API Manager 3.0.0 and Analytics 3.0.0
Actually API-M I changed to hostname with any problems. When I change to hostname of Analytics some erros to login:
Only I change in [API-Analytics]/conf/dashboard/deployment.yaml
deployment.yaml
## Authentication configuration
auth.configs:
type: apim
ssoEnabled: true
properties:
adminScope: apim_analytics:admin_carbon.super
allScopes: apim_analytics:admin apim_analytics:product_manager apim_analytics:api_developer apim_analytics:app_developer apim_analytics:devops_engineer apim_analytics:analytics_viewer apim_analytics:$
adminServiceBaseUrl: https://myhostname:9443
adminUsername: admin
adminPassword: admin
kmDcrUrl: https://myhostname:9443/client-registration/v0.15/register
kmTokenUrlForRedirection: https://myhostname:9443/oauth2
kmTokenUrl: https://hostname:9443/oauth2
kmUsername: admin
kmPassword: admin
portalAppContext: analytics-dashboard
businessRulesAppContext : business-rules
cacheTimeout: 900
baseUrl: https://myhostname:9643
grantType: authorization_code
publisherUrl: https://myhostname:9443
#storeUrl: https://myhostname:9443
If I have this error in terminal, after to start dashboard server.
<ip adress> != <localhost>
But I change myhostname to localhost no sends this errors but in login page of Dashboard sends:
https://localhost:9443/oauth2/authorize?response_type=code&client_id=VACHtG8hNxzG2au1EcA3sNmmXooa&scope=apim_analytics%3Aadmin%20apim_analytics%3Aproduct_manager%20apim_analytics%3Aapi_developer%20apim_analytics%3Aapp_developer%20apim_analytics%3Adevops_engineer%20apim_analytics%3Aanalytics_viewer%20apim_analytics%3Aeveryone%20openid%20apim%3Aapi_view%20apim%3Asubscribe&redirect_uri=https%3A%2F%2Flocalhost%3A9643%2Flogin%2Fcallback%2Fanalytics-dashboard%2Flogin
So, how fix or changed hostanem correctly?
Edit:
I change only kmTokenUrlForRedirection,kmTokenUrl and baseUrl from deplymento.yaml and dashboard page I have:
I search the error and found this link https://apim.docs.wso2.com/en/latest/troubleshooting/troubleshooting-invalid-callback-error/
But I try put somo regexp similar to:
regexp
regexp=(https://myhostname:9643/analytics-dashboard/login|https://myhostname:6443/analytics-dashboard/logout)
But nothing.
My new question is:
Where is a correct form of regexp of dashboard?
Change your analytics_dashboard sp's regex to following and try.
regexp=(https://myhostname:9643/login/callback/analytics-dashboard/login|https://myhostname:9643/analytics-dashboard)
Related
I am using WSO2 3.2.0/docker-compose
And i have this setup for APIM (as reverse proxy using Nginx)
https://apim.mydomain.com/devportal
https://apim.mydomain.com/publisher
also i have this reverse proxy for the analytics dashboard:
https://apim-analytics.mydomain.com
however, when i open the dashboard i see this error in the web console and dark screen:
{"error":"Internal_Server_Error","description":"Error in login to the uri \u0027analytics-dashboard\u0027. Error: Unable to retrieve custom url info from APIM Admin API"}
i suspect the issue is here apim-analytics-dashboard/conf/dashboard/deployment.yaml (wrong configuration):
auth.configs:
type: apim
ssoEnabled: true
properties:
adminScope: apim_analytics:admin_carbon.super
allScopes: apim_analytics:admin openid apim:api_view apim:subscribe apim_analytics:monitoring_dashboard:own apim_analytics:monitoring_dashboard:edit apim_analytics:monitoring_dashboard:view apim_analytics:business_analytics:own apim_analytics:business_analytics:edit apim_analytics:business_analytics:view apim_analytics:api_analytics:own apim_analytics:api_analytics:edit apim_analytics:api_analytics:view apim_analytics:application_analytics:own apim_analytics:application_analytics:edit apim_analytics:application_analytics:view
adminUsername: admin
adminPassword: admin
kmDcrUrl: https://api-manager:9443/client-registration/v0.17/register
kmTokenUrlForRedirection: https://api-manager:9443/oauth2
kmTokenUrl: https://api-manager:9443/oauth2
kmUsername: admin
kmPassword: admin
portalAppContext: analytics-dashboard
businessRulesAppContext : business-rules
cacheTimeout: 30
baseUrl: https://apim-analytics.mydomain.com
grantType: authorization_code
publisherUrl: https://apim.mydomain.com/publisher
devPortalUrl: https://apim.mydomain.com/devportal
externalLogoutUrl: https://api-manager:9443/oidc/logout
adminServiceBaseUrl: https://api-manager:9443
I want to transfer data from GCS to BigQuery by embulk and digdag.
