I'm using https://github.com/jenkinsci/ghprb-plugin plugin for my Jenkins to initiate job build when pull request is raised.
I'm getting below error
"Unable to connect to GitHub API: org.kohsuke.github.HttpException: {"message":"Requires authentication","documentation_url":"https://docs.github.com/rest/reference/users#get-the-authenticated-user"}"
Tried with multiple user on 2 different Jenkins, issue remains same.
Right now you are using github username and password. But you need to use github access token instead of password for authentication. You can create an access token from settings -> Developer Settings -> Personal Access tokens -> Generate new token.
Related
I am setting up the DocuSign rest connector in power apps. I have other API's that working well this same way.
I want to get this setup to sweep completed files on a scheduled.
I started by going through this tutorial and tried the same setup. But when I try to test the connector I don't get prompted for credentials. We use SSO - so the window comes up and goes away without an error message.
https://www.docusign.com.au/blog/get-the-flow-sending-docusign-envelopes-microsoft-power-automate
I then tried to create a connection in in power automate Data/Connections and get an error message after entering my dev credentials. The clientid (integration key) and the secret match.
OAuth2 authorization flow failed for service 'Generic Oauth 2'. OAuth 2 sign in failed to exchange code for access token. Client ID and secret sent in form body.. Response status code=NotFound. Response body: { "statusCode": 404, "message": "Resource not found" } Client ID and secret sent in Basic authorization header.. Response status code=NotFound. Response body: { "statusCode": 404, "message": "Resource not found" }
The setup looks correct. It seems like a reference problem = like the production account and the developer account are not in sync or something. I have the same email address for both production and developer accounts and we use SSO - maybe its trying to reference production and not the developer account when its logging in? Just guessing.
I have a ticket with them, but they have note been able to help so far and they are on AEST time and I won't be able to get a response back from them for another couple of days :(
(I tried using the DocuSign Git repo API to create the connection as well - same problem)
Anyone have problems like this or know a solution? Anything else I can look at. This seems all straight forward -standard OAuth setup.
Using this setup like in the article for the demo (dev) account.
DEMO:
IKey: Integration Key [captured earlier]
Secret Key: Secret Key [captured earlier]
Authorization URL (DEMO): https://account-d.docusign.com/oauth/auth
Token URL (DEMO): https://account-d.docusign.com/oauth/token
Refresh URL (DEMO): https://account-d.docusign.com/oauth/token
Scope: signature extended
This will connect to a single DocuSign user (like a "service account"). It will not prompt each user for their credentials. You will need 1 generic user setup within your DocuSign account, without SSO (you can setup an exception user in DocuSign admin. This is best practice when setting up SSO as a fallback in case SSO fails to login as well).
The envelope will be sent from that generic user, not the actual user. This is common practice with some "system level" integrations.
Also, are you connecting a DocuSign "demo" or production account?
I ask because there's two connectors for power automate - "DocuSign" (for production) and "Docusign Demo" (for demo). I would recommend doing it all in demo first, as the "client id" (aka "integration key") needs to go through a go-live process to be promoted from demo to prod (see the link in the guide).
I want to upload attachments to a page in Confluence in a post build action using a pipeline job.
I downloaded the Confluence Publisher plugin. Im trying to use my email id as username and API Token as password to test login. (tried with both http and https)
Keeps giving Authentication Error (401)
I tried from postman with same token and username (Auth method as API Authentication). Works like a charm.
What am I doing wrong?
Had the same problem here with version 0.12.0.
Problem is fixed for me with changing to version 0.17.1
I have created a PAT token for my user account in TFS Server 2017 (on-premises, not VSTS). Using Postman I am attempting to call the following REST API with Basic Auth:
GET http://{server:port}/tfs/DefaultCollection/_apis/projects?api-version=1.0
In response I get the following error:
TF401444: Please sign-in at least once as {Well Known SID for my user account} in a web browser to enable access to the service. - Microsoft Team Foundation Server
I have tried opening the same URL in Chrome and attempting to login with the PAT but with no success (the login is not completed). Any suggestions as to what I am missing here?
TFS seems to be recognising the PAT token as I receive a different error if I revoke it.
