-
npm
To view the built site, launch a local server:
-
npm start
-
In a browser tab, go to
localhost:8000
Neo4j Operations documentation
npm
To view the built site, launch a local server:
npm start
In a browser tab, go to localhost:8000
The description of dbms.security.logs.ldap.groups_at_debug_level_enable
is as follows:
When set to
true
, will log the groups retrieved from the ldap server. This will only take effect when the security log level is set toDEBUG
.WARNING: It is strongly advised that this is set tofalse
when running in a production environment in order to prevent logging of sensitive
But what setting does "the security log level" refer to? This should be changed to the actual configuration setting.
Hello!
I followed this Manual
I generated a TLS certificate by certbot for godaddy domain name.
I added it to the kubernetes secret.
Created the following ingress-values.yaml
reverseProxy:
image: neo4j/helm-charts-reverse-proxy:5.12.0
serviceName: "neo4j-lb"
ingress:
enabled: true
tls:
enabled: true
config:
- secretName: "mydomain-tls" <--- set the secret
hosts:
- mydomain.com <--- set the domain name
After step Install the Reverse proxy Helm chart the rp-reverseproxy-ingress.yaml was generated and deployed. Here is the part of that yaml:
spec:
ingressClassName: nginx
rules:
- http:
paths:
- backend:
service:
name: rp-reverseproxy-service
port:
number: 443
path: /
pathType: Prefix
tls:
- hosts:
- mydomain.com
secretName: mydomain-tls
But it will not work. Here is the right yaml piece of configuration:
spec:
ingressClassName: nginx
rules:
- host: mydomain.com <--- added this key
http:
paths:
- backend:
service:
name: rp-reverseproxy-service
port:
number: 443
path: /
pathType: Prefix
tls:
- hosts:
- mydomain.com
secretName: mydomain-tls
I'n not sure, where should I go?
Hi Team,
We are working with Neo4J SSO integration with PingFederate 11.x, However we 're getting an exception & have some queries on this setup.
1) Does Neo4j supports SSO authentication and authorization through PingFederate as a identity provider implementing the OpenID Connect (OIDC) standard?
As per this documentation, it is mentioned support for Okta, Azure, Google etc.
2) Need to know whether Neo4j SSO authentication and authorization is designed to work only with Okta, Azure, Google only? As based on this documentation the configuration is provider-specific using prefix represented by <provider>
.
Based on this below OIDC configuration is created for PingFederate:
dbms.security.authentication_providers=oidc-ping
dbms.security.authorization_providers=oidc-ping
dbms.security.oidc.ping.display_name=ping
dbms.security.oidc.ping.audience=myAud
dbms.security.oidc.ping.auth_flow=implicit
dbms.security.oidc.ping.config=principal=unique_name;code_challenge_method=S256;token_type_principal=access_token;token_type_authentication=access_token
dbms.security.oidc.ping.token_endpoint=https://myhostname:9031/as/token.oauth2
dbms.security.oidc.ping.auth_endpoint=https://myhostname:9031/as/authorization.oauth2
dbms.security.oidc.ping.issuer=https://myhostname:9031
dbms.security.oidc.ping.params=client_id=myClientID;response_type=token;client_secret=myClientSecret;scope=openid
dbms.security.oidc.ping.claims.username=username
Also, tried using below configuration for PingFederate:
dbms.security.authentication_providers=oidc-ping
dbms.security.authorization_providers=oidc-ping
dbms.security.oidc.ping.display_name=Ping
dbms.security.oidc.ping.auth_flow=pkce
dbms.security.oidc.ping.well_known_discovery_uri=https://myhostname:9031/.well-known/openid-configuration
dbms.security.oidc.ping.auth_endpoint=https://myhostname:9031/as/authorization.oauth2
dbms.security.oidc.ping.audience=myAud
dbms.security.oidc.ping.params=client_id=myClientID;response_type=code;scope=openid
dbms.security.oidc.ping.token_params=client_secret=myClientSecret
dbms.security.oidc.ping.claims.username=username
dbms.security.oidc.ping.jwks_uri=https://myhostname:9031/pf/JWKS
3) We are getting an exception at Neo4j end as below, Moreover the Neo4J does not makes any request to PingFederate Idp as exception comes at Neo4J end:
2023-11-20 15:31:05.488+0000 WARN {OidcRealm: oidc-ping}: Failed to authenticate user 'demo'. JWT is not valid for this realm.
2023-11-20 15:31:05.489+0000 ERROR failed to log in: invalid principal or credentials`
While using JWT token:
{
"alg": "RS256",
"kid": "6554eWf3A81B8bhv6SBo",
"pi.atm": "5cnv"
}
{
"scope": "openid",
"client_id": "myClientID",
"iss": "https://myhostname:9031",
"aud": "myAud",
"jti": "Ytr3765DMoH1WgOcX",
"Username": "demo",
"username": "demo",
"exp": 1700159940
}
Note: The user demo
is stored in LDAP which is configured as a data store at PingFederate end.
4) For PingFederate IdP will there be a need to implement a custom auth provider for Neo4j like this? If yes then can you please provide a documentation reference or OOTB SSO solution from Neo4J will work?
5) We have enabled below loggers at Neo4J end, But these loggers are not helpful to debug the exception, Can you please suggest any additional loggers for this exception:
dbms.cluster.discovery.log_level=DEBUG
dbms.routing.driver.logging.level=DEBUG
db.logs.query.plan_description_enabled=true
server.logs.debug.enabled=true
dbms.security.logs.ldap.groups_at_debug_level_enabled=true
dbms.security.logs.oidc.jwt_claims_at_debug_level_enabled=true
Thanks,
--Rohit
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.