ADFS 2.1 Trace Settings Windows Server 2012 - adfs2.0

When I tried to increase the ADFS Trace -log level using the Microsoft instructions , I am getting the below error:
C:\Windows\system32>wevtutil sl "AD FS 2.0 Tracing/Debug" /L:5
Failed to read
configuration for log AD FS Tracing. The specified channel could not
be found. Check channel configuration.

I managed to find the solution(using this blog post)- The Log file names were changed in ADFS 2.1 from AD FS 2.0 Tracing/Debug to AD FS Tracing/Debug
Old Path:
%SystemRoot%\System32\Winevt\Logs\AD FS 2.0 Tracing%4Debug.etl
New Path:
%SystemRoot%\System32\Winevt\Logs\AD FS Tracing%4Debug.etl

Related

How to host .NET 6 Web API as Windows Service?

I have .NET 6 Web API and want to host as a windows service on my own virtual server. I read many questions and answers and applied them, but I still get an error when starting the application (error 1053: the service did not respond to the start or control request in a timely fashion) Also I couldn't find a detailed error description when I looked in the event log.
I'm using Microsoft.Extensions.Hosting.WindowsServices package and Program.cs is below
var builder = WebApplication.CreateBuilder(new WebApplicationOptions
{
Args = args,
ContentRootPath = WindowsServiceHelpers.IsWindowsService() ? AppContext.BaseDirectory : default
});
builder.Host.UseWindowsService();
var connectionString = builder.Configuration.GetConnectionString("MongoDB");
...
I'm developing on MAC so publishing my codes with the following command
dotnet publish --runtime win7-x64 --self-contained --configuration Release
I'm creating my windows service like this
sc create "MySvc" binPath= "C:\Users\Administrator\Desktop\test\MySvc.exe"
Where am I doing wrong or how can I find the error?

OpenAM's WebAgent failing to install

I am trying to setup Forge rock(OpenAM13.0) with OpenDJ 3.0,
deployed Open Am in tomcat and Installed opendj successfully. setup where I end up with an error .
Environment:
- OpenAM(V 13.0).war with Tomcat (8.5.27)
- OpenDJ 3.0.0 for External Identity perupose.
-AS part of the process deployed the OpenAM war and on tomcat and could
able to login in with amadmin.
-Created policy set and policy and reqeust patterns as well.(followed
the forgerock getting started guide:https://backstage.forgerock.com/docs/openam/13/getting-started/).
-Here I installed apache 2.4 webserver could able to see the home page.
Error: when i try to configure the WEb agent I endup with below
error,could not able to proceed further.
But I could able to login from the openam login screen but end up with some session invalid exception in session.log and no session in access.csv log file.I could not able to understand and go further.help on this regard is greatly appreciated.
Attached the screen shot of different logs i got .
[WEbagent_insall_Log][1] - Log during web agent installation
[Session-Log][2] - Log at the server openam side
[OpenaM_access.csv_log][3] log for open am side about the access
[WEbagent Installation][1] screen when I try to install webagent
[1]: https://i.stack.imgur.com/HmCFZ.jpg
[2]: https://i.stack.imgur.com/KX1Tb.jpg
[3]: https://i.stack.imgur.com/jQYUX.jpg
Please help on this.
Thanks
Venkat

