subject:"\[Dev\] Help setup SSO in APIM"

Re: [Dev] Help setup SSO in APIM

2016-06-01 Thread Thilini Cooray

Hi,

As per the discussion in [1], this issue can arise due to a certificate
mismatch of portal and your IdP.
Can you please check whether you can follow suggested solutions?

[1] http://mail.wso2.org/mailarchive/dev/2015-January/042262.html

Thanks.

On Wed, Jun 1, 2016 at 2:08 PM, Megala Uthayakumar  wrote:

> Hi Farasath,
>
> I have used only response signing on. But still I have the same issue.
>
> Thanks.
>
> On Wed, Jun 1, 2016 at 12:46 PM, Farasath Ahamed 
> wrote:
>
>> Hi Megala,
>>
>> Have you enabled Signature validation for Authentication requests?  If so
>> can you try the scenario with only Response signing on and see if it works
>> for tenants as well.
>>
>>
>> Thanks,
>>
>> Farasath Ahamed
>> Software Engineer,
>> WSO2 Inc.; http://wso2.com
>> lean.enterprise.middleware
>>
>>
>> Email: farasa...@wso2.com
>> Mobile: +94777603866
>> Blog: blog.farazath.com
>> Twitter: @farazath619 
>>
>> On Wed, Jun 1, 2016 at 12:04 PM, Ruwan Abeykoon  wrote:
>>
>>> Hi All,
>>> We embedded the dashboard not using SSO, but with custom Jaggery page
>>> inside "admin-dashboard" app. So the authentication session with
>>> "admin-dashboard" is sufficient for all auth/authz purpose. Hence the above
>>> problem does not arise.
>>>
>>> Therefore that work is not technically related to this thread.
>>>
>>> Cheers,
>>> Ruwan
>>>
>>> On Wed, Jun 1, 2016 at 11:55 AM, Megala Uthayakumar 
>>> wrote:
>>>
 ok. I will check with him. Thanks

 On Wed, Jun 1, 2016 at 11:46 AM, Nuwan Dias  wrote:

> Ruwan worked on embedding the portal within the admin-dashboard. Can
> you please talk to him and see what this means in that context?
>
> On Wed, Jun 1, 2016 at 11:43 AM, Megala Uthayakumar 
> wrote:
>
>> No. This is the portal coming from carbon-dashboard feature. It is
>> different from admin-dashboard. Please see the screen-shot thanks.
>>
>> On Wed, Jun 1, 2016 at 11:36 AM, Nuwan Dias  wrote:
>>
>>> Portal in the sense admin-dashboard right?
>>>
>>> On Wed, Jun 1, 2016 at 11:33 AM, Megala Uthayakumar >> > wrote:
>>>
 I have already mounted the registry and publisher app is working
 fine in tenant mode as well. This issue only exists in the portal app.

 Thanks.

 Regards,
 Megala

 On Wed, Jun 1, 2016 at 11:26 AM, Nuwan Dias 
 wrote:

> You need to share the same registry (mount registries) between IS
> and APIM to make this work for tenants.
>
> Its because tenants have their key stores in the registry and the
> SAML response is signed using the key in this key store. If they don't
> share the registry signing will be done by one key and verification 
> will be
> done by a non-matching public key. Hence, signature validation will 
> fail.
>
> Disabling signature validation poses a security threat. Therefore
> its not recommended to do that.
>
> Thanks,
> NuwanD.
>
> On Wed, Jun 1, 2016 at 11:16 AM, Megala Uthayakumar <
> meg...@wso2.com> wrote:
>
>> It is working when I remove that signature validation part from
>> acs.jag
>>
>> On Wed, Jun 1, 2016 at 9:35 AM, Udara Rathnayake > > wrote:
>>
>>>
>>>
>>> On Wed, Jun 1, 2016 at 8:53 AM, Megala Uthayakumar <
>>> meg...@wso2.com> wrote:
>>>
 Hi All,

 I am trying to configure SSO in APIM 2.0.x by following [1].
 Publisher and Store jaggery apps work as expected but when I try 
 to login
 to portal app(Portal of Dashboard Server) using SSO, it works fine 
 when I
 am logging in as super-tenant user but whenever I try to login in 
 as a user
 from other tenants, it throws following error,

 org.opensaml.xml.validation.ValidationException: Signature did
 not validate against the credential's key

>>> For the moment, shall we disable the signature validation and
>>> try?
>>>
>>>
 at
 org.opensaml.xml.signature.SignatureValidator.validate(SignatureValidator.java:79)
 at
 org.jaggeryjs.modules.sso.common.util.Util.validateSignature(Util.java:290)
 at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
 at
 sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
 at
 sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

Re: [Dev] Help setup SSO in APIM

2016-06-01 Thread Megala Uthayakumar

Hi Farasath,

I have used only response signing on. But still I have the same issue.

Thanks.

On Wed, Jun 1, 2016 at 12:46 PM, Farasath Ahamed  wrote:

> Hi Megala,
>
> Have you enabled Signature validation for Authentication requests?  If so
> can you try the scenario with only Response signing on and see if it works
> for tenants as well.
>
>
> Thanks,
>
> Farasath Ahamed
> Software Engineer,
> WSO2 Inc.; http://wso2.com
> lean.enterprise.middleware
>
>
> Email: farasa...@wso2.com
> Mobile: +94777603866
> Blog: blog.farazath.com
> Twitter: @farazath619 
>
> On Wed, Jun 1, 2016 at 12:04 PM, Ruwan Abeykoon  wrote:
>
>> Hi All,
>> We embedded the dashboard not using SSO, but with custom Jaggery page
>> inside "admin-dashboard" app. So the authentication session with
>> "admin-dashboard" is sufficient for all auth/authz purpose. Hence the above
>> problem does not arise.
>>
>> Therefore that work is not technically related to this thread.
>>
>> Cheers,
>> Ruwan
>>
>> On Wed, Jun 1, 2016 at 11:55 AM, Megala Uthayakumar 
>> wrote:
>>
>>> ok. I will check with him. Thanks
>>>
>>> On Wed, Jun 1, 2016 at 11:46 AM, Nuwan Dias  wrote:
>>>
 Ruwan worked on embedding the portal within the admin-dashboard. Can
 you please talk to him and see what this means in that context?

