Cloud Foundry: Credentials were rejected - cloud-foundry

I'm having trouble with cf login. Whenever I try to login i get the following error:
Credentials were rejected, please try again.
Now I'm Aware that this is a known issue. But even with alternatives, I always get the same message.
What I've tried so far:
Git CMD; cmd.exe; Powershell;
cf login -u mail#adress.com; (and different variations)
cf auth "Mail#Adress.com" "MyPassword";
What else is there I can try or what am I missing?

When you run cf login or cf auth and specify a username/password, you are attempting to authenticate with UAA using a standard password based authentication. If your company uses single sign-on (i.e. SSO), this will not work.
When your company uses SSO, you need to run cf login -sso (that's it, no other flags). In this case, the cf cli will give you a link to click. You'll go to this link in your browser and it will display a one-time password. The cf cli will then prompt you for the one-time password, type it in and the cli will use that to log you in with your company's SSO system.
Again, if your company has set up SSO you must use the cf login -sso option to login. As far as I know, there's no way to tell from the cf cli if your company requires SSO, but you can tell if you go to login.system_domain in your browser (where system_domain the the DNS entry set up for CF). When you go to that page, you'll see the login form and when SSO is set up the bottom of the form will have a link that says "click here to login with SSO" or something like that. That link only shows up when SSO is enabled.

Related

AWS always request MFA code in the browser with Microsoft Authenticator - Can you get it to prompt on your phone?

I use Microsoft Authenticator for my MFA needs. When I log into O365 and need a second authentication factor it will send the request to my device where it prompts me to accept or reject the login there. Even better, I can accept it on my watch without taking my phone out of my pocket. I can also key the code from the Authenticator app into the browser where I'm trying to access the O365 service, but the prompt works most of the time.
I recently started working with AWS and using their MFA setup and added it to Microsoft Authenticator. Whenever I start a new AWS session I'm prompted for my MFA code, which I can retrieve from the Authenticator app, but it doesn't have the oh-so-convenient prompt on my phone and watch that I can just click to say "authorize". Is there something I can do to make AWS prompt me to approve logins via my phone, or is that some sort of Microsoft-only access that O365 has? Or can I get that functionality from a different authentication app?

Remove OAuth Social Providers

I accidentally added the Google Social Login with OAuth to Aws Cognito, and now every time I run amplify pull I receive this message -
"You've opted to allow users to authenticate via Google. If you
haven't already, you'll need to go to
https://developers.google.com/identity and create an App ID."
I would like to remove the Google Social Login so I could pull without inputting the client ID, does anyone know how to do this?
From the command line, run: amplify update auth
Select: ❯ Update OAuth social providers.
Arrow-down to "Google", and hit the space bar to deselect it, so that ❯◉ Google becomes ❯◯ Google.
Hit enter.
Run amplify push.

AWS Amplify how to check if the password is correct during authentication?

I am implementing a simple sign-up sign-in system in my Android app using AWS Amplify and Kotlin. Everything seems to work fine except for one thing that when the user tries to sign-in they can use any password to do so. If they type in a registered and confirmed username the successfully log in which is obviously not what I want. I want them to type in the correct password as well. Do I need to change something in my AWS User Pool settings to achieve this or do I handle this in Kotlin somehow?
Amplify.Auth.signIn(inputEmail.text.toString(), inputPassword.text.toString(), {}, {})
I found the error. AWS Amplify keeps a cached version of the previous successful login which is prioritized over the current attempted login. So at some point I have to call Amplify.Auth.signOut()

