Using the gs-actuator-service sample I get {} output from the actuator/info endpoint and just {status="Ok"} from the actuator/health endpoint.
From reading on the web it seems that more info is returned if the user is authenticated. I added the security starter dependency to the 'gs-actuator-service' sample but could't get any more information from the endpoints. Should the endpoints return more and if so how do I add security to the sample and get the additional info?
Found the solution for getting more info
If using gradle add the following
springBoot {
buildInfo()
}
see the Integrating with Actuator section of https://docs.spring.io/spring-boot/docs/2.0.1.RELEASE/gradle-plugin/reference/html/ for more information.
Related
Context:
I have a keycloak inside a docker, I understand that there is a "proxy reverse" doing something like transforming this url for example: "http://example.com" into "http://171.20.2.97:8082" (this is the actual place where the Keycloak is "deployed" or "up"). It is just an example, my clients when they need to consume an endpoint from one microservice of mine do not use numbers, they use example.com.
so in the Keycloak when you want to see the metadata of the realm for SAML2.0 you can do it by following this link which is in the REALM settings section:
https://example.com/auth/realms/REALM-NAME/protocol/saml/descriptor
as you can see I am using "example.com" not "171.20.2.97:8082" to access the metadata link.
The problem is that inside the METADATA, the endpoints for SingleSignOnService, SingleLogoutService, etc. Are all configured to be "http://171.20.2.97:8082/auth/realms/REALM-NAME/protocol/saml" (notice it is using the numbers and not example.com) and this causes that when the clients that want to use SAML.
Send inside their SAML REQUEST "Destination" attribute like so: "http://example.com/auth/realms/REALM-NAME/protocol/saml" and this causes an invalid request error, with reason invalid_destination, because the request attribute Destination was expected to be:
"http://171.20.2.97:8082/auth/realms/REALM-NAME/protocol/saml" like is inside the Metadata.
So my question is, how can I edit the metadata to change the endpoints numbers to example.com or if that is not possible, how can I make example.com get translated to 171.20.2.97:8082 inside my keycloak server? Or if you know another way to solve/figure out this it is very welcome
I feel like a BEAST after finding out how to achieve what I needed after like 3 weeks of searching about keycloak and SAML (I overcame many obstacles this was the lastone), finally I managed to fix this by using the "Frontend URL" setting in my REALM settings, there I can put anything I want so that it changes "http://171.20.2.97:8082/auth/" (inside the metadata urls) for whatever I configure there, so for example if I set Frontend URL to:
https://example.com/auth/
now all my metadata endpoints will be like so:
https://example.com/auth/realms/REALM-NAME/protocol/saml
instead of:
http://171.20.2.97:8082/auth/realms/REALM-NAME/protocol/saml
now my client is being able to properly login with SAML2 using keycloak.
how did I manage to find out this? Well there is not much info so this was what gave me the hint: Keycloak behind nginx reverse proxy: SAML Integration invalid_destination
The person asking said that he configured frontend-url, and I wanted to give a try to that, and after checking if that changed metadata urls, surprise it did =)
I use self hosted Jira and I'm currently trying to connect to the Jira api using a python script (and the requests library) having 2fa enabled by my organization. I'm not an admin of the project and after creating a personal access token and using it as a Bearer token I only got so far to get a response from the server telling me to put in the OTP to proceed.
I was thinking whether I could possibly pass the OTP as part of the authorization header when making the request to the api but couldn't find any useful hints on how to do that. I have also been looking into OAuth tokens but from my understanding I'm unable to create one since I don't have the option to create an application link within Jira (since I'm not an admin).
Does anyone have an idea on how I could manage to establish the connection to the api?
Any help would be appreciated!!
Cheers,
Liz
Hey #Liz try this project for inspiration - https://github.com/dren79/JiraScripting_public
I built it out on the below examples from the API documentation.
#This code sample uses the 'requests' library:
#http://docs.python-requests.org
import requests
from requests.auth import HTTPBasicAuth
import json
url = "https://your-domain.atlassian.net/rest/api/3/issue/{issueIdOrKey}"
auth = HTTPBasicAuth("email#example.com", "<api_token>")
headers = {
"Accept": "application/json"
}
response = requests.request(
"GET",
url,
headers=headers,
auth=auth
)
print(json.dumps(json.loads(response.text), sort_keys=True, indent=4, separators=(",", ": ")))
I am trying to use the spring-cloud-dataflow-rest-client v2.6.0 in an application to launch spring cloud tasks. I followed the instructions on this page https://docs.spring.io/spring-cloud-dataflow/docs/current/reference/htmlsingle/#appendix-identity-provider-azure to secure Spring-cloud-dataflow-server using Azure AD. However, I am unable to get the setup that was provided for dataflow-shell to work with the SCDF rest client. I know shell internally uses SCDF-rest-client. So, not sure why it won't work for me.
Which properties should I use if my application which uses SCDF-rest-client is to launch tasks like the shell?