 On Wed, Jun 1, 2016 at 11:43 AM, Megala Uthayakumar 
 wrote:

> No. This is the portal coming from carbon-dashboard feature. It is
> different from admin-dashboard. Please see the screen-shot thanks.
>
> On Wed, Jun 1, 2016 at 11:36 AM, Nuwan Dias  wrote:
>
>> Portal in the sense admin-dashboard right?
>>
>> On Wed, Jun 1, 2016 at 11:33 AM, Megala Uthayakumar 
>> wrote:
>>
>>> I have already mounted the registry and publisher app is working
>>> fine in tenant mode as well. This issue only exists in the portal app.
>>>
>>> Thanks.
>>>
>>> Regards,
>>> Megala
>>>
>>> On Wed, Jun 1, 2016 at 11:26 AM, Nuwan Dias  wrote:
>>>
 You need to share the same registry (mount registries) between IS
 and APIM to make this work for tenants.

 Its because tenants have their key stores in the registry and the
 SAML response is signed using the key in this key store. If they don't
 share the registry signing will be done by one key and verification 
 will be
 done by a non-matching public key. Hence, signature validation will 
 fail.

 Disabling signature validation poses a security threat. Therefore
 its not recommended to do that.

 Thanks,
 NuwanD.

 On Wed, Jun 1, 2016 at 11:16 AM, Megala Uthayakumar <
 meg...@wso2.com> wrote:

> It is working when I remove that signature validation part from
> acs.jag
>
> On Wed, Jun 1, 2016 at 9:35 AM, Udara Rathnayake 
> wrote:
>
>>
>>
>> On Wed, Jun 1, 2016 at 8:53 AM, Megala Uthayakumar <
>> meg...@wso2.com> wrote:
>>
>>> Hi All,
>>>
>>> I am trying to configure SSO in APIM 2.0.x by following [1].
>>> Publisher and Store jaggery apps work as expected but when I try to 
>>> login
>>> to portal app(Portal of Dashboard Server) using SSO, it works fine 
>>> when I
>>> am logging in as super-tenant user but whenever I try to login in 
>>> as a user
>>> from other tenants, it throws following error,
>>>
>>> org.opensaml.xml.validation.ValidationException: Signature did
>>> not validate against the credential's key
>>>
>> For the moment, shall we disable the signature validation and
>> try?
>>
>>
>>> at
>>> org.opensaml.xml.signature.SignatureValidator.validate(SignatureValidator.java:79)
>>> at
>>> org.jaggeryjs.modules.sso.common.util.Util.validateSignature(Util.java:290)
>>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>>> at
>>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
>>> at
>>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>>> at java.lang.reflect.Method.invoke(Method.java:606)
>>> at org.mozilla.javascript.MemberBox.invoke(MemberBox.java:126)
>>> at
>>> org.mozilla.javascript.NativeJavaMethod.call(NativeJavaMethod.java:225)
>>> at
>>> org.mozilla.javascript.optimizer.OptRuntime.callN(OptRuntime.java:52)
>>> at
>>> org.jaggeryjs.rhino..scripts.c0._c_anonymous_3(/scripts/sso.client.js:57)
>>> at
>>>

Re: [Dev] Help setup SSO in APIM

2016-06-01 Thread Farasath Ahamed

Hi Megala,

Have you enabled Signature validation for Authentication requests?  If so
can you try the scenario with only Response signing on and see if it works
for tenants as well.


Thanks,

Farasath Ahamed
Software Engineer,
WSO2 Inc.; http://wso2.com
lean.enterprise.middleware


Email: farasa...@wso2.com
Mobile: +94777603866
Blog: blog.farazath.com
Twitter: @farazath619 

On Wed, Jun 1, 2016 at 12:04 PM, Ruwan Abeykoon  wrote:

> Hi All,
> We embedded the dashboard not using SSO, but with custom Jaggery page
> inside "admin-dashboard" app. So the authentication session with
> "admin-dashboard" is sufficient for all auth/authz purpose. Hence the above
> problem does not arise.
>
> Therefore that work is not technically related to this thread.
>
> Cheers,
> Ruwan
>
> On Wed, Jun 1, 2016 at 11:55 AM, Megala Uthayakumar 
> wrote:
>
>> ok. I will check with him. Thanks
>>
>> On Wed, Jun 1, 2016 at 11:46 AM, Nuwan Dias  wrote:
>>
>>> Ruwan worked on embedding the portal within the admin-dashboard. Can you
>>> please talk to him and see what this means in that context?
>>>
>>> On Wed, Jun 1, 2016 at 11:43 AM, Megala Uthayakumar 
>>> wrote:
>>>
 No. This is the portal coming from carbon-dashboard feature. It is
 different from admin-dashboard. Please see the screen-shot thanks.

 On Wed, Jun 1, 2016 at 11:36 AM, Nuwan Dias  wrote:

> Portal in the sense admin-dashboard right?
>
> On Wed, Jun 1, 2016 at 11:33 AM, Megala Uthayakumar 
> wrote:
>
>> I have already mounted the registry and publisher app is working fine
>> in tenant mode as well. This issue only exists in the portal app.
>>
>> Thanks.
>>
>> Regards,
>> Megala
>>
>> On Wed, Jun 1, 2016 at 11:26 AM, Nuwan Dias  wrote:
>>
>>> You need to share the same registry (mount registries) between IS
>>> and APIM to make this work for tenants.
>>>
>>> Its because tenants have their key stores in the registry and the
>>> SAML response is signed using the key in this key store. If they don't
>>> share the registry signing will be done by one key and verification 
>>> will be
>>> done by a non-matching public key. Hence, signature validation will 
>>> fail.
>>>
>>> Disabling signature validation poses a security threat. Therefore
>>> its not recommended to do that.
>>>
>>> Thanks,
>>> NuwanD.
>>>
>>> On Wed, Jun 1, 2016 at 11:16 AM, Megala Uthayakumar >> > wrote:
>>>
 It is working when I remove that signature validation part from
 acs.jag

 On Wed, Jun 1, 2016 at 9:35 AM, Udara Rathnayake 
 wrote:

>
>
> On Wed, Jun 1, 2016 at 8:53 AM, Megala Uthayakumar <
> meg...@wso2.com> wrote:
>
>> Hi All,
>>
>> I am trying to configure SSO in APIM 2.0.x by following [1].
>> Publisher and Store jaggery apps work as expected but when I try to 
>> login
>> to portal app(Portal of Dashboard Server) using SSO, it works fine 
>> when I
>> am logging in as super-tenant user but whenever I try to login in as 
>> a user
>> from other tenants, it throws following error,
>>
>> org.opensaml.xml.validation.ValidationException: Signature did
>> not validate against the credential's key
>>
> For the moment, shall we disable the signature validation and
> try?
>
>
>> at
>> org.opensaml.xml.signature.SignatureValidator.validate(SignatureValidator.java:79)
>> at
>> org.jaggeryjs.modules.sso.common.util.Util.validateSignature(Util.java:290)
>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>> at
>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
>> at
>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>> at java.lang.reflect.Method.invoke(Method.java:606)
>> at org.mozilla.javascript.MemberBox.invoke(MemberBox.java:126)
>> at
>> org.mozilla.javascript.NativeJavaMethod.call(NativeJavaMethod.java:225)
>> at
>> org.mozilla.javascript.optimizer.OptRuntime.callN(OptRuntime.java:52)
>> at
>> org.jaggeryjs.rhino..scripts.c0._c_anonymous_3(/scripts/sso.client.js:57)
>> at
>> org.jaggeryjs.rhino..scripts.c0.call(/scripts/sso.client.js)
>> at
>> org.mozilla.javascript.optimizer.OptRuntime.call2(OptRuntime.java:42)
>> at
>> org.jaggeryjs.rhino.portal.controllers.c3._c_anonymous_1(/portal/controllers/acs.jag:77)
>> at
>>

Re: [Dev] Help setup SSO in APIM

2016-06-01 Thread Ruwan Abeykoon

Hi All,
We embedded the dashboard not using SSO, but with custom Jaggery page
inside "admin-dashboard" app. So the authentication session with
"admin-dashboard" is sufficient for all auth/authz purpose. Hence the above
problem does not arise.

Therefore that work is not technically related to this thread.

Cheers,
Ruwan

On Wed, Jun 1, 2016 at 11:55 AM, Megala Uthayakumar  wrote:

> ok. I will check with him. Thanks
>
> On Wed, Jun 1, 2016 at 11:46 AM, Nuwan Dias  wrote:
>
>> Ruwan worked on embedding the portal within the admin-dashboard. Can you
>> please talk to him and see what this means in that context?
>>
>> On Wed, Jun 1, 2016 at 11:43 AM, Megala Uthayakumar 
>> wrote:
>>
>>> No. This is the portal coming from carbon-dashboard feature. It is
>>> different from admin-dashboard. Please see the screen-shot thanks.
>>>
>>> On Wed, Jun 1, 2016 at 11:36 AM, Nuwan Dias  wrote:
>>>
 Portal in the sense admin-dashboard right?

 On Wed, Jun 1, 2016 at 11:33 AM, Megala Uthayakumar 
 wrote:

> I have already mounted the registry and publisher app is working fine
> in tenant mode as well. This issue only exists in the portal app.
>
> Thanks.
>
> Regards,
> Megala
>
> On Wed, Jun 1, 2016 at 11:26 AM, Nuwan Dias  wrote:
>
>> You need to share the same registry (mount registries) between IS and
>> APIM to make this work for tenants.
>>
>> Its because tenants have their key stores in the registry and the
>> SAML response is signed using the key in this key store. If they don't
>> share the registry signing will be done by one key and verification will 
>> be
>> done by a non-matching public key. Hence, signature validation will fail.
>>
>> Disabling signature validation poses a security threat. Therefore its
>> not recommended to do that.
>>
>> Thanks,
>> NuwanD.
>>
>> On Wed, Jun 1, 2016 at 11:16 AM, Megala Uthayakumar 
>> wrote:
>>
>>> It is working when I remove that signature validation part from
>>> acs.jag
>>>
>>> On Wed, Jun 1, 2016 at 9:35 AM, Udara Rathnayake 
>>> wrote:
>>>


 On Wed, Jun 1, 2016 at 8:53 AM, Megala Uthayakumar  wrote:

> Hi All,
>
> I am trying to configure SSO in APIM 2.0.x by following [1].
> Publisher and Store jaggery apps work as expected but when I try to 
> login
> to portal app(Portal of Dashboard Server) using SSO, it works fine 
> when I
> am logging in as super-tenant user but whenever I try to login in as 
> a user
> from other tenants, it throws following error,
>
> org.opensaml.xml.validation.ValidationException: Signature did not
> validate against the credential's key
>
 For the moment, shall we disable the signature validation and try?


> at
> org.opensaml.xml.signature.SignatureValidator.validate(SignatureValidator.java:79)
> at
> org.jaggeryjs.modules.sso.common.util.Util.validateSignature(Util.java:290)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:606)
> at org.mozilla.javascript.MemberBox.invoke(MemberBox.java:126)
> at
> org.mozilla.javascript.NativeJavaMethod.call(NativeJavaMethod.java:225)
> at
> org.mozilla.javascript.optimizer.OptRuntime.callN(OptRuntime.java:52)
> at
> org.jaggeryjs.rhino..scripts.c0._c_anonymous_3(/scripts/sso.client.js:57)
> at
> org.jaggeryjs.rhino..scripts.c0.call(/scripts/sso.client.js)
> at
> org.mozilla.javascript.optimizer.OptRuntime.call2(OptRuntime.java:42)
> at
> org.jaggeryjs.rhino.portal.controllers.c3._c_anonymous_1(/portal/controllers/acs.jag:77)
> at
> org.jaggeryjs.rhino.portal.controllers.c3.call(/portal/controllers/acs.jag)
> at
> org.mozilla.javascript.optimizer.OptRuntime.call0(OptRuntime.java:23)
> at
> org.jaggeryjs.rhino.portal.controllers.c3._c_script_0(/portal/controllers/acs.jag:20)
> at
> org.jaggeryjs.rhino.portal.controllers.c3.call(/portal/controllers/acs.jag)
> at
> org.mozilla.javascript.ContextFactory.doTopCall(ContextFactory.java:394)
> at
> org.mozilla.javascript.ScriptRuntime.doTopCall(ScriptRuntime.java:3091)
> at
> org.jaggeryjs.rhino.portal.controllers.c3.call(/portal/controllers/acs.jag)

Re: [Dev] Help setup SSO in APIM

2016-06-01 Thread Megala Uthayakumar

ok. I will check with him. Thanks

On Wed, Jun 1, 2016 at 11:46 AM, Nuwan Dias  wrote:

> Ruwan worked on embedding the portal within the admin-dashboard. Can you
> please talk to him and see what this means in that context?
>
> On Wed, Jun 1, 2016 at 11:43 AM, Megala Uthayakumar 
> wrote:
>
>> No. This is the portal coming from carbon-dashboard feature. It is
>> different from admin-dashboard. Please see the screen-shot thanks.
>>
>> On Wed, Jun 1, 2016 at 11:36 AM, Nuwan Dias  wrote:
>>
>>> Portal in the sense admin-dashboard right?
>>>
>>> On Wed, Jun 1, 2016 at 11:33 AM, Megala Uthayakumar 
>>> wrote:
>>>
 I have already mounted the registry and publisher app is working fine
 in tenant mode as well. This issue only exists in the portal app.