What is default password for Jupyter created on google's data proc

I set data proc using the steps in link here
https://cloud.google.com/dataproc/docs/tutorials/jupyter-notebook
But my jyputer keep asking for password
I didn't set any password.
I tried my google account password that doesn't work
I ran ../root$ sudo grep -ir password
and get following, so that confirmed no password is set
.jupyter/jupyter_notebook_config.py:## Hashed password to use for web authentication.
.jupyter/jupyter_notebook_config.py:# The string should be of the form type:salt:hashed-password.
.jupyter/jupyter_notebook_config.py:#c.NotebookApp.password = u''
.jupyter/jupyter_notebook_config.py:# Only used when no password is enabled.
.local/share/jupyter/runtime/nbserver-3668.json: "password": false,
Since the initialization action just installs from latest using conda install jupyter, this appears to have been caused by a recent upstream change, specifically upgrading the notebook component from 4.2.3 to 4.3.0 causing token-based auth to be turned on by default. A recent cluster I deployed a couple weeks ago using the out-of-the-box init action didn't have the same login you're seeing; the design of the init action is to let Google Compute Engine firewalls be your layer of defense and the SSH tunnel being your secure connection, rather than relying on various third-party implementations of auth from the different Hadoop/Spark tools and web UIs.
The solution will be to add a line to setup-jupyter-kernel.sh:
echo "c.NotebookApp.token = u''" >> ~/.jupyter/jupyter_notebook_config.py
to disable jupyter-side authentication altogether and revert to the behavior a couple weeks ago. Note that if you want to do this yourself you'll have to fiddle with the INIT_ACTIONS_REPO and INIT_ACTIONS_BRANCH settings in jupyter.sh which may take some getting used to if you haven't been customizing it already. We'll try to push a fix as soon as possible and once that's done you should be able to use the out-of-the-box init action without causing the login screen again.
If you already have a cluster running, you can disable the auth for your jupyter server by running that manually as root after SSH'ing into the master:
sudo su
killall -9 jupyter-notebook
echo "c.NotebookApp.token = u''" >> ~/.jupyter/jupyter_notebook_config.py
/dataproc-initialization-actions/jupyter/internal/launch-jupyter-kernel.sh
Alternatively, if you do want to keep the new default token-authorization approach, the jupyter server actually logs a generated token to /var/log/jupyter_notebook.log; look for a line stating The Jupyter Notebook is running at: http://[all ip addresses on your system]:8123/?token=[some-token-string-here]; that token string can be plugged in to the password field or in the URL parameter as it shows.
EDIT: The fix has now been committed into Dataproc's init action repository and synced to gs://dataproc-initialization-actions. Deployments out-of-the-box once again work without an extra login page in the Jupyter UI.
A new metadata option has also been added if you do want to specify a token which Jupyter also allows to be used in the password field, with key JUPYTER_AUTH_TOKEN. Use it as follows only if you want a login page requesting your specified token (no metadata keys are necessary if you just want the old behavior of no login page):
gcloud dataproc clusters create \
--initialization-actions gs://dataproc-initialization-actions/jupyter/jupyter.sh \
--metadata JUPYTER_AUTH_TOKEN=foobarbaz
Then your login password will be foobarbaz.
When you dont set any password you can login with the your server credentials where it is installed.

WSO2 IS - Active Directory Login - Not working correctly

I have attached my Active Directory as a secondary user store and can see the list of users when i select "Users" however when accessing an APP through tomcat that is linked to SAML SSO i cannot login using an AD Account
can anyone suggest what i am missing?
the error in the system logs is
TID[-1234] [IS] [2014-02-13 13:49:02,321] DEBUG {org.wso2.carbon.identity.application.authenticator.basicauth.BasicAuthenticator} - user authentication failed due to invalid credentials.
however my login credentials are correct...
Because i was using email address as a login that was causing the issue!
the steps i took are as follows:
IS_HOME/repository/conf/carbon.xml file.
Open carbon.xml
Locate EnableEmailUserName element and uncomment it.
Finally, it should be similar to the following
true
Now, restart IS
You should be able to login using your user name
Could you check whether you can login to WSO2 management console using above credentials. If you can not, please go to Management Console -> Configure -> Users and Roles -> Roles and you can see the internal\everyone role. And configure "login" permission for everyone role. Then please try to login...
Also, if you enable the debug logs in org.wso2.carbon.user.core, you can see more debug logs about authentication failure.
I think your configuration is not ok.same login issue already solved here.cannot login to wso2 Identity server with the ldap credentials.
Make sure UserDNPattern property is correct