But error occurs.
com.google.api.client.googleapis.json.GoogleJsonResponseException: 401 Unauthorized
.......
Error: org.embulk.config.ConfigException: com.google.cloud.storage.StorageException: Anonymous caller does not have storage.objects.list access to the Google Cloud Storage bucket.
↓ Details
command :
embulk run XXXX.yaml
XXXX.yaml :
in:
type: gcs
bucket: <bucket name>
path_prefix: <file path>
auth_method: compute_engine
parser:
type: poi_excel
sheets: <sheet name>
skip_header_lines: 4
columns:
- {name: 'name', type: string}
.
.
.
out:
type: bigquery
mode: replace
project: <project name>
dataset: <dataset name>
table: <table name>
auth_method: compute_engine
schema_file: <file name of json type>
gcs_bucket: <gcs tmp bucket name>
output :
$ embulk run target_item_bottoms_config.yaml
2020-07-22 14:27:36.559 +0900: Embulk v0.9.23
2020-07-22 14:27:37.609 +0900 [WARN] (main): DEPRECATION: JRuby org.jruby.embed.ScriptingContainer is directly injected.
2020-07-22 14:27:40.577 +0900 [INFO] (main): Gem's home and path are set by default: "/Users/oniki/.embulk/lib/gems"
2020-07-22 14:27:41.662 +0900 [INFO] (main): Started Embulk v0.9.23
2020-07-22 14:27:41.853 +0900 [INFO] (0001:transaction): Loaded plugin embulk-input-gcs (0.3.2)
2020-07-22 14:27:46.263 +0900 [INFO] (0001:transaction): Loaded plugin embulk-output-bigquery (0.6.4)
2020-07-22 14:27:46.369 +0900 [INFO] (0001:transaction): Loaded plugin embulk-parser-poi_excel (0.1.7)
org.embulk.exec.PartialExecutionException: org.embulk.config.ConfigException: com.google.cloud.storage.StorageException: Anonymous caller does not have storage.objects.list access to the Google Cloud Storage bucket.
at org.embulk.exec.BulkLoader$LoaderState.buildPartialExecuteException(BulkLoader.java:340)
at org.embulk.exec.BulkLoader.doRun(BulkLoader.java:566)
at org.embulk.exec.BulkLoader.access$000(BulkLoader.java:35)
at org.embulk.exec.BulkLoader$1.run(BulkLoader.java:353)
at org.embulk.exec.BulkLoader$1.run(BulkLoader.java:350)
at org.embulk.spi.Exec.doWith(Exec.java:22)
at org.embulk.exec.BulkLoader.run(BulkLoader.java:350)
at org.embulk.EmbulkEmbed.run(EmbulkEmbed.java:242)
at org.embulk.EmbulkRunner.runInternal(EmbulkRunner.java:291)
at org.embulk.EmbulkRunner.run(EmbulkRunner.java:155)
at org.embulk.cli.EmbulkRun.runSubcommand(EmbulkRun.java:431)
at org.embulk.cli.EmbulkRun.run(EmbulkRun.java:90)
at org.embulk.cli.Main.main(Main.java:64)
Suppressed: java.lang.NullPointerException
at org.embulk.exec.BulkLoader.doCleanup(BulkLoader.java:463)
at org.embulk.exec.BulkLoader$3.run(BulkLoader.java:397)
at org.embulk.exec.BulkLoader$3.run(BulkLoader.java:394)
at org.embulk.spi.Exec.doWith(Exec.java:22)
at org.embulk.exec.BulkLoader.cleanup(BulkLoader.java:394)
at org.embulk.EmbulkEmbed.run(EmbulkEmbed.java:245)
... 5 more
Caused by: org.embulk.config.ConfigException: com.google.cloud.storage.StorageException: Anonymous caller does not have storage.objects.list access to the Google Cloud Storage bucket.