 Thanks.

 Regards,
 Megala

 On Wed, Jun 1, 2016 at 11:26 AM, Nuwan Dias  wrote:

> You need to share the same registry (mount registries) between IS and
> APIM to make this work for tenants.
>
> Its because tenants have their key stores in the registry and the SAML
> response is signed using the key in this key store. If they don't share 
> the
> registry signing will be done by one key and verification will be done by 
> a
> non-matching public key. Hence, signature validation will fail.
>
> Disabling signature validation poses a security threat. Therefore its
> not recommended to do that.
>
> Thanks,
> NuwanD.
>
> On Wed, Jun 1, 2016 at 11:16 AM, Megala Uthayakumar 
> wrote:
>
>> It is working when I remove that signature validation part from
>> acs.jag
>>
>> On Wed, Jun 1, 2016 at 9:35 AM, Udara Rathnayake 
>> wrote:
>>
>>>
>>>
>>> On Wed, Jun 1, 2016 at 8:53 AM, Megala Uthayakumar 
>>> wrote:
>>>
 Hi All,

 I am trying to configure SSO in APIM 2.0.x by following [1].
 Publisher and Store jaggery apps work as expected but when I try to 
 login
 to portal app(Portal of Dashboard Server) using SSO, it works fine 
 when I
 am logging in as super-tenant user but whenever I try to login in as a 
 user
 from other tenants, it throws following error,

 org.opensaml.xml.validation.ValidationException: Signature did not
 validate against the credential's key

>>> For the moment, shall we disable the signature validation and try?
>>>
>>>
 at
 org.opensaml.xml.signature.SignatureValidator.validate(SignatureValidator.java:79)
 at
 org.jaggeryjs.modules.sso.common.util.Util.validateSignature(Util.java:290)
 at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
 at
 sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
 at
 sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
 at java.lang.reflect.Method.invoke(Method.java:606)
 at org.mozilla.javascript.MemberBox.invoke(MemberBox.java:126)
 at
 org.mozilla.javascript.NativeJavaMethod.call(NativeJavaMethod.java:225)
 at
 org.mozilla.javascript.optimizer.OptRuntime.callN(OptRuntime.java:52)
 at
 org.jaggeryjs.rhino..scripts.c0._c_anonymous_3(/scripts/sso.client.js:57)
 at
 org.jaggeryjs.rhino..scripts.c0.call(/scripts/sso.client.js)
 at
 org.mozilla.javascript.optimizer.OptRuntime.call2(OptRuntime.java:42)
 at
 org.jaggeryjs.rhino.portal.controllers.c3._c_anonymous_1(/portal/controllers/acs.jag:77)
 at
 org.jaggeryjs.rhino.portal.controllers.c3.call(/portal/controllers/acs.jag)
 at
 org.mozilla.javascript.optimizer.OptRuntime.call0(OptRuntime.java:23)
 at
 org.jaggeryjs.rhino.portal.controllers.c3._c_script_0(/portal/controllers/acs.jag:20)
 at
 org.jaggeryjs.rhino.portal.controllers.c3.call(/portal/controllers/acs.jag)
 at
 org.mozilla.javascript.ContextFactory.doTopCall(ContextFactory.java:394)
 at
 org.mozilla.javascript.ScriptRuntime.doTopCall(ScriptRuntime.java:3091)
 at
 org.jaggeryjs.rhino.portal.controllers.c3.call(/portal/controllers/acs.jag)
 at
 org.jaggeryjs.rhino.portal.controllers.c3.exec(/portal/controllers/acs.jag)
 at
 org.jaggeryjs.scriptengine.engine.RhinoEngine.execScript(RhinoEngine.java:567)
 at
 org.jaggeryjs.scriptengine.engine.RhinoEngine.exec(RhinoEngine.java:273)
 at
 org.jaggeryjs.jaggery.core.manager.WebAppManager.exec(WebAppManager.java:587)
 at
 org.jaggeryjs.jaggery.core.manager.WebAppManager.execute(WebAppManager.java:507)
 at

Re: [Dev] Help setup SSO in APIM

2016-06-01 Thread Nuwan Dias

Ruwan worked on embedding the portal within the admin-dashboard. Can you
please talk to him and see what this means in that context?

On Wed, Jun 1, 2016 at 11:43 AM, Megala Uthayakumar  wrote:

> No. This is the portal coming from carbon-dashboard feature. It is
> different from admin-dashboard. Please see the screen-shot thanks.
>
> On Wed, Jun 1, 2016 at 11:36 AM, Nuwan Dias  wrote:
>
>> Portal in the sense admin-dashboard right?
>>
>> On Wed, Jun 1, 2016 at 11:33 AM, Megala Uthayakumar 
>> wrote:
>>
>>> I have already mounted the registry and publisher app is working fine in
>>> tenant mode as well. This issue only exists in the portal app.
>>>
>>> Thanks.
>>>
>>> Regards,
>>> Megala
>>>
>>> On Wed, Jun 1, 2016 at 11:26 AM, Nuwan Dias  wrote:
>>>
 You need to share the same registry (mount registries) between IS and
 APIM to make this work for tenants.

 Its because tenants have their key stores in the registry and the SAML
 response is signed using the key in this key store. If they don't share the
 registry signing will be done by one key and verification will be done by a
 non-matching public key. Hence, signature validation will fail.

 Disabling signature validation poses a security threat. Therefore its
 not recommended to do that.

 Thanks,
 NuwanD.

