I am trying to implement Access Control Policies on Network Proxy Server. Presently, I am at a stage where I have modeled it like this:
The problem I am facing is how to send the resource url, username and password from PEP to PDP. I am presently using WSO2 for implementing PDP policies.
Relating to this I also saw a command on this link, which is as follow:
curl -X POST -H 'Content-type:text/xml' -T soap-xacml-request.xml https://localhost:8443/asm-pdp/pdp --cacert pdp.b64.cer --user pep:password
I also don't know what url should I be giving instead of https://localhost:8443/asm-pdp/pdp (as I am using WSO2).
Can somebody please help me regarding all these issues?
Did you look at the WSO2 documentation and blog? E.g. http://xacmlinfo.com/2012/06/14/pep-client-for-wso2is-pdp/.
Related
Our Vault is configured to use github tokens. How can one use spring-cloud-vault and use github tokens? looked all over documentation and forums.
Thanks in advance.
Assuming "spring-cloud-vault" is the same as Hashicorp Vault (and according to https://cloud.spring.io/spring-cloud-vault/reference/html/ this looks pretty much the same!), you first need make sure the "github" auth method is enabled.
Our Vault is configured to use github tokens
So this seems to be the case already.
Next you need to create a GitHub personal token on https://github.com/settings/tokens. Click on "Generate new token" and in the "admin:org" scope, select "read:org", then generate the token and copy it.
See this GitHub guide for additional help: https://help.github.com/en/articles/creating-a-personal-access-token-for-the-command-line
You will get a token code. With this you can log in to your Vault. In the Vault UI select "GitHub" as Method, then paste the copied token.
If you are using the Vault API, e.g. with curl, you need to add the token as a HTTP header:
$ curl -X POST \
--data '{"token": "YOURSECRETANDPERSONALGITHUBTOKEN" }' https://vault.example.com/v1/auth/github/login
Note that in this example Vault is behind a reverse proxy, therefore not using the port 8200 in the URL.
You should get a HTTP 200 and a json reponse when you successfully logged in.
See https://www.vaultproject.io/docs/auth/github.html for more details.
I tried call this command
curl -l -u "my_user_name" https://my-enterprise-github.com
Then, I input my password manually.
But it returns this
<html><body>You are being redirected.</body></html>
Please explain what's wrong with my command.
Thank you.
cURL should not be used for access to GitHub's (or most web) UI without specific reasons. GitHub provides an API to allow accessing data as a well-defined structure.
You mentioned wanting to get-a-single-pull-request. This relies on a URL pattern following GET /repos/:owner/:repo/pulls/:number.
So if you had a GitHub account, facebook, and wanted to look up a specific pull request 15947 in react-native. The full URL would be
https://api.github.com/repos/facebook/react-native/pulls/15947
The cURL command would be
curl -u osowskit -X GET https://api.github.com/repos/facebook/react-native/pulls/15947
Note that:
You will likely want to start using a PAT or OAuth token instead of username/password
There are tools that make exploring the GitHub API easier. postman or octokit
To start with you may want the -L flag. From the cURL Frequently Asked Questions
3.8 How do I tell curl to follow HTTP redirects?
Curl does not follow so-called redirects by default. The Location: header that informs the client about this is only interpreted if you're using the -L/--location option. As in:
curl -L http://redirector.com
Not all redirects are HTTP ones, see 4.14
There's also a CLI now that can be helpful for many similar use-cases:
https://cli.github.com/
$ gh pr list
Showing 2 of 2 open pull requests in Roblox/service-comms-nomad
#16 chi1 Traefik 1.7 GLB jobs chi1-glb-prep
#6 Cgt/t2 cgt/t2
From the crate.io documentation I am told that an SQL query can be performed like this:
curl -sSXPOST 'CLUSTER_IP:4200/_sql?pretty' -d '{"stmt":"select name from sys.cluster"}'
The database I am trying to connect to requires a username and password:
How can I build this authentication into the curl call? I have tried several variants of things I found online with no success. The error I keep seeing looks like this:
Out of the box CrateDB does not provide any authentication.
Maybe you are running a HTTP Proxy or loadbalancer with authentication in front of it? NGINX? Try to connect to one of the CrateDB servers instead.
The query worked when I included the login credentials as follows:
curl -sSXPOST 'username:password#hostname:port/_sql?pretty' -d '{"stmt":"select name from sys.cluster"}'
As all I want to do is connect to my own site, I should be able to ignore oAuth and do token-baseed authentication as per:
http://devdocs.magento.com/guides/v2.0/get-started/authentication/gs-authentication-token.html
My curl request looks exactly like:
curl -X POST "https://magento.host/index.php/rest/V1/integration/admin/token" \
-H "Content-Type:application/json" \
-d '{"username":"test#example.com", "password":"123123q"}'
The response I get is a HTML page from my own site that basically says 'page not found' I'm obviously going to the correct domain, but it seems something else in the URL is incorrect. Any ideas?
Am I using the wrong URL?
In version 1.9 you need to create a Guest endpoint. Then you don't need to use oAuth. You can see how to use it here: http://devdocs.magento.com/guides/m1x/api/rest/introduction.html
An authentication system that uses REST so that you do not need to actually track or manage the users in your system. This is done by using the HTTP methods POST, GET, PUT, DELETE. We take these 4 methods and think of them in terms of database interaction as CREATE, READ, UPDATE, DELETE.
There is no direct way to use REST token based authentication on the Magento 1.x version. You need to write this functionality to you for your own. I have write this functionality by using REST API and you can also follow this article for more details.
https://www.ipragmatech.com/magento-token-base-rest-api-for-authentication-and-authorization
I want to share data between multiple devices and users running a couchdb server on iriscouch.com and using couchbase-lite on ios and android. Users should be able to login with facebook and email. How do I handle user access to specific documents? I dont dont want anyone to be able to access the documents and databases. I thought about using HTTP basic auth (replication security), hard coding username and password into the app code. Unfortunately it is sent as plain text and seems totally insecure. Can you help me out with some ideas about this scenario?
You can use SSL ecncryption for security. Please refer the link for enabling SSL
https://wiki.apache.org/couchdb/How_to_enable_SSL.
I had similar problem while using Basic Auth, hence we had to use SSL to make it more secure.
If can follow this method If you want to use Basic AUth.
1. Encode the username and Password
ex: username#password which after encoding becomes dXNlcm5hbWVAcGFzc3dvcmQ=
(use https://www.base64encode.org/ to encode).
Using curl try to authenticate
curl -v -H "Authorization: Basic dXNlcm5hbWVAcGFzc3dvcmQ=" -H "Content- type:application/json" -X GET IP_Address_and_DatabaseName
In this way you can hide the Username and Password but still anyone can have the encoded string. Hence If possible, try to implement SSL.