Jump to content

All Activity

This stream auto-updates     

  1. Today
  2. JulienP

    Bad Request - Invalid Hostname

    Solved, I had to add a new binding :
  3. Hello everyone, I am trying to access Passwordstate which is installed/hosted on my windows server 2016 from my computer, I first tried accessing it via https://171.33.95.8:9119 . Except I get this error : HTTP Error 400. The request hostname is invalid. I cannot access it via its hostname directly at all. Here are my bindings server side: The only way I found to solve this problem, is to add this line "171.33.95.8 win-sdiopbi3jsh" in the file /etc/hosts client side. But that not what I want ... My goal is to access my site Passwordstate hosted by my windows server 2016 from any computer for now. Do you have any advice on how to solve this ? Thanks :-)
  4. Yesterday
  5. 'Administrator’ right on individual password records, so that account owners could approve access to passwords for accounts they own e.g service/system account password a developer needs access to though API.
  6. support

    Offline Access

    We agree, which is why we have not implemented this yet, but we keep getting requests for it So we would need to provide this as an option, so customers can enable/disable as required. Currently we do not have the ability to export all passwords the user has access to, and we think they would prefer a nicer option than a password protected zip file - not really that usable on mobile phones. Regards Click Studios
  7. For anyone that is looking at setting up a Nginx proxy with Passwordstate, we have received some information below from another customer which may help. Big thanks to Brandon for this:) Here at Click Studios, we have never set up one of these proxies ourselves, but hopefully the information Brandon has provided us can help point you in the right direction, if you are running in to any issues. If anyone would like to add anything to this, please feel free to do so. Example of Config for Nginx: ------- server { listen 192.168.99.99:443 ssl http2; server_name passwordstate.proxy.com ; location / { proxy_pass https://10.10.10.99:9119; proxy_set_header Host internalpasswordstate.server.domain; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } ------- Brandon has given this detailed explanation of each of the above settings: " Listen 192.168.99.99 (this is the proxy IP, sits behind behind firewall on DMZ) Server_Name passwordstate.proxy.com (public domain with certificate, let's encrypt works fine, dons points to public IP of firewall, proxy server will look for this server name for any packet forwarded to it's ip from the firewall, only 80 and 443 are forwarded) Listen / (Just tells proxy to list on root of server name so passwordstate.proxy.com/ ) Proxy pass https://10.10.10.99:9119 (Internal IP of passwordstate server, if it's in different subnet firewall rules must allow traffic to and from proxy server to password state server to port 9119) Proxy_set_header Host internalpasswordstate.server.domain (This allows the passwordstate server to keep its existing dns name, just changes the packet headers to match, important otherwise you can't login) Last two lines are for forwarding the real IP address for logging. All the rest of nginx setup, like specifying ssl certificate and what not I didn't include but thats pretty standard. I'm happy to send more details on anything. Once I had set the X-Fordwarding in the Password state administrator and rebooted, IP's did start to show correctly for Web. "
  8. Sarge

    Offline Access

    In that case there is already an export passwords feature that could be used, additionally exporting all passwords they have access to could be hundreds (thousands in our case), which is a huge security risk. I can see the use case for this - if it were a per-password list implementation (With an adjustable limit as to how many lists/passwords could be "offline").
  9. Last week
  10. support

    How to disable SAML while locked out ?

    Thanks for the forum post and the solution to this was to recover the emergency access password, and reverse out the changes using the emergency login. For anyone else reading this, we managed to work with olbaid over email to do this:) Regards, Support
  11. support

    Offline Access

    Hi Sarge, We believe the customer's request was to export all passwords they have access to, in some sort of offline manner - so we don't think checking out all passwords would necessarily work in this instance. Not sure if there is any ideal solution for this. Regards Click Studios
  12. Hello everyone. While testing Passwordstate, I was trying the SAML functionality, which isn't working with my IdP. I was expecting to change back to form logging before being signed out, but I've been too slow, and am now signed out, and can't log back in with local accounts. I've looked around the Database but failed to find the configuration entry. I've looked around the Registry and there's no Passwordstate entries looking like authentication settings. Do you have any advice on how to restore this ? Thanks :-)
  13. Sarge

