Showing posts with label domain. Show all posts
Showing posts with label domain. Show all posts
Sunday, September 10, 2017
Unable to remove Office 365 Domain
Unable to remove Office 365 Domain
With Cloud on the �loose�, Microsoft has offered a very flexible platform which allows organizations to easily subscribe for trials or even register for a tenant on the fly. However, without a proper clean-up would create additional hassles and steps, especially if the Global Admin is no longer around or the login credential has been misplace � and this what happened to me in a recent Office 365 engagement.
In this implementation, we were supposed to activate the actual domain (Example: mydomain.com) to a new Ofifce 365 tenant. However, when attempting to associate the corporate domain into the Office 365 tenant, the portal had detected that our domain has been used and activated with another tenant � for Microsoft Power BI purposes, to make things complicated, nobody knows whom own the other domain.
To �regain control� of the corporate domain, we�d to create an automated generated TXT record to proof that we�re the actual and will be the Global Admin taking over the Power BI tenant. After which we�d to remove the corporate domain that has been configured with the Power BI tenant but were thrown with an error message:
Dependencies on domain. To remove this domain, you�ll have to remove the following dependencies first.
When expand, the alias and Skype addresses indicate the users which has been assigned within the tenant, although there wasn�t any Exchange Online and Skype for Business Online licenses are available. In the end, we�d to use PowerShell to remove the corporate domain:
- Connect-MsolService
- Remove-MsolDomain -DomainName $mydomain.com -Force
Refresh the Admin portal and we manage to remove the corporate domain that was initially assigned to the Power BI tenant and �migrated� it to the actual Office 365 domain.
Filed under: Cloud, Office 365
via Skype for Business News Aggregator Full Article
download file now
Wednesday, September 6, 2017
Tyk Dashboard crashed after setting the portal domain
Tyk Dashboard crashed after setting the portal domain
So I set the portal domain to be as the same with the dashboard. Later, I was instructed that it is not permitted to have the portal domain same as the dashboard.
However, now I am left with the below error which does not simply disappear when I reconfigure Tyk.
panic: http: multiple registrations for dashboard.tyk-local.com:3000/
goroutine 1 [running]:
panic(0xa60f80, 0xc820370be0)
/usr/local/go/src/runtime/panic.go:464 +0x3e6
net/http.(*ServeMux).Handle(0xc820356d50, 0xc82036f7e0, 0x1d, 0x7f5a221595d8, 0xc82027af20)
/usr/local/go/src/net/http/server.go:1926 +0x297
main.GenerateRoutes()
/home/tyk/go/src/github.com/lonelycode/tyk-analytics/Main.go:733 +0x41b7
main.main()
/home/tyk/go/src/github.com/lonelycode/tyk-analytics/Main.go:750 +0x59
I basically had to drop the Mongo table, and then reconfigure Tyk to get everything back in place.
In Mongo shell:
> use tyk_analytics
switched to db tyk_analytics
> db.dropDatabase();
{ "dropped" : "tyk_analytics", "ok" : 1 }
download file now
Saturday, September 2, 2017
UES 357 Using IP address or domain name to access UES gadgets
UES 357 Using IP address or domain name to access UES gadgets
You may get the following error and your gadgets wont work as expected if you try to use an IP address/domain name instead of the default URL with https.
Eg :-
Default :
https://localhost:9443/portal/gadgets/intro-gadget-2/intro-gadget-2.xml
Updated :
https://10.100.0.128:9443/portal/gadgets/intro-gadget-2/intro-gadget-2.xml
or
https://ues.udara.me/portal/gadgets/intro-gadget-2/intro-gadget-2.xml
Detailed error: 500 javax.net.ssl.SSLException: hostname in certificate didnt match: <10.100.1.128> != <localhost> shindig.js:9By default all WSO2 products shipped with a self signed certificate for the domain localhost, to overcome this issue you have to create and add a certificate for your IP/Domain name.
1. Lets assume you need to add a self signed certificate for your IP address(10.100.0.128), run following command and provide information when required, here Im using wso2carbon as my keystore password so I dont have to do any configuration changes.
keytool -genkey -alias ues -keyalg RSA -keystore ues.jks -keysize 2048
Note :- I have created ues.jks within /home/udara/key/ directory and you have to provide your IP or domain name as your first and last name (CN).
udara@thinkPad:~/key$ keytool -genkey -alias ues -keyalg RSA -keystore ues.jks -keysize 2048
Enter keystore password: wso2carbon
Re-enter new password: wso2carbon
What is your first and last name?
[Unknown]: 10.100.0.128
What is the name of your organizational unit?
[Unknown]:
What is the name of your organization?
[Unknown]: WSO2
What is the name of your City or Locality?
[Unknown]: Mountain View
What is the name of your State or Province?
[Unknown]: CA
What is the two-letter country code for this unit?
[Unknown]: US
Is CN=10.100.0.128, OU=Unknown, O=WSO2, L=Mountain View, ST=CA, C=US correct?
[no]: yes
Enter key password for <wso2carbon>
(RETURN if same as keystore password): wso2carbon
Re-enter new password: wso2carbon
2.Take a back-up of the current <UES_HOME>/repository/resources/security/ directory.
