redirected
to the page that was open just before I clicked the "log in" button.
NOT good -> Without allowing anonymous user to administrate I have no chance of doing anything.
CASE 2: If I type in them WRONG Jenkins tells me "Invalid login information. Please try again."
good -> as expected.
Also tried "Anyone can do anything" as security setting. Using this I do not get redirected to the login form, but to the last visited page from where i called the "login".
It does't matter what type of Internet Explorer I use. The result is always the same (Chrome, Firefox and Internet explorer were tested).
I already discussed with the colleague responsible for the LDAP maintenance. The incoming information are handled correctly (-> LDAP settings within Jenkins must be correct). But this fact is clear since wrong login information leads to "Invalid login information page", but correct login information do not.
Also made sure that the firewall makes no problems.
Do you have any idea why this is not working? Or what the reasons could be?
Is it possible that there is kind of a "redirection link" for logins?
Hard to say from the information you've provided, but one thing to check is that the casing on your username exactly matches the name you have set up in matrix authentication. LDAP is not case sensitive but Jenkins is, which means that you can be authenticated successfully without having the administrative access you are expecting.
One way to proceed would be to add the 'authenticated' (case sensitive) user to your matrix with some limited permission set and see whether you are able to get past the login page.
I found one reason!
After deleting the environment variable JENKINS_HOME I was able to login into Jenkins... At least via localhost. Before even this login wasn't possible too. As we run two instaces of Jenkins on the same Server it seems like they want to use the variable both -> leads to failures. But if I try to login via network from another PC I still can't login (same as before). The variable JENKINS_HOME gets set (as before) within the jekins.xml in jenkins installation folder so the enironmentvariable is properbly not in need. I opend a new question, as this is now an Apache error.
I guess the reason why I can login via localhost, but not via network must be our Apache 2.2 server which is handling information wrong. By using localhost I can bypass Apache (-> works) but via network Apache gets used (-> don't work).
Link to the new question: Jenkins behind Apache Server / Can't log in Jenkins
I have written my own windows service which interacts with a SQL database and updates it. The service was running fine and seems to be functioning correctly, however of late it seems to go down at random times and cannot restart due to the error designated in the question. I have tried various searches to fix this, but unfortunately I have come up with nothing. The aim is to eventually having this service running on my companies server, but I can't adjust any server settings, I am but a user on the server, so I have restrictions to some settings.
Any quick fixes, would be helpful!
Open the Services Manager. ( Win + R, then type services.msc )
Then right click on the SQL Server process and click Properties
Then go to Log On, and select This account:
Then click Browse, and add your username in the box. (Notice it should contain the domain, in my case is AD\myusername), then Check Names and accept.
Finally type your password in the other two fields, and that's it, you should have permission to start your process now.
Cheers!!
One issue for us was the format of the account user name, we initially used
domain\username
and got the 1069-logon error, then ultimately I tried validating the user name in the properties | logon tab of the Service (in Control Panel / Service Manager), using the "Browse" and "Search" for the user name and it turned it suggested and validated ok with the reverse format
username#domain
This also worked and resolved the 1069 error, and let us script the startup using sc.exe.
Error 1069 is vague and can have different causes. I am sharing my experience here.
I encountered this error when trying to get a service to run under my account (I am trying to get my services to see the same LocalDB as interactive processes running on my account for development purposes). I use an MSA (Microsoft Account) with Windows’s PIN login normally, so I rarely enter my Windows password. To resolve the issue, I locked my screen, selected Password input instead of PIN input, and then entered my password. I assume this somehow reminded Windows what my password was and made my local account more legit.
Before doing this, you need to configure the user account in question to have the Logon as Service privilege. To do this, open the Group Policy Editor. Expand Computer / Windows Configuration / Security Configuration / Local Policies / User Permissions Assignment and then open Login as Service. From there, you can add your user in question.
also check for "Deny Logon service" policy.
user should not be added over there
We had this issue as well because the account was set so that the password expired. After we updated the account to not expire and set the password this error stopped.
The account could also be locked out. To unlock it, you only need to change that user's password (new and old password can be the same).
What also worked for me was re-entering the password in the services->LogOn window. Even when you think the account and password is correct, re-entering it will re-grant the account permission to log on as a service.
When creating a new MVC app and clicking "change authentication".
After choosing "multiple organisations" clicking finish and logging in with my Microsoft account (the one used for Azure) I receive the following error:
User credential verification failed.
Error: Value cannot be null.
Parameter name: entity
Any ideas?
The error is very generic so has proved tricky to find a hint of what to try next.
EDIT:
I have remembered that I have Update 2 RC installed, so it's possible it's just a bug in the pre release.
Ok, I believe I have the answer to the issue.. Seems like this login dialog lets you log in using the Azure AD accounts, but also using Microsoft's accounts. And if you log in using the Microsoft account, it will give this error (even if this MS account has full access to your Azure account).
The solution is to go to the Active Directory in Azure and create a brand new account, mark it as a Global Administrator, then use that to log in when prompted in Visual Studio.
Microsoft has a write-up on the issue, describing the steps to go around it here:
http://www.cloudidentity.com/blog/2013/12/11/setting-up-an-asp-net-project-with-organizational-authentication-requires-an-organizational-account/
Restart VS. So that you wont get the same error again and clears the logged in user. You would need a user with Global Admin Rights in your Azure AD to login again.