I tried with the following properties but I keep getting an invalid scope error.
-Dspring.cloud.dataflow.client.authentication.client-id=yhas7wqh-2a5d-4795-babb-b6213f896b52
-Dspring.cloud.dataflow.client.authentication.client-secret=asjajd8hhsasajdassakja
-Dspring.cloud.dataflow.client.authentication.oauth2.client-registration-id=Batch-Launcher
-Dspring.cloud.dataflow.client.authentication.token-uri=https://login.microsoftonline.com/d8bb2fd3-e835-4d68-b9db-7402a9bf39f1/oauth2/v2.0/token
-Dspring.cloud.dataflow.client.authentication.scope=api://dataflow-server/dataflow.deploy,api://dataflow-server/dataflow.view,offline_access
-Dspring.cloud.dataflow.client.authentication.oauth2.username=abcddemo#afdemo12.onmicrosoft.com
-Dspring.cloud.dataflow.client.authentication.oauth2.password=abcdPwd
-Dspring.cloud.dataflow.client.authentication.basic.username=abcddemo#afdemo12.onmicrosoft.com
-Dspring.cloud.dataflow.client.authentication.basic.password=abcdPwd
The exception that I get
Caused by: org.springframework.security.oauth2.core.OAuth2AuthorizationException: [invalid_scope] AADSTS70011: The provided request must include a 'scope' input parameter. The provided value for the input parameter 'scope' is not valid. The scope api://dataflow-server/dataflow.deploy offline_access is not valid.
Can someone from SCDF team update the Azure provider docs to include also how one can use SCDF rest client like shell to invoke SCDF API.
I want to implement Oauth2 protocol from scratch for study purposes.
I'm following the Github guide after having created an App with a Client ID and Client Secret.
The two information sources are pretty simple and are:
https://developer.github.com/apps/building-oauth-apps/authorizing-oauth-apps/
https://gist.github.com/technoweenie/419219
In particular, I'm starting from the first step pasting on my browser:
https://github.com/login/oauth/authorize?client_id=&redirect_uri=http://localhost:8080/auth/temp&scope=user&state=&allow_signup=true
I have a Spring application listening on port 8080 (I don't want to use Spring Security because I want to implement the protocol from scratch) with the following and working endpoint exposed:
#RequestMapping("/auth/temp")
public String redirectAuth(HttpServletRequest request) {
//TODO implement next steps
return "here we are!";
}
but when I go to the github link I get a 404 not found error, as my localhost application wouldn't exist.
I expect the official guide has some mandatory information missing, such as some other endpoints which my application must expose in order to be queried, for instance, about the client secret.
So, what am I missing?
Github only supports the auth code oauth 2 flow. It might be helpful to read up on that.
I have a blog and a video on the auth code flow that may help.
Disclaimer: I work at and created them for Ping Identity, but I think
they'll be helpful even for your study purposes.
https://developer.pingidentity.com/en/blog/posts/2019/what-are-oauth-2-0-grant-types-part-1-authorization-code-flow.html
https://youtu.be/eg7I8x-u0sc
You haven't included your client_id in the authorisation url:
https://github.com/login/oauth/authorize?client_id=&redirect_uri=http://localhost:8080/auth/temp&scope=user&state=&allow_signup=true
The authorization server (GitHub) needs this value to identify the client you have registered.
There are only a few RPC methods that include the HTTP reference endpoint in the reference documentation.
I got the Google Ads Service's Mutate method to work with
https://googleads.googleapis.com/v3/customers/{customer-id}/googleAds:mutate
However, trying to call the Keyword Plan Idea service fails, reporting there is no such URL on the server:
https://googleads.googleapis.com/v2/customers/{customer-id}/keywordPlanIdea:generateKeywordIdeas
I have tried it with and without the customers/{customer-id}, and with GET, POST, and even PUT. No luck.
Does anyone know the correct endpoint?
Thanks!
John
For generateKeywordIdeas, the URL endpoint is
https://googleads.googleapis.com/v6/customers/{customer-id}/generateKeywordIdeas
This information is listed here: https://github.com/googleapis/googleapis/blob/master/google/ads/googleads/v6/services/keyword_plan_idea_service.proto
Specifically, this code from that file:
rpc GenerateKeywordIdeas(GenerateKeywordIdeasRequest) returns (GenerateKeywordIdeaResponse) {
option (google.api.http) = {
post: "/v6/customers/{customer_id=*}:generateKeywordIdeas"
body: "*"
};
}
You can find the endpoints for all other Google Ads services in this way, by going here: https://github.com/googleapis/googleapis/tree/master/google/ads/googleads/v6/services
However, this doesn't tell you the request payload format. For that, I suggest looking into their API clients, like this: https://github.com/googleads/google-ads-php/blob/master/examples/Planning/GenerateKeywordIdeas.php. You can run some of those examples and inspect the network to see how the request is structured.