In OpenWhisk, I want to display the functions I deployed from wsk(cli) OpenWhisk's interface, for this I go to the site on the api host, but it asks for authentication information. Where to get authentication information in Openwhisk? As an alternative, what I've tried hasn't worked. When I type wsk property get it says whisk aut.
wsk property set --apihost 'http://172.17.0.1:3233' --auth '23bc46b1-71f6-4ed5-8c54-816aa4f8c502:123zO3xZCLrMN6v2BKK1dXYFpXlPkccOFqm12CdAsMgRU4VrNZ9lyGVCGuMDGIwP'
I could not enter the information written here when I typed the username and password.
https://i.stack.imgur.com/W2FRa.png
I found this solution: If the --web true flag is used, you can also run functions from the web interface.
image
Related
I'm using https://hub.docker.com/r/pypiserver/pypiserver to host a private pypi server.
The -a flag allows me to restrict which actions need to be authenticated.
The -P flag allows me to pass in user/password pairs.
I need:
all actions requiring authentication
Only certain user/passwords can read+write
Others can only read
Reading that page, this doesn't seem to be possible? How can I achieve this?
In our application we manage a user database in which we have the option to log in to our app by verifying username and password with the local installation. By now we actually used LogonUser for that purpose.
So... Now with Windows 11 the default option is to have either biometric login or a PIN which is obviously incompatible with LogonUser (heck, on my PC I don't have a local password nor have I found the possibility to create one in the dialogs).
Now, what is the route to take from here? I couldn't figure what's the way to go (note: it's a similar problem to CreateProcessAsUser) - I always find links to Windows Hello/Windows credential provider interfaces, but as far as I can see these are used to be a provider yourself...
I'd like to setup a docker registry that allows anonymous pulls but authenticates pushes.
My naive approach was to allow get requests. But that seems to break the login as the client only creates the credentials if the initial Get request to /v2/ yields a 401.
However also repository reads start with that so I cannot put this behind authentication either.
Basically it seems I'd have to distinguish between a ping before a pull and a ping before a login.
I'm also happy to setup token authentication. But that would probably run into the same conundrum.
Apparently the way to go is to set up token authentication.
Then you can return a valid token for the scope pull even if no Basic Authentication was given.
You can find an example code on https://github.com/cloudfleet/floating-dock/blob/master/app/controllers/api/v1/jwt_controller.rb and https://github.com/cloudfleet/floating-dock/blob/master/app/services/auth/container_registry_authentication_service.rb
It is an adapted version of GitLabs JWT implementation for the registry.
Trying to access files in the private repositories of a Github organization of which I am a member, using the API. Tried a couple different ways so far:
1. If I use the username/password method --
curl -u "sashafklein:mypassword" https://api.github.com/repos/:org/:repo/git/trees/:file_sha
it works fine, but I'm trying to access the repos from a collaborative Rails app, so I don't want to publicize my github login credentials. I suppose creating a dummy GH account with access and using those credentials is possible, but it's definitely not ideal..
2. So I looked at the OAuth2 Secret/Key method in the API docs. But it doesn't work. If I curl the org repo url with my credentials as params in the url:
curl -i "https://api.github.com/orgs/:org/repos?private&client_id=<ID>&client_secret=<SECRET>"
Only the public repos show up. This may be a problem with how I'm passing params (passing "?private=true" should theoretically then return an empty list, but the list is identical and all public repos), but I'm following the docs.
3. So I got frustrated and took a look at these docs for getting a OAuth token, but I'm confused about how to alter it so that there's no user interface -- ie, so that my app has automatic access to the Github Orgs of which I am a member, without users of it having to do anything in particular.
Any ideas what I'm doing wrong with attempt 2, or how to get attempt 3 working automatically? I'm pretty stumped.
EDIT I think my client_id/secret are wrong, cause even when I use Octokit, it can't access the protected repos. Am I understanding this wrong? As me, I created an "Application" on Github for my Rails app, and I'm trying to use those credentials to access the org's private repos (to which I am a contributor) using the API.
In case anyone runs into this problem, here's the solution I found.
Apparently the client credentials I had weren't working. I think I didn't quite understand what they're for. The easiest way I could get this to work (ie, get permission for my rails app to access a private repo of which I was a member) was to use the username:password method (1, above).
So that my personal github credentials wouldn't be available to everyone using the app, I created a new dummy github account with access that serves exclusively as an api credentializer.
I am using Octokit with C# and encountered the same issue. After some investigation I found out it was a problem with my token permissions.
Token have scopes (https://developer.github.com/v3/oauth/#scopes) so to access private repositories you need 'repo' instead of 'public_repo' which I think was default.
This can be easily changed from Settings > Personal Access tokens > edit
I am trying to implement XPagesSBT on localhost.
I have followed this article http://heidloff.net/home.nsf/dx/12152011034545AMNHECAP.htm and the SBT document by Niklas and was trying to implement dropbox oAuth.
I have also placed http://localhost/XPagesSBT.nsf/ and http://localhost/WebSecurityStore.nsf in root folder
but still i get this error
Error while executing JavaScript action expression
Script interpreter error, line=1, col=26: Error calling method 'isAuthenticated()' on java class 'com.ibm.xsp.extlib.sbt.services.client.endpoints.DropboxEndpoint'
No application is registered with id XPagesSBT and provider Dropbox
if(!#Endpoint("dropbox").isAuthenticated()) {#Endpoint("dropbox").authenticate(true);}
do i need to make any other configuration /setup to XPagesSBT db? or it wont work with Localhost?
I don't remember exactly anymore but reading my blog entry you linked it says you shouldn't use Anonymous:
"Additionally there are a couple of security related settings which are important to understand. First of all you need to assign access to the document with the application keys to the ID with which you signed the two NSFs. In the screenshot above I've entered both OpenNTF servers and my own user ID. When you use the web UI to do this these names are added to the document in an authors field and a readers field.
In the last step you need to configure the ACL of the security store. Anonymous must not have access to this database. All users who you want to be able to use the Social Enabler OAuth functionality need to have author access. This is so that their user keys can be stored in this database so that they only have to do the OAuth dance once. "
It should work on localhost. It looks like a configuration issue with SBT not being able to read the security tokens from the websecuritystore.nsf . Did you create the Dropbox Application Key with an admin id and sign the websecuritystore with the correct id?
Padraic