Would be better if you could share the api-manager.xml configuration file to see if there are any errors in configs.
Farasath Ahamed Software Engineer, WSO2 Inc.; http://wso2.com Mobile: +94777603866 Blog: blog.farazath.com Twitter: @farazath619 <https://twitter.com/farazath619> <http://wso2.com/signature> On Thu, Jun 15, 2017 at 8:40 PM, Thomas LEGRAND < [email protected]> wrote: > Hello again, > > I followed the tutorial in [1] to configure my Identity Server (IS) as a > key manager for my API Manager (AM). When I create my Production & Sandbox > applications in the AM, I can see service providers created in the IS. I > configures them to use SAML to retrieve informations like the roles, if the > authentication is successfull. And I can "exchange" my SAML assertion for a > OAuth token. So, everything is cool, here. > > But, when I try to reuse this OAuth token to access to a resource via the > AM, it rejects me with this sweet message: > > <ams:fault xmlns:ams="http://wso2.org/apimanager/security";> > <ams:code>900900</ams:code> > <ams:message>Unclassified Authentication Failure</ams:message> > <ams:description>Resource forbidden</ams:description> > </ams:fault> > > But no errors in the logs but just a WARN. So, I activated the DEBUG mode > and then, I can see some intersting things: > > [2017-06-15 16:44:52,954] WARN - APIAuthenticationHandler API > authentication failure due to Unclassified Authentication Failure > [2017-06-15 16:44:52,954] DEBUG - APIAuthenticationHandler API > authentication failed with error 900900 > org.wso2.carbon.apimgt.gateway.handlers.security.APISecurityException: > Resource forbidden > at org.wso2.carbon.apimgt.gateway.handlers.security. > keys.WSAPIKeyDataStore.getAPIKeyData(WSAPIKeyDataStore.java:51) > at org.wso2.carbon.apimgt.gateway.handlers.security. > APIKeyValidator.doGetKeyValidationInfo(APIKeyValidator.java:253) > at org.wso2.carbon.apimgt.gateway.handlers.security. > APIKeyValidator.getKeyValidationInfo(APIKeyValidator.java:209) > at org.wso2.carbon.apimgt.gateway.handlers.security. > oauth.OAuthAuthenticator.authenticate(OAuthAuthenticator.java:196) > at org.wso2.carbon.apimgt.gateway.handlers.security. > APIAuthenticationHandler.handleRequest(APIAuthenticationHandler.java:117) > at org.apache.synapse.rest.API.process(API.java:325) > at org.apache.synapse.rest.RESTRequestHandler.dispatchToAPI( > RESTRequestHandler.java:90) > at org.apache.synapse.rest.RESTRequestHandler.process( > RESTRequestHandler.java:69) > at org.apache.synapse.core.axis2.Axis2SynapseEnvironment. > injectMessage(Axis2SynapseEnvironment.java:304) > at org.apache.synapse.core.axis2.SynapseMessageReceiver.receive( > SynapseMessageReceiver.java:78) > at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:180) > at org.apache.synapse.transport.passthru.ServerWorker. > processNonEntityEnclosingRESTHandler(ServerWorker.java:325) > at org.apache.synapse.transport.passthru.ServerWorker.run( > ServerWorker.java:158) > at org.apache.axis2.transport.base.threads.NativeWorkerPool$ > 1.run(NativeWorkerPool.java:172) > at java.util.concurrent.ThreadPoolExecutor.runWorker( > ThreadPoolExecutor.java:1142) > at java.util.concurrent.ThreadPoolExecutor$Worker.run( > ThreadPoolExecutor.java:617) > at java.lang.Thread.run(Thread.java:745) > Caused by: > org.wso2.carbon.apimgt.gateway.handlers.security.APISecurityException: > Error while accessing backend services for API key validation > at org.wso2.carbon.apimgt.gateway.handlers.security. > keys.APIKeyValidatorClient.getAPIKeyData(APIKeyValidatorClient.java:114) > at org.wso2.carbon.apimgt.gateway.handlers.security. > keys.WSAPIKeyDataStore.getAPIKeyData(WSAPIKeyDataStore.java:48) > ... 16 more > Caused by: org.apache.axis2.AxisFault: org.apache.axis2.AxisFault: Mapping > qname not fond for the package: java.util > > From here, I don't know what to do since I tried some fancy URLs for the > ServerURL value in the elements AuthManager and APIKeyValidator. > My IS has an offset of 5 so the port is 9448. Here is the URL I used to > point to the IS server: https://localhost:9448/services/ > > Is there a way to know in which URL the IS deploy its Key Manager feature > web services (WS)? > Should I reinstall the Key Manager feature in the IS? > > Regards, > > Thomas > > [1] https://docs.wso2.com/display/AM210/Configuring+ > WSO2+Identity+Server+as+a+Key+Manager > > _______________________________________________ > Dev mailing list > [email protected] > http://wso2.org/cgi-bin/mailman/listinfo/dev > >
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
