Closed stevealexandre closed 1 year ago
Hello @stevealexandre ,
The locally hosted API Server must be configured for trusted database access. To do this, follow these steps:
http://localhost:8182
). imxclient.exe.config
file as shown below, where <KEY>
is your key value....
<configSections>
<!-- enter this new section -->
<section name="connectionSettings" type="System.Configuration.NameValueSectionHandler" />
</configSections>
...
<connectionSettings>
<add name="TrustedSourceKey" connectionString="<KEY>" />
</connectionSettings>
Hello @stevealexandre,
Also, I do not find where the vs extension file is located. I've tried to search in the installation package and the OIM installed directory, there is no vcode-extension.vsix file as describe on the web documentation.
The Visual Studio Code documentation was removed from the product starting the version 9.0.
Hello @stevealexandre ,
The locally hosted API Server must be configured for trusted database access. To do this, follow these steps:
- Obtain the trusted source key assoiated with the web application (
http://localhost:8182
). If you don't know this value, you can enter a new key in Designer.- Configure the key in the
imxclient.exe.config
file as shown below, where<KEY>
is your key value.... <configSections> <!-- enter this new section --> <section name="connectionSettings" type="System.Configuration.NameValueSectionHandler" /> </configSections> ... <connectionSettings> <add name="TrustedSourceKey" connectionString="<KEY>" /> </connectionSettings>
Hello @hannoquest,
Thanks for taking time to reply quickly and with the elements. Maybe it could be great to include these details into the html5 documentation. Also, do you confirm it should be possible to connect directly to the IIS ApiServer instead of running the local API with imxclient ?
After setting the configuration, I still get the same issue :
Designer configuration
I've also tried with Program set on Default, ApplictionServer and Web designer with the same result but without rebuilding webapp since it should not be needed I think
ImxClient configuration
ImxClient console logs
Browser error
Hello @stevealexandre,
Also, I do not find where the vs extension file is located. I've tried to search in the installation package and the OIM installed directory, there is no vcode-extension.vsix file as describe on the web documentation.
The Visual Studio Code documentation was removed from the product starting the version 9.0.
Ok thanks for the info. It was great to have a plugin which could help manage imxclient etc...
Hello @hannoquest ,
A little update of my case ? FYI, I'm able to connect on the api configuration app http://localhost:8182/html/qbm-app-landingpage/#/dashboard with my admin but still have the same issue for the web portal.
Thanks.
I have tried tonight to install and test on 9.1 and got the same error result but I get some more details of some SQL queries which are impacted :
Error: SQL injection detected in WHERE clause: (isnull(XDateUpdated, '1899-12-30 00:00:00.000') > '1899-12-30 00:00:00.000') and (UID_Tree in (select UID_Tree from DialogProcessChain where GenProcID in (select GenProcID from dbo.QBM_FTDialogProcessSelect(null, N
'JOHND', null, 0))))
Error: An error occurred while processing the request: GET http://localhost:8182/portal/pendingitemsSystem.Exception: An error occurred while processing the request: GET http://localhost:8182/portal/pendingitems ---> VI.Base.ViException: Potentially dangerous be
havior was detected. The request will be ignored. ---> VI.Base.ViException: SQL injection detected in WHERE clause: (isnull(XDateUpdated, '1899-12-30 00:00:00.000') > '1899-12-30 00:00:00.000') and (UID_Tree in (select UID_Tree from DialogProcessChain where GenP
rocID in (select GenProcID from dbo.QBM_FTDialogProcessSelect(null, N'JOHND', null, 0))))
Error: SQL injection detected in WHERE clause: (orderstate = N'Assigned') and (UID_PersonInserted = '87b607ab-3df8-4ab7-b977-c1d98be3bd0a') and (isnull(ValidUntil, '1899-12-30 00:00:00.000') < '2023-01-06 23:59:46.001') and (isnull(ValidUntil, '1899-12-30 00:00:
00.000') > '1899-12-30 00:00:00.000')
Error: An error occurred while processing the request: GET http://localhost:8182/portal/person/configSystem.Exception: An error occurred while processing the request: GET http://localhost:8182/portal/person/config ---> VI.Base.ViException: Potentially dangerous
behavior was detected. The request will be ignored. ---> VI.Base.ViException: SQL injection detected in WHERE clause: (orderstate = N'Assigned') and (UID_PersonInserted = '87b607ab-3df8-4ab7-b977-c1d98be3bd0a') and (isnull(ValidUntil, '1899-12-30 00:00:00.000')
< '2023-01-06 23:59:46.001') and (isnull(ValidUntil, '1899-12-30 00:00:00.000') > '1899-12-30 00:00:00.000')
I found a temporary workaround by setting the SQLCheck RiskEvaluation to Low for moment until to have a better solution.
Also on imxclient v9.1, it doesn't like the configuration bloc "connectionSettings" in the imxclient configuration file :
System.TypeInitializationException: Une exception a été levée par l'initialiseur de type pour 'VI.ImxClient.PlugIns'. ---> System.Configuration.ConfigurationErrorsException: Échec de l'initialisation du système de configuration ---> System.
