This issue is not really related to the server URL, rather to the tenant aware FE URL of the login page. This used to work earlier, but this was not tested recently with the introduction of SSO.
This should be a trivial fix. If anyone like to learn these stuff, I am happy to help. :) Thanks, Thilina On Mon, May 28, 2012 at 11:05 PM, Afkham Azeez <[email protected]> wrote: > Server URL is used for FE-BE separation. All FEs talks to BEs via URLs > they construct using Server URL. So you can run an FE separately & connect > to different BEs. Of course, the BE services required by the FEs should be > available in the BEs pointed to by the Server URL. Connecting to an ESB BE > using an AppServer FE will cause issues since all BE admin services > required by the AS FE are not there in the ESB viz-a-viz. > > Try starting two AS instances, and logging in from the FE in one AS > instance to the BE of another instance. That should work. > > > On Mon, May 28, 2012 at 11:00 PM, Kasun Gajasinghe <[email protected]>wrote: > >> >> Isn't this modifiable Server URL functionality actually broken? I tried >> few tests, and different products behaved differently when I tried to login >> from one server's management console to server's back-end. >> >> I tested this by starting up two servers ESB, and AppServer in ports >> 9444, and 9449 respectively. Then, I entered the ESB's Server URL ( >> https://localhost:9444/services/) in AppServer, and tried to log in with >> correct credentials. But it *couldn't log in*. It showed me the error >> [1] which is the same error you get when a wrong username/password is >> entered. The server log is at [2] >> >> Then I tried to login to AppServer from ESB. Which resulted in a >> different behavior. I *was *able to login, not to AppServer but to ESB >> itself!! As shown in the screenshot, it signed in as "*Signed-in as:* >> [email protected]:*9449*" but the server is actually running in port >> 9444. I can't perform any admin operation specific to ESB there either, as >> shown by the screenshot. >> >> Then I set a random port (say 9000) as Server URL in ESB, then it said a >> wrong username/password is entered! >> >> These are quite random behavior. Does the server url is actually meant to >> use for things like this? I'm confused. >> >> >> [1] The user name or password you entered is incorrect. Please try again >> [2] >> osgi> [2012-05-28 22:48:19,743] WARN - AuthenticationHandler Illegal >> access attempt at [2012-05-28 22:48:19,0743] from IP address 10.111.2.92 : >> Service is LoggedUserInfoAdmin >> [2012-05-28 22:48:19,745] ERROR - AxisEngine Access Denied. Please login >> first. >> org.apache.axis2.AxisFault: Access Denied. Please login first. >> at >> org.wso2.carbon.server.admin.module.handler.AuthenticationHandler.authenticate(AuthenticationHandler.java:83) >> at >> org.wso2.carbon.server.admin.module.handler.AuthenticationHandler.invoke(AuthenticationHandler.java:61) >> at org.apache.axis2.engine.Phase.invokeHandler(Phase.java:340) >> at org.apache.axis2.engine.Phase.invoke(Phase.java:313) >> at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:262) >> at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:168) >> at >> org.apache.axis2.transport.http.HTTPTransportUtils.processHTTPPostRequest(HTTPTransportUtils.java:172) >> at >> org.apache.axis2.transport.http.AxisServlet.doPost(AxisServlet.java:146) >> at >> org.wso2.carbon.core.transports.CarbonServlet.doPost(CarbonServlet.java:199) >> at javax.servlet.http.HttpServlet.service(HttpServlet.java:641) >> at javax.servlet.http.HttpServlet.service(HttpServlet.java:722) >> at >> org.eclipse.equinox.http.servlet.internal.ServletRegistration.handleRequest(ServletRegistration.java:90) >> at >> org.eclipse.equinox.http.servlet.internal.ProxyServlet.processAlias(ProxyServlet.java:111) >> at >> org.eclipse.equinox.http.servlet.internal.ProxyServlet.service(ProxyServlet.java:67) >> at javax.servlet.http.HttpServlet.service(HttpServlet.java:722) >> at org.wso2.carbon.bridge.BridgeServlet.service(BridgeServlet.java:164) >> at javax.servlet.http.HttpServlet.service(HttpServlet.java:722) >> at >> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:304) >> at >> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210) >> at >> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:240) >> at >> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:164) >> at >> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:462) >> at >> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:164) >> at >> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:100) >> at >> org.wso2.carbon.server.CarbonStuckThreadDetectionValve.invoke(CarbonStuckThreadDetectionValve.java:154) >> at org.wso2.carbon.server.TomcatServer$1.invoke(TomcatServer.java:254) >> at >> org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:563) >> at >> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118) >> at >> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:399) >> at >> org.apache.coyote.http11.Http11NioProcessor.process(Http11NioProcessor.java:396) >> at >> org.apache.coyote.http11.Http11NioProtocol$Http11ConnectionHandler.process(Http11NioProtocol.java:356) >> at >> org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1534) >> at >> java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886) >> at >> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908) >> at java.lang.Thread.run(Thread.java:662) >> >> >> Thanks, >> --KasunG >> >> >> On Mon, May 28, 2012 at 10:31 PM, Thilina Buddhika <[email protected]>wrote: >> >>> Hi Azeez, >>> >>> Dimuthu and I had a chat on this. >>> >>> This is a known issue. Ideally if you have "https://localhost:9443*/t/ >>> azeez.org*/carbon/admin/login.jsp " as the page URL you should be able >>> to log in using just tenant username(without full qualified username) and >>> password. >>> >>> Also after you signed out as tenant user, if you log in as a super >>> tenant user, then it will try to redirect you to the tenant-dashboard page. >>> >>> These two are known issues that need to fixed. >>> >>> Thanks, >>> Thilina >>> >>> >>> On Mon, May 28, 2012 at 10:24 PM, Afkham Azeez <[email protected]> wrote: >>> >>>> I first signed in as [email protected], and then signed out. Next I >>>> wanted to sign in as admin/admin. But I kept getting the login failed >>>> message. >>>> >>>> When I checked the URL in the browser it was, https://localhost:9443* >>>> /t/azeez.org* >>>> /carbon/admin/login.jsp?loginStatus=false&errorCode=invalid.credentials >>>> >>>> I think some filter or the CarbonSecuredHttpContext is appending the >>>> tenant to the URL which results in this error. After removing the tenant >>>> part from the URL, I was able to login as admin/admin >>>> >>>> -- >>>> *Afkham Azeez* >>>> Director of Architecture; WSO2, Inc.; http://wso2.com >>>> Member; Apache Software Foundation; http://www.apache.org/ >>>> * <http://www.apache.org/>** >>>> email: **[email protected]* <[email protected]>* cell: +94 77 3320919 >>>> blog: **http://blog.afkham.org* <http://blog.afkham.org>* >>>> twitter: >>>> **http://twitter.com/afkham_azeez*<http://twitter.com/afkham_azeez> >>>> * >>>> linked-in: **http://lk.linkedin.com/in/afkhamazeez* >>>> * >>>> * >>>> *Lean . Enterprise . Middleware* >>>> >>>> >>> >>> >>> -- >>> Thilina Buddhika >>> Associate Technical Lead >>> WSO2 Inc. ; http://wso2.com >>> lean . enterprise . middleware >>> >>> phone : +94 77 44 88 727 >>> blog : http://blog.thilinamb.com >>> >>> _______________________________________________ >>> Dev mailing list >>> [email protected] >>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>> >>> >> >> >> -- >> *Kasun Gajasinghe* >> Software Engineer; >> Development Technologies Team, WSO2 Inc.; http://wso2.com , >> *email: **kasung AT spamfree wso2.com** cell: **+94 (77) 678-0813* >> *linked-in: *http://lk.linkedin.com/in/gajasinghe* >> * >> *blog: **http://blog.kasunbg.org* <http://blog.kasunbg.org>* >> twitter: **http://twitter.com/kasunbg* <http://twitter.com/kasunbg>* >> * >> >> > > > -- > *Afkham Azeez* > Director of Architecture; WSO2, Inc.; http://wso2.com > Member; Apache Software Foundation; http://www.apache.org/ > * <http://www.apache.org/>** > email: **[email protected]* <[email protected]>* cell: +94 77 3320919 > blog: **http://blog.afkham.org* <http://blog.afkham.org>* > twitter: **http://twitter.com/afkham_azeez*<http://twitter.com/afkham_azeez> > * > linked-in: **http://lk.linkedin.com/in/afkhamazeez* > * > * > *Lean . Enterprise . Middleware* > > -- Thilina Buddhika Associate Technical Lead WSO2 Inc. ; http://wso2.com lean . enterprise . middleware phone : +94 77 44 88 727 blog : http://blog.thilinamb.com
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
