Kaazing is not working with SSL setup - ssl

I have a basic kaazing setup for stomp and its working fine with my webpage which is served up using http.
Now I want to connect using SSL (HTTPS) and I've changed all the settings on my web server to do so.
Since I did that, browser was not happy making a HTTP (unsecured) connection to Kaazing (I'm fine if there is way around it to just make kaazing work without https as well) and now I'm trying to setup ssl for Kaazing as well. I just appended an 's' to everything and changed tcp: to ssl:. also, generated a keystorefile with my servername.
Still in the browser I'm able to reach
https://servername:8000/jms/;e/ct?.kn=6433810530520803
this is the first file Kaazing libraries are trying to reach and the response to this is
https://servername:8000/jms/;e/ut/qJA49SDjQEHLINJVoWe5fHGZqpUYqe6e?.kn=6433810530520803
https://servername:8000/jms/;e/dt/qJA49SDjQEHLINJVoWe5fHGZqpUYqe6e?.kn=6433810530520803
2 more javascript files I'm assuming. But these files are not reachable, getting 404
I understand the question is little vague, please feel free to ask more details if you need. But if anybody has any idea whats going on and whats wrong, please let me know. I would really appreciate the help.
Have no clue how to debug this Kazzing thing nor Websocket connections.
Also Not that I'm trying to setup a internal ip-hop based on this document.
Here is my complete gateway-config.xml

Anand,
You have configuration issue. Let me explain it here:
<service>
<accept>wss://servername:8000/jms</accept>
<type>stomp.jms</type>
<properties>
<connect>tcp://localhost:61613</connect>
<connection.factory.name>ConnectionFactory</connection.factory.name>
<context.lookup.topic.format>dynamicTopics/%s</context.lookup.topic.format>
<context.lookup.queue.format>dynamicQueues/%s</context.lookup.queue.format>
<env.java.naming.factory.initial>org.apache.activemq.jndi.ActiveMQInitialContextFactory</env.java.naming.factory.initial>
</properties>
<accept-options>
<wss.bind>10.171.131.100:8000</wss.bind>
</accept-options>
<cross-site-constraint>
<allow-origin>https://23.23.23.23:80</allow-origin>
</cross-site-constraint>
<cross-site-constraint>
<allow-origin>https://servername:80</allow-origin>
</cross-site-constraint>
</service>
Note the last cross-site-constraint, it is https://servername:80 . This won't work. it should be http:servername:80 or https://servername:443 (if you have configured ssl correctly). This explains "2 more javascript files I'm assuming. But these files are not reachable, getting 404".
Alternately, you can relax the cross-site-constraint by putting the following:
<cross-site-constraint>
<allow-origin>*</allow-origin>
</cross-site-constraint>
Once you have it working and your deployment scenario is solid, limit the access by putting a tighter cross-site-constraint.
Hope that helps. Give it a try and update this thread.