 On Wed, Jun 1, 2016 at 11:16 AM, Megala Uthayakumar 
 wrote:

> It is working when I remove that signature validation part from acs.jag
>
> On Wed, Jun 1, 2016 at 9:35 AM, Udara Rathnayake 
> wrote:
>
>>
>>
>> On Wed, Jun 1, 2016 at 8:53 AM, Megala Uthayakumar 
>> wrote:
>>
>>> Hi All,
>>>
>>> I am trying to configure SSO in APIM 2.0.x by following [1].
>>> Publisher and Store jaggery apps work as expected but when I try to 
>>> login
>>> to portal app(Portal of Dashboard Server) using SSO, it works fine when 
>>> I
>>> am logging in as super-tenant user but whenever I try to login in as a 
>>> user
>>> from other tenants, it throws following error,
>>>
>>> org.opensaml.xml.validation.ValidationException: Signature did not
>>> validate against the credential's key
>>>
>> For the moment, shall we disable the signature validation and try?
>>
>>
>>> at
>>> org.opensaml.xml.signature.SignatureValidator.validate(SignatureValidator.java:79)
>>> at
>>> org.jaggeryjs.modules.sso.common.util.Util.validateSignature(Util.java:290)
>>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>>> at
>>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
>>> at
>>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>>> at java.lang.reflect.Method.invoke(Method.java:606)
>>> at org.mozilla.javascript.MemberBox.invoke(MemberBox.java:126)
>>> at
>>> org.mozilla.javascript.NativeJavaMethod.call(NativeJavaMethod.java:225)
>>> at
>>> org.mozilla.javascript.optimizer.OptRuntime.callN(OptRuntime.java:52)
>>> at
>>> org.jaggeryjs.rhino..scripts.c0._c_anonymous_3(/scripts/sso.client.js:57)
>>> at
>>> org.jaggeryjs.rhino..scripts.c0.call(/scripts/sso.client.js)
>>> at
>>> org.mozilla.javascript.optimizer.OptRuntime.call2(OptRuntime.java:42)
>>> at
>>> org.jaggeryjs.rhino.portal.controllers.c3._c_anonymous_1(/portal/controllers/acs.jag:77)
>>> at
>>> org.jaggeryjs.rhino.portal.controllers.c3.call(/portal/controllers/acs.jag)
>>> at
>>> org.mozilla.javascript.optimizer.OptRuntime.call0(OptRuntime.java:23)
>>> at
>>> org.jaggeryjs.rhino.portal.controllers.c3._c_script_0(/portal/controllers/acs.jag:20)
>>> at
>>> org.jaggeryjs.rhino.portal.controllers.c3.call(/portal/controllers/acs.jag)
>>> at
>>> org.mozilla.javascript.ContextFactory.doTopCall(ContextFactory.java:394)
>>> at
>>> org.mozilla.javascript.ScriptRuntime.doTopCall(ScriptRuntime.java:3091)
>>> at
>>> org.jaggeryjs.rhino.portal.controllers.c3.call(/portal/controllers/acs.jag)
>>> at
>>> org.jaggeryjs.rhino.portal.controllers.c3.exec(/portal/controllers/acs.jag)
>>> at
>>> org.jaggeryjs.scriptengine.engine.RhinoEngine.execScript(RhinoEngine.java:567)
>>> at
>>> org.jaggeryjs.scriptengine.engine.RhinoEngine.exec(RhinoEngine.java:273)
>>> at
>>> org.jaggeryjs.jaggery.core.manager.WebAppManager.exec(WebAppManager.java:587)
>>> at
>>> org.jaggeryjs.jaggery.core.manager.WebAppManager.execute(WebAppManager.java:507)
>>> at
>>> org.jaggeryjs.jaggery.core.JaggeryServlet.doPost(JaggeryServlet.java:29)
>>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:650)
>>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:731)
>>> at
>>>

Re: [Dev] Help setup SSO in APIM

2016-06-01 Thread Nuwan Dias

Portal in the sense admin-dashboard right?

On Wed, Jun 1, 2016 at 11:33 AM, Megala Uthayakumar  wrote:

> I have already mounted the registry and publisher app is working fine in
> tenant mode as well. This issue only exists in the portal app.
>
> Thanks.
>
> Regards,
> Megala
>
> On Wed, Jun 1, 2016 at 11:26 AM, Nuwan Dias  wrote:
>
>> You need to share the same registry (mount registries) between IS and
>> APIM to make this work for tenants.
>>
>> Its because tenants have their key stores in the registry and the SAML
>> response is signed using the key in this key store. If they don't share the
>> registry signing will be done by one key and verification will be done by a
>> non-matching public key. Hence, signature validation will fail.
>>
>> Disabling signature validation poses a security threat. Therefore its not
>> recommended to do that.
>>
>> Thanks,
>> NuwanD.
>>
>> On Wed, Jun 1, 2016 at 11:16 AM, Megala Uthayakumar 
>> wrote:
>>
>>> It is working when I remove that signature validation part from acs.jag
>>>
>>> On Wed, Jun 1, 2016 at 9:35 AM, Udara Rathnayake 
>>> wrote:
>>>


 On Wed, Jun 1, 2016 at 8:53 AM, Megala Uthayakumar 
 wrote:

> Hi All,
>
> I am trying to configure SSO in APIM 2.0.x by following [1]. Publisher
> and Store jaggery apps work as expected but when I try to login to portal
> app(Portal of Dashboard Server) using SSO, it works fine when I am logging
> in as super-tenant user but whenever I try to login in as a user from 
> other
> tenants, it throws following error,
>
> org.opensaml.xml.validation.ValidationException: Signature did not
> validate against the credential's key
>
 For the moment, shall we disable the signature validation and try?


> at
> org.opensaml.xml.signature.SignatureValidator.validate(SignatureValidator.java:79)
> at
> org.jaggeryjs.modules.sso.common.util.Util.validateSignature(Util.java:290)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:606)
> at org.mozilla.javascript.MemberBox.invoke(MemberBox.java:126)
> at
> org.mozilla.javascript.NativeJavaMethod.call(NativeJavaMethod.java:225)
> at
> org.mozilla.javascript.optimizer.OptRuntime.callN(OptRuntime.java:52)
> at
> org.jaggeryjs.rhino..scripts.c0._c_anonymous_3(/scripts/sso.client.js:57)
> at
> org.jaggeryjs.rhino..scripts.c0.call(/scripts/sso.client.js)
> at
> org.mozilla.javascript.optimizer.OptRuntime.call2(OptRuntime.java:42)
> at
> org.jaggeryjs.rhino.portal.controllers.c3._c_anonymous_1(/portal/controllers/acs.jag:77)
> at
> org.jaggeryjs.rhino.portal.controllers.c3.call(/portal/controllers/acs.jag)
> at
> org.mozilla.javascript.optimizer.OptRuntime.call0(OptRuntime.java:23)
> at
> org.jaggeryjs.rhino.portal.controllers.c3._c_script_0(/portal/controllers/acs.jag:20)
> at
> org.jaggeryjs.rhino.portal.controllers.c3.call(/portal/controllers/acs.jag)
> at
> org.mozilla.javascript.ContextFactory.doTopCall(ContextFactory.java:394)
> at
> org.mozilla.javascript.ScriptRuntime.doTopCall(ScriptRuntime.java:3091)
> at
> org.jaggeryjs.rhino.portal.controllers.c3.call(/portal/controllers/acs.jag)
> at
> org.jaggeryjs.rhino.portal.controllers.c3.exec(/portal/controllers/acs.jag)
> at
> org.jaggeryjs.scriptengine.engine.RhinoEngine.execScript(RhinoEngine.java:567)
> at
> org.jaggeryjs.scriptengine.engine.RhinoEngine.exec(RhinoEngine.java:273)
> at
> org.jaggeryjs.jaggery.core.manager.WebAppManager.exec(WebAppManager.java:587)
> at
> org.jaggeryjs.jaggery.core.manager.WebAppManager.execute(WebAppManager.java:507)
> at
> org.jaggeryjs.jaggery.core.JaggeryServlet.doPost(JaggeryServlet.java:29)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:650)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:731)
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303)
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
> at
> org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:747)
> at
> org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDispatcher.java:485)
> at
> org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:377)
> at
> org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:337)
> at
>

