#!/bin/bash
#
# noodle_datamanager_report_get.sh
#
set -e
U=$1
P=$2
F=$3
R=$4
SITE="https://domain.tld"
COOKIE=noodle_cookie.tmp
if [ "$R" == "" ] ; then
echo NO >&2
exit 1
fi
if [ -f $COOKIE ] ; then
echo "already running"
exit 2;
fi
wget -q "$SITE/HandleLogin.po" --post-data="user_name=$U&user_password=$P" --keep-session-cookies --save-cookies $COOKIE -O /dev/null
wget -q "$SITE/datamanager/ReportView.po?folder=$F&reportHandle=$R&itemsPerPage=99" --load-cookies $COOKIE -O -
rm $COOKIEUser Usage
API
IWA Debug
Microsoft checklist here.
Server list SPNs:
setspn -l %NoodleServiceAccount
Client list cached tickets:
klist get HTTP/%noodle.domain.tld
Client uncache tickets:
klist purge
The following information can be obtained with Wireshark;
[truncated]Authorization: Negotiate YIG...NER
GSS-API Generic Security Service Application Program Interface
OID: 1.3.6.1.5.5.2 (SPNEGO - Simple Protected Negotiation)
Simple Protected Negotiation
negTokenInit
mechTypes: 4 items
MechType: 1.2.840.48018.1.2.2 (MS KRB5 - Microsoft Kerberos 5)
MechType: 1.2.840.113554.1.2.2 (KRB5 - Kerberos 5)
MechType: 1.3.6.1.4.1.311.2.2.30 (NEGOEX - SPNEGO Extended Negotiation Security Mechanism)
MechType: 1.3.6.1.4.1.311.2.2.10 (NTLMSSP - Microsoft NTLM Security Support Provider)
mechToken: 6092a864886...
krb5_blob: 6092a864886...
KRB5 OID: 1.2.840.113554.1.2.2 (KRB5 - Kerberos 5)
krb5_tok_id: KRB5_AP_REQ (0x0001)
Kerberos
ap-req
pvno: 5
msg-type: krb-ap-req (14)
Padding: 0
ap-options: 20000000 (mutual-required)
0... .... = reserved: False
.0.. .... = use-session-key: False
..1. .... = mutual-required: True
ticket
tkt-vno: 5
realm: INTRA.NET
sname
name-type: kRB5-NT-SRV-INST (2)
sname-string: 2 items
SNameString: HTTP
SNameString: intra.net
enc-part
etype: eTYPE-ARCFOUR-HMAC-MD5 (23)
kvno: 2
cipher: 678ed5435c9ec4d6...
authenticator
etype: eTYPE-ARCFOUR-HMAC-MD5 (23)
cipher: 62a133014138848d900d436...SAML Debug
The following information can be obtained with Wireshark or with Noodle DEBUG;
https://intranet.onelogin.com/trust/saml2/http-post/sso/699546?SAMLRequest=fVLLbtsw...%2FkD&RelayState=https%3A%2F%2Fintra.net%2FSAML.poShould be sent to the IdP which before it is deflated and base 64 encoded looks like
<samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="-5abe3a1a-1671d27aa18--8000" Version="2.0" IssueInstant="2018-11-16T15:33:17Z" ProviderName="Noodle" Destination="https://intranet.onelogin.com/trust/saml2/http-post/sso/699546" ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" AssertionConsumerServiceURL="https://intra.net/SAML.po">
<saml:Issuer>Noodle</saml:Issuer>
<samlp:NameIDPolicy Format="urn:oasis:names:tc:SAML:2.0:nameid-format:encrypted" AllowCreate="true" />
<samlp:RequestedAuthnContext Comparison="false">
<saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml:AuthnContextClassRef>
</samlp:RequestedAuthnContext>
</samlp:AuthnRequest>The IdP should reply with "Content-Type: application/x-www-form-urlencoded" containing "SAMLResponse: PHN...fCg==" which when base 64 decoded looks like
<samlp:Response xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ID="R6229535893ec8f41746de8cd0bb42fe1008d88a7" Version="2.0" IssueInstant="2018-11-16T15:33:18Z" Destination="{recipient}" InResponseTo="-5abe3a1a-1671d27aa18--8000">
<saml:Issuer>https://app.onelogin.com/saml/metadata/699546</saml:Issuer>
<samlp:Status>
<samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" />
</samlp:Status>
<saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" Version="2.0" ID="pfx95004805-783d-f0ee-f32d-17d50ca7ef90" IssueInstant="2018-11-16T15:33:18Z">