at org.embulk.input.gcs.AuthUtils.newClient(AuthUtils.java:81)
at org.embulk.input.gcs.GcsFileInput.listFiles(GcsFileInput.java:49)
at org.embulk.input.gcs.GcsFileInputPlugin.transaction(GcsFileInputPlugin.java:59)
at org.embulk.spi.FileInputRunner.transaction(FileInputRunner.java:62)
at org.embulk.exec.BulkLoader.doRun(BulkLoader.java:507)
... 11 more
Caused by: com.google.cloud.storage.StorageException: Anonymous caller does not have storage.objects.list access to the Google Cloud Storage bucket.
at com.google.cloud.storage.spi.v1.HttpStorageRpc.translate(HttpStorageRpc.java:226)
at com.google.cloud.storage.spi.v1.HttpStorageRpc.list(HttpStorageRpc.java:366)
at com.google.cloud.storage.StorageImpl$8.call(StorageImpl.java:338)
at com.google.cloud.storage.StorageImpl$8.call(StorageImpl.java:335)
at com.google.api.gax.retrying.DirectRetryingExecutor.submit(DirectRetryingExecutor.java:105)
at com.google.cloud.RetryHelper.run(RetryHelper.java:76)
at com.google.cloud.RetryHelper.runWithRetries(RetryHelper.java:50)
at com.google.cloud.storage.StorageImpl.listBlobs(StorageImpl.java:334)
at com.google.cloud.storage.StorageImpl.list(StorageImpl.java:290)
at org.embulk.input.gcs.AuthUtils.newClient(AuthUtils.java:77)
... 15 more
Caused by: com.google.api.client.googleapis.json.GoogleJsonResponseException: 401 Unauthorized
{
"code" : 401,
"errors" : [ {
"domain" : "global",
"location" : "Authorization",
"locationType" : "header",
"message" : "Anonymous caller does not have storage.objects.list access to the Google Cloud Storage bucket.",
"reason" : "required"
} ],
"message" : "Anonymous caller does not have storage.objects.list access to the Google Cloud Storage bucket."
}
at com.google.api.client.googleapis.json.GoogleJsonResponseException.from(GoogleJsonResponseException.java:150)
at com.google.api.client.googleapis.services.json.AbstractGoogleJsonClientRequest.newExceptionOnError(AbstractGoogleJsonClientRequest.java:113)
at com.google.api.client.googleapis.services.json.AbstractGoogleJsonClientRequest.newExceptionOnError(AbstractGoogleJsonClientRequest.java:40)
at com.google.api.client.googleapis.services.AbstractGoogleClientRequest$1.interceptResponse(AbstractGoogleClientRequest.java:401)
at com.google.api.client.http.HttpRequest.execute(HttpRequest.java:1097)
at com.google.api.client.googleapis.services.AbstractGoogleClientRequest.executeUnparsed(AbstractGoogleClientRequest.java:499)
at com.google.api.client.googleapis.services.AbstractGoogleClientRequest.executeUnparsed(AbstractGoogleClientRequest.java:432)
at com.google.api.client.googleapis.services.AbstractGoogleClientRequest.execute(AbstractGoogleClientRequest.java:549)
at com.google.cloud.storage.spi.v1.HttpStorageRpc.list(HttpStorageRpc.java:356)
... 23 more
Error: org.embulk.config.ConfigException: com.google.cloud.storage.StorageException: Anonymous caller does not have storage.objects.list access to the Google Cloud Storage bucket.
my environment :
$ gcloud config list
[compute]
region = us-east1
zone = us-east1-c
[core]
account = myname#xxx.com
disable_usage_reporting = False
project = <project ID>
Your active configuration is: [default]
$ gcloud auth list
Credentialed Accounts
ACTIVE ACCOUNT
* myname#xxxx.com
To set the active account, run:
$ gcloud config set account `ACCOUNT`
$ gsutil ls
gs://<bucket name>
my gcp IAM role :
owner
I understand that the solution to this error is authorization.
