I'm running the WSO2 Stratos VMware image, and I have it to the point where it's running, I've got the browser open, it's at my internal deployment of WSO2, and I've created an account for myself. The problem is, the VM isn't networked to anything, so when it tells me it sent an email to my account and would I please validate it, I can't validate it because it never actually sent an email. I thought maybe there'd be a local mail server on the Linux guest, but I couldn't find one.
Am I missing something? Do I even need to validate the account? I can't seem to access any of the Stratos services, and I suspect that the account validation has something to do with that.
You can log in as an administrator (with the default username/password: admin/admin) and activate the tenant/account you created.
Related
I'm running Django on an Apache server on Ubuntu and the activation of a new account via a link in an e-mail fails sometimes. I've checked my access logs and I can see that the activation link is opened by an EC2 server (whois lookup gives an AWS resource, IP is not the public IP of my own server). Any ideas who/what this could be? I have TLS enabled in settings.py for sending emails: EMAIL_USE_TLS = True.
So the reason for failing the activiation is because the link is already openend, but I'm worried what happens there. I've seen this happening 3 times with completely different user agents for 3 completely different account-activations but from the same IP address.
The first thing that came to my mind is that maybe an e-mail client is opening the links to generate a preview? Like, to show a screenshot when the user hovers the link.
Why do you make links usable once? You can use a token that is valid until the account is actually activated (and disable the link if the account is not activated for a certain amount of time).
Recently discovered in our Google Admin Portal that: Per User outbound Gateway is turned on, checking with other people I work with, no one knows why its turned on and when it was turned on.
I have been digging through the Google admin sdk and have not found a way to check to see if any users is using this setting.
In short, does anyone know how I can check to see if a user in our domain has a secondary smtp connection or a "Send Mail As" option in use?
So, the setting 'allow per user outbound gateway' does indeed give users permissions to add a 'From' address external to your domain. However if anyone is using this, they'll likely need to configure it as a send-mail as address inside Gmail.
You can list all 'Send as addresses' via the Email settings API as per https://developers.google.com/admin-sdk/email-settings/#retrieving_send-as_alias_settings. Note that the code examples provided will not work as they're out of date and showing client Login which has been disabled for months now. I'd be advising you to Auth with Oauth 2.0, call the endpoint with wget or CURL(probably wget since recursive)
Im trying to setup WSO2MDM on Nexus 07 tablet.
I have configured web based backend and its up and running.
I followed the guide lines in documentation to set up Client mobile app on the tablet. (Already set the configuration according to steps on documentation and compiled it.)
But When I try to register using tablet it gives me an error saying "Authentication failed due to a connection failure do you want to try again?";
Please advise me how to sort this out.
What's the authentication parameters you tried? In a fresh pack, you may not have configured tenants. So your basic login parameters can be "admin", "admin" as the user name and password. That's basically the super admin's credentials.
First check whether you can enroll the device to that user. Then try with the new user you have created. Always keep the Domain field empty if you do not have a tenant set up. And if you are trying this setup in your local machine, make sure your device and server are in the same network. Android WIFI tethering may help you in that case.
Use this guide[1] when you are enrolling.
[1] - http://wso2.com/library/articles/2014/03/how-wso2-emm-addresses-the-android-challenge/
Thanks
I have a situation where I need to setup a standalone version of wso2 Identity Server and have that act as the SSO provider into all of the products in Stratos.
Currently I have Stratos Identity Server configured so that I can login via the standalone Identity Server, using admin.
However, if I use another user I either
get a "Authorization Failure"
or cannot login.
First Question
1) I have the same user created in both Identity Server (that is not admin). Why would I get the "Authorization Failure" ?
Second Question
2) Why is it I can not even get to the "Authorization Failure" problem if I have a user created with username in format of user#domain.com ?
UPDATE:
I figured out that if I remove the property tags in user-mgt.xml that reference the usernames with regular expressions I am able to create usernames in the format of name#domain.com. But I am still unable to use that username to login, the error log says that the account has not been activated.
