After creating a test instance from an AMI of a prod instance of Bitbucket, authentication no longer works. The prod setup is running Bitbucket Server 5.0.1 and is authenticating using Azure AD. When trying to log onto the test instance with Azure credentials, we get the error: "The remote authentication server is not available. Please try again later."
Also, we get the following logs:
2021-08-23 22:13:46,109 DEBUG [http-nio-7990-exec-6] #71MEL3x1333x433x0 1ix7xj 52.56.83.91,172.31.21.120 "POST /j_atl_security_check HTTP/1.1" c.a.s.i.a.PluginHttpAuthenticationFailureHandler onAuthenticationFailure - delegating to com.atlassian.stash.internal.auth.ScmAuthenticationFailureHandler
2021-08-23 22:13:46,109 DEBUG [http-nio-7990-exec-6] #71MEL3x1333x433x0 1ix7xj 52.56.83.91,172.31.21.120 "POST /j_atl_security_check HTTP/1.1" c.a.s.i.a.PluginHttpAuthenticationFailureHandler onAuthenticationFailure - delegating to com.atlassian.stash.internal.auth.BasicAuthChallengeFailureHandler
2021-08-23 22:13:46,109 DEBUG [http-nio-7990-exec-6] #71MEL3x1333x433x0 1ix7xj 52.56.83.91,172.31.21.120 "POST /j_atl_security_check HTTP/1.1" c.a.s.i.a.PluginHttpAuthenticationFailureHandler onAuthenticationFailure - delegating to com.atlassian.stash.internal.auth.RedirectingAuthenticationFailureHandler
2021-08-23 22:13:46,109 DEBUG [http-nio-7990-exec-6] #71MEL3x1333x433x0 1ix7xj 52.56.83.91,172.31.21.120 "POST /j_atl_security_check HTTP/1.1" c.a.s.i.a.PluginHttpAuthenticationFailureHandler onAuthenticationFailure - com.atlassian.stash.internal.auth.RedirectingAuthenticationFailureHandler handled authentication failure
2021-08-23 22:13:47,282 DEBUG [http-nio-7990-exec-4] #71MEL3x1333x437x0 52.19.35.158,172.31.7.76 "GET /rest/remote-event/1/status HTTP/1.1" c.a.b.i.c.s.CrowdSsoAuthenticationHandler Skipping Crowd SSO as it is not enabled
2021-08-23 22:13:47,282 DEBUG [http-nio-7990-exec-4] #71MEL3x1333x437x0 52.19.35.158,172.31.7.76 "GET /rest/remote-event/1/status HTTP/1.1" c.a.s.i.i18n.PluginI18nService No values found in any valid locale for key ProviderManager.providerNotFound and locales [en_US, en]
2021-08-23 22:13:47,298 DEBUG [http-nio-7990-exec-1] #71MEL3x1333x438x0 52.19.35.158,172.31.7.76 "GET /rest/remote-event/1/status/9fc15922-ffb1-3c9e-8121-679df18b26d7 HTTP/1.1" c.a.b.i.c.s.CrowdSsoAuthenticationHandler Skipping Crowd SSO as it is not enabled
2021-08-23 22:13:47,298 DEBUG [http-nio-7990-exec-1] #71MEL3x1333x438x0 52.19.35.158,172.31.7.76 "GET /rest/remote-event/1/status/9fc15922-ffb1-3c9e-8121-679df18b26d7 HTTP/1.1" c.a.s.i.i18n.PluginI18nService No values found in any valid locale for key ProviderManager.providerNotFound and locales [en_US, en]
2021-08-23 22:13:51,545 DEBUG [http-nio-7990-exec-10] #71MEL3x1333x439x0 52.17.236.147,172.31.7.76 "GET /login HTTP/1.1" c.a.b.i.c.s.CrowdSsoAuthenticationHandler Skipping Crowd SSO as it is not enabled
2021-08-23 22:13:51,545 DEBUG [http-nio-7990-exec-10] #71MEL3x1333x439x0 52.17.236.147,172.31.7.76 "GET /login HTTP/1.1" c.a.s.i.i18n.PluginI18nService No values found in any valid locale for key ProviderManager.providerNotFound and locales [en_US, en]
Related
I have an expressJS code dpeloyed on AWS-ElasticBeanStalk with Application load balancer.
The /var/log/nginx/access.log shows the following
{IP ADDRESS} - - [10/Jan/2022:00:52:06 +0000] "GET / HTTP/1.1" 200 23954 "-" "ELB-HealthChecker/2.0" "-"
It is returning 200-OK, but the environment status still shows SEVERE.
Is there something, I am missing.