Re: [Dev] Help setup SSO in APIM

2016-06-01 Thread Megala Uthayakumar

I have already mounted the registry and publisher app is working fine in
tenant mode as well. This issue only exists in the portal app.

Thanks.

Regards,
Megala

On Wed, Jun 1, 2016 at 11:26 AM, Nuwan Dias  wrote:

> You need to share the same registry (mount registries) between IS and APIM
> to make this work for tenants.
>
> Its because tenants have their key stores in the registry and the SAML
> response is signed using the key in this key store. If they don't share the
> registry signing will be done by one key and verification will be done by a
> non-matching public key. Hence, signature validation will fail.
>
> Disabling signature validation poses a security threat. Therefore its not
> recommended to do that.
>
> Thanks,
> NuwanD.
>
> On Wed, Jun 1, 2016 at 11:16 AM, Megala Uthayakumar 
> wrote:
>
>> It is working when I remove that signature validation part from acs.jag
>>
>> On Wed, Jun 1, 2016 at 9:35 AM, Udara Rathnayake  wrote:
>>
>>>
>>>
>>> On Wed, Jun 1, 2016 at 8:53 AM, Megala Uthayakumar 
>>> wrote:
>>>
 Hi All,

 I am trying to configure SSO in APIM 2.0.x by following [1]. Publisher
 and Store jaggery apps work as expected but when I try to login to portal
 app(Portal of Dashboard Server) using SSO, it works fine when I am logging
 in as super-tenant user but whenever I try to login in as a user from other
 tenants, it throws following error,

 org.opensaml.xml.validation.ValidationException: Signature did not
 validate against the credential's key

>>> For the moment, shall we disable the signature validation and try?
>>>
>>>
 at
 org.opensaml.xml.signature.SignatureValidator.validate(SignatureValidator.java:79)
 at
 org.jaggeryjs.modules.sso.common.util.Util.validateSignature(Util.java:290)
 at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
 at
 sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
 at
 sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
 at java.lang.reflect.Method.invoke(Method.java:606)
 at org.mozilla.javascript.MemberBox.invoke(MemberBox.java:126)
 at
 org.mozilla.javascript.NativeJavaMethod.call(NativeJavaMethod.java:225)
 at org.mozilla.javascript.optimizer.OptRuntime.callN(OptRuntime.java:52)
 at
 org.jaggeryjs.rhino..scripts.c0._c_anonymous_3(/scripts/sso.client.js:57)
 at
 org.jaggeryjs.rhino..scripts.c0.call(/scripts/sso.client.js)
 at org.mozilla.javascript.optimizer.OptRuntime.call2(OptRuntime.java:42)
 at
 org.jaggeryjs.rhino.portal.controllers.c3._c_anonymous_1(/portal/controllers/acs.jag:77)
 at
 org.jaggeryjs.rhino.portal.controllers.c3.call(/portal/controllers/acs.jag)
 at org.mozilla.javascript.optimizer.OptRuntime.call0(OptRuntime.java:23)
 at
 org.jaggeryjs.rhino.portal.controllers.c3._c_script_0(/portal/controllers/acs.jag:20)
 at
 org.jaggeryjs.rhino.portal.controllers.c3.call(/portal/controllers/acs.jag)
 at
 org.mozilla.javascript.ContextFactory.doTopCall(ContextFactory.java:394)
 at
 org.mozilla.javascript.ScriptRuntime.doTopCall(ScriptRuntime.java:3091)
 at
 org.jaggeryjs.rhino.portal.controllers.c3.call(/portal/controllers/acs.jag)
 at
 org.jaggeryjs.rhino.portal.controllers.c3.exec(/portal/controllers/acs.jag)
 at
 org.jaggeryjs.scriptengine.engine.RhinoEngine.execScript(RhinoEngine.java:567)
 at
 org.jaggeryjs.scriptengine.engine.RhinoEngine.exec(RhinoEngine.java:273)
 at
 org.jaggeryjs.jaggery.core.manager.WebAppManager.exec(WebAppManager.java:587)
 at
 org.jaggeryjs.jaggery.core.manager.WebAppManager.execute(WebAppManager.java:507)
 at
 org.jaggeryjs.jaggery.core.JaggeryServlet.doPost(JaggeryServlet.java:29)
 at javax.servlet.http.HttpServlet.service(HttpServlet.java:650)
 at javax.servlet.http.HttpServlet.service(HttpServlet.java:731)
 at
 org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303)
 at
 org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
 at
 org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:747)
 at
 org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDispatcher.java:485)
 at
 org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:377)
 at
 org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:337)
 at
 org.jaggeryjs.jaggery.core.JaggeryFilter.doFilter(JaggeryFilter.java:21)
 at
 org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
 at
 org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
 at

Re: [Dev] Help setup SSO in APIM

2016-05-31 Thread Nuwan Dias

You need to share the same registry (mount registries) between IS and APIM
to make this work for tenants.

Its because tenants have their key stores in the registry and the SAML
response is signed using the key in this key store. If they don't share the
registry signing will be done by one key and verification will be done by a
non-matching public key. Hence, signature validation will fail.

Disabling signature validation poses a security threat. Therefore its not
recommended to do that.

Thanks,
NuwanD.

