I was evaluating the APIGEE proxy apis and accessing by programmatic deploy and invoke.
I downloaded the sample programs (api-pltform-samples-master). While testing the simpleProxy, I ran the deploy.sh and kept receiving the error:
Deploying to test on https://api.enterprise.apigee.com using batabya and batabya
Writing ../simpleProxy/deploy.sh to ./deploy.sh
Writing ../simpleProxy/invoke.sh to ./invoke.sh
Writing ../simpleProxy/apiproxy/weatherapi.xml to apiproxy/weatherapi.xml
Writing ../simpleProxy/apiproxy/proxies/default.xml to apiproxy/proxies/default.xml
Writing ../simpleProxy/apiproxy/resources/jsc/changeResponse.js to apiproxy/resources/jsc/changeResponse.js
Writing ../simpleProxy/apiproxy/resources/jsc/generateResponse.js to apiproxy/resources/jsc/generateResponse.js
Writing ../simpleProxy/apiproxy/resources/jsc/MashItUp.js to apiproxy/resources/jsc/MashItUp.js
Writing ../simpleProxy/apiproxy/resources/py/calculateAddress.py to apiproxy/resources/py/calculateAddress.py
Writing ../simpleProxy/apiproxy/resources/py/setHeader.py to apiproxy/resources/py/setHeader.py
Writing ../simpleProxy/apiproxy/resources/py/Timer.py to apiproxy/resources/py/Timer.py
Writing ../simpleProxy/apiproxy/resources/xsl/rewriteEndpoint.xsl to apiproxy/resources/xsl/rewriteEndpoint.xsl
Writing ../simpleProxy/apiproxy/targets/default.xml to apiproxy/targets/default.xml
Import failed to /v1/organizations/batabya/apis?action=import&name=weatherapi with status 401:
If 'State: deployed', then your API Proxy is ready to be invoked.
Run '$ sh invoke.sh'
If you get errors, make sure you have set the proper account settings in /setup/setenv.sh
FYI: I have created my profile with admin rights.
The 401 error indicates an issue with authentication. There are 3 factors that comprise authentication here: (1) organization name, (2) username and (3) password.
The (1) organization name and (2) are username are configured in setenv.sh. The (3) password is prompted for from deploy.sh.
Make sure you have set your org and username by modifying the following two lines in setenv.sh :
org="Enter the name of your organization here"
username="Enter your Apigee username"
One important clarification:
username="Enter your Apigee username"
This value needs to be the email address associated with your account on enterprise.apigee.com.
We'll update the README to clarify this.
Related
I am writing application that need to read mailbox using IMAP, but as daemon, without user interaction. I need to use OAuth2 to get access.
Because I need it without user interaction, I need to use client credentials flow. This was added this June.
I have done everything from official documentation. Registered application, added permissions, added mailbox permission using PowerShell.
When I get request access token with scope https://outlook.office365.com/.default, the one that I receive has role IMAP.AccessAsApp, so I believe that is correct. I used https://jwt.ms/ to parse JWT.
The problem is when I try to authenticate using this access token in Java, for example
Properties props = new Properties();
props.put("mail.imap.ssl.enable", "true");
props.put("mail.imap.auth.mechanisms", "XOAUTH2");
props.put("mail.debug", "true");
Session session = Session.getInstance(props);
Store store = session.getStore("imap");
store.connect("outlook.office365.com", 993, "testing#mydomain.com", "accessToken");
I receive AUTHENTICATE failed. I tried same code with access token received using authorization code flow, which requires user interaction. Using that access code I was able to connect to mailbox. So the code is correct.
I even tried using client id and service id instead of email address as username, but without success.
I am not sure where I made the mistake and if I am using correct username. Any help is appreciated.
I wrote same answer here, so I am coping it here.
I think I made some progress.
I read documentation few times, tried few times from the start with same error. I even have tried using client and object ids instead of email as username, in lack of better ideas.
So this is where I think I have made mistake previous times.
On the part where it is needed to register service principal, I needed to execute
New-ServicePrincipal -AppId <APPLICATION_ID> -ServiceId <OBJECT_ID> [-Organization <ORGANIZATION_ID>]
Here I have put enterprise application object id as ServiceId argument. And that is ok.
But on
Add-MailboxPermission -Identity "email address removed for privacy reasons" -User
<SERVICE_PRINCIPAL_ID> -AccessRights FullAccess
I have put my registered application object id as User argument. I also tried setting object id of enterprise application, but it did not have success.
When I executed
Get-ServicePrincipal -Organization <ORGANIZATION_ID> | fl
I did not pay attention to ServiceId property, even with documentation specifying it and saying it will be different.
Now I cleared everything and started fresh.
I have executed all the steps again, but on the step for creating new service principal I used data from enterprise application view. When I need to add mail permission, I list service principals, and then use ServiceId value from the output, as argument for user.
With that, I was able to authorise.