<saml:Issuer>https://app.onelogin.com/saml/metadata/699546</saml:Issuer>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
<ds:Reference URI="#pfx95004805-783d-f0ee-f32d-17d50ca7ef90">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue>uCsDHp/wXNnMIz7nkq2D7OF81zY=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>QbDsbkTMULdxYmiV8lu64jUE4BNj7ETQvUhjlgHrbaUKMaUdnluJma8T9jh8WOUEQw+Of/MGP4hMJE18f2XOJJK3X3VQnlggE5z98xjHrP0SugRH+elgQpOVkB9ht685UXtzRF6SVAIwstOGphOgqgGRwrG9fPQpN6DAKr00IOc6ItM7cbhVnA+EA8iHP8WP0n+VZXkdub9Sb/tgVkimih3/7DZPIWi6FpmlsTN88mlxBXJKnslr1Iw0ZLqLjR5dJSFz7SHrkBijirFf/kOydoQeOQrRS+6XzOmXayWCP2hHWXVvr5Ye1GbDZyjKTxMpObc+Lv6nj7llC1Mal2M0cw==</ds:SignatureValue>
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>MIIEFzCCAv+gAwIBAgIUUVsi+5GzFHp5EeCzav01iiNyreEwDQYJKoZIhvcNAQEFBQAwWDELMAkGA1UEBhMCVVMxEDAOBgNVBAoMB1ZpYWxlY3QxFTATBgNVBAsMDE9uZUxvZ2luIElkUDEgMB4GA1UEAwwXT25lTG9naW4gQWNjb3VudCAxMDkzNzAwHhcNMTcwNjI1MTYzMjM5WhcNMjIwNjI2MTYzMjM5WjBYMQswCQYDVQQGEwJVUzEQMA4GA1UECgwHVmlhbGVjdDEVMBMGA1UECwwMT25lTG9naW4gSWRQMSAwHgYDVQQDDBdPbmVMb2dpbiBBY2NvdW50IDEwOTM3MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMFTuHcxpp8/hhD8BepAo8EI9AT7dACYFfISZo9IEcBMI1af3p/mm+lV9Iz1ZvoFTddIxHQMVe686segtdkg+p/LA+bWETyRv59yDfH8B3avZkbZkXR7lYq+noMMpQwoA3JYDcJGp9Hoh7FHuhCEZZQCGMuUbGaHMTMaMipzPB7AI9Bg6nZpTmDRqzPEd6SzKJHs18W2dZxJA+lDfze2tfyBaAuC2VFqJ3R2NZhZtpUE7IqCG67zv3ItLNk0sDqPEU3/LSIGyT0+fYcVEraBpIMkLp4MQDcihyTWZSVfhdxaOr0Fn4fUV9aTS/a1a5gybK/zat0cs6pJDgBSfoh9xRUCAwEAAaOB2DCB1TAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBQFLDFhCLxjqc6f+cwpm7YnNZH2PTCBlQYDVR0jBIGNMIGKgBQFLDFhCLxjqc6f+cwpm7YnNZH2PaFcpFowWDELMAkGA1UEBhMCVVMxEDAOBgNVBAoMB1ZpYWxlY3QxFTATBgNVBAsMDE9uZUxvZ2luIElkUDEgMB4GA1UEAwwXT25lTG9naW4gQWNjb3VudCAxMDkzNzCCFFFbIvuRsxR6eRHgs2r9NYojcq3hMA4GA1UdDwEB/wQEAwIHgDANBgkqhkiG9w0BAQUFAAOCAQEAG/YWVdBSvyUjpO8s97Z7KPo843putSf0jgiDHtD8FGddNmdRbAwPbzWBnFupZGyPPgogoEoTRqgRalPvV0xP4PmBMJuAYssI+vwqsj9cqr4pXzpqcsGzJct8SeWSvBqbzBbu+OMbSJ5hm3RvbzSjY6nNAHY7gMe0+7V5Cd+0vzGvmSeXFnKgW7HGlP/98gmDf7KpJYmQmFDITMFc0IS0BQb13SWd7FHVchIXukqqUFFpczWx2cwUmNq1TqcGZESA3XEGbtiJ0HoEmSIQA2RLGSgEPSUgMV+UM8MhYf/bQx6VAInizM/10IokZaAQn2fzz0m5uIbf2qSMXBBoYWWWng==</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</ds:Signature>
<saml:Subject>
<saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">tim@intra.net</saml:NameID>
<saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
<saml:SubjectConfirmationData NotOnOrAfter="2018-11-16T15:36:18Z" Recipient="{recipient}" InResponseTo="-5abe3a1a-1671d27aa18--8000" />
</saml:SubjectConfirmation>
</saml:Subject>
<saml:Conditions NotBefore="2018-11-16T15:30:18Z" NotOnOrAfter="2018-11-16T15:36:18Z">
<saml:AudienceRestriction>
<saml:Audience>{audience}</saml:Audience>
</saml:AudienceRestriction>
</saml:Conditions>
<saml:AuthnStatement AuthnInstant="2018-11-16T15:33:17Z" SessionNotOnOrAfter="2018-11-17T15:33:18Z" SessionIndex="_c9a77760-cbdb-0136-fc65-0233ce1b6e10">
<saml:AuthnContext>
<saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml:AuthnContextClassRef>
</saml:AuthnContext>
</saml:AuthnStatement>
</saml:Assertion>
</samlp:Response>
Integration
Noodle supports the following integrations:
- Authentication
- Media
UnsplashYoutube
Vimeo
- Files
Google Drive (OAuth)
- Calendars (iCal)
GoogleMicrosoft
- Scripting (bash)
- email (SMTP)
Postfix- etc
- RDBMS (SQL)
PostgreSQL
MareaDB
MySQL
CockroachDB + CephOracle
- Web Browsers
Firefox
Chromium
- Indexing (CLI)
TensorFlowMS Office
Adobe
LibreOffice
OpenAI Whisper
Tesseract
- etc
UI Customization (JS/CSS)- Weather
- RSS
- etc
server scripting (
Ubuntu (Drive
- Create a drive key and secret
- Put them in "System Tools > Settings > General > Google Drive OAuth"