On Wed, Jun 1, 2016 at 11:16 AM, Megala Uthayakumar  wrote:

> It is working when I remove that signature validation part from acs.jag
>
> On Wed, Jun 1, 2016 at 9:35 AM, Udara Rathnayake  wrote:
>
>>
>>
>> On Wed, Jun 1, 2016 at 8:53 AM, Megala Uthayakumar 
>> wrote:
>>
>>> Hi All,
>>>
>>> I am trying to configure SSO in APIM 2.0.x by following [1]. Publisher
>>> and Store jaggery apps work as expected but when I try to login to portal
>>> app(Portal of Dashboard Server) using SSO, it works fine when I am logging
>>> in as super-tenant user but whenever I try to login in as a user from other
>>> tenants, it throws following error,
>>>
>>> org.opensaml.xml.validation.ValidationException: Signature did not
>>> validate against the credential's key
>>>
>> For the moment, shall we disable the signature validation and try?
>>
>>
>>> at
>>> org.opensaml.xml.signature.SignatureValidator.validate(SignatureValidator.java:79)
>>> at
>>> org.jaggeryjs.modules.sso.common.util.Util.validateSignature(Util.java:290)
>>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>>> at
>>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
>>> at
>>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>>> at java.lang.reflect.Method.invoke(Method.java:606)
>>> at org.mozilla.javascript.MemberBox.invoke(MemberBox.java:126)
>>> at
>>> org.mozilla.javascript.NativeJavaMethod.call(NativeJavaMethod.java:225)
>>> at org.mozilla.javascript.optimizer.OptRuntime.callN(OptRuntime.java:52)
>>> at
>>> org.jaggeryjs.rhino..scripts.c0._c_anonymous_3(/scripts/sso.client.js:57)
>>> at org.jaggeryjs.rhino..scripts.c0.call(/scripts/sso.client.js)
>>> at org.mozilla.javascript.optimizer.OptRuntime.call2(OptRuntime.java:42)
>>> at
>>> org.jaggeryjs.rhino.portal.controllers.c3._c_anonymous_1(/portal/controllers/acs.jag:77)
>>> at
>>> org.jaggeryjs.rhino.portal.controllers.c3.call(/portal/controllers/acs.jag)
>>> at org.mozilla.javascript.optimizer.OptRuntime.call0(OptRuntime.java:23)
>>> at
>>> org.jaggeryjs.rhino.portal.controllers.c3._c_script_0(/portal/controllers/acs.jag:20)
>>> at
>>> org.jaggeryjs.rhino.portal.controllers.c3.call(/portal/controllers/acs.jag)
>>> at
>>> org.mozilla.javascript.ContextFactory.doTopCall(ContextFactory.java:394)
>>> at
>>> org.mozilla.javascript.ScriptRuntime.doTopCall(ScriptRuntime.java:3091)
>>> at
>>> org.jaggeryjs.rhino.portal.controllers.c3.call(/portal/controllers/acs.jag)
>>> at
>>> org.jaggeryjs.rhino.portal.controllers.c3.exec(/portal/controllers/acs.jag)
>>> at
>>> org.jaggeryjs.scriptengine.engine.RhinoEngine.execScript(RhinoEngine.java:567)
>>> at
>>> org.jaggeryjs.scriptengine.engine.RhinoEngine.exec(RhinoEngine.java:273)
>>> at
>>> org.jaggeryjs.jaggery.core.manager.WebAppManager.exec(WebAppManager.java:587)
>>> at
>>> org.jaggeryjs.jaggery.core.manager.WebAppManager.execute(WebAppManager.java:507)
>>> at
>>> org.jaggeryjs.jaggery.core.JaggeryServlet.doPost(JaggeryServlet.java:29)
>>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:650)
>>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:731)
>>> at
>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303)
>>> at
>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
>>> at
>>> org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:747)
>>> at
>>> org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDispatcher.java:485)
>>> at
>>> org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:377)
>>> at
>>> org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:337)
>>> at
>>> org.jaggeryjs.jaggery.core.JaggeryFilter.doFilter(JaggeryFilter.java:21)
>>> at
>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
>>> at
>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
>>> at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
>>> at
>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
>>> at
>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
>>> at
>>> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220)

Re: [Dev] Help setup SSO in APIM

2016-05-31 Thread Megala Uthayakumar

It is working when I remove that signature validation part from acs.jag

On Wed, Jun 1, 2016 at 9:35 AM, Udara Rathnayake  wrote:

>
>
> On Wed, Jun 1, 2016 at 8:53 AM, Megala Uthayakumar 
> wrote:
>
>> Hi All,
>>
>> I am trying to configure SSO in APIM 2.0.x by following [1]. Publisher
>> and Store jaggery apps work as expected but when I try to login to portal
>> app(Portal of Dashboard Server) using SSO, it works fine when I am logging
>> in as super-tenant user but whenever I try to login in as a user from other
>> tenants, it throws following error,
>>
>> org.opensaml.xml.validation.ValidationException: Signature did not
>> validate against the credential's key
>>
> For the moment, shall we disable the signature validation and try?
>
>
>> at
>> org.opensaml.xml.signature.SignatureValidator.validate(SignatureValidator.java:79)
>> at
>> org.jaggeryjs.modules.sso.common.util.Util.validateSignature(Util.java:290)
>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>> at
>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
>> at
>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>> at java.lang.reflect.Method.invoke(Method.java:606)
>> at org.mozilla.javascript.MemberBox.invoke(MemberBox.java:126)
>> at org.mozilla.javascript.NativeJavaMethod.call(NativeJavaMethod.java:225)
>> at org.mozilla.javascript.optimizer.OptRuntime.callN(OptRuntime.java:52)
>> at
>> org.jaggeryjs.rhino..scripts.c0._c_anonymous_3(/scripts/sso.client.js:57)
>> at org.jaggeryjs.rhino..scripts.c0.call(/scripts/sso.client.js)
>> at org.mozilla.javascript.optimizer.OptRuntime.call2(OptRuntime.java:42)
>> at
>> org.jaggeryjs.rhino.portal.controllers.c3._c_anonymous_1(/portal/controllers/acs.jag:77)
>> at
>> org.jaggeryjs.rhino.portal.controllers.c3.call(/portal/controllers/acs.jag)
>> at org.mozilla.javascript.optimizer.OptRuntime.call0(OptRuntime.java:23)
>> at
>> org.jaggeryjs.rhino.portal.controllers.c3._c_script_0(/portal/controllers/acs.jag:20)
>> at
>> org.jaggeryjs.rhino.portal.controllers.c3.call(/portal/controllers/acs.jag)
>> at
>> org.mozilla.javascript.ContextFactory.doTopCall(ContextFactory.java:394)
>> at org.mozilla.javascript.ScriptRuntime.doTopCall(ScriptRuntime.java:3091)
>> at
>> org.jaggeryjs.rhino.portal.controllers.c3.call(/portal/controllers/acs.jag)
>> at
>> org.jaggeryjs.rhino.portal.controllers.c3.exec(/portal/controllers/acs.jag)
>> at
>> org.jaggeryjs.scriptengine.engine.RhinoEngine.execScript(RhinoEngine.java:567)
>> at
>> org.jaggeryjs.scriptengine.engine.RhinoEngine.exec(RhinoEngine.java:273)
>> at
>> org.jaggeryjs.jaggery.core.manager.WebAppManager.exec(WebAppManager.java:587)
>> at
>> org.jaggeryjs.jaggery.core.manager.WebAppManager.execute(WebAppManager.java:507)
>> at
>> org.jaggeryjs.jaggery.core.JaggeryServlet.doPost(JaggeryServlet.java:29)
>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:650)
>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:731)
>> at
>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303)
>> at
>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
>> at
>> org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:747)
>> at
>> org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDispatcher.java:485)
>> at
>> org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:377)
>> at
>> org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:337)
>> at
>> org.jaggeryjs.jaggery.core.JaggeryFilter.doFilter(JaggeryFilter.java:21)
>> at
>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
>> at
>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
>> at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
>> at
>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
>> at
>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
>> at
>> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220)
>> at
>> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122)
>> at
>> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:505)
>> at
>> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:169)
>> at
>> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
>> at
>> org.wso2.carbon.tomcat.ext.valves.CompositeValve.continueInvocation(CompositeValve.java:99)
>> at
>> org.wso2.carbon.tomcat.ext.valves.CarbonTomcatValve$1.invoke(CarbonTomcatValve.java:47)
>> at
>> org.wso2.carbon.webapp.mgt.TenantLazyLoaderValve.invoke(TenantLazyLoaderValve.java:57)
>> at
>>