    Offline Access

    +1 I'd suggest it to utilize the existing check-out/check-in system so the passwords aren't modified by another user while being 'offline' (however, they do remain viewable).
  14. support

    Offline Access

    A customer has requested an offline version of Passwords a that you have access to, in the event you are out at a site with no internet access. The idea being your export some data to a local file on your phone, or tablet etc before you go to site, and you'll be able to search through this file for passwords with out having connectivity to your Passwordstate web site. We haven't thought ourselves about a secure way we can do this yet, but if we get enough interest in this we'll look into it sooner rather than later. If this is something that you think you'll benefit from, please give it a thumbs up here, or any comments you like to help us understand how our community could use a feature like this? Regards, Support
  15. support

    Added AD Users for password Reset portal

    Hello, We've just finished some testing on this, and while it picks up computer accounts when searching for AD users, it will not cause any issues with the Security Group Synchronization process - computer objects are not returned when we enumerate a Security Group. We'll look into what's involved to exclude these from the search, and for now, please don't add those objects into the database. Regards Click Studios
  16. Anybody know why when adding users to Reset portal that not only does it return users but computer accounts as well based on the search. My understanding that you can define the AD search query string in AD and it will only search within that realm.
  17. support

    Search for Compromised Passwords

    Hi Parrishk, You cannot search for the value of the passwords in Passwordstate, as it's an encrypted field. If you go to the screen Administration -> Reporting, and run the report 'Passwords Strength Compliance Status', the last column on this grid is 'Bad Password', and that will highlight if there is a bad password match - but we do not reveal the password here. If you need to search for the values of Passwords, then your only real option here is to export all password to the password protected zip file, and then search through the CSV - although, this would be for Shared Password Lists only, not Private. Regards Click Studios
  18. Hello, Seeking advise on what I am trying to accomplish. Thankful for the recent addition of HIBP and the value it provides moving forward but I am looking at: Running a report to list all accounts that have a "bad" password and is already stored in the DB Searching all accounts by password. For example, if we found out that Password123 is "weak"...how do I search for all accounts with the password "Password123" so they can be addressed? Thanks!
  19. Hi Team, We already able to hide/disable Password Lists and Password Folders in Administration menu for Security Administrators, but while my user want see how looks like the emergency access, then they saw menu of Password Lists and Password Folder. So the asking to request to support to able disable menu of Password Lists and Password Folders. Need your help to have menu same like in security administrators menu for Emergency Access, so we able to allow or disallow some list menu for Emergency menu especially for Password List and Password Folders. Having menu for emergency access will be great. I appreciate your assistance, thank you very much. Regards, Bobs
  20. support