Related

Missing configuration for the issuer of security tokens error

I inherited an existing project without its development environment. I have UAT code and a backup of the Production database. I can run up the site locally via Visual Studio but have hit an authentication problem trying to setup a fresh standalone DEV server on AWS (single server, no load balancer). The doco indicates the Prod server is a dual server setup with a load balancer.
The front end site pages do display, although some search is not working. On trying to log into the backend pages, Chrome returns "The xxx page isn't working. xxx redirected you too many times." Using developer tools, I can see the page redirects back and forth between SWT?realm=... and sitefinity?wrap_defalted=true&wrap_access_token... On the second redirect response header there is "X-Authentication-Error:Missing configuration for the issuer of security tokens 'https://xxx/Sitefinity/Authenticate/SWT' "
I tried different values in the web.config lines:
<federatedAuthentication>
<wsFederation passiveRedirectEnabled="true" issuer="http://localhost" realm="http://localhost" requireHttps="true"/>
<cookieHandler requireSsl="false"/>
</federatedAuthentication>
but that actually made things worse so I have reverted.
I checked all the settings mentioned in http://docs.sitefinity.com/administration-switch-to-claims-based-authentication and they seem to be set correctly. I don't really know what else I can check to get this working.
I found http://docs.sitefinity.com/administration-configure-security, but it does not seem like these settings are set (I don't have access to Prod server so can't confirm if it is actually setup with load balancing). I am currently using a 30 day trial license so am not sure if this is contributing to the problem. The official license is in the process of being transferred by the client. The domain name associated with the official license would be different to the domain my new server is currently running on.
I am also running version 8 code on a version 9 install of Sitefinity. I wanted to get it working before I tried to upgrade the code. I think there was also an assembly load to manifest mismatch when I tried upgrading my local version.
Found the solution: Don't mess with the SecurityConfig.config file.
<securityTokenIssuers>
<add key="B886AA7BFB5515BA63F577A44BBEB5C7AE674035514D128BC397346B11F4C97A" encoding="Hexadecimal" membershipProvider="Default" realm="http://localhost" />
</securityTokenIssuers>
<relyingParties>
<add key="B886AA7BFB5515BA63F577A44BBEB5C7AE674035514D128BC397346B11F4C97A" encoding="Hexadecimal" realm="http://localhost" />
</relyingParties>
Even though it is running on a server, the above lines should still point to localhost. It seems like these only need to be edited if you have a multi-server setup with an entirely separate STS.
I initially changed it to match the new domain name, but after some experimentation around adding localhost and HTTP variations, it seems like it works best with just localhost.
Even when I changed the web.config entry above to use the new domain as the issuer instead of localhost and the SecureConfig.config to specify only the new domain as the realms, it didn't seem to work. I guess the authentication must try to hit localhost specifically.

I/O Exception: Server Key ColdFusion Issue

I’m a long-time reader here but a newbie at posting a question. Hopefully I’ll cover everything you guys need to hopefully help.
Background information:
We are running ColdFusion 10 on two servers that are load balanced (I’m not sure how they are load balanced – they are not clustered and are not using sticky sessions, this much I know). Unfortunately, I do not have access to our CF server admin at all; I have to rely on others.
I’ve implemented a punch out system that allows our users to connect to a vendor’s site to shop, then returns their items to our cart on our site. This has been working in our development servers without any issues. Everything worked well when we tested this in production as well. However, when we moved it into production last week, we started getting an error, but only when the code was running off of ONE of the load balanced servers. The error we received back from the vendor site stated that the error detail was: “I/O Exception: Server Key”. All of the research I conducted led me to believe that our CF servers needed the vendors cert (it is an https connection), so I told this to our server guy. He reinstalled the certs (he had said that they were there) and that did seem to solve the problem. I was successfully able to punch out to our vendor site from both of our load balanced servers.
We did a bit more testing (which all seemed fine) and then put it back into production this morning only to have the same issue occur. On one of the servers, this is working and on the other one it is not. My server guy tells me that the vendor certs are currently in place in the ColdFusion keystore.
Here is the cfhttp call I’m using:
<cfhttp url="#vendorURL#" method="POST" throwOnError="no" result="returnedObj">
<cfhttpparam type="XML" name="xmlPunchoutData" value="#trim(RequestPunchoutXML)#" />
</cfhttp>
Where ‘RequestPunchoutXML’ has a xml structure requesting a punch out from the vendor.
This looks possibly related: ColdFusion 10 - CFHTTP - Random peer not authenticated on SSL calls (cacerts file updated) but the error I'm getting isn't this one, though I think that they are probably related.
Questions: Any idea what is going on here? Could a badly set up load balancer be the issue here? Is it possible that the cfhttp call is starting from one of the servers and getting the response returned to the other? Could there be some reason that the certs are failing? Is this some other issue altogether that I have not yet identified? Any thoughts/ideas/suggestions would be greatly helpful.
Thanks in advance,
Janice

Magento API integration with stamps.com / shippingZ (v1.6 and v1.7)

