We are using Azure Scheduler (AS) to make calls to an HTTPS URL. This has been working with no issues until now. We have disabled TLS 1.0 on there hosting server due to a security requirement and now AS now logs "ConnectFailure Unable to connect to the remote server"
I would have thought that AS would negotiate the connection. Is anyone aware of any issue or is there anything I can do in my MVC app force AS to use TLS 1.1 or 1.2?
I spoke to Azure support and it turns out that Azure Scheduler currently requires a TLS 1.0 for https endpoint. There was no timescale given by Microsoft for any change to this.
Related
When we are connecting to AWS IoT using wss protocol on ios version 12.1.1, we were able to connect to IoT successfully, but immediately we could see onError event being triggered from IoT and then the connection gets closed. It tries to reconnect again but without any luck. The error we are getting from IoT is "{IsTrusted : true}".
We are not using any certificates, just using a profile access key and secret key.
The same build is able to connect properly on ios 12.0.1, 12.1
IOS version:12.1.1(Not working version)
AWS IOT SDK:2.0.0
iOS 12.1.1 introduced Apple's new Certificate Transparency policy. From Apple's release notes:
iOS 12.1.1 requires that publicly-trusted Transport Layer Security (TLS) server authentication certificates issued after October 15, 2018 meet the Certificate Transparency policy to be evaluated as trusted on Apple platforms.
This policy is becoming a widespread standard which Google already enforces in its Chrome browser. Amazon knew this was coming and, in response to these new policies, released updates to their MQTT backend (AWS IoT) to include appropriate certification on a new endpoint. See https://aws.amazon.com/blogs/iot/aws-iot-core-ats-endpoints/:
You must explicitly request an Amazon Trust Services endpoint for each region in your account. Any existing customer endpoint you have is most likely a VeriSign endpoint. If your endpoint has “-ats” at the end of the first subdomain, then it is an Amazon Trust Services endpoint. For example, ‘asdfasdf-ats.iot.us-east-2.amazonaws.com’ is an ATS endpoint.
In short, for my iOS App, we were using our AWS provided MQTT endpoint asdfasdf.iot.us-east-2.amazonaws.com (just an example), without the -ats. I updated the endpoint to asdfasdf-ats.iot.us-east-2.amazonaws.com and we were able to accomplish our SSL handshake.
I hope this helps with your issue! Good Luck!
This post became much longer than anticipated, TLDR: Where is my ASFS Federation Metadata located on my server? My overall task to the setup a test ADFS server in order to integrate our current application with ADFS
Hello, I'm trying to integrate our application with ADFS (it's a WPF application with a NodeJS backend), and I'm testing out Auth0 for this job (but if there are other simple solutions, I would be open to that as well - I've found no good guides so far ): espeically as a developer with no AD experience).
Regardless, I think I've set up a single server AD FS environment (locally as server1.local - with AD CS, AD DS and AD FS and that same server is the domain controller/DNS server) and set up an Auth0 relying party using this guide:
https://auth0.com/docs/connections/enterprise/adfs
In the next steps part, it says: try these quickstart guides. So I've downloaded the Angular2 quick start example project to test. But when I go to the enterprise connections and try to set up an ADFS connection, it asks for a ADFS URL
You can either provide the ADFS URL or upload the federation metadata file.
But I can't seem to find my ADFS URL. Not only that, my server is local, so it wouldn't be able to use my URL anyways right? I can just upload the metadata instead?
I've tried going to https://server1.local/federationmetadata/2007-06/federationmetadata.xml and https://127.0.0.1/FederationMetadata/2007-06/FederationMetadata.xml and https://localhost/FederationMetadata/2007-06/FederationMetadata.xml which under endpoints that's the one that shows, but ie says:
Turn on TLS 1.0, TLS 1.1, and TLS 1.2 in Advanced settings and try connecting to https://server1.local again. If this error persists, it is possible that this site uses an unsupported protocol or cipher suite such as RC4 (link for the details), which is not considered secure. Please contact your site administrator.
I've enabled TLS 1.0, 1.1 and 1.2 and this still doesn't seem to give me my metadata. I've also tried that URL on Chrome and it gives a generic "This site can't be reached"
How do I get my metadata?
In the ADFS configuration, look for what you configured as your federation service name.
Use this in the URL.
https://federation service name/federationmetadata/2007-06/federationmetadata.xml
BTW the federation service name should not be the FQDN of the server.
I am trying to enable http2 protocol on a Azure Web app, MVC application without any luck. The tutorial is simple just activate the 2.0 in Application settings of the portal, Http2 online tests states that the http2 protocol is enabled, no requests is on http2.
Https is enabled, minimum tls version set to 1.2... any ideas on what can go wrong?
It seems that an antivirus on my computer was the root cause for all the requests still being on the http. After i disabled it the requests were, as expected on http2.
I am a developing an Rest API in spring boot and it has to be consumed by an IOS Application.I have implemented JWT token with Oaut 2.0 as security and my web server is having SSL.So the call will be made by
https://server:port//dataurl
with the header as the token. My question is since My web Server is having SSL so the connection channel will be secured (because the token should be passed in a secure channel ) or do the client side (IOS App) should also have to implement SSL Certificate. I am a having a little confusion about how the SSL channel communication. Any help is appreciated.
This link has a nice graph about how SSL works.
https://www.ibm.com/support/knowledgecenter/en/SSFKSJ_7.1.0/com.ibm.mq.doc/sy10660_.htm
You can have a look of AFNetworking, no matter you want to use it or not.
In particular, have a look of AFSecurityPolicy.h and how it is used in AFURLSessionManager.m. That could be a good start point.
I am mobile iOS developer and need a demo environment while making a Proof Of Concept app that will run against SAP Mobile Platform 3.0 (SMP) and Netweaver Endpoint using OData service. I need to be testing against SMP Server 3.0 SP05 or SP06 as I need to work with Offline mode as well.
I have setup SAP HANA Cloud Platform Mobile Services on CAL (https://cal.sap.com), configured my application and can successfully execute user registration and on-boarding against the SMP. I am using one of SAP-provided Netweaver demo endpoints, but then I am getting http errors when further making HTTP requests from SMP to the Netweaver endpoint.
The SMP uses HTTPS protocol.
The Netweaver demo endpoint is at https://sapes1.sapdevcenter.com/sap/opu/odata/IWFND/RMTSAMPLEFLIGHT/
It gives me errors like:
Unable to extract request URI: URI must contain a port: https://hcpms-p1941221453trial.hanatrial.ondemand.com/com.sap.flight/
or
Cannot open tunnel with id account:///p1941221453trial
or
HTTPS proxying is not supported. Use HTTP instead. HTTPS is not needed because communication is already secured by the tunnel.
Can somebody please sugest the correct configuration of the end point - Authentication Type, Rewrite Mode, Proxy Type - to get the SMP working with the demo endpoint?
If it is not possible to connect to this NW endpoint from HANA Cloud SMP, can you please sugest another way how to get a demo NW Endpoint with one of SAP sample OData applications? Many thanks.
This may help you for a subset of your issues:
Regarding the HTTPS error, have a look here:
https://help.hana.ondemand.com/help/frameset.htm?9d0e9e8397f544d9a5de5df52fd1e757.html
It mentions: The communication between the XS application and the proxy listening on localhost is always via HTTP. Whether the connection to the on-premise back-end should be HTTP or HTTPS is a matter of access control configuration in the Cloud connector. For more information, see Configuring Access Control (HTTP).
Basically, when something goes through the Cloud Connector, the HANA server uses a the proxy localhost:20003 in HTTP