Following is the entry from /var/log/healthd/daemon.log
W, [2022-01-09T22:37:43.641301 #15007] WARN -- : discarding statistic item after validation error (Invalid timestamp): {:id=>"6", :namespace=>"application", :timestamp=>1641766160, :data=>"{\"duration\":10,\"latency_histogram\":[[0.008,1],[0.009,1]],\"http_counters\":{\"status_200\":2,\"request_count\":2}}"}
Does "Invalid TimeStamp has any correlation" with this?
I am using gcloud CLI to configure my region and zone:
gcloud config set compute/region us-central1
gcloud config set compute/zone us-central1-c
But each command lasts for about 15 seconds, and I get a warning:
WARNING: Property validation for compute/region was skipped
Everything works fine, but why do I have 15 seconds delay, and a warning?
With verbose argument, the output is:
DEBUG: Running [gcloud.config.set] with arguments: [--verbosity: "debug", SECTION/PROPERTY: "compute/region", VALUE: "us-central1"]
Updated property [compute/region].
DEBUG: Making request: GET http://metadata.google.internal/computeMetadata/v1/instance/service-accounts/GOOGLE_AACOUNT_REPLACED#cloudbuild.gserviceaccount.com/?recursive=true
DEBUG: Starting new HTTP connection (1): metadata.google.internal:80
DEBUG: http://metadata.google.internal:80 "GET /computeMetadata/v1/instance/service-accounts/GOOGLE_AACOUNT_REPLACED#cloudbuild.gserviceaccount.com/?recursive=true HTTP/1.1" 200 185
DEBUG: Making request: GET http://metadata.google.internal/computeMetadata/v1/instance/service-accounts/GOOGLE_AACOUNT_REPLACED#cloudbuild.gserviceaccount.com/token
DEBUG: http://metadata.google.internal:80 "GET /computeMetadata/v1/instance/service-accounts/GOOGLE_AACOUNT_REPLACED#cloudbuild.gserviceaccount.com/token HTTP/1.1" 200 1050
DEBUG: Making request: GET http://metadata.google.internal/computeMetadata/v1/instance/service-accounts/GOOGLE_AACOUNT_REPLACED#cloudbuild.gserviceaccount.com/?recursive=true
DEBUG: Starting new HTTP connection (1): metadata.google.internal:80
DEBUG: http://metadata.google.internal:80 "GET /computeMetadata/v1/instance/service-accounts/GOOGLE_AACOUNT_REPLACED#cloudbuild.gserviceaccount.com/?recursive=true HTTP/1.1" 200 185
DEBUG: Making request: GET http://metadata.google.internal/computeMetadata/v1/instance/service-accounts/GOOGLE_AACOUNT_REPLACED#cloudbuild.gserviceaccount.com/token
DEBUG: http://metadata.google.internal:80 "GET /computeMetadata/v1/instance/service-accounts/GOOGLE_AACOUNT_REPLACED#cloudbuild.gserviceaccount.com/token HTTP/1.1" 200 1050
DEBUG: Starting new HTTPS connection (1): compute.googleapis.com:443
DEBUG: https://compute.googleapis.com:443 "POST /batch/compute/v1 HTTP/1.1" 200 None
DEBUG: https://compute.googleapis.com:443 "POST /batch/compute/v1 HTTP/1.1" 200 None
DEBUG: https://compute.googleapis.com:443 "POST /batch/compute/v1 HTTP/1.1" 200 None
DEBUG: https://compute.googleapis.com:443 "POST /batch/compute/v1 HTTP/1.1" 200 None
DEBUG: https://compute.googleapis.com:443 "POST /batch/compute/v1 HTTP/1.1" 200 None
WARNING: Property validation for compute/region was skipped.
To make the gcloud tool easier to use, the Google Cloud will try and validate the values provided, including “compute/region”. In this case, it has to fetch a full list of available regions from the API. If this fails, for whatever reason, then it will show this warning message.
One of the many reasons may be that the Compute Engine API is not enabled. It could also be a lack of authentication, although Cloud Build will have authentication enabled by default and you don't need any special permissions to run this command.
To find out what exactly is going wrong, you can try adding the --log-http parameter to your gcloud command line. This will display the full details of any interactions with the API, including any error message in the response.
In any case, this is simply a warning, and the config entry is still being updated. This happens even if the validation fails, e.g. the region does not exist. As I mentioned above, this is just a feature to help letting the user know if they make certain types of simple mistakes.
How can I get my GraphQL API to show more query/post data in the console? I'm running a Django app that is powered by GraphQL and served via a react frontend. With regular Django paths I would see something like this in the development server:
[04/Sep/2020 11:53:08] "GET /my_app/2020/09/01/5cc4e7cc-7.png HTTP/1.1" 200 11330
But with GraphQL all I see is this:
[04/Sep/2020 11:53:18] "POST /graphql HTTP/1.1" 200 32
[04/Sep/2020 11:53:18] "POST /graphql HTTP/1.1" 200 2993
[04/Sep/2020 11:53:29] "POST /graphql HTTP/1.1" 200 11635
Any ideas?
