gerrit: cannot access the settings page - gerrit

The problem is that the settings page cannot be accessed. I sign in successfully by using the default administrator account admin. It redirected me to the login page and clikcing on the account showed the login page again.
The version is 3.2.2. The auth.type is DEVELOPMENT_BECOME_ANY_ACCOUNT since it is configured for a test environment. The access to the gerrit-sshd is successful. Details about the gerrit-config file are given below.
[gerrit]
basePath = git
canonicalWebUrl = http://10.7.225.79:7000/
serverId = a741248c-d502-4a4d-aed8-188ca2b8be36
[container]
javaOptions = "-Dflogger.backend_factory=com.google.common.flogger.backend.log4j.Log4jBackendFactory#getInstance"
javaOptions = "-Dflogger.logging_context=com.google.gerrit.server.logging.LoggingContext#getInstance"
user = gerrit
javaHome = /usr/lib/jvm/java-8-openjdk-amd64/jre
[index]
type = lucene
[auth]
type = DEVELOPMENT_BECOME_ANY_ACCOUNT
[receive]
enableSignedPush = false
[sendemail]
smtpServer = localhost
[sshd]
listenAddress = *:29418
[httpd]
listenUrl = http://*:7000/
[cache]
directory = cache
[plugins]
allowRemoteAdmin = true
the information about version is given below:
# java
# command: java -version
openjdk version "1.8.0_252"
OpenJDK Runtime Environment (build 1.8.0_252-8u252-b09-1~16.04-b09)
OpenJDK 64-Bit Server VM (build 25.252-b09, mixed mode)
# gerrit
# command: ssh -p 29418 admin#10.7.225.79 gerrit version
gerrit version 3.2.2

I'm not sure but maybe this is the way things work when "DEVELOPMENT_BECOME_ANY_ACCOUNT" is set.
Take a look at the Gerrit documentation about this:
DEVELOPMENT_BECOME_ANY_ACCOUNT
DO NOT USE. Only for use in a development environment.
When this is the configured authentication method a hyperlink titled
Become appears in the top right corner of the page, taking the user to
a form where they can enter the username of any existing user account,
and immediately login as that account, without any authentication
taking place.

Related

JupyterHub installation in windows using docker

I want to install JupiterHub using Docker (my operating system is Windows). I have done the installation steps and I am running JupiterHab, when I login to jupyterhub as an admin or user in browser, I get the following error:
Spawn failed: Server at http://127.0.0.1:44325/user/zahra/ didn't respond in 30 seconds
i edited the jupyterhub config file and added these lines:
import pwd, subprocess
c.JupyterHub.authenticator_class = 'nativeauthenticator.NativeAuthenticator'
c.Authenticator.admin_users = {'admin'}
def pre_spawn_hook(spawner):
username = spawner.user.name
try:
pwd.getpwnam(username)
except KeyError:
subprocess.check_call(['useradd', '-ms', '/bin/bash', username])
c.Spawner.pre_spawn_hook = pre_spawn_hook
c.Spawner.default_url = '/lab'
Help me please

