In my organization, some users don't have an e-mail address. At the e-mail field in ActiveDirectory, they have a fake (malformed) e-mail address, something like "user.name#xx".
When these users try to login into Gitlab, they get the following error:
'Could not authorize you from LDAP because "Validation failed: email is invalid, email is invalid".'
Is there any configuration to ignore email adress checking with LDAP?
The issue 6230 has been tracking this:
The mail validation on user model is performed by validation here: app/models/user.rb.
I think you can configure your own regexp here: config/initializers/devise.rb.
However, the official statement is:
Disabling validation is not something that will be done on GitLab side. This can lead to inconsistencies in the database and could cause a plethora of issues.
I suggest you :
either fix your LDAP
or have allow_username_or_email_login setting enabled: https://github.com/gitlabhq/gitlabhq/blob/master/config/gitlab.yml.example#L130
This is issue is a support question so I will point you to the contributing guide and close it.
Not directly with GitLab itself, because that error message is the result of an omniauth callback: see config/locales/devise.en.yml:
omniauth_callbacks:
success: 'Successfully authorized from %{kind} account.'
failure: 'Could not authorize you from %{kind} because "%{reason}".'
Yet, the Rodrigo Carvalho reports in the comments:
I actually discovered this is a Gitlab behaviour.
I changed the "/lib/gitlab/oauth/user.rb" (Gitlab code) to append a ".com" in the end of the invalid email address and it worked.
Related
We have a code that logins to Sharepoint Online using :
https://login.microsoftonline.com/extSTS.srf or https://login.microsoftonline.com/RST2.srf, but recently we starting to get authentication failed saying that "Incorrect Username or Password" and after some retries it returns:
"0x80048823 message : AADSTS70002: Error validating credentials. AADSTS50053: You've tried to sign in too many times with an incorrect user ID or password."
While using same username and password to login in the browser works fine, and neither password or username were changed, also code didn't changed. As same code works fine for another Sharepoint tenants. Seems that something changed in the Microsoft login servers, where it's started to not accept user credentials, while web browser login works fine.
Please advise.
Thanks
Microsoft Rep has helped me get this far.
They had us create a "Cloud Only" user. This user was setup as "#" so if your name is bill and your corporate sharepoint site is name is FakeCompany.sharepoint.com then you would have the person as "bill#FakeCompany.onmicrosoft.com"
This user was able to login to https://login.microsoftonline.com/extSTS.srf by just passing username and password.
Our on prem AD users are still having issues, i mentioned this and got the following response.
There is no issue with sync as you are able to login to portal using the same account and password.
The solution you need is documented in https://learn.microsoft.com/en-gb/azure/active-directory/manage-apps/configure-authentication-for-federated-users-portal#enable-direct-authentication-for-legacy-applications
You need to create a home realm discovery (HRD) policy where "AllowCloudPasswordValidation":true.
We have not yet implemented the last solution but the creating of a cloud account may help some of you.
So I think I understand what they are trying to say. There are 2 paths that you are able to authenticate with according to the node-sp-auth example.
"Managed" and "Federated"
"Managed" was the easier version and allowed for you to be able to just provide username and credentials in a soap assertion to login.
Federated is a lot more complicated. You need to first perform a post to Microsoft to validate the user hitting your adfs server. https://adfs.XXXXXXX.com/adfs/services/trust/13/usernamemixed
Then you take the saml:Assertion from that response and put it into the "Token" section of the call you make to https://login.microsoftonline.com/extSTS.srf utilizing the templates from the node-sp-auth.
I have C# code that performs all these steps but I am getting an error
AADSTS70002: Error validating credentials. AADSTS50008: SAML token is invalid. AADSTS50006: Invalid signature. Signature verification failed.
Even though the signature is being generated by Microsoft in their SAML.
node-sp-auth code refrence is OnlineUserCredential.ts file.
If someone can figure out the last mile I can post a comprehensive C# solution.
After changed password of user "admin", i can't login to device manager.
Welcome screen it turning and then tell me that there is an error :
[2017-10-23 10:11:41,401] [IoT-Core] ERROR {org.wso2.carbon.apimgt.impl.AMDefaultKeyManagerImpl} - Invalid OAuth Token : Invalid access token
[2017-10-23 10:11:41,401] [IoT-Core] ERROR {org.wso2.carbon.apimgt.rest.api.util.impl.WebAppAuthenticatorImpl} - Authentication failed. Please check your username/password
[2017-10-23 10:11:41,401] [IoT-Core] WARN {org.apache.cxf.phase.PhaseInterceptorChain} - Interceptor for {http://store.api.rest.apimgt.carbon.wso2.org/}SwaggerJsonApi has thrown exception, unwinding now
org.apache.cxf.interceptor.security.AuthenticationException: Unauthenticated request
It seems to have a fix (https://github.com/wso2/product-iots/issues/1033) but how can i fix it in 3.1.0?
