So I have created an ABCS BPEL process in JDeveloper, it compiles without any errors. I'm trying to test it via soapUI but I am getting the following error:
<env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/">
<env:Header/>
<env:Body>
<env:Fault>
<faultcode>env:Server</faultcode>
<faultstring>oracle.fabric.common.FabricInvocationException: Unable to access the following endpoint(s): http://REPLACE_WITH_ACTUAL_HOST_AND_PORT/ENVIRONMENT_NAME/com-telekom-xmlns-ng-EnterpriseServices-Core-TroubleTicket-V1-services-CommunicationsTroubleTicketEBS.soap2jms/1.0</faultstring>
<faultactor/>
<detail>
<exception>Unable to access the following endpoint(s): http://REPLACE_WITH_ACTUAL_HOST_AND_PORT/ENVIRONMENT_NAME/com-telekom-xmlns-ng-EnterpriseServices-Core-TroubleTicket-V1-services-CommunicationsTroubleTicketEBS.soap2jms/1.0</exception>
</detail>
</env:Fault>
</env:Body>
</env:Envelope>
Which is strange because in my config plan I have added the following, replacing the REPLACE_WITH_ACTUAL_HOST_AND_PORT/ENVIRONMENT_NAME part with an actual address:
<wsdlAndSchema name="CommunicationsTroubleTicketEBSResponse.wsdl|CommunicationsTroubleTicketEBS.wsdl">
<searchReplace>
<search>http://REPLACE_WITH_ACTUAL_HOST_AND_PORT/ENVIRONMENT_NAME/com-telekom-xmlns-ng-EnterpriseServices-Core-TroubleTicket-V1-services-CommunicationsTroubleTicketEBSResponse.soap2jms/1.0</search>
<replace>http://soainta52:8001/soa-infra/services/ServiceRequestsStubs/TTMCreateTroubleTicketStub/TTMCreateTroubleTicketStub_ep</replace>
</searchReplace>
<searchReplace>
<search>http://REPLACE_WITH_ACTUAL_HOST_AND_PORT/ENVIRONMENT_NAME/com-telekom-xmlns-ng-EnterpriseServices-Core-TroubleTicket-V1-services-CommunicationsTroubleTicketEBS.soap2jms/1.0</search>
<replace>http://soainta52:8001/soa-infra/services/ServiceRequestsStubs/TTMCreateTroubleTicketStub/TTMCreateTroubleTicketStub_ep</replace>
</searchReplace>
</wsdlAndSchema>
When deploying your BPEL you have to select the deployment plan.
Are you make this deployment from JDeveloper or from a the enterprise manager console?
Related
Jenkins - 2.263.1(LTS) deployed through tomcat on CentOS-8.2and have Nginx reverse proxy running in-front of Jenkins.
Under Manage Jenkins > Configure Systems - Apply and Save not working, Due to this error, i cannot Apply (or) Save any of my configurations, It always shows below error on browser (Firefox & Chrome).
HTTP Status 403 – Forbidden
Type Status Report
Message No valid crumb was included in the request
Description The server understood the request but refuses to authorize
it. Apache Tomcat/9.0.30
Also Jenkins > Manage Jenkins > Configure Global Security - Apply works. But Save not working this too results same above given error.
Systems log error message.
Feb 19, 2021 10:56:05 AM WARNING hudson.security.csrf.CrumbFilter
doFilter No valid crumb was included in request for
/jenkins/configSubmit by ankit.sahu. Returning 403.
Workaround tried:-
1) Under Configure Global security > CSRF Protection > Enable proxy compatibility( Tick marked Enabled). - Didn't work so disabled with below command.
2) hudson.security.csrf.GlobalCrumbIssuerConfiguration.DISABLE_CSRF_PROTECTION = true - Even this didn't solve the problem.
3) Installed the Strict Crumb Issuer plugin.
Enabled this plugin and unchecked Check the session ID from its configuration (Under Jenkins Configure Global Security).
4) Restated the Jenkins.
Even tried by adding below in /apache-tomcat-9.0.30/conf/tomcat-users.xml file.
<?xml version='1.0' encoding='utf-8'?>
<tomcat-users>
<role rolename="manager-gui"/>
<role rolename="manager-script"/>
<role rolename="manager-jmx"/>
<role rolename="manager-status"/>
<role rolename="admin-gui"/>
<role rolename="admin-script"/>
<user username="user" password="password" roles="manager-gui,manager-script,manager-jmx,manager-status,admin-gui,admin-script"/>
</tomcat-users>
However still experiencing same problem. I don't know how to fix it, Can someone help me?
