[Dev] WSO2 Identity server,multiple token requests issue

[prayag pavithran]

Hi All,

We've integrated WSO2 Identity Server 5.7.0 with an Angular application using 
OIDC client JS.

When ever multiple requests for token are sent from the same client , identity 
server is returning every time a new token and setting previous token state as 
"EXPIRED" in idn_oauth2_access_token_audit table.

Can you please let me know how to configure WSO2 IS to return the same access 
token if already exists and not expired , if multiple requests for token are 
sent from the same client.


Thanks & Regards,
Prayag Pavithran
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

[Dev] Office365 Federation for Dual Domain with WSO2 Identity Server

[Dewni Weeraman]

Hi All,

Currently, I am working on the $subject. Please find the detailed
description of the tasks below.

Step 01 - Configuring of WSO2 IS to handle Office 365 with single domain.
Step 02 - Testing out how WSO2 IS can handle Office 365 Federation with
multiple domains in multiple IS instances (a single IS instance dedicated
to a single domain).
Step 03 - Integrating IS to tackle the issue of Office 365 federation for
dual domain in a single IS tenant instance.

Step 01 and Step 02 has been completed. Please find [1] and [2] for the
instructions on how to carry out Step 01.

 While carrying out Step 02, following limitations were identified.

1. Two domains in Office 365 use the same Service Provider entity id (SP
issuer name).

In IS two domains are represented as two service providers. Each service
provider (in the same tenant instance) should have unique issuer name.

2. Office 365 requires to have a unique IDP entity ID for each domain.

In IS the same IDP entity ID is utilized for all service providers
available in a given tenant.

Therefore by considering the aforementioned points, the current solution to
tackle with $subject is to have a IS tenant configured per domain. However
in a requirement where this needs to be done in a single IS instance, the
current release of WSO2 IS doesn’t have support for this.

As Step 03 we will be introducing two new attributes for SAML inbound
authentication configurations when creating a Service Provider.

   - Service Provider Qualifier - The value defined here will be appended
   to the end of the “Issuer” value when registering the SAML SP in the
   Identity Server. This allows to configure multiple SAML SSO inbound
   authentication configurations for the same “Issuer” value.


   - IdP Entity ID Alias - “Identity Provider Entity ID” specified under
   SAML SSO Inbound Authentication configuration in “Resident IdP” can be
   overridden with this value.

The PRs for this is available at [3] and [4]. I'll be working on resolving
the merge conflicts.


[1]
https://medium.com/@dewni.matheesha/office365-configurations-with-wso2-identity-server-for-saml2-authentication-d234cb333293
[2]
https://medium.com/@dewni.matheesha/user-provisioning-to-azure-ad-from-wso2-identity-server-bf7f89d30c5
[3] https://github.com/wso2-extensions/identity-inbound-auth-saml/pull/201
[4] https://github.com/wso2-extensions/identity-inbound-auth-oauth/pull/994

Thanks & Regards,
Dewni
-- 
Dewni Weeraman | Software Engineer | WSO2 Inc.
(m) +94 077 2979049 | (e) de...@wso2.com 


___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Issues with Role Based Adaptive Authentication example

[Isura Karunaratne]

Hi Sherene, Yvonne,

In order to fix [1], we need to update the document [2].  It is required to
add the following configuration in
/repository/resources/conf/templates/repository/conf/identity.xml.j2
as instructed in [1].

**

Please update the [2] by adding a new step.

Cheers,
Isura.

