Hi Javier, We need additional information to analyze the issue. Attach the wso2carbon.log file after enabling the debug logs for org.wso2.carbon.user.core package as follows.
Add following entry to /repository/conf/log4j.properties file log4j.logger.org.wso2.carbon.user.core=DEBUG Thanks Isura. On Fri, May 26, 2017 at 12:50 AM, Vazquez-Hidalgo, Javier < [email protected]> wrote: > Hello, > > > > I’m trying to setup APIM 2.1.0 + Identity Server 5.3.0 on separate boxes, > at this point I have all configurations in place with shared databases and > I added a secondary User Store (Read-Only LDAP) on the Identity Server and > I’m able to assign permissions, etc.. > > > > The problem I’m having is that when I try to login to the API Store using > a user from the secondary user store I get the following error in the login > screen: > > > > “Error! Login failed. Insufficient Privileges.” > > > > APIM Logs: > > ------------- > > > > [2017-05-25 14:49:52,812] ERROR - JDBCAuthorizationManager Error occurred > while accessing Java Security Manager Privilege Block > > [2017-05-25 14:49:52,812] ERROR - APIStoreHostObject Login failed. > Insufficient Privileges. > > > > IS Log: > > ----------- > > [2017-05-25 14:49:52,498] INFO > {org.wso2.carbon.core.services.util.CarbonAuthenticationUtil} > - 'DOMAIN/[email protected] [-1234]' logged in at [2017-05-25 > 14:49:52,497-0400] > > > > So, it seems that the user is authenticated but something is happening. > > > > Just to be clear, the user from the secondary user store has > “Internal/subscriber” role which should be sufficient to login. > > > > I also created a test user in the IS primary store and assigned > “Internal/subscriber” role and that worked fine. > > > > > > Any help or pointers is appreciated. > > > > Thanks, > > Javier Vazquez > > > > > > > > If you wish to unsubscribe from receiving commercial electronic messages > from TD Bank Group, please click here <http://www.td.com/tdoptout> or go > to the following web address: www.td.com/tdoptout > Si vous souhaitez vous désabonner des messages électroniques de nature > commerciale envoyés par Groupe Banque TD veuillez cliquer ici > <http://www.td.com/tddesab> ou vous rendre à l'adresse www.td.com/tddesab > > > NOTICE: Confidential message which may be privileged. Unauthorized > use/disclosure prohibited. If received in error, please go to > www.td.com/legal for instructions. > AVIS : Message confidentiel dont le contenu peut être privilégié. > Utilisation/divulgation interdites sans permission. Si reçu par erreur, > prière d'aller au www.td.com/francais/avis_juridique pour des > instructions. > > _______________________________________________ > Dev mailing list > [email protected] > http://wso2.org/cgi-bin/mailman/listinfo/dev > > -- *Isura Dilhara Karunaratne* Senior Software Engineer | WSO2 Email: [email protected] Mob : +94 772 254 810 Blog : http://isurad.blogspot.com/
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
