I followed this link for configuring multiple hostnames for my identity server. Things are working fine and as expected for all samlsso based usecases.
Please note that the actual hostname and management hostname paramter in the carbon.xml is different from the virtual hostname that i give in the apache front end. (Since there are multiple host names)
However when a passivests request comes through one of the virtual hosts it is received by the wso2 identity server with the virtual host and when the redirection happens to the commonauth url the hostname changes to the one which is defined in the carbon.xml file. so finally when the login page comes up it will be in the format of
Using protocol in lieu of https as I don't have enough reputation to post more than 2 links. :P
protocol://managementhostname/authenticationendpoint/login.do?commonAuthCallerPath=%2Fpassivests&forceAuth=false&passiveAuth=false&tenantDomain=domain1&wa=wsignin1.0
it should have been
protocol://virutalhostname/authenticationendpoint/login.do?commonAuthCallerPath=%2Fpassivests&forceAuth=false&passiveAuth=false&tenantDomain=domain1&wa=wsignin1.0
for requests to the /samlsso endpoint it is happening properly with virtualhostname.
It would be great if somebody can throw some light on the issue.
Thanks in advance
Related
For network gurus out there, I'll like to ask some questions regarding some unique setup where the server will be sending a request to a client on localhost on a certain port.
I have a cloudy understanding of some network fundamentals that I hope you'll be able to help me out.
Kindly check the image below:
Basically, there's a static website hosted in AWS s3 and at some point this website will send a request to https://localhost:8001.
I was expecting that it will connect to the nginx container listening on port 8001 in my local machine, but it results in 504 gateway error.
My questions are:
Is it possible for a remote server to directly send data to a client at a particular port by addressing it as localhost?
How is it possible for the static website to communicate to my local docker container?
Thanks in advance.
In the setup you show, in the context of a Web site, localhost isn't in your picture at all. It's the desktop machine running the end user's Web browser.
More generally, you show several boxes in your diagram – "local machine", "Docker VM", "individual container", "server in Amazon's data center" – and within each of these boxes, if they make an outbound request to localhost, it reaches back to itself.
You have two basic options here:
(1) Set up a separate (Route 53) DNS name for your back-end service, and use that https://backend.example.com/... host name in your front-end application.
(2) Set up an HTTP reverse proxy that forwards /, /assets, ... to S3, and /api to the back-end service. In your front-end application use only the HTTP path with no host name at all.
The second option is more work to set up, but once you've set it up, it's much easier to develop code for. Webpack has a similar "proxy the backend" option for day-to-day development. This setup means the front-end application itself doesn't care where it's running, and you don't need to rebuild the application if the URL changes (or an individual developer needs to run it on their local system).
I have Shibboleth configured on an IIS server and am using it protect a .NET application.
I need authenticated access for users accessing the application over the web and for that Shibboleth is working fine.
The application also hosts web services which need to be accessed by other applications in the same server and for that working with Shibboleth is a challenge since web service clients cannot deal with the log in page.
Is it possible to configure Shibboleth to ignore requests coming from the same server for example by checking the IP address?
It won't directly answer your question, but I can share a workaround I found and hope it can help with your problem too.
Define another website in IIS pointing to the same folder as the initial one, and make it only respond to a different domain (like something.local). Then in IP Address and Domain Restrictions, make sure only 127.0.0.1 is allowed to access it.
In C:\Windows\System32\drivers\etc open the file "hosts" in Notepad (running with Administrator privileges). Add the line "127.0.0.1 something.local" (no quotes; make sure the domain is the same one you defined before)
Now, make the webservices call the application by the new domain.
Context : I have to call an externalService, which lies outside the environments hosted by us on AWS-EC2. This externalService requires IP Addresses to be whitelisted before accessing it. Since EC2 hosts IPAddresses are not guaranteed to be same and can change while replacing hosts, we decided to route the API calls through a proxy-server.
We are doing the same for some other externalServices calls as well, but those are all REST based, so we have not faced any problems while calling their APIs using rest-client or net/http.
Now, this time it's a SOAP Service and we are using Savon to access it.
I am able to download the url using "curl" on proxy server host but if I access wsdl through proxy-server from SavonClient, it fails. It gives 403 forbidden error.
irb(main):102:0* client = Savon.client do |variable|
irb(main):103:1* variable.proxy 'http://172.31.50.91:3128'
irb(main):104:1> variable.wsdl 'https://<some_url_here>'
irb(main):105:1> end
=> #<Savon::Client:……>>>
irb(main):106:0>
irb(main):107:0* client.operations
Net::HTTPServerException: 403 "Forbidden"
For other services which do not require IP whitelisting SavonClient works, whether or not proxy-server address is provided.
Any help will be appreciated. I have been struck here for long.
Thanks,
How would I expose the API Store to a consumer/public/any machine besides mine ? Is this not the purpose of a store?
Putting this URL (that I use) into another persons computer does not yield anything...
https://<myIPAddress>:9463/store
I have tried following this Q , to no success
WSO2 API Manager - Expose Publisher & Store URLs to public
First of all you need to identify the difference of https://<myIPAddress>:9463/store and
https://publisher/store
(https://publisher/store means https://publisher:80/store)
So the difference is port and the host.
Changing host can be done using DNS entry and to redirect port 80 (default port) can be done as explain in the answer of WSO2 API Manager - Expose Publisher & Store URLs to public.
I think your problem is with using a wrong port with the https protocol in the address. Following are the ports associated with http and https in APIM.
HTTP - 9763
HTTPS - 9443
So, you should try either
https://:9443/store or
http://:9763/store
What you have tried is
https://:9463/store
For above two URLs to work, your ip and port should be accessible by the other machines. If they are in the same network, it won't be an issue. If not, you will have to have public IPs.
I've a simple jax-ws web service that on localhost works fine with the clients, but now I want to publish the web service on a public ip, so the clients can interact with it through wan network instead lan network.
I signed to no-ip dns service provider and defined my host like "myname.no-ip.info".
In my code i start the service in this way:
Endpoint.publish("http://localhost:8080/baseStationProvider", new BaseStationProvider());
and the browser at http://myname.no-ip.info:8080/baseStationProvider#wsdl doesn't show the wsdl.
If i start the service in this way:
Endpoint.publish("http://myname.no-ip.info/baseStationProvider", new BaseStationProvider());
compiling the code, it raise this exception:
Server Runtime Error: java.net.SocketException: Unresolved address
Any idea to problem and/or how to do what i need?
thanks in advance
This seems likely to do with routing and firewalls as opposed to web service publication etc. Ignoring the web-service aspect, can you even reach your server when you use this in your browser:
http://myname.no-ip.info:8080/
?
Which should look the same as
http://localhost:8080/
If not, then it is probably DNS/Routing/Firewalls that you need to check. Diagnostics that will help there are:
1) can the machine you are testing on resolve the DNS name mynam.no-ip.info? nslookup, ping, traceroute/tracert
2) is there a firewall blocking port 8080 from reaching local host? If the route from the internet to your host hits a firewall (which it will) that firewall will have to forward the request.
Good luck.