refer to this link we integrated CustomPermissionClaimHandler to our server without any errors but still we can't get the permissions of the users... I know how to create custom claims refer to this link and if I follow these 2 links' steps, I can create permission field like a textbox as shown on picture (testClaim and organizationID are examples about that from picture)... I thought that after integrating CustomPermissionClaimHandler I would see permissions like Role field as shown on picture with blue line but still it comes with empty textbox as shown on picture with green line. Is there any way to get the permissions?
EDIT: I can get JWT including my custom claims and if I decode it I see like this (as you see it doesn't contain permissions):
By looking at the JWT response, I can say you have done either or both of the following.
It seems there is a mistake in the guide of configuring the application-authentication extension.
If you have added,
[authentication.framework.extensions]
claim_handler="com.wso2.sample.claim.handler.CustomClaimHandler"
in to the deployment.toml, but you use the jar by building the code, there is a mismatch in the package name. You have to use the following config.
[authentication.framework.extensions]
claim_handler="org.wso2.custom.claim.PermissionClaimHandler"
Because of this configuration issue, your custom handler may not get executed even though that service got activated properly.
If the claim handler is active and the configuration is correct as step one, you might have missed something when mapping the custom claim to an oidc claim / adding it as an OIDC sope / configuring service provider claims
Related
I'm trying to create my first project in google cloud with organization's administrator account. I have access to the administrator's email and passwords and I am logging in with that account to do so. The problem is that when I click on create new project I receive the following error:
There was an error while loading /home/dashboard?project=proven-now-305315&authuser=1.
You are missing at least one of the following required permissions:
Project
resourcemanager.projects.get
Check that the project ID is valid and you have permissions to access it. Learn more
Send feedback
The detail is that in my resource administration panel I already gave the permission that they ask me to the resource as shown in the following image:
As I have read, the project IAM Admin role should grant the resourcemanager.projects.get role and as you can see in the image the resource rcv # .. which is the administrator has it activated, however I keep trying to create a new project and it doesn't allow me to do it. Any idea?
In case anybody else, like me, reaches this answer, I want to point out that the accepted answer is correct, but for me I had to also make sure that within the settings, I ensured that Project Creation Settings on the right pane and under the section of Cloud Resource Manager Api Settings was set to on. It was turned off by default. Many people on my team overlooked this as it is significantly smaller text.
This may be an option that was not present before or it was turned on by default in the past. For us, it was turned off.
Please refer to the included image for a visual representation of the
settings that need to be turned on.
The problem was for some reason the Google Cloud was disable for all users, I solved following this instructions. Solved with this!
To activate this service, please follow the steps:
Access the admin console and go to Apps -> Additional Google Services
Look for the service “Google Cloud Platform” and click on the box next to it
In to top right corner click in “ON”
Confirm you want to turn it on in the pop-up box.
I am trying to run some queries on Microsoft Academic Graph using their API. I cannot figure out what to use for the Ocp-Apim-Subscription-Key. (I have seen this question and it did not help.) When I try to run queries I get the following message (401: access denied): Access denied due to invalid subscription key. Make sure you are subscribed to an API you are trying to call and provide the right key.. This happens either using curl on the command line:
curl -v -X GET "https://westus.api.cognitive.microsoft.com\
/academic/v1.0/evaluate?\
expr=stochastic&model=latest&count=10&offset=0&attributes=Id" \
-H "Ocp-Apim-Subscription-Key: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"
or using the API testing console.
So what am I using for the Ocp-Apim-Subscription-Key? (Not a lot of Xs!) I've tried two things. First, I've tried using the key that you can get by going to https://labs.cognitive.microsoft.com/en-us/project-academic-knowledge and clicking on the subscribe link (either Key 1 or Key 2).
Second, I've tried using a key generated by going to the cognitive services on my azure portal, and trying to create a subscription to a suitable service. However, nothing that I can see matches the Academic Search API that I want to use, so I used a generic bing search subscription.
Neither of these grants me access to the API. What am I missing?
EDIT:
After first response by #ali-heikal, I tried going to here: https://dev.labs.cognitive.microsoft.com/docs/services/56332331778daf02acc0a50b/operations/5951f78363b4fb31286b8ef4/console. A red warning box appears at top of page: You are not subscribed to this API and will get a '401 Access Denied' response. To subscribe, go to the Products page and click on the desired product containing this API.. If I go to the Products page, and go on to the Project Academic Knowledge - Preview page, I am offered the chance to subscribe. Clicking subscribe takes me to a generic MS sign in (I am signed in, choose that account), I am taken to a page which says:
We're unable to complete your request
Microsoft account is experiencing technical problems. Please try again later.