Thanks everyone for sharing your experience. This has proved to be a little confusing. :)
To sum everything up, to access a mailbox with IMAPS and OAuth2 (as opposed to using Graph API which is another method Microsoft recommends):
Create an Azure App Registration
Add API permission Office 365 Exchange Online - IMAP.AccessAsApp and grant admin consent
Create a service principal, which will be used to grant mailbox permissions to in Exchange Online
Connect-AzureAD
Connect-ExchangeOnline
$azapp = Get-AzureADApplication -SearchString 'App Registration Name'
$azsp = Get-AzureADServicePrincipal -SearchString $azapp.DisplayName
# GOTCHA: You need the ObjectId from 'Enterprise applications' (Get-AzureADServicePrincipal), not 'Application registrations' (Get-AzureADApplication) for ServiceId (thanks #[jamie][1])
$sp = New-ServicePrincipal -AppId $azapp.AppId -ServiceId $azsp.ObjectId -DisplayName "EXO Service Principal for $($azapp.DisplayName)"
Grant access rights to mailboxes for the service principal
$mbxs = 'mymbx1#yourdomain.tld',`
'mymbx2#yourdomain.tld',`
'mymbx3#yourdomain.tld'
$mbxs | %{ Add-MailboxPermission -Identity $_ -User $sp.ServiceId -AccessRights FullAccess } | fl *
Get-MailboxPermission $mbxs[-1] | ft -a
You can use Get-IMAPAccessToken.ps1 to test your setup
.\Get-IMAPAccessToken.ps1 -TenantID $TenantId -ClientId $ClientId -ClientSecret $ClientSecret -TargetMailbox $TargetMailbox
Other parameters you may need:
Authority: https://login.microsoftonline.com/<YourTenantId>/
Scope: https://outlook.office365.com/.default
I am using Cucumber+Selenium+junit for automating test cases.
Sample scenario is mentioned below. I pass multiple examples for different environments into the scenario. In my test application the passwords keep on changing every 60 days and updating these passwords in every feature file is very cumbersome. Could you please help me how I can parameterise these username and passwords and pass it from separate config file, so that every time the passwords changes i can update them at a single place.
Scenario Outline: Verify the login functionality in xyz application
Given I open the browser
And I launch the xyz application <url>
When I enter the <username> and <password>
And click on sign in button
Then User should login successfully
Examples
#SIT
|url |username |password|
|sit.com|situser|sitpassword|
#UAT
|url |username |password|
|uat.com|uatuser|uatpassword|
#Training
|url |username |password|
|training.com|traininguser|trainingpassword|
Just write scenarios without the credentials in them. Then get the passwords in your step definitions
You could write scenarios like
Given I am registered on UAT
When I login into UAT
Then I should be logged in
and then something like
module EnvTesterSH
def get_current_creds(env: )
...
[id, password]
end
end
World EnvTesterSH
Given 'I am registered on UAT' do
#id, #password = get_current_creds(env: :uat)
end
and now your problem is how do you write code to get the new credentials, which I guess all depends on who or what changes the credentials. But now you at least have a programming language to help you.
I have a java application running in ECS in which I want to read data from table in account 1 (source_table) and write it to a table in account 2 (destination_table). I created two dynamodb clients with different credential providers - for source_table client I'm using an STSAssumeRoleSessionCredentialsProvider with the arn of a role in account 1; for destination client I'm using DefaultAWSCredentialsProviderChain.
The assume role bit works and I'm able to read using the source client but using the destination client does not work - it still tries to use the assumed role credentials when trying to write to destination_table and fails with unauthorized error (assumed-role is not authorized to perform Put Item).
I tried using EC2ContainerCredentialsProviderWrapper on the destination client but same error.
Should this work? Or are the credentials shared under the hood which makes it impossible to have two different AWSCredentialProviders running simultaneously like this?
I noticed this answer which uses static credentials and apparently works, so I'm at a loss why this doesn't work.
I figured it out with some help from AWS support. It was a problem with my IAM configuration on the role in account 2. I was misled by the error message which said 'assumed-role is not authorized to perform Put Item' when in fact my original account 2 role itself was unable to do so.
I am trying to learn Amazon AWS. I ran their tutorial package-"GettingStartedApp.java" after setting my access id and access key in the property file. But I see this exception.
Caught Exception: The security group 'gettingstartedgroup' does not exist
Reponse Status Code: 400
Error Code: InvalidGroup.NotFound
How should I correct this?
You are probably trying to use the string "gettingstartedgroup" as a security group.
If you just created your EC2 AWS instance, then you either add a security group with that name or use the default one.
For the latter, just change from gettingstartedgroup to default.
At first, please execute CreateSecurityGroupApp.java and then GettingStartedGroup will be creataed in Oregon region.
I have this registration page which works fine ,but for the email field I need to make sure that the email is correct and valid
1 : Correct
2 : Valid
for the correct email add i am using java script validation for maintaining
abc#def.com
well that is working fine
but my question is , Is there any web service or java API to make sure whether the mail ID actually is existing and registered
Like my mail id is : hussainABCD#gmail.com
this is actually a existing ID
but i may try hussain5555#gmail.com,hussain1111#gmail.com,hussain8888#gmail.com,
these will pass the java script validation but are not existing in reality
do we have any way to make sure that the mail id exists ??
The only way to check if an email address actually exists is to send an email to it and let the user respond on that.
For example:
a confirmation code that needs to be filled in your website
a link, going to your website, that needs to be visited
And still it is uncertain whether the email is existing afterwards, as it is easy to simply create a temporary email to pass the validation and delete it afterwards.
Instead of validating email addresses you can use the Google API to let your users sign in using their account. It is also possible to use OpenID on a similar way.
This probably isn't possible using existing services and/or API's, since it could be quite a security risk. Use an email with a validation link if you want to be sure the address exists. Or OpenID, as mentioned by BalusC.