[1] https://github.com/wso2/product-is/issues/6023
[2]
https://docs.wso2.com/display/IS580/Configuring+a+Service+Provider+for+Adaptive+Authentication#ConfiguringaServiceProviderforAdaptiveAuthentication-Step01:SetUptheSamples

On Tue, Jul 30, 2019 at 2:57 PM Darshana Gunawardana 
wrote:

> [Looping Isura]
>
>
> On Tue, Jul 30, 2019 at 2:55 PM Darshana Gunawardana 
> wrote:
>
>> Hi Gayashan,
>>
>> Please see my comments below.
>>
>> On Tue, Jul 30, 2019 at 2:23 PM Gayashan Bombuwala 
>> wrote:
>>
>>> Hi All,
>>>
>>> I came across the following issues when trying out the Role Based
>>> Adaptive Authentication example
>>> 
>>> .
>>>
>>>
>>>1. #6022  -
>>>UsernameJavaScriptRegEx property configuration in usr-mgt.xml has been
>>>changed.
>>>
>>> We have to fix in the default config to avoid any configuration changes
>> during the guide.
>>
>>>
>>>1.
>>>2. #6023  -
>>>Unauthorized error while following the "Role Based Adaptive 
>>> Authentication"
>>>example.
>>>
>>> This has to capture in docs.
>>
>> Thanks,
>>
>>>
>>>1.
>>>
>>>
>>> Best Regards
>>>
>>> --
>>> *Gayashan Bombuwala*
>>> Software Engineer | WSO2
>>>
>>> Email: gayash...@wso2.com
>>> Phone: +94770548334
>>>
>>> [image: https://wso2.com/signature] 
>>>
>>
>>
>> --
>> Regards,
>>
>>
>> *Darshana Gunawardana*Technical Lead
>> WSO2 Inc.; http://wso2.com
>>
>> *E-mail: darsh...@wso2.com *
>> *Mobile: +94718566859*Lean . Enterprise . Middleware
>>
>
>
> --
> Regards,
>
>
> *Darshana Gunawardana*Technical Lead
> WSO2 Inc.; http://wso2.com
>
> *E-mail: darsh...@wso2.com *
> *Mobile: +94718566859*Lean . Enterprise . Middleware
>


-- 

*Isura Dilhara Karunaratne*
Technical Lead | WSO2 
*lean.enterprise.middleware*
Email: is...@wso2.com
Mob : +94 772 254 810
Blog : https://medium.com/@isurakarunaratne
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

[Dev] JMSException with apim-2.6 active/active depl.

[Bernard Paris]

I just installed an Active-Active Deployment APIM-2.6 (2 nodes with same 
configs).
Both servers share a common /repository/deployment/server 
directory, and both start with no errors/warnings.
I can publish and test APIs, on any of one of the 2 servers, it's ok, but in my 
logs I find this error reported below.  


