HI All, Had a offline chat with Pulasthi and got to know that in IS 5.0.8 there was opensaml upgrade from 2.4.1 to 2.6.4. After going through [1] got to know that there is a hostname verification introduced in opensaml 2.6.4 which is not there in opensaml 2.4.1 and this is why we are getting the above issue after moving to carbon identity 5.0.8.
We are using *CommonsHTTPTransportSender * to call key manager internally and from what I understood if we set the *HostnameVerifier *parameter to *AllowAll *we should be able to get rid of this issue, But still we are getting this issue. Does anyone know why HostnameVerifier prameter is not working as expected with CommonsHTTPTransportSender ? [1] http://grepcode.com/file_/repo1.maven.org/maven2/org.apache.servicemix.bundles/org.apache.servicemix.bundles.opensaml/2.4.1_2/org/opensaml/ws/soap/client/http/TLSProtocolSocketFactory.java/?v=diff&id2=2.6.4_1 Thanks, On Thu, Mar 17, 2016 at 11:12 AM, Sam Sivayogam <[email protected]> wrote: > Hi All, > > I'm trying to to upgrade APIM's Crabon kernel to 4.4.4. during the kernel > upgrade i also upgraded the following > carbon identity from 5.0.7 to 5.08 > carbon commons from 4.4.8 to 4.5.2 > wso2 rampart from 1.6.1-wso2v16 to 1.6.1-wso2v18 > > After the upgrade, when I try to generate a key from the API Store I'm > getting the error [1] . I was able to get rid of this issue after replacing > APIKeyValidator ip with localhost in api-manager.xml. > Please note that this issue is occuring after the kernel upgrade before > that we didn't encounter this issue. what i would like to know to know is > there is any changes in kernel 4.4.4 or rampart 1.6.1-wso2v18 to do the > hostname verification by default? > > [1] [2016-03-17 11:08:35,995] INFO - HTTPSender Unable to sendViaPost to > url[https://10.100.5.192:9443//services/APIKeyMgtSubscriberService] > javax.net.ssl.SSLPeerUnverifiedException: SSL peer failed hostname > validation for name: 10.100.5.192 > at > org.opensaml.ws.soap.client.http.TLSProtocolSocketFactory.verifyHostname(TLSProtocolSocketFactory.java:233) > at > org.opensaml.ws.soap.client.http.TLSProtocolSocketFactory.createSocket(TLSProtocolSocketFactory.java:194) > at > org.apache.commons.httpclient.HttpConnection.open(HttpConnection.java:707) > at > org.apache.commons.httpclient.MultiThreadedHttpConnectionManager$HttpConnectionAdapter.open(MultiThreadedHttpConnectionManager.java:1361) > at > org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:387) > at > org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:171) > at > org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397) > at > org.apache.axis2.transport.http.AbstractHTTPSender.executeMethod(AbstractHTTPSender.java:632) > at > org.apache.axis2.transport.http.HTTPSender.sendViaPost(HTTPSender.java:195) > at org.apache.axis2.transport.http.HTTPSender.send(HTTPSender.java:77) > at > org.apache.axis2.transport.http.CommonsHTTPTransportSender.writeMessageWithCommons(CommonsHTTPTransportSender.java:451) > at > org.apache.axis2.transport.http.CommonsHTTPTransportSender.invoke(CommonsHTTPTransportSender.java:278) > at org.apache.axis2.engine.AxisEngine.send(AxisEngine.java:442) > at > org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:430) > at > org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:225) > at > org.apache.axis2.client.OperationClient.execute(OperationClient.java:149) > at > org.wso2.carbon.apimgt.keymgt.stub.subscriber.APIKeyMgtSubscriberServiceStub.retrieveOAuthApplication(APIKeyMgtSubscriberServiceStub.java:1389) > at > org.wso2.carbon.apimgt.keymgt.client.SubscriberKeyMgtClient.getOAuthApplication(SubscriberKeyMgtClient.java:89) > at > org.wso2.carbon.apimgt.impl.AMDefaultKeyManagerImpl.retrieveApplication(AMDefaultKeyManagerImpl.java:224) > at > org.wso2.carbon.apimgt.impl.dao.ApiMgtDAO.getClientOfApplication(ApiMgtDAO.java:2338) > at > org.wso2.carbon.apimgt.impl.dao.ApiMgtDAO.getOAuthApplications(ApiMgtDAO.java:2302) > at > org.wso2.carbon.apimgt.impl.dao.ApiMgtDAO.getApplications(ApiMgtDAO.java:4434) > at > org.wso2.carbon.apimgt.impl.APIConsumerImpl.getApplications(APIConsumerImpl.java:2813) > at > org.wso2.carbon.apimgt.impl.UserAwareAPIConsumer.getApplications(UserAwareAPIConsumer.java:36) > at > org.wso2.carbon.apimgt.hostobjects.APIStoreHostObject.getAllSubscriptions(APIStoreHostObject.java:2416) > at > org.wso2.carbon.apimgt.hostobjects.APIStoreHostObject.jsFunction_getAllSubscriptionsOfApplication(APIStoreHostObject.java:2659) > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > at > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) > at > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > at java.lang.reflect.Method.invoke(Method.java:601) > at org.mozilla.javascript.MemberBox.invoke(MemberBox.java:126) > at org.mozilla.javascript.FunctionObject.call(FunctionObject.java:386) > at org.mozilla.javascript.optimizer.OptRuntime.callN(OptRuntime.java:52) > at > org.jaggeryjs.rhino.store.modules.subscription.c1._c_anonymous_2(/store/modules/subscription/list.jag:31) > at > org.jaggeryjs.rhino.store.modules.subscription.c1.call(/store/modules/subscription/list.jag) > at > org.mozilla.javascript.ScriptRuntime.applyOrCall(ScriptRuntime.java:2430) > at org.mozilla.javascript.BaseFunction.execIdCall(BaseFunction.java:269) > at org.mozilla.javascript.IdFunctionObject.call(IdFunctionObject.java:97) > at org.mozilla.javascript.optimizer.OptRuntime.call2(OptRuntime.java:42) > at > org.jaggeryjs.rhino.store.modules.subscription.c0._c_anonymous_5(/store/modules/subscription/module.jag:19) > > Thanks, > Sam > -- > *Sam Sivayogam* > > Software Engineer > Mobile : +94 772 906 439 > Office : +94 112 145 345 > *WSO2, Inc. :** wso2.com <http://wso2.com/>* > lean.enterprise.middleware. > -- *Sam Sivayogam* Software Engineer Mobile : +94 772 906 439 Office : +94 112 145 345 *WSO2, Inc. :** wso2.com <http://wso2.com/>* lean.enterprise.middleware.
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