3.Run following command within <UES_HOME>/repository/resources/security/ directory to import your certificate into wso2carbon.jks.
Since I have created my ues.jks inside /home/udara/key/ directory in step-1,
udara@thinkPad:/wso2/support/workspace/wso2ues-1.0.0/repository/resources/security$ keytool -importkeystore -srckeystore /home/udara/key/ues.jks -destkeystore wso2carbon.jks -srcstoretype jks -deststoretype jks -srcstorepass wso2carbon -deststorepass wso2carbon4. Since we cant have two different private keys, lets delete the previous one.
Entry for alias ues successfully imported.
Import command completed: 1 entries successfully imported, 0 entries failed or cancelled
udara@thinkPad:/wso2/support/workspace/wso2ues-1.0.0/repository/resources/security$ keytool -delete -alias wso2carbon -keystore wso2carbon.jks -storepass wso2carbon5. Lets export our public key from wso2carbon.jks and import it in to the client-truststore.jks.
I) Export public key from wso2carbon.jks as test.cer.
udara@thinkPad:/wso2/support/workspace/wso2ues-1.0.0/repository/resources/security$ keytool -export -keystore ues.jks -alias ues -file test.cerII) Import public certificate test.cer into client-truststore.jks.
Enter keystore password:
Certificate stored in file <test.cer>
udara@thinkPad:/wso2/support/workspace/wso2ues-1.0.0/repository/resources/security$ keytool -import -alias ues -file test.cer -keystore client-truststore.jks6. Since we have updated the key store alias from wso2carbon to ues, we have to modify this in few configs to make SSO works.
Enter keystore password:
Owner: CN=10.100.0.128, OU=Unknown, O=WSO2, L=Mountain View, ST=CA, C=US
Issuer: CN=10.100.0.128, OU=Unknown, O=WSO2, L=Mountain View, ST=CA, C=US
Serial number: 4a460fad
Valid from: Tue Apr 08 11:49:26 IST 2014 until: Mon Jul 07 11:49:26 IST 2014
Certificate fingerprints:
MD5: 54:CD:B8:CD:7D:3D:B5:29:2B:A4:45:61:18:C9:5A:59
SHA1: 53:03:B5:6D:32:D2:07:33:0D:49:7A:37:32:C7:13:DA:4E:29:60:28
SHA256: C5:23:6D:09:F3:97:45:3A:F8:19:A1:F9:14:18:DE:BC:F3:C7:C9:C1:FF:0E:D9:E6:94:EF:DA:A3:6D:79:36:B9
Signature algorithm name: SHA256withRSA
Version: 3
Extensions:
#1: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 92 70 EA 1B 80 6B F8 07 84 0A D9 B0 FE 52 A3 41 .p...k.......R.A
0010: C0 DA B0 17 ....
]
]
Trust this certificate? [no]: yes
Certificate was added to keystore
Update <UES_HOME>repository/conf/carbon.xml,
<KeyStore>If we take portal jaggery app(<UES_HOME>/repository/deployment/server/jaggeryapps/portal),
<!-- Keystore file location-->
<Location>${carbon.home}/repository/resources/security/wso2carbon.jks</Location>
<!-- Keystore type (JKS/PKCS12 etc.)-->
<Type>JKS</Type>
<!-- Keystore password-->
<Password>wso2carbon</Password>
<!-- Private Key alias-->
<KeyAlias>ues</KeyAlias>
<!-- Private Key password-->
<KeyPassword>wso2carbon</KeyPassword>
</KeyStore>
Update ssoConfiguration section in portal.json as follows,
"ssoConfiguration" : {You have to made the above update in all other jaggery apps within the <UES_HOME>/repository/deployment/server/jaggeryapps/ directory.
"enabled" : true,
"issuer" : "portal",
"identityProviderURL" : "%https.host%/sso/samlsso.jag",
"keyStorePassword" : "wso2carbon",
"identityAlias" : "ues",
"responseSigningEnabled" : "true",
"keyStoreName" : "/repository/resources/security/wso2carbon.jks",
"storeAcs" : "%https.host%/store/sso.jag",
"portalAcs" : "%https.host%/portal/sso.jag",
"appAcsHost" : "%https.host%"
}
ssoConfiguration = {
"enabled": true,
"issuer": "{{appName}}",
"identityProviderURL": config.ssoConfiguration.identityProviderURL,
"keyStorePassword": "wso2carbon",
"identityAlias": "ues",
"responseSigningEnabled": "true",
"keyStoreName": "/repository/resources/security/wso2carbon.jks"
}
7. Restart WSO2 UES server.
If you browse Home>Configure>Key Stores>View Key Store, you can see the certificate of the private key section as follows.
By providing your IP address or domain name as the first and last name in step 1, you can overcome this host-name mismatch issue while loading UES gadgets.
You can refer this article[1] which explains how to create and add CA signed certificate to any Carbon product.
[1] . http://wso2.com/library/knowledge-base/2011/08/adding-ca-certificate-authority-signed-certificate-wso2-products/
download file now
Subscribe to:
Posts (Atom)