Not able to authenticate CKAN using WSO2 IDM by ckanext-oauth2 plugin

I am using CKAN 2.7.2.
I have added the following configurations in my development.ini file of ckan:
ckan.oauth2.authorization_endpoint = https://wso2IP/oauth2/authorize
ckan.oauth2.token_endpoint = https://wso2IP/oauth2/token
ckan.oauth2.profile_api_url = https://wso2IP/userinfo
ckan.oauth2.client_id = *client-id*
ckan.oauth2.client_secret = *clientsecret*
ckan.oauth2.profile_api_user_field = abc
ckan.oauth2.profile_api_mail_field = abc#gmail.com
Also, have exported the following while running ckan using paster serve :
export OAUTHLIB_INSECURE_TRANSPORT=True
Also, I have added an application (ckan provider) in WSO2 Identity Server also with callback URL = (http://ckan-url:5000/oauth2/callback) where the CKAN instance is running (i.e a private IP of 172.30.66.XX type running on port 5000).
So, what configuration need to be done in WSO2 Identity Server and ckan development.ini file?
Also, configuring on both sides, I get the error Client authentication Failed in CKAN GUI.
I am using Ckan 2.7.2 , WSO2-IS 5.1 and ckanext-oauth2 (oauthlib==0.8.0)
will it be giving a problem in authentication process??Can it be a version dependency issue??
I have followed the given steps. Kindly correct if I am missing or doing something wrong:
I have used API store and published ckan application.
Entered the ckan callback url as http://oauth2/callback
Entered the generated client ID and client secret from step 1 in ckan configuration.
Also, made the given changes mentioned by you regarding claim configurations and ckanext-oauth2 configurations.
Now, it gives above error.or sometimes Invalid Client (Client Authentication Failed)
Inbound settings:
enter image description here
Error Logs :
[2018-07-25 19:29:25,432] INFO {org.wso2.carbon.core.services.util.CarbonAuthenticationUtil} - 'admin#carbon.super [-1234]' logged in at [2018-07-25 19:29:25,431+0530]
[2018-07-25 21:55:15,930] INFO {org.wso2.carbon.identity.application.authentication.framework.store.OperationCleanUpService} - Session Operation Data cleanup task is running successfully for removing expired Operation Data
[2018-07-25 23:40:15,929] INFO {org.wso2.carbon.identity.application.authentication.framework.store.SessionCleanUpService} - Session Data cleanup task is running successfully for removing expired Data
[2018-07-26 09:21:18,948] INFO {org.wso2.carbon.core.services.util.CarbonAuthenticationUtil} - 'admin#carbon.super [-1234]' logged in at [2018-07-26 09:21:18,948+0530]
[2018-07-26 09:21:39,307] INFO {org.wso2.carbon.core.services.authentication.AuthenticationAdmin} - 'admin#carbon.super [-1234]' logged out at [2018-07-26 09:21:39,0306]
[2018-07-26 09:55:15,975] INFO {org.wso2.carbon.identity.application.authentication.framework.store.OperationCleanUpService} - Session Operation Data cleanup task is running successfully for removing expired Operation Data
After configuring the settings I receive the following Message:
Your application settings at WSO2-IS seems to be correct. The only thing to take into consideration, it is that ckanext-oauth2 is only able to use the Code and, the Refresh Token grant types, so only those types need to be allowed.
Using this configuration for ckanext-oauth2:
ckan.oauth2.authorization_endpoint = https://wso2IP/oauth2/authorize
ckan.oauth2.token_endpoint = https://wso2IP/oauth2/token
ckan.oauth2.profile_api_url = https://wso2IP/userinfo
ckan.oauth2.client_id = *** OAuth Client Key from the Inbound Authentication Configuration at WSO2 ***
ckan.oauth2.client_secret = *** OAuth Client Secret from the Inbound Authentication Configuration at WSO2 ***
ckan.oauth2.scope = all_info openid
ckan.oauth2.profile_api_user_field = email
ckan.oauth2.profile_api_fullname_field = name
ckan.oauth2.profile_api_mail_field = email
and using your claim mapping configuration (http://wso2.org/claims/fullname and http://wso2.org/claims/emailaddress); I was able to sign in into CKAN. I have tested using CKAN v2.7.4, v2.8.0 and v2.8.1; ckanext-oauth2 v0.6.1 and WSO2-IS v5.5.0 (although it should work using WSO2-IS v5.1).