But my preferences seem to be fine.
what's wrong?
As the documentation [1], if we have 401- Unauthorized error then there could be many reasons, please have a related list of reasons listed below [followed the link 1], which could be helpful for troubleshooting:
Reason:AuthenticationRequiredRequesterPays
Access to a Requester Pays bucket requires authentication.
Reason: authError
This error indicates a problem with the authorization provided in the request to Cloud Storage. The following are some situations where that will occur:
The OAuth access token has expired and needs to be refreshed. This can be avoided by refreshing the access token early, but code can also catch this error, refresh the token and retry automatically.
Multiple non-matching authorizations were provided; choose one mode only.
The OAuth access token's bound project does not match the project associated with the provided developer key.
The Authorization header was of an unrecognized format or uses an unsupported credential type.
reason:lockedDomainExpired
When downloading content from a cookie-authenticated site, e.g., using the Storage Browser, the response will redirect to a temporary domain. This error will occur if access to said domain occurs after the domain expires. Issue the original request again, and receive a new redirect.
Reason: push.webhookUrlUnauthorized
Requests to storage.objects.watchAll will fail unless you verify you own the domain.
Reason: required
Access to a non-public method that requires authorization was made, but none was provided in the Authorization header or through other means.
[1] https://cloud.google.com/storage/docs/json_api/v1/status-codes#401_Unauthorized
I try locally , and create Service Account Key and save at local .
◾️XXXX.yaml
before
auth_method: compute_engine
after
auth_method: json_key
json_keyfile: /path/to/json_keyfile.json
I have two different servers for iRedMail and Redmine applications. iRedMail is using OpenLDAP internally to create email accounts.
I would like to authenticate Redmine application with iRedMail OpenLDAP mail accounts.
I have done the below LDAP settings but Login fails in Redmine application when i try to login with iRedMail email and password and displays a message as "Invalid UserId and Password"
iRedMail LDAP skeleton
dc=example,dc=com
-- o=domains
---- domainName=example.com
------ ou=Users
---------mail=testuser1#example.com
---------mail=testuser2#example.com
DN for testuser1: mail=testuser1#example.com,ou=Users,domainName=example.com,o=domains,dc=example,dc=com
DN for testuser2: mail=testuser2#example.com,ou=Users,domainName=example.com,o=domains,dc=example,dc=com
Redmine application LDAP configuration
Name - LdapRedMail
Host - IpAddress
Port - 389
LDAPS - No
Account - cn=Manager,dc=example,dc=com
Password - ******
Base DN - domainName=example.com,o=domains,dc=example,dc=com
LDAP filter - (&(enabledService=mail)(enabledService=deliver)(enabledService=displayedInGlobalAddressBook)(|(objectClass=inetOrgPerson)(objectClass=mailUser)))
Attributes
Login attribute - mail
Firstname attribute - givenName
Lastname attribute - sN
Email attribute - mail
So would anyone help to resolve this issue?
After long search, i am able resolve the issue as shown below,
Name - LdapRedMail
Host - IpAddress
Port - 389
LDAPS - No
Account - cn=vmail,dc=example,dc=com
Password - <vmail password from settings.py>
Base DN - o=domains,dc=example,dc=com
LDAP filter - <empty>
I'm having problems using email in redmine. This is my redmine Environment versions:
Environment:
Redmine version 2.4.2.stable
Ruby version 1.9.3-p484 (2013-11-22) [x86_64-linux]
Rails version 3.2.16
Environment production
Database adapter MySQL
SCM:
Git 1.9.1
Filesystem
Redmine plugins:
no plugin installed
I configured the configuration.yml file like this:
production:
email_delivery:
delivery_method: :smtp
smtp_settings:
enable_starttls_auto: true
address: "smtp.office365.com"
port: 587
domain: "mydomain.com.br"
authentication: :login
user_name: "user#mydomain.com.br"
password: "mypassword"
attachments_storage_path: /home/redmin/Downloads/redmine-2.3.2/files
autologin_cookie_name:
autologin_cookie_path:
autologin_cookie_secure:
scm_subversion_command: svn
scm_mercurial_command:
scm_git_command: /usr/bin/git
scm_cvs_command:
scm_bazaar_command:
scm_darcs_command:
scm_stderr_log_file:
database_cipher_key:
rmagick_font_path:
So, i access redmine in browser and click in button "Send Test Email" but i got the following error: execution expired after a lot of time loading page.