You can (temporarily) disable CSRF with below groovy script. Go to Manage Jenkins >> Script Console, then execute the below groovy script.
import jenkins.model.Jenkins
def instance = Jenkins.instance
instance.setCrumbIssuer(null)
The nonces embedded into web output from Jenkins with CSRF protection are based (at least in part as I've read) on values from the requesting client. In addition to making sure your reverse proxy is correctly configured to pass X-Forwarded-For and X-Forwarded-Proto, make sure that Tomcat valve is in place to expose those header values in the servlet request API so Jenkins has access to them.
Add the following to $CATALINA_BASE/conf/server.xml, subordinate to the <Host> element:
<Valve className="org.apache.catalina.valves.RemoteIpValve" remoteIpHeader="x-forwarded-for" protocolHeader="x-forwarded-proto" />
ref: https://www.jenkins.io/doc/book/system-administration/reverse-proxy-configuration-troubleshooting/
ref: https://www.jenkins.io/doc/book/system-administration/reverse-proxy-configuration-with-jenkins/
ref: https://tomcat.apache.org/tomcat-9.0-doc/config/valve.html#Remote_IP_Valve
If you're using jenkinsapi, I resolved this error by specifying useCrumb=True in the constructor:
j = Jenkins(base_url, username=username, password=password, useCrumb=True)
Using this info https://hayato-iriumi.net/2019/05/23/how-to-install-jenkins-slave-as-windows-service/ we are setting up the Jenkins Slave on Windows server. Jenkins agent start from command line. but when we start from Windows service, its giving below error message? How to resolve this error message?
Service cannot be started. System.IO.InvalidDataException: Attribute <className> is missing in configuration XML
at winsw.Util.XmlHelper.SingleAttribute[TAttributeType](XmlElement node, String attributeName)
at winsw.Extensions.WinSWExtensionDescriptor.FromXml(XmlElement node)
at winsw.Extensions.WinSWExtensionManager.LoadExtension(String id)
at winsw.Extensions.WinSWExtensionManager.LoadExtensions()
at winsw.WrapperService.OnStart(String[] args)
at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
xml file we have
<service>
<id>JenkinsSlave</id>
<name>Jenkins agent</name>
<description>This service runs an agent for Jenkins automation server.</description>
<executable>c:\java\jdk-11\bin\java.exe</executable>
<arguments>-Xrs -jar "c:\jenkins\slave.jar" -jnlpUrl https://jenkinsmaster/jenkins/computer/slave01/slave-agent.jnlp -secret a4b5b4ddfd34a016cd3a8eb94cbe8f908613e33a66db5fa6f5f43a080aea3116 -workDir=c:\jenkins</arguments>
<workingdirectory>c:\jenkins</workingdirectory>
<logmode>rotate</logmode>
<onfailure action="restart">
<download from="https://jenkinsmaster/jenkins/jnlpJars/slave.jar" to="c:\jenkins\slave.jar">
<extensions>
<extension enabled="false" classname="winsw.Plugins.RunawayProcessKiller.RunawayProcessKillerExtension" id="killOnStartup">
<pidfile>c:\jenkins\jenkins_agent.pid</pidfile>
<stoptimeout>5000</stoptimeout>
<stopparentfirst>false</stopparentfirst>
</extension>
</extensions>
</download>
</onfailure>
</service>
Thanks
There are some errors in the sample "Jenkins-Slave.xml" that is presented at the linked web page (which yours is apparently based on). It has all elements and attributes named in lowercase, but actually some of them should be mixed case (as can be seen by the error message that it doesn't find attribute className).
Try this one instead:
<service>
<id>YourJenkinsSlaveServiceId</id>
<name>Your Jenkins Slave Service Name</name>
<description>This service runs an agent for Jenkins automation server.</description>
<executable>C:\Program Files\Java\JRE8\bin\java.exe</executable>
<arguments>-Xrs -jar "%BASE%\slave.jar" -jnlpUrl http://YourJenkinsServer:8080/computer/YourNodeName/slave-agent.jnlp -secret YourSecretStringConsistingOfHexadecimalCharacters -workDir=C:\YourNodeWorkDir</arguments>
<logmode>rotate</logmode>
<onfailure action="restart" />
<download from="http://YourJenkinsServer:8080/jnlpJars/agent.jar" to="%BASE%\slave.jar"/>
<extensions>
<extension enabled="true" className="winsw.Plugins.RunawayProcessKiller.RunawayProcessKillerExtension" id="killOnStartup">
<pidfile>%BASE%\jenkins_agent.pid</pidfile>
<stopTimeout>5000</stopTimeout>
<stopParentFirst>false</stopParentFirst>
</extension>
</extensions>
</service>
This is from a more detailed explanation of how to install an agent as a Windows service which I have given in this answer.