    Authentication with Okta issues

    Hi Stephen, If you want all user to use SAML authentication, then you need to select this on the screen Administration -> System Settings -> Authentication Options tab - are you saying it's "greyed out" on this screen, as I'm not sure this is possible? Can you also explain a little further what you mean by 'Forms based authentication prompt'? Is this a browser prompt, or one of our login screen UI's? If it's a browser prompt, then possible the incognito mode is causing this, and if you like, you can enable Anonymous Authentication for the site in IIS - when this is enabled, you should never see a browser prompt at all. If you do not want SAML auth for everyone, then you can do the following: 1. Ensure Anonymous Authentication for the site in IIS is disabled, and only Windows Authentication is enabled 2. Then create a User Account Policy on the screen Administration -> User Account Policies, select the SAML Authentication option, and then apply permissions to the policy for the users who are to receive it. If you get browser prompts because of disabling Anonymous Authentication for the site, please reference the following forum post for this - https://www.clickstudios.com.au/community/index.php?/topic/152-why-am-i-being-prompted-to-enter-my-authentication-details/ We hope this helps. Regards Click Studios
  21. v8.6 (Build 8627) I have configured SAML authentication with Okta in our PWS server, and the SAML assertion from Okta to PWS seems to work, but it requires opening the link from Okta twice. Similar to the steps for reproduction here: , when logging in to Okta with a clean incognito session, clicking on the PWS tile in Okta will open the PWS site but will then load the forms based authentication prompt. If I close that tab and open the Okta tile again, it will login correctly with SAML. (It will login with SAML the first time I click into it from Okta if I've opened the PWS site in a separate tab and there's some sort of session cookies present). I think this may be because the System wide authentication is set to Manual AD authentication, and I tried but am unable to set the Authentication options to SAML2 authentication for the user I'm testing with (it's greyed out). Is this expected behaviour, and would SAML authentication work first time with a clean session if I set the system wide authentication settings to use SAML2 auth? Is there a way to eliminate the double hop without changing system wide auth for everyone? We have a large user base and I don't want to force enable SSO for everyone if it requires this double step
  22. Earlier
  23. Synopsis of Feature Request: Provide a restriction method either via user and/or group that allows assigning more granular permissions to users. Allowing restriction similar to client access where a user can only see one site, but extend that functionality to licensed users so you could have teams or users responsible for certain hosts, or client sites (MSP remote-site Locations) while still allowing them access to write, update and all other functions. Current Behavior: All licensed users can view all hosts When creating passwords and in various areas in the site, drop downs or selections allow users to select any site (internal, client 1, client 2) from menus Internal is the default for all licensed users and can not be removed Requested Behavior: Restrict users access to one or more sites User permissions can be set like currently, read, write, discover hosts, but all functions restricted only to site(s) they have access to. (internal, client 1, client 2, etc) Can only view or connect to hosts at sites they have permission for. No evidence or ability to view, see or access any other sites. - Won't be even able to see Client 2 as a drop down if they don't have permission for that site. Set different site as default, removing permission from internal and assigning to say Client 1 and Client 2, but not Client 3 or Internal. - Use case, help desk or third-party NOC you don't want in internal systems Benefit of Implementing Feature Request: MSPs or others managing passwords for clients or multiple offices would purchase additional licenses so that "end-users" or "client-admins" could add and edit records, providing additional revenue for passwordstate. While the free client licenses are an added benefit, there would be the ability to upgrade a client to a full user just for their site(s). This would reduce the time of the MSP updating records by allowing their clients to directly access, save or edit passwords. It would also allow them to provide Remote Session Launcher to end users reducing the cost of providing a third-party remote connection tool for clients to access their workstations / pc's remotely.
  24. We are using the Passwordstate Mobile website but would like to control access to this website as only staff members within IT will be needing access to the external mobile website. I would like to feature request the ability to enable/disable access to the mobile website on a per user basis in a similar way to the new 'Send Self-Destruct Message Permissions'. Thank.
  25. Hello TTumbler, Sorry, but we have not implemented this yet - you can vote on this feature request here if you like - https://www.clickstudios.com.au/community/index.php?/topic/2489-api-search-for-documents-by-name/ Regards Click Studios
  26. Hi Everyone, Today we have release build 8670, which includes 13 new updates, and 5 bug fixes. Full changelog can be found here - https://www.clickstudios.com.au/passwordstate-changelog.aspx. Regards Click Studios
  27. support

    Plugin documentation & test

    Hello tester22, Just letting you know that we have released build 8670 today, with the changes above. If you are yet to perform any upgrades of Passwordstate, you can use one of the methods described in this document - https://www.clickstudios.com.au/downloads/version8/Upgrade_Instructions.pdf. Probably section '5. Manual Upgrade Instructions' will be the quickest for you. We might also contact you directly to see if we can help you develop these scripts, with proper error capturing - if that is okay with you? Regards Click Studios
  28. Ferry Knol

    Secondary Radius server

    We would like to see that we are be able to add multiple Radius servers instead of just one. Hopefully this can be arranged easily and asap. kind regards, Ferry Knol
  29. support

    GET/PUT methods for Hosts

    Excellent, Glad this is all sorted now:) Regards, Support
  1. Load more activity
×