sonarqube 5.6 & LDAP 2.0 failing to authenticate

I am testing an upgrade to sonarqube 5.6 and have installed the ldap 2.0 plugin & copied the relevant configuration forward to my test 5.6 setup.
The relevant config is
sonar.security.realm=LDAP
ldap.url=ldaps://xxxx:636
ldap.bindDn=uid=xxxx,ou=xxxx,dc=xxxx,dc=xxxx
ldap.bindPassword=xxxx
ldap.user.baseDn=dc=xxxx,dc=com
ldap.user.request=(&(objectClass=person)(mail={login}))
ldap.user.realNameAttribute=cn
ldap.user.emailAttribute=mail
I have the following set in conf/sonar.properties
sonar.log.level=DEBUG
On startup I see
2016.07.26 23:57:29 INFO web[o.s.p.l.LdapContextFactory] Test LDAP connection on ldaps://xxxx:636: OK
2016.07.26 23:57:29 INFO web[org.sonar.INFO] Security realm started
If I attempt to login, I get "Authentication failed" on the login screen.
The log file says nothing other than
2016.07.26 23:57:47 DEBUG web[http] GET / | time=67ms
2016.07.26 23:57:47 DEBUG web[http] GET / | time=187ms
2016.07.26 23:57:47 DEBUG web[http] GET /sessions/new | time=89ms
2016.07.26 23:57:53 DEBUG web[http] POST /sessions/login | time=71ms
The same configuration works fine with sonarqube 4.5.7 and ldap 1.4
Ideas welcome on how to investigate further.
You're most likely hitting known issue SONAR-7770 - Authentication fails if LDAP configuration has been forgotten during the upgrade . Note that an Upgrade Note was issued for this problem:
Most specifically, don't forget to copy the related SonarQube plugin and its related configuration in "conf/sonar.properties" (including "sonar.security.realm" and "sonar.security.localUsers" if present) into the new SonarQube instance otherwise you will be locked out after migration.
So it's important that this LDAP configuration is there even during the upgrade. If you did miss that then the easiest way forward here is to replay the upgrade with the LDAP-related configuration correctly set.
Context
Keep in mind that during an upgrade SonarQube updates the dataset and also stores new information in database (based on new features). The problem in your case would be that the upgrade was done with a partial config (which didn't set sonar.security.realm and sonar.security.localUsers) , and SonarQube couldn't figure out whether users were local or not, hence treating them as local by default. Local users are not authenticated against external authentication providers but locally, which is indeed what we're seeing in your logs (and it's obviously failing because the password lives in LDAP server, not in SonarQube database).
I fixed it by manually updating the users database table of SonarQube, asumming that all other users are managed by LDAP and just the admin is a local user:
UPDATE sonarqube_production.users SET user_local = 0, external_identity_provider = 'ldap' WHERE id != 'admin';
Little fix to Schakko query above, it should be with login not with id:
UPDATE users SET user_local = 0, external_identity_provider = 'ldap' WHERE login != 'admin';

Integrated app pool and virtual directories

I have MVC application that uses integrated app pool.
Under this MVC application, i have created a virtual directory that points to our file server location. This file server has some pdfs and custom images.
When we try to access the resources via virtual directory, I get the following error:
Server Error in '/' Application.
Configuration Error
Description: An error occurred during the processing of a configuration file required to service this request. Please review the specific error details below and modify your configuration file appropriately.
Parser Error Message: An error occurred loading a configuration file: Failed to start monitoring changes to '\\nas2\CardDeck\web.config'.
Source Error:
[No relevant source lines]
Source File: \\nas2\CardDeck\web.config Line: 0
Version Information: Microsoft .NET Framework Version:4.0.30319; ASP.NET Version:4.0.30319.17929
When I change the app pool to classic, i can access these resources just fine. What am i missing here?
Thanks
App pool was running under "NetworkService" identity.
I have changed it to a user account that has admin permissions on the box.
The thing that i still need to figure out is, why these were working under classic app pool and network service as the identity?

OpenAM Conditional Login Url

I'm using openAM 10.0.0 and the admin guide mention it support conditional login (just no on console):
com.forgerock.agents.conditional.login.url
Then I configure agent as local config:
com.forgerock.agents.conditional.login.url[0]= songjing.com|http://openam.songjing.com:8080/openam/UI/Login
om.forgerock.agents.conditional.login.url[1]= brandA.songjing.com|http://openam.songjing.com:8080/openam/UI/LoginBrandA
When I browse to brandA.songjing.com, it still go back to http://openam.songjing.com:8080/openam/UI/Login login page. I thought it is cause by
com.sun.identity.agents.config.login.url[0] = http://openam.songjing.com:8080/openam/UI/Login
And remark it.
Then end up with error say com.sun.identity.agents.config.login.url not found.
I try with web agent 3.0.4 and 3.1 for apahche httpd, both not working
Any help?
Rgds
SJ
Solved. web agent 3.0.4 not support conditional login url.
for web agent 3.1 the key is:
com.forgerock.agents.conditional.login.url
and for j2ee agent 3.1 the key is
com.sun.identity.agents.config.conditional.login.url
and due to I use virtual server, I need configure fqdn mapping:
com.sun.identity.agents.config.fqdn.mapping[branda.com] = branda.com