I am having a hard time with the OpenShift client tools on Ubuntu. It keeps asking for a password which I am now confused about. Issuing rhc apps command displays the following message : Please sign in to start a new session to openshift.redhat.com.
I entered my openshift account password but got a message that it was invalid. What password is required here ??
Use the -l param to be sure you are using your account:
rhc domain show -l yourmail#mail.my
Use the same credentials that used in the web site.
BTW, If you use only an OpenShift account, the setup will configure the access with certificate and you won't need use password from command line.
rhc setup
It should use the same username/password that you log into the web console with.
Related
I want to automatically authenticate, 'active directory users', which are logged in to their windows, in my applications.
in short, i want SSO for my applications using windows credentials.
**Client is React and back-end is Java 8 and Spring 4.1.2 and Spring Security is 3.2.5.
I already authenticate and search 'active directory users' in my applications, using spring LDAP 3.2.5.
but users should submit their username and password when they use browser.
I have read about 'Integrated Windows Authentication' (IWA), 'Kerberos', 'NTLM'.
should I use NTLM instead of LDAP ???
or, should I use Kerberos ???
or, should I use ADFS ???
should I config anything in active directory for that ???
**I cant config anything in active directory
should I get windows credentials programmatically in react and send it to server and from server I should send that credentials to active directory to verify it ???
I don't know but, should I say any thing in my 'HTTP response' to 'HTTP OPTION Request' to force browser to set windows credentials in next request ??
and, thanks for your time.
There are a couple ways to do this:
Windows Authentication
This is best for the user as it is a seamless login. If the website is trusted, then the browser will automatically send the credentials of the currently-logged-on user to the site.
In this case, the web server (Tomcat in this case) handles the authentication and passes the credentials to the application. If you were using IIS and Windows, the setup would be super easy. But with Tomcat on Linux, it's a little harder. You need to setup kerberos, which requires setting up SPN (Service Principal Name) values on the domain so that your server is trusted on your domain to authenticate. The full instructions for setting this up in Tomcat 8 are here: Windows Authentication How-To
Once that is setup, your website needs to be trusted by the browsers. If your site is recognized as an intranet site, then this should already be true. If not, then your site's domain needs to be added to the Trusted Sites in the Internet Options on the client computers. This can also be done via Group Policy. That will work for IE and Chrome. Firefox uses its own network.negotiate-auth.delegation-uris setting.
Forms Authentication
Another way is to use a login page to ask the user for their username and password, then authenticate them via LDAP in your Java application code. I will assume you know how to setup a login page, so you just need to know how to verify the credentials. You can use the answer here for that code. That answer has the code in a console app, but you can pull out the code that takes the username and password and verifies it.
This is arguably easier to setup, but at the cost to the user.
I have been asked to implement seamless SSO authentication against active directory for a weblogic web based application.
After loads of testing and experimentation I have managed to get all the chain working as required.
Users logging in from a windows managed PC and using IE can seamlessly login to the web application.
After that, an apache was configured and installed between the web browser and weblogic in order to perform HTTPS-->HTTP termination. Once this was done the browser stopped performing seamless login - though basic authentication did work;
Investigating further, I noticed that the Authorization header was not forwarded across to weblogic which justifies why the authentication does not take place.
Note that the apache server I am using is 2.2.
Does anybody know if apache explicitly removes the Authorization header? I have also tried increasing the request maximum size to 30KB in case that was the problem
Thank you
We need to install the following package.
apt-get install libapache-mod-auth-kerb
First we have copy the HTTP.keytab (which is generated at "Active Directory") to etc/krb5.keytab like as below.
cp /root/HTTP.keytab /etc/krb5.keytab
Next we will have to give proper permissions.
chown www-data:www-data /etc/krb5.keytab
chmod 400 /etc/krb5.keytab
Next we go to Apache virtual hosts path
vi /etc/apache2/sites-available/default
Add one directory as like below
`<Directory />
AuthName "Kerberos Login"
AuthType Kerberos
Krb5Keytab /etc/krb5.keytab
KrbServiceName HTTP
KrbAuthRealm YOURDOMAIN.LOCAL //It is Domain name of your server
KrbMethodNegotiate on
KrbSaveCredentials on
KrbVerifyKDC on
Require valid-user
</Directory>`
Restart Apache web server
/etc/init.d/apache2 restart
Next go to browser of Active Directory client machine and hit the web server with FQDN of apache server. It will not ask you the password to open that website.