- Note that OAuth requires your Noodle server to be accessed via a public domain
- Enable in the "Administration > Properties" of the folder you want to connect.
- View the folder and follow the prompts.
Bug Reports
When something unexpected happens Noodle will ask you what you were doing and email a stack trace to Vialect. Bug reports may also be sent to techsupport@vialect.com. Please use saleshelp@vialect.com for any other inquiries.
Please provide the following to help us reproduce and correct issues faster:
- Minimal steps to reproduce the issue from scratch. Possibly relevant details:
- The URL
- The version of Noodle
- The version of Web Browser
- The version of Operating System
- A username and password
- An ordered list of buttons/links clicked
- Sample file/data
- Expected behavior, possible details:
- 720p mockup of desired appearance with min and max sample data.
- Actual behavior, possible details:
- A full resolution screen shot including address and scroll bars
- Web Browser console output
- Web Browser network log (HAR)
- The source of any warning pages (wrong format, missing parameter)
- The source of any email
- A zip of the Noodle/log folder
- Observe email educate
- A short descriptive email subject
- Reply to the email thread only for the same issue
- Don't make new threads for the same issue.
- Avoid requesting thread history review.
- Do not place legal or print notes in signatures or otherwise bloat them.
- Use text in favor of images
- Use attachments not overlays/embeds of images or text
- Be concise.
Leaving out information leads to Vialect spending less time creating solutions and more time attempting to reproduce issues and linking to this page.
ical
Noodle can import and export ical and supportts the non-standard TTY;
X-PUBLISHED-TTL:PT1H
REFRESH-INTERVAL;VALUE=DURATION:P1Hmailto limits
mailto has no defined limit on the number of characters but there are limits in practice (as of 2015)
Web Browsers:
- Apple Safari
- 705000000
- Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/601.1.56 (KHTML, like Gecko) Version/9.0 Safari/601.1.56
- limited by 16GB RAM
- Mozilla Firefox
- 268435455
- Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:41.0) Gecko/20100101 Firefox/41.0
- limited by maximum string length
- Google Chrome
- 2097132
- Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.101 Safari/537.36
- limited without explanation
- Microsoft Internet Explorer
- 2029
- Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; rv:11.0) like Gecko
- limited without explanation
Email Clients:
- Mozilla Thunderbird
- 2097132 works in 1 second
- 268435455 uses 100% CPU for 2 minutes but fails to render the body and is not usable
- version 38.3.0
- SeaMonkey
- 2097132 works in 5 seconds
- 268435455 uses 100% CPU for a long time (more than 5 minutes)
- version 2.38
- Apple Mail
- 500000 works in 14 seconds
- 2097132 uses 100% CPU for a long time (more than 5 minutes)
- version 8.2
- Microsoft Outlook
- trims any url to 2070 in 1 second
- version 2013
File open results in windows authentication
There is a Microsoft Office bug (2019105) that will attempt WebDAV windows authentication from non WebDAV links. To work around this bug the server can specify the "Content-Disposition" header as an "attachment" (requesting the browser save the file instead of opening it). Microsoft Internet Explorer will still ask if you want to open the file but will not attempt WebDAV. When making links with ShowItemData.po use the "download" in place of the "filename" parameter. For example:
/ShowItemData.po?handle=123&download=file.ext