I also created two instances of wso2 identity server and configured them in such a way to test being able to use one to login to the other. I was able to do this by making sure that the same username and password was in both servers list of users. This way I do not get the "Authorization Failure"
The answers I came up with.
1. I need to have the same username and password in each Identity Server.
2. I cannot have format name#domain.com unless I have Multi-tenancy configured. Otherwise wso2 will try to find the ACTIVATE field in the Tenant table and not find it.
UPDATE: I got this installed and configured and it turned out that I now get another error about
Issuer details are not valid. Issuer details should be registered in advance
So my answer turned out not to to be valid.
I wonder why I get this new login failure?
UPDATE RESOLVED!!:
I resolved this problem by downloading just the wso2 stratos IS 1.5.2 package. I installed it. Configured with same configuration I was using before. Now I can login without problems across domains.
We're having a hard time figuring how these credentials objects work. In fact, they may not work how we expected them to work. Here's an explanation of the current issue.
We got 2 servers that needs to talk with each other through webservices. The first one (let's call it Server01) has a Windows Service running as the NetworkService account. The other one Server02 has ReportingServices running with IIS 6.0. The Windows Service on Server01 is trying to use the Server02 ReportingServices WebService to generate reports and send them by email.
So, here's what we tried so far.
Setting the credentials at runtime (This works perfectly fine):
rs.Credentials = new NetworkCredentials("user", "pass", "domain");
Now, if we could use a generic user all would be fine, however... we are not allowed to. So, we are trying to use the DefaultCredetials or DefaultNetworkCredentials and pass it to the RS Webservice:
rs.Credentials = System.Net.CredentialCache.DefaultNetworkCredentials
Or:
rs.Credentials = System.Net.CredentialCache.DefaultCredentials
Either way won't work. We're always getting 401 Unauthrorized from IIS. Now, what we know is that if we want to give access to a resource logged as NetworkService, we need to grant it to DOMAIN\MachineName$ (http://msdn.microsoft.com/en-us/library/ms998320.aspx):
Granting Access to a Remote SQL Server
If you are accessing a database on another server in the same domain (or in a trusted domain), the Network Service account's network credentials are used to authenticate to the database. The Network Service account's credentials are of the form DomainName\AspNetServer$, where DomainName is the domain of the ASP.NET server and AspNetServer is your Web server name.
For example, if your ASP.NET application runs on a server named SVR1 in the domain CONTOSO, the SQL Server sees a database access request from CONTOSO\SVR1$.
We assumed that granting access the same way with IIS would work. However, it does not. Or at least, something is not set properly for it to authenticate correctly.
So, here are some questions:
We've read about "Impersonating Users" somewhere, do we need to set this somewhere in the Windows Service ?
Is it possible to grant access to the NetworkService built-in account to a remote IIS server ?
Thanks for reading!
All details you need are included in this very old article
In short, when you find it confusing to troubleshoot issues like this, you should first review the technical details behind ASP.NET impersonation carefully.
Here are some things you could check out:
- set an SPN (Service Principal Name) for the reporting service; you can find good examples in google;
- Allow delegation (ClientCredentials.Windows.AllowImpersonationLevel)
Is the problem that you're failing to authenticate to IIS, or failing to authenticate to SSRS? The DOMAIN\MachineName$ account may need to be granted permission in SSRS to run the report you're trying to automate.
SSRS usually does a pretty good job of getting IIS configured correctly, so you shouldn't need to mess with those settings. I double-checked my installation (which is SSRS 2005, things may have worked differently in SSRS 2000 and you didn't say which version you're running), and it's set to use Windows authentication and has impersonation enabled. That means IIS should basically just be authenticating your credentials (validating a correct username/password), not authorizing (determining whether that user has permission to run the report in question). IIS then passes the credentials on to SSRS, which has its own settings for determining what accounts have permission to view reports.
Also, you can automate sending reports on a scheduled basis directly in SSRS, so you may not need the Windows service at all if your scheduling is fairly basic (i.e., daily, weekly, etc.).