NOTE:
For explorer browser we need set automatic logon with user name and password at security tab
user authentication -> logon -> automatic logon with user name and password
If you found any difficulties please update me.
I need to develop a web application for the Intranet users. I don't want them to enter the login credentials each time they visit the site. It should be automatically loaded from the System Username and Password.
I have successfully implemented functionality which prompt user name and password registered with active directory and validate against LDAP. I need some tips to login directly from intranet website without prompt username & password.
Here is my queries, please let me know your suggestion.
Is it compulsory to set SPN?
Do we need to create separate keytab file for each client? In my organization, there is around 800 people are working so should I need to add all client principal in keytab file & copy to client machine to perform autologin.
I have tried many API's like JESSO, Waffle, Spring Kerberos, SPNGO but failed to implement auto login.
If you want to use Kerberos/SPNEGO (which would be my recommendation) you do have to set up SPN. And you only need one keytab for AD domain. Are you running your Java program on some app server, like Weblogic, or as a standalone program? Servers do have security framework that you could use, while for standalone program you'd have to do a bunch of stuff manually.
I've found that the easiest way to do this is to use Atlassian's Crowd (https://www.atlassian.com/software/crowd/overview) instead of implementing it yourself. It's a commercial product, but last time I checked, it was dirt cheap, and it just works.
Well, more than a question this is an answer, I was trying to see for Glassfish 4.0 default admin password to access its console but I didn't find any satisfactory answer, some suggested to change admin-keyfile on glasssfish folder which can also work... anyhow... here it is how I did it...
well, it turns out that it HAS a default password in the most recent version of netbeans, I discover that it is self-generated and it's not generic, to see your password go to services tab and then right click on your glassfish 4.0 server, then choose properties and then you'll see your password stored there on the common tab, click on show and you'll have your password...
hope to help you guys!
[root#ip-172-31-20-218 bin]# ./asadmin change-admin-password
Enter admin user name [default: admin]>admin
Enter the admin password>**[Note: as default password for admin in Glassfish 4.0 is blank, you need to press enter key only. Do not type any thing.]**
Enter the new admin password>
Enter the new admin password again>
Command change-admin-password executed successfully.
I have used eclipse. I got the same issue I resolved it by doing the following.
For a fresh download of glassfish4.zip
Go to Glassfish_home/bin
Run asadmin start-domain
Open up http://localhost:4848
Click on Domain
Click on Administration Password
Give the new password and confirm
In the command prompt Run asaadmin stop-domain
Open the server in eclipse and give the username and password and start the server.
I faced the same problem. And I solved it using a small trick. I removed the server installed with NetBeans from the interface and the added another. When you do this you may create a personal domain. And in this personal domain the anonymouns login is already enabled, with no password at all.
I know this is not a good solution, but it is a solution nonetheless.
Hope it helps!
PS: At least in my NetBeans 7.4 for Linux, sometimes when I leave NetBeans the servers won't go down. Then you have to kill their processes, or else you won't manage to install another due to port conflicts. It's a tricky thing to find the process of the server. When you use "ps -A" the name of the process is only "java", with no clue it is the server.
As I know default glassfish password is 'changeit' for master admin and is empty for domain admin (with login admin by default). If you mean this password try this.
I need to connect to Unix Server using Java via SSH and SFTP protocol and execute specific commands and do File Transfers also. But there is RSA token authentication is enabled on Unix. So I need to get the current RSA token password at run time also along with User's Password.
So how to get this done
via Java? Is there any Java API for this?
FYI, Unix Login steps using putty :
connect using Server IP.
List item
give User Name.
give Password
give the 6 digit SecurID generated Number.
This sounds like keyboard-interactive authentication. In this authentication mechanism the server asks user a question, to which the user must respond. Any number of questions is possible and their order is defined by the server.
Keyboard-interactive authentication is used by many servers, but it's usually reduced to asking for a password, so most software which claims support for this authentication method will just put a password as the answer and that's all.
I don't know if free Java libraries support keyboard-interactive authentication with multiple questions. Our SecureBlackbox classes have an event which passes questions to the application, and the application can either provide an answer itself or ask the human operator to provide the answer.