I too has the same issue similarly..
System.IO.FileNotFoundException: Unable to locate jenkins.xml file within executable directory or any parents
at winsw.ServiceDescriptor..ctor()
at winsw.WrapperService.Run(String[] _args, ServiceDescriptor descriptor)
at winsw.WrapperService.Main(String[] args)
Solution:
Save your jenkins-agent file as xml format. not just jenkins-agent.xml
we can use notepad++ to save the xml type.
similarly remove .exe at end of jenkins-agent.exe
Hope its useful.... cheers !!
The className, stopTimeout and stopParentFirst should not be in lower case.
I am trying to wire up Azure Key Vault in my ASP.NET (.Net Framework) MVC Web App using Visual Studio 2017 Community 15.7.5 Connected Service targeting .Net 4.7.2.
It adds a configBuilder with the name AzureKeyVault with an attribute called vaultName that throws a "The 'vaultName' attribute is not allowed." warning.
When I run the application I get an error that the configBuilders attribute on the appsetting tag is not good like so:
I am using the following package versions which are all current:
<package id="Microsoft.Azure.KeyVault" version="3.0.0" targetFramework="net472" />
<package id="Microsoft.Azure.KeyVault.WebKey" version="3.0.0" targetFramework="net472" />
<package id="Microsoft.Azure.Services.AppAuthentication" version="1.0.3" targetFramework="net472" />
There is an update to Microsoft.Azure.Services.AppAuthentication but it is a preview and it caused dependency issues with other packages.
tldr; - you probably don't have the appropriate permissions to access the key vault.
In currently released versions of the .Net framework, detailed errors about config builders are not always easily discoverable in the ASP.NET yellow screen. We have changes in vNext to address this issue, but it is currently a problem for 4.7.1/2. For the time being, if you create a simple console app to read appSettings with the same config builder configuration, you should see more exception information in the stack that gets spit out.
Based on the yellow screen you posted though I would guess (and its really just an educated guess based on past reports and nothing specific in your case) you are running into an authentication issue in the Microsoft.Azure.Services.AppAuthentication library. When running in Visual Studio, that library can use your personal credentials to access the key vault. If deployed in Azure, they use a different magic technology to authenticate the application to the key vault. If you want to eliminate the "magic" and take more control over this, you can specify more detailed connection information with the 'connectionString' attribute. There is more information as well as a link to connection string details on our GitHub page (MicrosoftConfigurationBuilders).
As for the "The 'vaultName' attribute is not allowed." warning... it's just a warning. The .xsd that VS uses to validate configuration was not correctly updated to allow random attributes on configBuilder definitions. We hope to address this in a future VS release around the time that the next framework ships.
Steve Molloy was correct in that the Configuration Error was a red herring. I created a console app and the error messages were much better but they still required some investigation. Here's my Console App Code and packages:
static void Main(string[] args)
{
var azureServiceTokenProvider = new AzureServiceTokenProvider
(azureAdInstance:"https://InsertAADSubscriptionName.onmicrosoft.com/");
var keyVaultClient = new KeyVaultClient(
new KeyVaultClient.AuthenticationCallback(azureServiceTokenProvider.KeyVaultTokenCallback));
var secret = keyVaultClient.GetSecretAsync(
"https://InsertKeyVaultName.vault.azure.net", "InsertSecretYouWantBack").GetAwaiter().GetResult();
}
<packages>
<package id="Microsoft.Azure.KeyVault" version="3.0.0" targetFramework="net472" />
<package id="Microsoft.Azure.KeyVault.WebKey" version="3.0.0" targetFramework="net472" />
<package id="Microsoft.Azure.Services.AppAuthentication" version="1.0.3" targetFramework="net472" />
<package id="Microsoft.IdentityModel.Clients.ActiveDirectory" version="3.19.8" targetFramework="net472" />
<package id="Microsoft.Rest.ClientRuntime" version="2.3.13" targetFramework="net472" />
<package id="Microsoft.Rest.ClientRuntime.Azure" version="3.3.15" targetFramework="net472" />
<package id="Newtonsoft.Json" version="11.0.2" targetFramework="net472" />
</packages>
I put a breakpoint on the last bracket and kept looking for my secret value in the variable secret. I kept getting the following error indicating that Azure AD wasn't able to authenticate my local environment and return an access token.
Parameters: Connection String: [No connection string specified],
Resource: https://vault.azure.net,
Authority: https://login.windows.net/47c8ce10-a05d-4880-9e92-0c2d2c00dc88.