AppEngine Ruby on Rails app does not deploy

I am having issues deploying an app of mine to Google AppEngine. It is currently live on Heroku with no issues, so I dont think the issue is with the app. I emailed back and forth with Google support for a while, and one of the things they had me try was to deploy one of their starter apps. For simplicity sake, I am asking this question from the point of view that I am simply trying to deploy their test application, not my real app.
I have downloaded the hello world app from Github, per Google's instructions.
When I go to deploy, it sticks on a certain step and will not go any further.
I have done a fresh install of the google cloud tools and have made sure to run gcloud init.
I downloaded the app from that URL and am using the included app.yaml
Here is my entire CLI output. It will sit at the same status for HOURS.
Thanks for the help.
--Tim
Timothys-MBP:2-hello-world tgwright$ gcloud auth login
Your browser has been opened to visit:
https://accounts.google.com/o/oauth2/auth?redirect_uri=xxxxxx
Saved Application Default Credentials.
You are now logged in as [timothy.xxxxx#gmail.com].
Your current project is [xxx-gae-02]. You can change this setting by running:
$ gcloud config set project PROJECT_ID
Timothys-MBP:2-hello-world tgwright$ gcloud init
Welcome! This command will take you through the configuration of gcloud.
Settings from your current configuration [default] are:
Your active configuration is: [default]
[app]
suppress_change_warning = true
[core]
account = timothy.xxxxx#gmail.com
disable_usage_reporting = False
project = xxx-gae-02
Pick configuration to use:
[1] Re-initialize this configuration [default] with new settings
[2] Create a new configuration
Please enter your numeric choice: 1
Your current configuration has been set to: [default]
Pick credentials to use:
[1] timothy.xxxxx#gmail.com
[2] Log in with new credentials
Please enter your numeric choice: 1
You are now logged in as: [timothy.g.wright#gmail.com]
Pick cloud project to use:
[1] [xxx-gae-01]
[2] [xxxx-cloud01]
Please enter your numeric choice: 1
Your current project has been set to: [xxx-gae-01].
Which compute zone would you like to use as project default?
[1] [asia-east1-b]
[2] [asia-east1-a]
[3] [asia-east1-c]
[4] [europe-west1-c]
[5] [europe-west1-d]
[6] [europe-west1-b]
[7] [us-central1-c]
[8] [us-central1-b]
[9] [us-central1-f]
[10] [us-central1-a]
[11] [us-east1-d]
[12] [us-east1-b]
[13] [us-east1-c]
[14] Do not set default zone
Please enter your numeric choice: 9
Your project default compute zone has been set to [us-central1-f].
You can change it by running [gcloud config set compute/zone NAME].
Your project default compute region has been set to [us-central1].
You can change it by running [gcloud config set compute/region NAME].
Do you want to use Google's source hosting (see
"https://cloud.google.com/source-repositories/docs/") (Y/n)? n
gcloud has now been configured!
You can use [gcloud config] to change more gcloud settings.
Your active configuration is: [default]
[app]
suppress_change_warning = true
[compute]
region = us-central1
zone = us-central1-f
[core]
account = timothy.xxxx#gmail.com
disable_usage_reporting = False
project = xxx-gae-01
Timothys-MBP:2-hello-world tgwright$ gcloud auth list
Credentialed accounts:
- timothy.xxx#gmail.com (active)
To set the active account, run:
$ gcloud config set account ``ACCOUNT''
Timothys-MBP:2-hello-world tgwright$ gcloud config list
Your active configuration is: [default]
[app]
suppress_change_warning = true
[compute]
region = us-central1
zone = us-central1-f
[core]
account = timothy.xxxx#gmail.com
disable_usage_reporting = False
project = xxx-gae-01
Timothys-MBP:2-hello-world tgwright$ gcloud preview app deploy --verbosity debug
DEBUG: Running gcloud.preview.app.deploy with Namespace(__calliope_internal_deepest_parser=ArgumentParser(prog='gcloud.preview.app.deploy', usage=None, description="*(BETA)* This command is used to deploy both code and configuration to the App Engine\nserver. As an input it takes one or more ``DEPLOYABLES'' that should be\nuploaded. A ``DEPLOYABLE'' can be a module's .yaml file or a configuration's\n.yaml file.", version=None, formatter_class=<class 'argparse.HelpFormatter'>, conflict_handler='error', add_help=False), account=None, authority_selector=None, authorization_token_file=None, bucket=None, cmd_func=<bound method Command.Run of <googlecloudsdk.calliope.backend.Command object at 0x10e936590>>, command_path=['gcloud', 'preview', 'app', 'deploy'], configuration=None, credential_file_override=None, deployables=[], docker_build=None, document=None, force=False, format=None, h=None, help=None, http_timeout=None, ignore_bad_certs=False, image_url=None, log_http=None, project=None, promote=None, quiet=None, repo_info_file=None, server=None, stop_previous_version=None, trace_email=None, trace_log=False, trace_token=None, user_output_enabled=None, verbosity='debug', version=None).
DEBUG: API endpoint: [https://appengine.googleapis.com/], API version: [v1beta4]
You are about to deploy the following modules:
- xxx-gae-01/default (from [/Users/tgwright/Google Drive/Sites/2-hello-world/app.yaml])
Deployed URL: [https://xxx-gae-01.appspot.com]
Do you want to continue (Y/n)? y
Beginning deployment...
DEBUG: Host: appengine.google.com
DEBUG: _Authenticate configuring auth; needs_auth=False
DEBUG: Sending request to https://appengine.google.com/api/vms/prepare?app_id=ebt-gae-01 headers={'X-appcfg-api-version': '1', 'content-length': '0', 'Content-Type': 'application/octet-stream'} body=
INFO: Attempting refresh to obtain initial access_token
INFO: Refreshing access_token
If this is your first deployment, this may take a while...\DEBUG: Got response: {bucket: vm-containers.xxx-gae-01.appspot.com, path: /containers}
If this is your first deployment, this may take a while...done.
INFO: Not checking for [go] because runtime is [ruby]

