I have my CAS setup locally. I have a grails application that is running locally as well. My CAS authentication is working. My CAS is running at this location
http://localhost:8081/cas/login?service=http%3A%2F%2Flocalhost%3A8081%2Fj_spring_cas_security_check
My grails application is running at http://localhost:8080/CASTest/test/
So when I go to my grails application i get redirected to CAS for login, however after login I getting I keep getting evaluationException on hostUrl in my CAS. I think the error is because of localhost in the service field in CAS, if i change this to test1.localhost it works, it redirects me to test1.localhost after authentication. Any ideas how i can redirect it back to my application that is running locally?
Try configuring the hosts file of your operating system to accept the chosen domain for your application as an alias to localhost, and then use that in your CAS configuration in development environment.
Check out the Wikipedia entry for the hosts file for the appropriate location in your system (if you are using Linux that would be /etc/hosts), and then add a line like:
127.0.0.1 test1.localhost
After that, you can use it in your CAS configuration for the development environment -- the serviceUrl configuration should point to something like http://test1.localhost/CASTest/j_spring_cas_security_check.
Hope it helps!
Related
I have a windows 8.1 machine running ubuntu 14.x on a virtualbox. I'm running meteor inside that virtualbox. I've bridged the connection and turned off the firewall on both machines. I'm able to connect to the internet from the virtual box, and I can telnet from the windows host into the ubuntu machine.
I can also connect to meteor apps that are not using the force-ssl package; however, I CANNOT connect to meteor apps that are using force-ssl!
If I run "meteor remove force-ssl" I can connect to the app. Any thoughts? Thanks.
EDIT - by connect to the app, I mean "http://[ip_address_of_guest]:3000/" in a browser on the host machine. I've tried both http and https.
I'm new to Meteor but, from this documentation, it looks to me like you are seeing the intended behaviour ...
"This package, part of Webapp, causes Meteor to redirect insecure
connections (HTTP) to a secure URL (HTTPS). Use this package to ensure
that communication to the server is always encrypted to protect users
from active spoofing attacks.
To simplify development, unencrypted connections from localhost are
always accepted over HTTP.
Application bundles (meteor bundle) do not include an HTTPS server or
certificate. A proxy server that terminates SSL in front of a Meteor
bundle must set the standard x-forwarded-proto header for the
force-ssl package to work.
Applications deployed to meteor.com subdomains with meteor deploy are
automatically served via HTTPS using Meteor's certificate."
This answer clarifies.
I am about to try the Digital Ocean guide, "How To Deploy a Meteor.js Application on Ubuntu 14.04 with Nginx", myself to see if it correctly documents the required set up steps. I'll update with my results.
We are trying to setup the Worklight Server for production, which is behind a reverse proxy that will help manage the SSL certificate.
What this means is that, when the user hit the domain, say https://mydomain.com:443, the proxy will automatically forward the request to the Worklight Server on port 9080.
After the setup is done for the reverse proxy following this guide, the installers.html page is working well. However we notice that when we try to access the console using https://mydomain.com:443/appcenterconsole, the user gets redirect to http://mydomain.com:9080/appcenterconsole/console.html instead and this is causing problem.
I searched around and found this link Worklight Console redirects to port 9080, which is similar to the problem i'm having. Is there a way for me to configure the Websphere Liberty Profile so that it will use the reverse proxy URL as the redirection URL?
I notice also that the index.html file in the appcenterconsole.war is using the meta refresh method to do the redirection. I'm tempted to change it to use a full URL, but then i also notice that the same issue happens when we go to the login.html and perform login. (Whereby after login, the page redirects the user with the 9080 port as well).
Any pointers or idea are welcomes. The Worklight version used is 6.1.
Thank you.
EDIT
The network setup in my environment:
Proxy Gateway (with SSL cert) configured to connect to Worklight Server for port 9080 whenever a connection with port 80 or 443 is received. Therefore:
https://mydomain.com:443/appcenterconsole -> will be mapped to http://worklightserver:9080/appcenterconsole
The mapping is done internally between the proxy and the worklight server.
When we type the full URL on the browser, ie. https://mydomain.com:443/appcenterconsole/console.html after i login, the console works fine.
Have you set up the JNDI entries detailed here?
http://pic.dhe.ibm.com/infocenter/wrklight/v6r1m0/index.jsp?topic=%2Fcom.ibm.worklight.installconfig.doc%2Fappcenter%2Fr_ac_appres_endpoint.html
I have an apache server running on my local machine. I can connect to http://localhost from a different device in the same network, but I want to add a layer of authentication. So that when the user tries to access the localhost, it has to enter the correct username/pwd to proceed. Is there anyway to do this without having it the authentication code in the javascript or html file returned by the apache server? I'm new to this so I'm a little confused.
You can configure apache to require authentication. Have a look at http://httpd.apache.org/docs/2.4/howto/auth.html
I am starting to look into configuring an SVN server using Apache2 and mod_dav_svn on Red Hat Linux. I want Apache to handle authenticating the users that access the repository. Is there a way to have Apache authenticate against the user credentials maintained by the OS? This way I can allow all of my users on the server to use the same account to access SVN and to login to the system via SSH.
Previously our SVN server was hosted on a Windows server and we were able to use AuthType SSPI to perform our authentication against the Windows Active Directory server which will no longer be available to us. (Note: this is a restriction due to our network security and is not with my control)
Ultimately the solution I found to this problem was to configure mod-authnz_external to work with pwauth. Following the instructions on those two sites seems to have resulted in a working solution.
I have a java application running on Weblogic on a Linux box. The application/weblogic are run as root. I see this as a security risk. I want to create a dedicated user to run the application.
To do this I have:
Created a new dedicated DNRS/Weblogic user called 'wluser'.
Granted access to my application to only the dedicated user wluser.
The application is hosted on Apache. To run the application, I first start apache, then weblogic.
When I tried to run apache, it complained 'Permission denied: make_sock: could not bind to port 446'.
It seems apache needs to be started as root. But if I changed the owner of apache to root, I'll be able to run the application as root. Exactly what I don't want..
Anyone any ideas?
I'm fairly sure that an application has to be given permission to use a port below 1024.
Check out this question on ServerFault: Regular User socket permissions