We've got an instance of Magento developed (two, in fact, since we tested both 1.6 and 1.7), and we are unable to have stamps.com hit its API. I've checked all the logs in our reverse proxy as well as Apache, and the connection is made, is successful, and it closes OK — so nothing's getting blocked. However, the API call times out, and we get this error when it hits the ShippingZmagento.php:
<Error>
<Code>1</Code>
<Description>Please, make sure that you use right URL. Url is case sensitive</Description>
<MessageDetails>http://mysubdomain.mydomain.com/index.php/api/soap/?wsdl</MessageDetails>
<Version>3.0.0.55618</Version>
</Error>
The FQDN is correct, and I'm about to hit the WSDL directly just fine as well — so it seems like a bad address translation might be happening at the API level or something.
We've tried it out in the DMZ with a couple of test domains (both with domains and subdomains), to no avail.
Any thoughts any of you might be able to shine on this would be most appreciated. Thanks in advance!
Open up stamps.com's php files and search for wsdl references they will need to updated to work on 1.7 magento:
What is SOAP V2 url on Magento 1.7.0.0

Silverlight wcf connection error

I'm about a month away developing my silverlight application (this is my first). Everything went rather smoothly until today, when out of the blue I started getting this message:
An error occurred while trying to make a request to URI 'http://localhost:2682/Services/Authentication/LoginService.svc'. This could be due to attempting to access a service in a cross-domain way without a proper cross-domain policy in place, or a policy that is unsuitable for SOAP services. You may need to contact the owner of the service to publish a cross-domain policy file and to ensure it allows SOAP-related HTTP headers to be sent. This error may also be caused by using internal types in the web service proxy without using the InternalsVisibleToAttribute attribute. Please see the inner exception for more details.
I'm using WCF Services and this issue never appeared until now.
I've added a clientdomain.xml and clientaccesspolicy.xml file to my [projectname].web folder, and re-wrote them about a 1000 different ways.
I've also used Fiddler and it shows me that the error is on both those files, the error is
[Fiddler] The socket connection to localhost failed. ErrorCode: 10061. No connection could be made because the target machine actively refused it 127.0.0.1:2682
I've searched the error "10061" and it has to do with socket definition. But I couldn't find any solution to that.
Don't know if it has anything to do with it, but my "ASP.net Development Server" port is 6939.
Keep in mind that the app has NOT been deployed, so this is only happening locally. I'm using MS VS 2010 and MS SQL Server 2008.
Am I doing anything wrong or is this a silverlight issue??
On a last note, I haven't changed anything on Port, socket or service configuration. Last thing I was doing was editing a XAML file on client side and and the app started throwing me this error.
Need help, can't do anything until this is solved!!!!
Thanks.
i think you are using you app on localhost and a dynamic port is getting assigned and this port is not fixed and every run and that causes the refuse problem. if you want to fix this, create a solid url for example,
http://localhost/apps/Services/Authentication/LoginService.svc
Well, last night, just before I went to bed, I noticed something odd. In my "ServiceReferences.ClientConfig" file, the endpoint ports for each one of my services where diferent from the ones the silverlight machine used, so going on a hunch (and because I was reaching my sanity breakpoint) I decided to eliminate all my Service References and re-add them again.
I worked... go figure. Still don't know why this happened and if anyone could shed some light on the subject, I would appreciate it. It's kinda of annoying having to re-add all my services references. Right now I have only 6 of them, but in the near future they may go over 20, and if this happens again... well, it's going to be a real pain...
Thanks

Weird Requests/DefaultSavedRequests from other websites in my app?

greetings all
i am using spring security 3.0.2
and i am using apache,tomcat
i was discovering the sessions on my web app
and found out too many sessions with used time=0
and the description of one of them was something like:
Attribute name : SPRING_SECURITY_SAVED_REQUEST_KEY
Attribute value : DefaultSavedRequest[http://someStrangeWebsite.com/myappname/]
i am wondering why such a weird behaviour occurs ?
also i added a filter in the app to debug the incoming request urls
and i found out that many request urls where something like:
http://someStrangeWebsite.com/myappname/
which is also very strange to me.
can anyone help me please ?
Perhaps somebody sends HTTP requests with
Host: someStrangeWebsite.com
to your site. Since Tomcat doesn't know DNS names of the server it's running on, these requests look valid.