Gitlab LDAP (Active Directory) Authentication without Server Side Access

I am using GitLab Omnibus 7.10.0 on RHEL 6.6. I have enabled LDAP using the following configuration:
gitlab_rails['ldap_enabled'] = true
gitlab_rails['ldap_servers'] = YAML.load <<-'EOS' # remember to close this block with 'EOS' below
main: # 'main' is the GitLab 'provider ID' of this LDAP server
label: 'FOO COM Active Directory (LDAP)'
host: 'ad.server.foo.com'
port: 3268
uid: 'someuser'
method: 'plain' # "tls" or "ssl" or "plain"
bind_dn: 'CN=My Whole. Name,OU=Some Users,DC=ad,DC=server,DC=foo,DC=com'
password: 'thepassword'
active_directory: true
allow_username_or_email_login: false
block_auto_created_users: false
base: 'DC=ad,DC=server,DC=foo,DC=com'
user_filter: ''
# ## EE only
# group_base: ''
# admin_group: ''
# sync_ssh_keys: false
#
# secondary: # NOT FILLED OUT
EOS
My problem is that I can't get users to authenticate via LDAP. I'm not sure if the configuration is wrong, or I need to do something on the server side (which I have no direct access to). When I run
gitlab-rake gitlab:ldap:check RAILS_ENV=production
I get this
Checking LDAP ...
LDAP users with access to your GitLab server (only showing the first 100 results)
Server: ldapmain
Checking LDAP ... Finished
I can search for individual users using java with this account (my personal account) or another account for a different application, but can't get AD working with gitlab. I got the bind_dn "My Whole. Name" by running this command on a Windows box.
gpresult -r
I have also tried a bind_dn of:
uid=myADaccountname,OU=Some Users,DC=ad,DC=server,DC=foo,DC=com
and
myADaccountname#ad.server.foo.com
but I still have the same problem.
For Active Directory, the uid should be:
uid: 'sAMAccountName'
Gitlab should connect using the user specified in the bind_dn, with the given password.
Since GitLab 9.5.1 the uid now requires [ ]
See this issue: https://gitlab.com/gitlab-org/gitlab-ce/issues/37120
This might just be a bug which will be fixed.
I had to update the value for Active Directory from the answer above to:
uid: ['sAMAccountName']

401:Authentication credentials (https://dev.twitter.com/pages/auth) were missing or incorrect

It's the first time for me using twitter4j i got project from github trying to run it to see the result of how using twitter4j and when i run the Crawler class i got this
0 [Twitter Stream consumer-1[initializing]] INFO twitter4j.TwitterStreamImpl - Establishing
connection. 5617 [Twitter Stream consumer-1[Establishing connection]] INFO
twitter4j.TwitterStreamImpl - 401:Authentication credentials (https://dev.twitter.com/pages
/auth) were missing or incorrect. Ensure that you have set valid consumer key/secret, access
token/secret, and the system clock is in sync.
i guess from Ensure that you have set valid consumer key/secret that i should change the proprieties of twitter4j.proprieties !!? am i right or false ? and how can i change the proprieties of it ?
Can someone help ?
I got the similar error with using twitter4j 3.0.x version. I solved it by updating twitter4j to the 4.0.0 version
Try the following options given in this link to set the Keys:
via twitter4j.properties: Save a standard properties file named "twitter4j.properties". Place it to either the current directory, root of the classpath directory.
debug=true
oauth.consumerKey=*********************
oauth.consumerSecret=******************************************
oauth.accessToken=**************************************************
oauth.accessTokenSecret=******************************************
via ConfigurationBuilder: You can use ConfigurationBuilder class to configure Twitter4J programatically as follows:
ConfigurationBuilder cb = new ConfigurationBuilder();
cb.setDebugEnabled(true)
.setOAuthConsumerKey("*********************")
.setOAuthConsumerSecret("******************************************")
.setOAuthAccessToken("**************************************************")
.setOAuthAccessTokenSecret("******************************************");
TwitterFactory tf = new TwitterFactory(cb.build()); Twitter twitter =
tf.getInstance();
via System Properties: You can configure Twitter4J via System properties. Note that you need "twitter4j." prefix.
$ java -Dtwitter4j.debug=true
-Dtwitter4j.oauth.consumerKey=*********************
-Dtwitter4j.oauth.consumerSecret=******************************************
-Dtwitter4j.oauth.accessToken=**************************************************
-Dtwitter4j.oauth.accessTokenSecret=******************************************
-cp twitter4j-core-4.0.2.jar:yourApp.jar yourpackage.Main
via environment variables: Note that you need "twitter4j." prefix.
$ export twitter4j.debug=true $ export
twitter4j.oauth.consumerKey=********************* $ export
twitter4j.oauth.consumerSecret=******************************************
$ export
twitter4j.oauth.accessToken=**************************************************
$ export
twitter4j.oauth.accessTokenSecret=******************************************
$ java -cp twitter4j-core-4.0.2.jar:yourApp.jar yourpackage.Main

Resources