Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Activity
  • Jul 30 14:52
    karelmaxa closed #69
  • Jul 30 14:52

    karelmaxa on master

    Update commons to 22.0.0. Upgra… Merge pull request #70 from orc… (compare)

  • Jul 30 14:52
    karelmaxa closed #70
  • Jul 30 14:44
    karelmaxa edited #70
  • Jul 30 14:42
    karelmaxa synchronize #70
  • Jul 29 12:50
    michbart opened #71
  • Jul 21 13:20

    karelmaxa on 1.5.2.x

    [maven-release-plugin] prepare … (compare)

  • Jul 21 13:20

    karelmaxa on 1.5.2.1

    (compare)

  • Jul 21 13:20

    karelmaxa on 1.5.2.x

    [maven-release-plugin] prepare … (compare)

  • Jul 21 13:13

    karelmaxa on master

    [maven-release-plugin] prepare … (compare)

  • Jul 21 13:13

    karelmaxa on 1.5.2.x

    (compare)

  • Jul 21 13:12

    karelmaxa on master

    [maven-release-plugin] prepare … (compare)

  • Jul 21 12:54
    karelmaxa commented #7
  • Jul 21 12:54
    karelmaxa closed #7
  • Jul 21 12:54
    karelmaxa closed #6
  • Jul 21 12:54
    karelmaxa commented #6
  • Jul 21 12:51
    karelmaxa commented #8
  • Jul 21 12:51
    karelmaxa commented #9
  • Jul 21 12:51
    karelmaxa closed #9
  • Jul 21 12:51
    karelmaxa commented #9
Pavel Horal
@pavelhoral
*://*:*/*?*
Sandro
@stonick
yes, thi is the canonic method but, in several cases we have query strings that contains other '?' so we have to write policy resource as:
://:/??? and so on due to the "" wildcard doesn't include the "?" character
*://*:*/*?*?*?*
Pavel Horal
@pavelhoral
Is question mark even a valid character there? Shouldn't it be encoded?
Hm, RFC allows that - https://tools.ietf.org/html/rfc3986#section-3.4. So that might be a bug.
Pavel Horal
@pavelhoral
*://*:*/*?* should (in theory) match http://example.com/foo?bar?baz
Sandro
@stonick
in order:
1, To encode the '?' it's necessary an apache before the actual architecture because the AM agent intercepts the before all. We would avoid this.
  1. Your example match exactly with our problem ... doesn't match!!!

sorry ... somthing incomplete ...

  1. To encode the '?' it's necessary an apache before the actual architecture because the AM agent intercepts calls the before all. We would avoid this.

  2. Your example match exactly with our problem ... doesn't match!!!

Pavel Horal
@pavelhoral
I will need to check source code for this as I am not sure which component is responsible for this.
Sandro
@stonick
ok, thanks
we remain waiting hoping in a solution
Pavel Horal
@pavelhoral
I have created issue WrenSecurity/wrenam#44 . Unfortunatelly I need to work on a different project right now, but maybe someone else will pick it up from there.
Sandro
@stonick
Thank you
Jiří Špaček
@geostarling

hi wrens!

FYI, the wrensecurity.org domain expires on 2019-06-01:

Domain Name: WRENSECURITY.ORG
Registry Domain ID: D402200000002592295-LROR
Registrar WHOIS Server: whois.regtons.com
Registrar URL: http://subreg.cz
Updated Date: 2018-05-29T13:03:59Z
Creation Date: 2017-06-01T15:04:05Z
Registry Expiry Date: 2019-06-01T15:04:05Z
Registrar Registration Expiration Date:
Registrar: Gransy s.r.o.
Registrar IANA ID: 1505
Registrar Abuse Contact Email: abuse@regtons.com
Registrar Abuse Contact Phone: +420.734463373
Reseller:
Domain Status: ok https://icann.org/epp#ok
Registrant Organization: Whois protection, this company does not own this domain name s.r.o.
Registrant State/Province:
Registrant Country: CZ
Name Server: NS.GRANSY.COM
Name Server: NS2.GRANSY.COM
Name Server: NS4.GRANSY.COM
Name Server: NS3.GRANSY.COM
Name Server: NS5.GRANSY.COM
DNSSEC: unsigned
URL of the ICANN Whois Inaccuracy Complaint Form https://www.icann.org/wicf/
>>> Last update of WHOIS database: 2019-05-24T09:10:25Z <<<
cc @pavelhoral
Pavel Horal
@pavelhoral
@geostarling No worries. It should be set up for autorenew :)
Michael Power
@dodtsair
The wrensecurity site says that ForgeRock is not involved in the wren suite's development. But when I go to wrenidm it mentions in the readme "The project is led by ForgeRock". So which is it?
Jasper Siepkes
@siepkes
@dodtsair There is no affiliation with ForgeRock. Thats probably something we didn't see. We welcome PR's!
Alessandro Zucchelli
@AleZucchelli93_twitter
image.png
Hi to everyone :)
I have an issue during the build of WrenAM.
I clone the branch wrenam-sustaining-13.5.x
but I have this error:
And this error
image.png
Can someone help me?
Pavel Horal
@pavelhoral
What command are you using for the build?
Also I don't understand why your maven tries to download AM dependencies from your custom (possibly mirror-of central) nexus repo. Those dependencies are in jfrog repo.
Alessandro Zucchelli
@AleZucchelli93_twitter
I use this command mvn -Dignore-artifact-sigs clean install
Can I have the jfrog url repos?
Alessandro Zucchelli
@AleZucchelli93_twitter
Pavel Horal
@pavelhoral
Why Forgerock git repo?
Alessandro Zucchelli
@AleZucchelli93_twitter
Pavel Horal
@pavelhoral
image.png
Alessandro Zucchelli
@AleZucchelli93_twitter
Thanks.
I think I have a little problem with my client.
Can I have the correct URL for git clone?
Pavel Horal
@pavelhoral
Not sure what you mean... you have to clone the project from GitHub (https://github.com/WrenSecurity/wrenam.git), then switch to branch sustaining/13.5.x and mvn package or install it with JDK 8 (I don't think the build works with 11)
JFrog (maven) repo should work out of the box as that is what is configured inside pom.xml.
Alessandro Zucchelli
@AleZucchelli93_twitter
Thanks for your help.
Now I try to rebuild
Alessandro Zucchelli
@AleZucchelli93_twitter
I think I missing one step.
but I don't know were.
I have this error now
image.png
Pavel Horal
@pavelhoral
Seems like SSL error with JFrog. Check your system time and date.
The certificate is pretty fresh there (one week).
Alessandro Zucchelli
@AleZucchelli93_twitter
Thanks a lot Pavel :)
Have a good day
Mike Schwartz
@nynymike
Hi guys
The SSL certificate on wrensecurity.org expired on 8/20
My browser won't let me navigate there :-)
I hope Wren Security is still active.
Using the "Open Identity Platform" is not a viable option for us
We can't sell a Russian product to the US gov't.
We'll have to go back to building our own binary
Pavel Horal
@pavelhoral
We are still active. Will fix the certificate tomorrow and make sure it is being renewed automatically. Thank you.
Mike Schwartz
@nynymike
awesome!
Martin Čížek
@martincizek
Hey @nynymike! Quite embarrassing, appreciate you've reported it!
The certificates are actually renewed and provisioned automatically, so I've had it checked. The issue was surprisingly too long uptime of the http service, causing it to use old memory-cached cert for a month after its replacement on disk.
We've changed the provisioning to force config reloads.
Mike Schwartz
@nynymike
No worries Martin. Thanks for fixing it.