I'm the one who is configuring the server. It has a SVN+SSH as well as an SSL for the company who will be accessing it. I am able to browse AND checkout repos. The firewall has been configured to allow access to another company. They can browse the repos in a browser, but they get an error message when trying to SVN check-out the repo. Error message: "Access to 'https://servernameaddress/path/to/repo' forbidden". Why would they be able to browse the repo in a web browser, but not be able to checkout using an SVN client?
Are they connecting to the internet via a proxy?
If they had a proxy configured in the browser perhaps Tortoise is not using this proxy.
Related
We have OpenAM plugin for Apache Http server.
Here Apache Http server works as reverse-proxy.
OpenAM plugin validates user requests for authentication and authorisation then forwards the requests to service.
This works fine for some days. But suddenly, OpenAM plugin fails to authenticate and authorise and requests directly goes to service.
Only fix is to restart the Apache HTTP server.
But this is not the correct fix. We would like to find the real route cause of this problem and fix. There is no logging reported from http server.
Thanks.
There is no logs reported. Totally clueless. It is happening once in two days or >so.
You should set the Agent level to message and check the debug.log (in agent root --> instances --> debu --> debug.log) and trace the requests in the agent log files that are not working. There may also be relevant information in the system logs in the agent root log folders.
But suddenly, OpenAM plugin fails to authenticate and authorise and requests
directly goes to service.
What HTTP status code is returned during this period? By default, if the Agent cannot communicate to AM for policy advice (unless it has preconfigured fallback not enforced URLs) will be to 403 each request. You'd really need to check your debug and apache access logs to look at these requests hitting the reverse proxy (or whether they hit them at all).
I have setup jenkins server on aws and provided access to only my org public IP.
I want to open it with my organization vpn for some people working from home so he want access the server.
Also jenkins have google auth.
how to setup for this problem
Most articles or answers I find deal with proxying a localhost url to a localhost backend server on a different port, or to a non-authenticated remote server (no log in required). However, what I am unable to find is how to generically proxy requests to a remote server that requires authentication.
A common practice in web development is to create multiple instances of the app (beta/dev, integration/test, production, etc.) so you can test and deploy gradually before the code hits production. Each instances has it's own backend server and data that is typically accessible through public urls (e.g. beta.app.com/api).
The difficulty comes when the api requires user authentication to access. Setting up a typical proxy won't work as the credentials from localhost will be different from those of the remote server.
What I want to be able to do is be able to proxy all localhost api calls to one of the remote servers so I don't have to run a backend server locally, or be able to test local code against remote data (great for debugging prod only bugs). What I don't want to have to do is hardcode credentials to the remote server into the proxy, as that won't work for anyone else who runs the app locally (so no hardcoding proxy headers that add auth cookies, etc.).
I image the solution will require more than just a proxy to work, and that's fine. Assume I have full control of both the frontend and backend and can make any changes needed to make this work.
I have a java web application which I am trying to host on a home computer running windows server 2012. I have configured it so that Apache and Tomcat communicate with each other and I am able to access the website fine. The issue arrises when the form that I built asks the user to log in to Microsoft for Outlook REST API. After logging in, microsoft gives an error and will not redirect, because it is only compatible with a "secure scheme". How can I set up my server to be a "secure scheme"? I included a screen shot of the error page:
Secure Scheme = "HTTPS". You need to secure your site with an SSL certificate.
I'm running Tomcat 6.0.24 with an AJP connector. For the connector, I've set the attribute tomcatAuthentication="false" so that Tomcat will get the name of the authenticated user from the native web server (Apache 2.2.15 with mod_proxy_ajp and mod_cosign). This is working fine for a "Hello, World" servlet I've set up.
I have the Tomcat Manager WebApp working fine when using Tomcat's MemoryRealm, tomcat-users.xml file, and the connector in the default configuration (tomcatAuthentication="true"). But with tomcatAuthentication="false", I get the error "HTTP Status 403 - Access to the requested resource has been denied" from the Tomcat Manager WebApp.
How can I configure the Tomcat Manager web application to rely on the native web server (Apache HTTPD) for authentication but use an independent source (tomcat-users.xml or other) for user roles? I've read the documentation and googled but I don't understand enough about Tomcat yet to find the answer.
From the Tomcat Manual
Configure whether Tomcat or a web server does authentication
When Tomcat is used with a web server, such as Apache, the default is
to have Tomcat continue to handle authentication. Any authenticated
user specified in the request forwarded from the web server to Tomcat
will be ignored.
If you want Tomcat to make use of the authenticated user provided by
the web server, add:
tomcatAuthentication="false" to the Ajp12Connector or Ajp13Connector as appropriate. For example:
<Ajp13Connector port="8009" tomcatAuthentication="false" />
Have you tried adding the second configuration value.