I highly suggest checking out Silky. It's a profiling tool that can show you
the request body - that's where you'll find the graphql
speed of the response
all the DB queries sent during your request
(if you set it up) cprofiler for the request
I am using Django 1.9, Python 3, running locally on Docker (for testing)
Trying to integrate django-saml2-auth into my application.
Pretty much followed all the steps in the docs:
1) All installations were successful
2) New URLs were imported above the rest
3) Installed apps includes 'django_saml2_auth'
4) 'SAML2_AUTH' dict was placed in settings (and all attributes were mapped)
5) In the SAML2 identity provider (using OneLogin), the Single-sign-on URL and Audience URI(SP Entity ID) was set to http://127.0.0.1:8000/saml2_auth/acs/
What happens is that when I get to http://127.0.0.1:8000/admin the browser goes into an infinite redirect loop:
...
[02/May/2018 15:43:06] "GET /admin/ HTTP/1.1" 302 0
[02/May/2018 15:43:06] "GET /admin/login/?next=/admin/ HTTP/1.1" 302 0
[02/May/2018 15:43:07] "POST /saml2_auth/acs/ HTTP/1.1" 302 0
[02/May/2018 15:43:07] "GET /admin/ HTTP/1.1" 302 0
[02/May/2018 15:43:07] "GET /admin/login/?next=/admin/ HTTP/1.1" 302 0
[02/May/2018 15:43:08] "POST /saml2_auth/acs/ HTTP/1.1" 302 0
[02/May/2018 15:43:08] "GET /admin/ HTTP/1.1" 302 0
...
When I disable django-saml2-auth I see that a staff user was created.
In the OneLogin interface I can see that I logged in successfully.
Overriding django_saml2_auth.views.signin(r), where r is a django.core.handlers.wsgi.WSGIRequest, for <WSGIRequest: GET '/admin/login/?next=/admin/'>, and in the request, the user is set to AnonymousUser, COOKIES contain sessionid and csrftoken.
I would expect that a session would start for the user that was created/fetched, and that I will get to an /admin/<whatever> page.
I will appreciate any help in debugging this, thank you!
EDIT: I was able to get it to work by removing AUTHENTICATION_BACKENDS from settings.py- I have 3 other backends that I use. It seems like they conflict with django-saml2-auth.
Is there any way to get django-saml2-auth to work with other backends?
EDIT 2: Will try to integrate django-saml2-pro-auth, which has a backend so will not conflict. I would really appreciate some insight though.
EDIT 3: back to EDIT 2, when I remove all the backends and they don't conflict, the log flow looks like that:
[04/May/2018 15:24:26] "GET /admin/ HTTP/1.1" 302 0
[04/May/2018 15:24:27] "GET /admin/login/?next=/admin/ HTTP/1.1" 302
[04/May/2018 15:26:27] "POST /saml2_auth/acs/ HTTP/1.1" 302 0
[04/May/2018 15:26:27] "GET /admin/ HTTP/1.1" 200 38398
Where the last GET does not get redirected, with 200.
Issue resolved:
After taking a deeper dive- it seems like this code is the issue:
In django_saml2_auth/views.py, acs():
if target_user.is_active:
target_user.backend = 'django.contrib.auth.backends.ModelBackend'
login(r, target_user)
else:
return HttpResponseRedirect(get_reverse([denied, 'denied', 'django_saml2_auth:denied']))
It seems like the default ModelBackend is necessary.
When other backends are used, the default is no longer used by Django, and hence the infinite loop.
If the default backend is added to the list of backends, everything works as intended.
This problem only debug-toolbar-1.0.1.
If downgrade to django-debug-toolbar==0.9.4 - all works.
Django==1.5.5(I try Django 1.6, but problem the same).
I running server, and can't see panel(django-debug-toolbar).
In log:
[17/Jan/2014 03:05:16] "GET / HTTP/1.1" 200 10644
[17/Jan/2014 03:05:16] "GET /static/debug_toolbar/js/jquery.cookie.js HTTP/1.1" 304 3623
[17/Jan/2014 03:05:16] "GET /static/debug_toolbar/js/toolbar.js HTTP/1.1" 304 10216
[17/Jan/2014 03:05:16] "GET /static/debug_toolbar/css/toolbar.css HTTP/1.1" 304 22959
Anyone with a similar problem?
Sorry for my english.
There's a few changes between 0.9.4 and 1.0. The changelist recommends that you review the installation and configuration docs and redo the setup in your projects.
I suggest retrying the setup as it suggests. If it still doesn't work, then update your question with your configuration, and somebody might be able to help.