Hi Harri, You can find about deploying WSO2 Identity Server behind a proxy in [1].
[1] - http://xacmlinfo.org/2014/11/16/how-to-developing-identity-server-behind-proxy-or-load-balancer/ Thanks Kesavan Yogarajah Software Engineer Mobile :+94 (0) 779 758021 [email protected] WSO2, Inc. lean . enterprise . middleware On Thu, Jun 16, 2016 at 2:25 PM, Harri Salminen <[email protected]> wrote: > Hello Kesavan ! > > customer is using proxies in their evaluation environment. Is it possible > to configure the WSO2 Identity Server using some system proxy settings to > be able to estabilish server-server connections ? I assume the MePIN plugin > connector uses Java’s HttpUrlConnection to reach MePIN Services API. > > This is what we are told: > > - And on the terminal that run wso2server with the same result (I set > HTTP_PROXY, HTTPS_PROXY before run the command) > curl https://api.mepin.com/ > Not authorized > > > So basically proxy settings for Windows internals are used in order to > pass to the public internet. > > > Any ideas ? > > > Thank you very much > > Harri Salminen > Software Engineer > MePIN / Meontrust inc. > [email protected] > +358447779197 > > > > On 15 Jun 2016, at 13:22, Kesavan Yogarajah <[email protected]> wrote: > > Hi Harri, > > I didn't see any deviations. Since they running locally their > configuration is correct. > > #The URL of the SAML 2.0 Identity Provider > SAML.IdPUrl=https://localhost:9443/samlsso > > Could you please share the screenshot of your identity provider > configuration ?. > > Thanks > > Kesavan Yogarajah > Software Engineer > Mobile :+94 (0) 779 758021 > [email protected] > WSO2, Inc. > lean . enterprise . middleware > > On Wed, Jun 15, 2016 at 2:29 PM, Harri Salminen <[email protected]> > wrote: > >> Hello, >> >> I attached customers configuration. Do you see some deviations ? >> >> Customer indicated: >> >> "Everything are installed locally and on the same PC. >> I’ve checked travelocity.com/WEB-INF/classes/travelocity.properties file, >> and did not see SAML2.IdPURL property." >> >> >> >> thank you very much for your time ! >> >> Harri Salminen >> Software Engineer >> MePIN / Meontrust inc. >> [email protected] >> +358447779197 >> >> >> >> On 15 Jun 2016, at 11:15, Kesavan Yogarajah <[email protected]> wrote: >> >> Hi Harri, >> >> Since we run the server locally we set the callback url as >> https://localhost:9443/commonauth. >> Are you running the server locally?. If the Identity Server is running on >> a different hostname/port number please change the property accordingly and >> also SAML2.IdPURL property in the <Tomcat_Home>/webapps/ >> travelocity.com/WEB-INF/classes/travelocity.properties file should be >> changed accordingly. >> >> Thanks >> >> Kesavan Yogarajah >> Software Engineer >> Mobile :+94 (0) 779 758021 >> [email protected] >> WSO2, Inc. >> lean . enterprise . middleware >> >> On Wed, Jun 15, 2016 at 12:54 PM, Harri Salminen <[email protected]> >> wrote: >> >>> Hello Kesavan, >>> >>> we received this log. Do you see something specific which would indicate >>> what has gone wrong ? The red color emphasis is from customer. >>> >>> Thanks a lot for your help ! >>> >>> >>> Here are *wso2carbon.log* after enable debug log level (when login from >>> example app using MePIN). >>> >>> “ >>> … >>> : [-1234] [] [2016-06-15 08:48:01,623] DEBUG >>> {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} - >>> Authenticating user admin >>> TID: [-1234] [] [2016-06-15 08:48:01,623] DEBUG >>> {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} - Cache hit. >>> Using DN uid=admin,ou=Users,dc=WSO2,dc=ORG >>> TID: [-1234] [] [2016-06-15 08:48:01,675] DEBUG >>> {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} - User: >>> uid=admin,ou=Users,dc=WSO2,dc=ORG is authnticated: true >>> TID: [-1234] [] [2016-06-15 08:48:01,675] DEBUG >>> {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} - Searching >>> for user admin >>> TID: [-1234] [] [2016-06-15 08:48:01,675] DEBUG >>> {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} - value >>> after escaping special characters in admin : admin >>> TID: [-1234] [] [2016-06-15 08:48:01,678] DEBUG >>> {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} - Searching >>> for user with SearchFilter: (&(objectClass=person)(uid=admin)) in >>> SearchBase: >>> TID: [-1234] [] [2016-06-15 08:48:01,681] DEBUG >>> {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} - Name in >>> space for admin is uid=admin,ou=Users,dc=WSO2,dc=ORG >>> TID: [-1234] [] [2016-06-15 08:48:01,682] DEBUG >>> {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} - User: >>> admin exist: true >>> TID: [-1234] [] [2016-06-15 08:48:01,689] DEBUG >>> {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} - Searching >>> for user with SearchFilter: (&(objectClass=person)(uid=admin)) in >>> SearchBase: >>> TID: [-1234] [] [2016-06-15 08:48:01,689] DEBUG >>> {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} - Requesting >>> attribute :active >>> TID: [-1234] [] [2016-06-15 08:48:01,693] DEBUG >>> {org.wso2.carbon.identity.application.authentication.framework.handler.step.impl.DefaultStepHandler} >>> - BasicAuthenticator returned: SUCCESS_COMPLETED >>> TID: [-1234] [] [2016-06-15 08:48:01,693] DEBUG >>> {org.wso2.carbon.identity.application.authentication.framework.handler.sequence.impl.DefaultStepBasedSequenceHandler} >>> - Step 1 is completed. Going to get the next one. >>> TID: [-1234] [] [2016-06-15 08:48:01,694] DEBUG >>> {org.wso2.carbon.identity.application.authentication.framework.handler.sequence.impl.DefaultStepBasedSequenceHandler} >>> - Starting Step: 2 >>> TID: [-1234] [] [2016-06-15 08:48:01,694] DEBUG >>> {org.wso2.carbon.identity.application.authentication.framework.util.FrameworkUtils} >>> - Finding already authenticated IdPs of the Step >>> TID: [-1234] [] [2016-06-15 08:48:01,694] DEBUG >>> {org.wso2.carbon.identity.application.authentication.framework.handler.step.impl.DefaultStepHandler} >>> - Step contains only a single IdP. Going to call it directly >>> TID: [-1234] [] [2016-06-15 08:48:01,694] DEBUG >>> {org.wso2.carbon.identity.application.authentication.framework.config.ConfigurationFacade} >>> - Trying to find the IdP for name: mePIN >>> TID: [-1234] [] [2016-06-15 08:48:01,695] DEBUG >>> {org.wso2.carbon.identity.application.authentication.framework.config.ConfigurationFacade} >>> - A registered IdP was found >>> TID: [-1234] [] [2016-06-15 08:48:01,696] DEBUG >>> {org.wso2.carbon.identity.application.authentication.framework.handler.step.impl.DefaultStepHandler} >>> - MePINAuthenticator returned: INCOMPLETE >>> TID: [-1234] [] [2016-06-15 08:48:01,696] DEBUG >>> {org.wso2.carbon.identity.application.authentication.framework.handler.step.impl.DefaultStepHandler} >>> - MePINAuthenticator is redirecting >>> TID: [-1234] [] [2016-06-15 08:48:01,696] DEBUG >>> {org.wso2.carbon.identity.application.authentication.framework.handler.sequence.impl.DefaultStepBasedSequenceHandler} >>> - Step is not complete yet. Redirecting to outside. >>> TID: [-1234] [] [2016-06-15 08:49:29,075] DEBUG >>> {org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultAuthenticationRequestHandler} >>> - In authentication flow >>> TID: [-1234] [] [2016-06-15 08:49:29,076] DEBUG >>> {org.wso2.carbon.identity.application.authentication.framework.handler.sequence.impl.DefaultStepBasedSequenceHandler} >>> - Executing the Step Based Authentication... >>> TID: [-1234] [] [2016-06-15 08:49:29,076] DEBUG >>> {org.wso2.carbon.identity.application.authentication.framework.handler.sequence.impl.DefaultStepBasedSequenceHandler} >>> - Starting Step: 2 >>> TID: [-1234] [] [2016-06-15 08:49:29,076] DEBUG >>> {org.wso2.carbon.identity.application.authentication.framework.util.FrameworkUtils} >>> - Finding already authenticated IdPs of the Step >>> TID: [-1234] [] [2016-06-15 08:49:29,077] DEBUG >>> {org.wso2.carbon.identity.application.authentication.framework.handler.step.impl.DefaultStepHandler} >>> - Receive a response from the external party >>> TID: [-1234] [] [2016-06-15 08:49:29,077] DEBUG >>> {org.wso2.carbon.identity.application.authentication.framework.handler.step.impl.DefaultStepHandler} >>> - MePINAuthenticator can handle the request. >>> TID: [-1234] [] [2016-06-15 08:49:50,165] DEBUG >>> {org.wso2.carbon.identity.application.authentication.framework.handler.step.impl.DefaultStepHandler} >>> - MePINAuthenticator returned: INCOMPLETE >>> TID: [-1234] [] [2016-06-15 08:49:50,166] DEBUG >>> {org.wso2.carbon.identity.application.authentication.framework.handler.step.impl.DefaultStepHandler} >>> - MePINAuthenticator is redirecting >>> TID: [-1234] [] [2016-06-15 08:49:50,166] DEBUG >>> {org.wso2.carbon.identity.application.authentication.framework.handler.sequence.impl.DefaultStepBasedSequenceHandler} >>> - Step is not complete yet. Redirecting to outside. >>> ” >>> >>> >>> >>> >>> >>> >>> >>> Harri Salminen >>> Software Engineer >>> MePIN / Meontrust inc. >>> [email protected] >>> +358447779197 >>> >>> >>> >>> On 14 Jun 2016, at 19:52, Kesavan Yogarajah <[email protected]> wrote: >>> >>> + dev >>> >>> Hi Harri, >>> >>> In order to get the comprehensive logs please enable the >>> authentication.framework debug log as follows >>> >>> - Uncomment below line to the log4j.properties