Exception Message: Tried the following 4 methods to get an access token,
but none of them worked.
Parameters: Connection String: [No connection string specified],
Resource: https://vault.azure.net,
Authority: https://login.windows.net/47c8ce10-a05d-4880-9e92-0c2d2c00dc88.
Exception Message: Tried to get token using Managed Service Identity.
Unable to connect to the Managed Service Identity (MSI) endpoint.
Please check that you are running on an Azure resource that has MSI setup.
Parameters: Connection String: [No connection string specified],
Resource: https://vault.azure.net,
Authority: https://login.windows.net/47c8ce10-a05d-4880-9e92-0c2d2c00dc88.
Exception Message: Tried to get token using Visual Studio.
Access token could not be acquired.
Parameters: Connection String: [No connection string specified],
Resource: https://vault.azure.net,
Authority: https://login.windows.net/47c8ce10-a05d-4880-9e92-0c2d2c00dc88.
Exception Message: Tried to get token using Azure CLI. Access token could
not be acquired. ERROR: Please run 'az login' to setup account.
Parameters: Connection String: [No connection string specified],
Resource: https://vault.azure.net,
Authority: https://login.windows.net/47c8ce10-a05d-4880-9e92-0c2d2c00dc88.
Exception Message: Tried to get token using Active Directory Integrated
Authentication. Access token could not be acquired. get_user_name_failed:
Failed to get user nameInner Exception : No mapping between account names
and security IDs was done
The problem was that since I was running the app locally I needed to be logged in to Azure CLI locally. To do this: first install Azure CLI on your machine, then go to a CMD or a PowerShell prompt and type az login and follow the instructions returned.
This did the trick; the console app was able to get an access token.
I tried it on my web app in the original question above and it worked as expected.
We are trying to consume web service from orbeon client code. Everything works fine with one way SSL however we now wish to call the web service using 2 way SSL. We are able to call the web service using 2 way SSL successfully using the Apache CXF framework using Java code.
I followed the steps outlined in the Orbeon Wiki.
Changes made in properties-local.xml
<property as="xs:anyURI"
name="oxf.http.ssl.keystore.uri"
value="/apps/property/ClientStore.jks"/>
<property as="xs:string"
name="oxf.http.ssl.keystore.password"
value="password"/>
<property as="xs:anyURI"
name="oxf.url-rewriting.service.base-uri"
value="http://localhost:8085/Orbeon"/>
<property as="xs:anyURI"
name="oxf.fr.persistence.exist.uri"
value="http://localhost:8085/fr/service/exist"/>
<property as="xs:anyURI"
name="oxf.fr.persistence.exist.exist-uri"
value="http://localhost:8085/exist/rest/db/orbeon/fr"/>
After implementing the changes outlined above we are getting the exception below:
ERROR XFormsServer - xforms-submit-error - setting throwable {throwable:
"javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
at com.sun.net.ssl.internal.ssl.SSLSessionImpl.getPeerCertificates(Unknown Source)
at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:128)
at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:390)
at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:488)
at org.apache.http.conn.scheme.SchemeSocketFactoryAdaptor.connectSocket(SchemeSocketFactoryAdaptor.java:62)
at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:148
Java start up options are:
-Djavax.net.ssl.trustStorePassword=password
-Djavax.net.ssl.keyStore=/apps/property/DMClientStore.jks
-Djavax.net.ssl.keyStorePassword=password
-Djavax.net.ssl.trustStore=/apps/property/trustkeystore.jks
Questions:
Are these properties sufficient for enabling 2 way SSL?
For Apache CXF we need to provide two keystores, one with the client certificate and a truststore. Where do we configure both of these keystores for Orbeon?
In my ASP.NET MVC project I have added a parameters.xml file that looks like:
<?xml version="1.0" encoding="utf-8" ?>
<parameters>
<parameter name="Application Pool" description="Application Pool Name" defaultValue="PreferredPool">
<parameterEntry kind="DeploymentObjectAttribute"
scope="appHostConfig"
match="application/#applicationPool"/>
</parameter>
</parameters>
Then I go ahead and build the deployment package:
MSBuild.exe myproject.csproj /t:Package /p:PackageLocation="C:\packages\myproject.zip"
And then I invoke the batch script generated (myproject.deploy.cmd) and deploy the app to a local IIS 7 server. The problem is, it is always the Default Application Pool that is assigned to the app instead of the PreferredPool as specified in parameters.xml.
What did I do wrong?
Change your parameterEntry's scope to "application":
<parameterEntry kind="DeploymentObjectAttribute"
scope="application"
match="application/#applicationPool"/>