In my production.log file i got a success message without any error, but e-mail never arrive:
Sent email "Redmine test" (30215ms)
to: target#gmail.com
Edit 1:
If i change the devlivery_method to ":sendmail" the test works but email never arrives.
I configured WSO2 API Publisher (1.10.0) SAML SSO however login fails with the following error:
TID: [-1234] [] [2016-02-10 18:33:16,643] WARN {org.wso2.carbon.identity.sso.saml.processors.SPInitSSOAuthnRequestProcessor} - Destination validation for Authentication Request failed. Received: [null]. Expected one in the list: [https://identity.mydomain.pt:443/samlsso]
File publisher/site/conf/site.json:
"ssoConfiguration" : {
"enabled" : "true",
"issuer" : "apis-publisher",
"identityProviderURL" : "https://identity.mydomain.pt:443/samlsso",
"keyStorePassword" : "wso2carbon",
"identityAlias" : "wso2carbon",
"responseSigningEnabled":"true",
"keyStoreName" :"/home/wso2/wso2am-1.10.0/repository/resources/security/wso2carbon.jks",
//"nameIdPolicy" : "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", //If not specified, 'urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified' will be used
},
and the service provider configuration (sso-idp-config.xml):
<!-- API MANAGER PUBLISHER -->
<ServiceProvider>
<Issuer>apis-publisher</Issuer>
<AssertionConsumerServiceURLs>
<AssertionConsumerServiceURL>https://mgt.apis.mydomain.pt:443/publisher/jagg/jaggery_acs.jag</AssertionConsumerServiceURL>
<AssertionConsumerServiceURL>https://mgt.apis.mydomain.pt/publisher/jagg/jaggery_acs.jag</AssertionConsumerServiceURL>
</AssertionConsumerServiceURLs>
<DefaultAssertionConsumerServiceURL>https://mgt.apis.mydomain.pt:443/publisher/jagg/jaggery_acs.jag</DefaultAssertionConsumerServiceURL>
<EnableSingleLogout>true</EnableSingleLogout>
<SLOResponseURL/>
<SLORequestURL/>
<SAMLDefaultSigningAlgorithmURI>http://www.w3.org/2000/09/xmldsig#rsa-sha1</SAMLDefaultSigningAlgorithmURI>
<SAMLDefaultDigestAlgorithmURI>http://www.w3.org/2000/09/xmldsig#sha1</SAMLDefaultDigestAlgorithmURI>
<SignResponse>true</SignResponse>
<ValidateSignatures>true</ValidateSignatures>
<EncryptAssertion>false</EncryptAssertion>
<CertAlias>wso2carbon</CertAlias>
<EnableAttributeProfile>false</EnableAttributeProfile>
<IncludeAttributeByDefault>false</IncludeAttributeByDefault>
<ConsumingServiceIndex/>
<EnableAudienceRestriction>false</EnableAudienceRestriction>
<AudiencesList>
<Audience>apis-publisher</Audience>
</AudiencesList>
<EnableRecipients>false</EnableRecipients>
<RecipientList>
<Recipient/>
</RecipientList>
<EnableIdPInitiatedSSO>false</EnableIdPInitiatedSSO>
<EnableIdPInitSLO>false</EnableIdPInitSLO>
<ReturnToURLList>
<ReturnToURL/>
</ReturnToURLList>
</ServiceProvider>
I did the same configuration for the API Store and login is working.
I solve my problem by turning off signatures validation.
<ValidateSignatures>false</ValidateSignatures>