The issue here was the use of 'DefaultCollection' in the URI. I didn't have permissions on the default project collection in our TFS instance and needed to replace 'DefaultCollection' with the name of the collection I actually did have access to.
It seems obvious now, but the documentation didn't make it clear that this was a variable part of the URI so I had assumed the API was always hosted as part of the DefaultCollection.
I have dockerized our Angular application which have been using WSO2 as API manager . After doing the configurations, i was able to run the application successfully and able to hit all existing api's. The only issue arises when i tried to use oath2/token api for performing login operation of our customer . Even though, the same code was used to perform authentication earlier(before dockerization) without any issues,now i am getting error as
{
"error": "invalid_grant",
"error_description": "Provided Authorization Grant is invalid"
}
Token generation api for login :
https://<myapplicationurl>:9443/oauth2/token
Errors am getting in docker console while trying to login using username 'devtest7#mailinator.com' :
Things to note :
WSO2 AM version is 2.1.0 , WSO2 IS version is 5.3.0
Arguments(headers & parameters) for the request is the same as that
used earlier(except the username and password).
I am able to create a new users and the corresponding user is listed
in Carbondb users list.
The issue exists while trying to login using existing user as well as
newly created users.
I have recently generated new ssl certificate for the application.
Able to login using super admin only . Login using newly created email and username is not working.
I tried solutions seen on stackoverflow which doesn't fixed my issues. Can any one please help?
There is a line in the above logs saying that SP tenant is not equal to user tenant and SP is not SaaS. Are the SP and users are from different tenants? Normally users cannot access SP across different tenants.
If you want to make the SP accessible across different tenants then you need to enable SaaS application option in the SP. Check this doc to learn more about SaaS application https://docs.wso2.com/display/IS530/Adding+and+Configuring+a+Service+Provider
Thanks for everyone who commented and tried to figure out the solution for the issue i mentioned. I got the resolution for the issue . As i tried multiple times to login by doing permutations and combinations in configurations, authentication was blocked for me. As a reason, i couldn't login and generate access token . I was able to resolve it by changing a flag in identity.xml file inside IS .
Changed the UserOperationEventListener enabling from 'true' to 'false' .
Before:
<EventListener enable="true" name="org.wso2.carbon.identity.governance.listener.IdentityMgtEventListener" orderId="95" type="org.wso2.carbon.user.core.listener.UserOperationEventListener"/>
After:
<EventListener enable="false" name="org.wso2.carbon.identity.governance.listener.IdentityMgtEventListener" orderId="95" type="org.wso2.carbon.user.core.listener.UserOperationEventListener"/>
This change allowed me to block the invalid authentication check. We are anyway adding that check from our code side.
According to the logs, it says
Non-SaaS service Provider's tenant domain is not same as user tenant
domain; carbon.super != mailinator.com
From the logs, the SP's is in the carbon.super tenant. But it considers the user as in the tenant mailinator.com.
When we specify the username for password grant with email as username, we have to use the full username with the tenant domain. (devtest7#mailinator.com#carbon.super).
Just got Jenkins configured with OpenID Connect but was wondering how it gets userInfoServerUrl. Is it retrieved from IdP metadata (/fss/.well-known/openid-configuration)?
If not, is there anyway to configure it?
The reason I am asking is that when I invoke the user info url manually, I do see token keys but Jenkins complains that the key is not supplied in the payload. The other issue is that it's not reading/populating mail and full name from the payload.
java.lang.Exception: no field 'uid' was suppied in the token payload to be used as the username
at org.kohsuke.stapler.HttpResponses.error(HttpResponses.java:83)
at org.jenkinsci.plugins.oic.OicSecurityRealm$2.onSuccess(OicSecurityRealm.java:206)
at org.jenkinsci.plugins.oic.OicSession.doFinishLogin(OicSession.java:98)
at org.jenkinsci.plugins.oic.OicSecurityRealm.doFinishLogin(OicSecurityRealm.java:294)
at java.lang.invoke.MethodHandle.invokeWithArguments(Unknown Source)
Looks like the option to set userInfoServerUrl will be available in the next release. See github