Configuration.ConfigurationErrorsException: Section de configuration non reconnue connectionSettings. (C:\Tools\One Identity Manager9.1\ImxClient.exe.Config line 17)
à System.Configuration.ConfigurationSchemaErrors.ThrowIfErrors(Boolean ignoreLocal)
à System.Configuration.BaseConfigurationRecord.ThrowIfParseErrors(ConfigurationSchemaErrors schemaErrors)
à System.Configuration.ClientConfigurationSystem.EnsureInit(String configKey)
--- Fin de la trace de la pile d'exception interne ---
à System.Configuration.ConfigurationManager.PrepareConfigSystem()
à System.Configuration.ConfigurationManager.GetSection(String sectionName)
à System.Configuration.PrivilegedConfigurationManager.GetSection(String sectionName)
à System.Diagnostics.DiagnosticsConfiguration.GetConfigSection()
à System.Diagnostics.DiagnosticsConfiguration.Initialize()
à System.Diagnostics.DiagnosticsConfiguration.get_Sources()
à System.Diagnostics.TraceSource.Initialize()
à System.ComponentModel.Composition.Diagnostics.TraceSourceTraceWriter.get_CanWriteInformation()
à System.ComponentModel.Composition.Diagnostics.CompositionTrace.DefinitionContainsNoExports(Type type)
à System.ComponentModel.Composition.AttributedModel.AttributedPartCreationInfo.IsPartDiscoverable()
à System.ComponentModel.Composition.AttributedModel.AttributedModelDiscovery.CreatePartDefinitionIfDiscoverable(Type type, ICompositionElement origin)
à System.ComponentModel.Composition.Hosting.TypeCatalog.get_PartsInternal()
à System.ComponentModel.Composition.Hosting.TypeCatalog.GetEnumerator()
à System.Collections.Generic.List`1..ctor(IEnumerable`1 collection)
à System.Linq.Enumerable.ToList[TSource](IEnumerable`1 source)
à VI.Base.SafeDirectoryCatalog..ctor(String directory, String pattern, SearchOption searchOption)
à VI.ImxClient.PlugIns..cctor()
--- Fin de la trace de la pile d'exception interne ---
à VI.ImxClient.PlugIns.AddDependency[T](T dependency)
à VI.ImxClient.Program.Main(String[] args)
Hi @stevealexandre ,
You need to include this line in every configuration file that uses a <connectionSettings>
section. The last screenshot shows the file is missing this line.
<section name="connectionSettings" type="System.Configuration.NameValueSectionHandler" />
Hi @hannoquest ,
My bad, it was late in the day and missed the line in my config. Added, the error about the "connectionSettings" bloc disapeared but still have the same issue on 9.1 about the dangerous behavior and still need to define the RiskEvaluation to low to be able to interact with the portal. So as I udnerstand, this is needed only because the trusted key is not working to set the api as secure in Medium mode.
ImxClient Config
Webserver designer Config
Hi @stevealexandre ,
I noticed something in the "Webserver designer Config" screenshot -- and I apologize for omitting an important detail: The key cannot be entered in Designer, it must be entered as described in the 8.2.1 Release Notes:
imxclient edit-config /path <web.config file path> -T
(for example imxclient edit-config /path c:\inetpub\wwroot\apiserver\web.config -T
)
or
imxclient edit-config /path <web.config file path> /trustedsourcekey <Key>
Hi @hannoquest,
Thanks for your reply.
First at all, it's a new installation and not an upgrade so the trustedkey should be automatically filled for apiserver as indicated in the release note "During the initial installation, the trusted source key is configured automatically."
Running the cmd is not working but I guess it's because it's already done by the installation ?:
But how do you trust the local api server used by imxclient? And by the way, what exactly do the edit-config ? Generate a new trust key, store it in the database for the webapp and configure the web app config with it?
Hi @stevealexandre ,
edit-config
works in one of two modes (you can run imxclient help edit-config
for the entire text):
-T Configures a randomly generated trusted source key for the application specified by
the BaseURL setting in the web.config.
/trustedsourcekey {key} Configures the specified trusted source key for the application specified by
the BaseURL setting in the web.config.
The error message is from the .NET Framework and points to a problem with the cryptography configuration - it might be missing permissions; hard to say.
As a workaround, you can do what you are describing in your last sentence. The (plain text) TrustedSourceKey can be copied and used by a different client.
Hello
We have a new project to implement OneIdentity V9.0 with some web development needed and encountered some issues to initiate the dev environment with the new angular portal.
Describe the bug
From a new OIM V9.0 installation, we have some errors on the qer-app-portal build from Angular while there is no issue on the default ApiServer portal installation on IIS Server. As you can see at the screenshots section, on the first one, an authentication successfull on the IIS and on the second from the angular build, we can found many errors in the console logs and finished to the dashboard but with errors.
Also, I do not find where the vs extension file is located. I've tried to search in the installation package and the OIM installed directory, there is no vcode-extension.vsix file as describe on the web documentation.
Errors
Web console logs with ImxClient API Server
ImxClient logs
Web console logs with IIS API Server
To Reproduce
Steps to reproduce the behavior:
Screenshots
Thanks for your help.