Edit : I've changed db from H2 to mysql and now i can't change admin password in device management console.
i cant add user anymore too.
error in user management :
DataTables warning: table id=user-grid - Ajax error. For more information about this error, please see http://datatables.net/tn/7
error when i try to change admin password showed in browser:
900908Resource
forbidden Access failure for API:
/api/device-mgt/v1.0/users/1.0.0, version: 1.0.0 status: (900908) -
Resource forbidden
Backed to H2 DB for this part, still no luck. When admin password changed, device manager in not accessible for super admin.
Edit2 :
I've found a trick.
Backed to H2 for user management, i've created another user with all roles.
Then i've changed admin password to "disable" it.
It works, my new admin have all roles.
But when admin password is changed, access to store is forbidden.
this article says it fixed : https://wso2.org/jira/browse/EMM-1295
I've rechanged admin pass, no message. Maybe i made a mistake.
Thanks.
Regards,
Alex.
After searches, i found this :
https://docs.wso2.com/display/IoTS310/Changing+the+Super+Administrator+Username+and+Password
Tested and OK.
YOu have to change password on the webinterface carbon.
And follow the instruction on link above.
I have a bugzilla 4.4.2 installation. I want to use the gmail smtp service to send email from my application. I have applied these blogs
http://www.dawood.in/bugzilla-alerts-using-gmail/
http://prasadlinuxblog.wordpress.com/2014/02/26/975/
Applied the patches mentioned there. I configured the mta parameters in Bugzilla admin section with my gmail user name and password. Note that, I am not using two step verification in google account. So after all these, the application fails with an Authentication Error. It says the following message
There was an error sending mail from 'myemailaddress#gmail.com' to 'receiver#gmail.com': Could't set FROM: 530 5.5.1 Authentication Required. Learn more at at lib/Email/Send/SMTP/TLS.pm line 49
Cant really figure out whats going wrong here. I found one similar question https://stackoverflow.com/a/8533805/3692283 but I am already following the solution mentioned there.
Check whether the email entered at the SMTP user is still valid. If the password is no longer valid, then it cannot be chosen as the SMTP user name.
The SMTP password is the email's password.
I am trying to follow the tutorial here: http://wiki.cloudbees.com/bin/view/Documentation/CloudBeesEclipseToolkit that describes how to configure your eclipse to use the CloudBees subversion respository. When I get to step 2, and try to validate my account username and password, I get:
Failed to validate your account.
Reason:
Failed to get account services info.
Authentication of user: xxxx failed.;
Details -
Unexpected response code:400. Message: Bad Request
I did use my google account (and oauth?) to create my cloudbees account. I am using my google username and password to try to validate.
The account name is what you see when you enter in cloudbees on the top right.
Regarding your missing password this is due to the fact that google and github sign in don't ask user to define a password - that's why you get an authentication failure.
Users can use https://grandcentral.cloudbees.com/account/forgot_password to request password reset and define the password.
I was able to fix this by clicking on the builds sectio of my account. This led me to some pages that told me I didn't have a password with cloudbees, and prompted me to create one.
When I used this password, instead of my gmail one, validation worked.
Also, I had to use my account name minus #gmaail.com to perform svn checkins, which wasn't the most intuative - it's not clear what un/ow and where
We have done a fair amount of work and have come pretty close to getting Jenkins to automatically kick off a build when a push is made into Github. However, Github is logging an error from Jenkins when attempting to post to the Github plugin webhook as follows:
Error 401 Either no such user 'CN=Github Account,OU=Jenkins,OU=Applications,DC=mydomain,DC=com' or incorrect password; nested exception is javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 52e, vece?]
We have LDAP enabled in our environment to allow for active directory logins. An account called "github" has been created on our domain and authorized as a Jenkins user. We are able to manually login to Jenkins by punching in the username and password for this account and it works as expected. The "github" account has been authorized on the project for READ and BUILD directives on the job.
On Github, the push webhook has the url defined as follows:
http://github:password#jenkins.mydomain.com:8080/github-webhook/
We can confirm that the push event effectively triggers the post to the URL, but the response is a 401 with error details as described above. We know the account is valid and the password is correct, but we are stuck because we cannot understand why Jenkins suggests that it is invalid.
We have used the following link, among many others as a guide:
http://fourkitchens.com/blog/2011/09/20/trigger-jenkins-builds-pushing-github
As far as we can tell, the only difference between our configuration and those of others who have posted about their success on blogs and here on Stackoverflow is our use of LDAP authentication.
Does anyone have any guidance to help us overcome this hurdle? Currently, we can successfully run a build manually, so our communication TO Github FROM Jenkins is tip top. But Github back to Jenkins is a frustrating no-go.
This is now working. Here is what went wrong. When configuring the following string, pay careful attention to both the username and password:
http://github:password#jenkins.mydomain.com:8080/github-webhook/
In our case, the password contained special characters that Jenkins was tripping over. Usernames and passwords with special characters must be URL encoded or the authentication will fail. For example, the following password
!test+pw
must be URL encoded as follows:
%21test%2Bpw