TID: [-1234] [] [2019-07-31 11:00:33,809]  INFO 
{org.wso2.carbon.mediation.dependency.mgt.DependencyTracker} -  Local entry : 
gov:/apimgt/statistics/ga-config.xml was added to the Synapse configuration 
successfully {org.wso2.carbon.mediation.dependency.mgt.DependencyTracker}
TID: [-1234] [] [2019-07-31 11:00:33,833]  INFO 
{org.apache.synapse.core.axis2.TimeoutHandler} -  This engine will expire all 
callbacks after GLOBAL_TIMEOUT: 120 seconds, irrespective of the timeout 
action, after the specified or optional timeout 
{org.apache.synapse.core.axis2.TimeoutHandler}
TID: [-1] [] [2019-07-31 11:00:33,918]  INFO 
{org.wso2.carbon.databridge.core.DataBridge} -  user admin connected 
{org.wso2.carbon.databridge.core.DataBridge}
TID: [-1234] [] [2019-07-31 11:00:33,955]  INFO 
{org.wso2.carbon.event.output.adapter.jms.internal.util.JMSConnectionFactory} - 
 JMS ConnectionFactory : jmsEventPublisher initialized 
{org.wso2.carbon.event.output.adapter.jms.internal.util.JMSConnectionFactory}
TID: [-1234] [] [2019-07-31 11:00:33,988]  INFO 
{org.wso2.andes.server.handler.ConnectionStartOkMethodHandler} -  SASL 
Mechanism selected: PLAIN 
{org.wso2.andes.server.handler.ConnectionStartOkMethodHandler}
TID: [-1234] [] [2019-07-31 11:00:33,989]  INFO 
{org.wso2.andes.server.handler.ConnectionStartOkMethodHandler} -  Locale 
selected: en_US {org.wso2.andes.server.handler.ConnectionStartOkMethodHandler}
TID: [-1234] [] [2019-07-31 11:00:34,026]  INFO 
{org.wso2.andes.server.handler.ConnectionStartOkMethodHandler} -  
Authentication failed:Error processing data: javax.security.sasl.SaslException: 
Authentication failed 
{org.wso2.andes.server.handler.ConnectionStartOkMethodHandler}
TID: [-1] [] [2019-07-31 11:00:34,027]  INFO 
{org.wso2.andes.client.handler.ConnectionCloseMethodHandler} -  ConnectionClose 
frame received {org.wso2.andes.client.handler.ConnectionCloseMethodHandler}
TID: [-1] [] [2019-07-31 11:00:34,028]  INFO 
{org.wso2.andes.client.handler.ConnectionCloseMethodHandler} -  Error :530: not 
allowed:Thread-54 {org.wso2.andes.client.handler.ConnectionCloseMethodHandler}
TID: [-1] [] [2019-07-31 11:00:34,028]  INFO 
{org.wso2.andes.server.handler.ConnectionCloseOkMethodHandler} -  Received 
Connection-close-ok 
{org.wso2.andes.server.handler.ConnectionCloseOkMethodHandler}
TID: [-1] [] [2019-07-31 11:00:34,028]  INFO 
{org.wso2.andes.client.state.AMQStateManager} -  Notifying 
Waiters([org.wso2.andes.client.state.StateWaiter@62b8f2fe]) for error:not 
allowed {org.wso2.andes.client.state.AMQStateManager}
TID: [-1] [] [2019-07-31 11:00:34,030] ERROR 
{org.wso2.carbon.event.output.adapter.jms.internal.util.JMSConnectionFactory} - 
 Error acquiring a Connection from the JMS CF : jmsEventPublisher using 
properties : {transport.jms.ConcurrentPublishers=allow, 
java.naming.provider.url=repository/conf/jndi.properties, 
java.naming.factory.initial=org.wso2.andes.jndi.PropertiesFileInitialContextFactory,
 transport.jms.DestinationType=topic, 
transport.jms.ConnectionFactoryJNDIName=TopicConnectionFactory, 
transport.jms.Destination=throttleData} 
{org.wso2.carbon.event.output.adapter.jms.internal.util.JMSConnectionFactory}
javax.jms.JMSException: Error creating connection: Unable to Connect
at 
org.wso2.andes.client.AMQConnectionFactory.createConnection(AMQConnectionFactory.java:346)
at 
org.wso2.andes.client.AMQConnectionFactory.createConnection(AMQConnectionFactory.java:53)
at 
org.wso2.carbon.event.output.adapter.jms.internal.util.JMSUtils.createConnection(JMSUtils.java:387)
at 
org.wso2.carbon.event.output.adapter.jms.internal.util.JMSConnectionFactory.createConnection(JMSConnectionFactory.java:268)
at 
org.wso2.carbon.event.output.adapter.jms.internal.util.JMSConnectionFactory$PoolableJMSConnectionFactory.makeObject(JMSConnectionFactory.java:356)
at 
org.apache.commons.pool.impl.GenericObjectPool.borrowObject(GenericObjectPool.java:1181)
at 
org.wso2.carbon.event.output.adapter.jms.internal.util.JMSConnectionFactory.getConnectionFromPool(JMSConnectionFactory.java:286)
at 
org.wso2.carbon.event.output.adapter.jms.internal.util.JMSMessageSender.send(JMSMessageSender.java:86)
at 
org.wso2.carbon.event.output.adapter.jms.JMSEventAdapter$JMSSender.run(JMSEventAdapter.java:284)
at 
java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at 
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at 
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at