So this does not work for me. Where is it documented that I should use this endpoint? Can someone provide further instructions on how to use it?
EDIT2:
There is this answer which describes using a different endpoint: https://stackoverflow.com/a/49318405/54557. However, changing my curl request to use this does not work (with same Access denied error).
You're using the wrong endpoint, since you're using the Preview API, then you should use the Preview endpoint as well.
It should work if you follow those steps:
Regenerate a key from here (do not use an old key this time) and confirm by clicking the Yes, regenerate this key button
Open the Testing Console from here
Insert the key you just generated into the Ocp-Apim-Subscription-Key field
Insert the following into the Request body field: expr=Composite(AA.AuN=='ali heikal')&count=2&attributes=Ti,Y,CC,AA.AuN,AA.AuId
Click the Send button
Check the Entity Attributes documentation here to understand the attributes I included following the Evaluate Method documentation here
I think the problem is that you are using an old key with the wrong endpoint and attribute values.
Trying to create SSO for AWS keeping Azure users as source of Truth. Followed below Tut's.
https://learn.microsoft.com/en-us/azure/active-directory/active-directory-saas-amazon-web-service-tutorial
http://blog.flux7.com/aws-best-practice-azure-ad-saml-authentication-configuration-for-aws-console
Anything is to be more precise with user attributes in Azure ? Has anything to enable in AWS to accept the SSO ?
Login is successful(Can see signin's in Azure AD) but it displays message "Your request included an invalid SAML response. To logout, click here
". Any idea what has gone wrong ?
Yes, I think you are on the right path. It seems that you are missing the custom attributes which we are suggesting to add for your application. Those are Role and RoleSessionName. Please see the step #5 in my article https://learn.microsoft.com/en-us/azure/active-directory/active-directory-saas-amazon-web-service-tutorial and make sure that you use the same casing and namespace for the claims. With that the integration should work correctly.
May be I am late to this post. As Jeevan mentioned. You are missing custom attributes that you need to add. I have been struggling with same and found this well explained video. I hope, this will help any one who is struggling with this issues.
I am seeing interesting behavior with the WSO2 Publisher for both Governance Registry as well as Enterprise Server when I am using self-defined asset types. There are two items of concern - the one is that I can successfully save an asset type and capture details against it within the Carbon admin console. This works and works well.
However, when I view the asset in the Publisher, only some of the values that has been captured in the admin console are visible. All of the fields (labels) show up, however some are empty. I can however view them successfully in the Admin Console. What I also find interesting is that if I then update the entry in the Publisher and capture new values for the fields that aren't being displayed, I can see the changed values in the Admin Console - so certainly updating from the Publisher is reflected. Once I've done the Publisher update, the values reflect as they've been captured.
The other dilemma is that when I want to capture a new asset from the Publisher itself, I get an error that the asset cannot be created. The error is "Error while creating asset for the request due to overView_version is not provided. Please provide a value for overview_version since it is a required field". I don't have an overview_version field defined within the asset definition. Actually, there is no version information being captured at all as the asset won't go through a version change.
Any idea what could be causing this? I've tried this under both WSO2 GREG (v5.0.0) as well as WSO2 ES (v2.0.0) and both exhibit the same behaviour. At the moment I am using the Admin Console primarily to capture data, however I would prefer to use the Publisher as the dependency graphs are very useful.
I know it may be a bit too late but I believe this is caused by the versionAttribute property defined in the {CARBON_HOME}/repository/deployment/server/jaggeryapps/publisher/extensions/assets/default/asset.js:configure function [1].
Can you try setting this property to an empty string.
[1] https://github.com/wso2/carbon-store/blob/master/apps/publisher/extensions/assets/default/asset.js#L209
This occurs because you haven't indicated that your not using version attribute in your artifact. To overcome the issue please find below code line in asset.js which is located in here(1).
versionAttribute: 'overview_version',
and change it to an empty string like below.
versionAttribute: ' ',
Now you have to restart the carbon server.
(1) - CARBON_HOME/repository/deployment/server/jaggeryapps/publisher/extensions/assets/default/asset.js
Does the WSO2 dashboard allow for User information recovery? I am looking at it currently, and documentation shows that it allows for users to log in and manage their account. Does the Dashboard also support User Information Recovery, (i.e. resetting the password or finding a forgotten username). And if it does, what values in the configuration file do I need to modify?
Yes it does. Sort of. Here is a sample app that, I'm guessing, the WSO2 folks created.
http://cgchamath.blogspot.com/2013/12/password-recovery-with-wso2-identity.html
The example at the bottom has a readme with how to configure the server. What i did was to add a button to the dashboard login page that loaded the configured sample app, then rebranded the sample to make it look more like the dashboard page.