file (locate in >>> [IS_HOME]/repository/conf directory). >>> >>> >>> log4j.logger.org.wso2.carbon.identity.application.authentication.framework=DEBUG >>> - Restart the IS server. >>> >>> Thanks >>> >>> Kesavan Yogarajah >>> Software Engineer >>> Mobile :+94 (0) 779 758021 >>> [email protected] >>> WSO2, Inc. >>> lean . enterprise . middleware >>> >>> ---------- Forwarded message ---------- >>> From: Harri Salminen <[email protected]> >>> Date: Tue, Jun 14, 2016 at 5:19 PM >>> Subject: Re: WSO2 Identity Server Connectors Store Released >>> To: Kesavan Yogarajah <[email protected]> >>> >>> >>> Hello Kesavan ! >>> >>> Very big customer is now evaluating the WSO2 Identity Server with MePIN >>> in Vietnam ( 63 million subscribers ). Unfortunately the “Linking” phase >>> fails for the evaluating user currently. >>> >>> Can you help abit, please, if you have any time to get back. >>> >>> 1. Linking starts fine, user submits accesscode and confirms the linking >>> with the MePIN Mobile Authenticator >>> >>> 2. MePIN sends a redirect response to the end-user’s browser to redirect >>> to the receiver page >>> >>> 3. receiver page should request the end-user MePIN identity from the >>> MePIN Services API ( userinfo/get ) >>> >>> 4. But the userinfo-request never comes. Instead some error happens in >>> the Identity Server connector ( picture attached ): >>> >>> <image002.jpg> >>> >>> >>> How the evaluating customer would be able to debug, what is going wrong >>> ? Can you name some log which should be checked for any errors ? >>> >>> We got info that the evaluating user had checked this log, but nothing >>> found: >>> >>> I also check carbon server log, but got nothing. Here are latest line in >>> log file. >>> >>> TID: [-1234] [] [2016-06-14 09:57:59,290] INFO >>> {org.wso2.carbon.ui.internal.CarbonUIServiceComponent} - Mgt Console URL : >>> https://localhost:9443/carbon/ >>> TID: [-1234] [] [2016-06-14 10:08:38,950] INFO >>> {org.wso2.carbon.core.services.util.CarbonAuthenticationUtil} - ' >>> [email protected][-1234]' logged in at [2016-06-14 10:08:38,950+0700] >>> >>> >>> >>> The evaluating server config is attached as picture: >>> >>> <image003.jpg> >>> >>> >>> >>> All help is very deeply appreciated ! This is big challenge and also big >>> opportunities ! >>> >>> best regards, >>> >>> >>> Harri Salminen >>> Software Engineer >>> MePIN / Meontrust inc. >>> [email protected] >>> +358447779197 >>> >>> >>> >>> On 07 Jan 2016, at 19:28, Kesavan Yogarajah <[email protected]> wrote: >>> >>> Hi Markku & Harri, >>> >>> Happy to let you know that the IS connector store was released today. >>> Please find below the release details. >>> >>> Cheers, >>> Kesavan >>> >>> *WSO2 Identity Server Connectors Store Released* >>> >>> The WSO2 Platform Extensions team is pleased to announce the release of >>> the WSO2 Store for WSO2 Identity Server Authenticators and >>> Provisioning Connectors. >>> >>> Authenticators provide you with a way to authenticate users using a >>> specific external authentication system through WSO2 Identity Server. >>> >>> To browse through the WSO2 Identity Server authenticators and to >>> download the authenticator that you require, go to >>> https://store.wso2.com/store. >>> >>> For more information on authenticators and how to configure an >>> authenticator with the WSO2 Identity Server, see >>> https://docs.wso2.com/display/ISCONNECTORS/Identity+Server+Authenticators+and+Connectors >>> . >>> >>> The following authenticators are available in WSO2 Store: >>> >>> *Authenticators* >>> >>> Tiqr >>> MePIN >>> SMSOTP >>> Inwebo >>> Yammer >>> Foursquare >>> >>> *How You Can Contribute* >>> >>> You can create an authenticator and publish it in the WSO2 Store. For >>> more information, see. >>> https://docs.wso2.com/display/ISCONNECTORS/Creating+a+Third+Party+Authenticator+or+Connector+and+Publishing+in+WSO2+Store >>> . >>> >>> *Support* >>> >>> We are committed to ensuring that your enterprise middleware deployment >>> is completely supported from evaluation to production. Our unique approach >>> ensures that all support leverages our open development methodology and is >>> provided by the very same engineers who build the technology. >>> >>> For more details and to take advantage of this unique opportunity please >>> visit http://wso2.com/support. >>> >>> -- The WSO2 Platform Extensions Team -- >>> >>> Kesavan Yogarajah >>> Associate Software Engineer >>> Mobile :+94 (0) 779 758021 >>> [email protected] >>> WSO2, Inc. >>> lean . enterprise . middleware >>> >>> >>> >>> <signature.asc> >>> >>> >>> >> >> >> > >
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
