-
npm
To view the built site, launch a local server:
-
npm start -
In a browser tab, go to
localhost:8000
neo4j / docs-operations Goto Github PK
View Code? Open in Web Editor NEWNeo4j Operations documentation
docs-operations's Introduction
docs-operations's People
Contributors
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot]")
Stargazers
Watchers
Forkers
lidiazuin alexicawright hunterness smietana renetapopova gfx54b recrwplay ali-ince jpryce-aklundh jackwaudby l-heemann nick-giles-neo alexthomas04 mnd999 jiakangchang yirensum nilsceberg davidoliversp2 mauvo nataliaivakina emmaholmbergohlsson ikwattro oliviaytterbrink alexnb orthogonal3 kylecombes erichelgeson chrissenior parnmatt jamthief gem-neo4j fabiim armagankaratosun conorneo isabella232 hannessandberg marlinmr htsedebenham vgazdag phil198 davidlrosenblum mikeblum roxling wawrzek santolisco fiquick eeereee-ereer fbiville mfreeman451 wilconeo clpm88 tomatcocreate brunobuss janesenaj42 nielsdejong sherfert arnefischereit sachinvasant smithnadocs-operations's Issues
A doc question
In this image, the memory heap size of the docker container is set by NEO4J_server_memory_heap_max__size, is this right or a typo because there are 2 underscores before size.
I tried to set this env for my docker container instance but the memory neo4j server used is still about 500M.
What does this refer to?
The description of dbms.security.logs.ldap.groups_at_debug_level_enable is as follows:
When set to
true, will log the groups retrieved from the ldap server. This will only take effect when the security log level is set toDEBUG.WARNING: It is strongly advised that this is set tofalsewhen running in a production environment in order to prevent logging of sensitive
But what setting does "the security log level" refer to? This should be changed to the actual configuration setting.
Incorrect yaml configuration creation for neo4j-reverse-proxy
Hello!
I followed this Manual
I generated a TLS certificate by certbot for godaddy domain name.
I added it to the kubernetes secret.
Created the following ingress-values.yaml
reverseProxy:
image: neo4j/helm-charts-reverse-proxy:5.12.0
serviceName: "neo4j-lb"
ingress:
enabled: true
tls:
enabled: true
config:
- secretName: "mydomain-tls" <--- set the secret
hosts:
- mydomain.com <--- set the domain name
After step Install the Reverse proxy Helm chart the rp-reverseproxy-ingress.yaml was generated and deployed. Here is the part of that yaml:
spec:
ingressClassName: nginx
rules:
- http:
paths:
- backend:
service:
name: rp-reverseproxy-service
port:
number: 443
path: /
pathType: Prefix
tls:
- hosts:
- mydomain.com
secretName: mydomain-tls
But it will not work. Here is the right yaml piece of configuration:
spec:
ingressClassName: nginx
rules:
- host: mydomain.com <--- added this key
http:
paths:
- backend:
service:
name: rp-reverseproxy-service
port:
number: 443
path: /
pathType: Prefix
tls:
- hosts:
- mydomain.com
secretName: mydomain-tls
I'n not sure, where should I go?
Does Neo4J supports SSO integration with PingFederate Identity Provider
Hi Team,
We are working with Neo4J SSO integration with PingFederate 11.x, However we 're getting an exception & have some queries on this setup.
1) Does Neo4j supports SSO authentication and authorization through PingFederate as a identity provider implementing the OpenID Connect (OIDC) standard?
As per this documentation, it is mentioned support for Okta, Azure, Google etc.
2) Need to know whether Neo4j SSO authentication and authorization is designed to work only with Okta, Azure, Google only? As based on this documentation the configuration is provider-specific using prefix represented by <provider>.
Based on this below OIDC configuration is created for PingFederate:
dbms.security.authentication_providers=oidc-ping
dbms.security.authorization_providers=oidc-ping
dbms.security.oidc.ping.display_name=ping
dbms.security.oidc.ping.audience=myAud
dbms.security.oidc.ping.auth_flow=implicit
dbms.security.oidc.ping.config=principal=unique_name;code_challenge_method=S256;token_type_principal=access_token;token_type_authentication=access_token
dbms.security.oidc.ping.token_endpoint=https://myhostname:9031/as/token.oauth2
dbms.security.oidc.ping.auth_endpoint=https://myhostname:9031/as/authorization.oauth2
dbms.security.oidc.ping.issuer=https://myhostname:9031
dbms.security.oidc.ping.params=client_id=myClientID;response_type=token;client_secret=myClientSecret;scope=openid
dbms.security.oidc.ping.claims.username=username
Also, tried using below configuration for PingFederate:
dbms.security.authentication_providers=oidc-ping
dbms.security.authorization_providers=oidc-ping
dbms.security.oidc.ping.display_name=Ping
dbms.security.oidc.ping.auth_flow=pkce
dbms.security.oidc.ping.well_known_discovery_uri=https://myhostname:9031/.well-known/openid-configuration
dbms.security.oidc.ping.auth_endpoint=https://myhostname:9031/as/authorization.oauth2
dbms.security.oidc.ping.audience=myAud
dbms.security.oidc.ping.params=client_id=myClientID;response_type=code;scope=openid
dbms.security.oidc.ping.token_params=client_secret=myClientSecret
dbms.security.oidc.ping.claims.username=username
dbms.security.oidc.ping.jwks_uri=https://myhostname:9031/pf/JWKS
3) We are getting an exception at Neo4j end as below, Moreover the Neo4J does not makes any request to PingFederate Idp as exception comes at Neo4J end:
2023-11-20 15:31:05.488+0000 WARN {OidcRealm: oidc-ping}: Failed to authenticate user 'demo'. JWT is not valid for this realm.
2023-11-20 15:31:05.489+0000 ERROR failed to log in: invalid principal or credentials`
While using JWT token:
{
"alg": "RS256",
"kid": "6554eWf3A81B8bhv6SBo",
"pi.atm": "5cnv"
}
{
"scope": "openid",
"client_id": "myClientID",
"iss": "https://myhostname:9031",
"aud": "myAud",
"jti": "Ytr3765DMoH1WgOcX",
"Username": "demo",
"username": "demo",
"exp": 1700159940
}
Note: The user demo is stored in LDAP which is configured as a data store at PingFederate end.
4) For PingFederate IdP will there be a need to implement a custom auth provider for Neo4j like this? If yes then can you please provide a documentation reference or OOTB SSO solution from Neo4J will work?
5) We have enabled below loggers at Neo4J end, But these loggers are not helpful to debug the exception, Can you please suggest any additional loggers for this exception:
dbms.cluster.discovery.log_level=DEBUG
dbms.routing.driver.logging.level=DEBUG
db.logs.query.plan_description_enabled=true
server.logs.debug.enabled=true
dbms.security.logs.ldap.groups_at_debug_level_enabled=true
dbms.security.logs.oidc.jwt_claims_at_debug_level_enabled=true
Thanks,
--Rohit
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.