Re: [Dev] Help setup SSO in APIM

2016-05-31 Thread Geesara Prathap

Hi Megala,

Enabling debug for oauth2 and sso on the server where your IDP is located
you can get something what is happening when they try to log in.

log4j.logger.org.wso2.carbon.identity.oauth2=DEBUG
log4j.logger.org.wso2.carbon.identity.sso.saml=DEBUG

maybe you are just not validating with the right cert/key. You can verify
this by looking at SAML accession.


On Wed, Jun 1, 2016 at 9:35 AM, Udara Rathnayake  wrote:

>
>
> On Wed, Jun 1, 2016 at 8:53 AM, Megala Uthayakumar 
> wrote:
>
>> Hi All,
>>
>> I am trying to configure SSO in APIM 2.0.x by following [1]. Publisher
>> and Store jaggery apps work as expected but when I try to login to portal
>> app(Portal of Dashboard Server) using SSO, it works fine when I am logging
>> in as super-tenant user but whenever I try to login in as a user from other
>> tenants, it throws following error,
>>
>> org.opensaml.xml.validation.ValidationException: Signature did not
>> validate against the credential's key
>>
> For the moment, shall we disable the signature validation and try?
>
>
>> at
>> org.opensaml.xml.signature.SignatureValidator.validate(SignatureValidator.java:79)
>> at
>> org.jaggeryjs.modules.sso.common.util.Util.validateSignature(Util.java:290)
>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>> at
>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
>> at
>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>> at java.lang.reflect.Method.invoke(Method.java:606)
>> at org.mozilla.javascript.MemberBox.invoke(MemberBox.java:126)
>> at org.mozilla.javascript.NativeJavaMethod.call(NativeJavaMethod.java:225)
>> at org.mozilla.javascript.optimizer.OptRuntime.callN(OptRuntime.java:52)
>> at
>> org.jaggeryjs.rhino..scripts.c0._c_anonymous_3(/scripts/sso.client.js:57)
>> at org.jaggeryjs.rhino..scripts.c0.call(/scripts/sso.client.js)
>> at org.mozilla.javascript.optimizer.OptRuntime.call2(OptRuntime.java:42)
>> at
>> org.jaggeryjs.rhino.portal.controllers.c3._c_anonymous_1(/portal/controllers/acs.jag:77)
>> at
>> org.jaggeryjs.rhino.portal.controllers.c3.call(/portal/controllers/acs.jag)
>> at org.mozilla.javascript.optimizer.OptRuntime.call0(OptRuntime.java:23)
>> at
>> org.jaggeryjs.rhino.portal.controllers.c3._c_script_0(/portal/controllers/acs.jag:20)
>> at
>> org.jaggeryjs.rhino.portal.controllers.c3.call(/portal/controllers/acs.jag)
>> at
>> org.mozilla.javascript.ContextFactory.doTopCall(ContextFactory.java:394)
>> at org.mozilla.javascript.ScriptRuntime.doTopCall(ScriptRuntime.java:3091)
>> at
>> org.jaggeryjs.rhino.portal.controllers.c3.call(/portal/controllers/acs.jag)
>> at
>> org.jaggeryjs.rhino.portal.controllers.c3.exec(/portal/controllers/acs.jag)
>> at
>> org.jaggeryjs.scriptengine.engine.RhinoEngine.execScript(RhinoEngine.java:567)
>> at
>> org.jaggeryjs.scriptengine.engine.RhinoEngine.exec(RhinoEngine.java:273)
>> at
>> org.jaggeryjs.jaggery.core.manager.WebAppManager.exec(WebAppManager.java:587)
>> at
>> org.jaggeryjs.jaggery.core.manager.WebAppManager.execute(WebAppManager.java:507)
>> at
>> org.jaggeryjs.jaggery.core.JaggeryServlet.doPost(JaggeryServlet.java:29)
>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:650)
>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:731)
>> at
>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303)
>> at
>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
>> at
>> org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:747)
>> at
>> org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDispatcher.java:485)
>> at
>> org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:377)
>> at
>> org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:337)
>> at
>> org.jaggeryjs.jaggery.core.JaggeryFilter.doFilter(JaggeryFilter.java:21)
>> at
>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
>> at
>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
>> at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
>> at
>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
>> at
>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
>> at
>> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220)
>> at
>> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122)
>> at
>> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:505)
>> at
>> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:169)
>> at
>> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
>> at
>>

Re: [Dev] Help setup SSO in APIM

2016-05-31 Thread Udara Rathnayake

On Wed, Jun 1, 2016 at 8:53 AM, Megala Uthayakumar  wrote:

> Hi All,
>
> I am trying to configure SSO in APIM 2.0.x by following [1]. Publisher and
> Store jaggery apps work as expected but when I try to login to portal
> app(Portal of Dashboard Server) using SSO, it works fine when I am logging
> in as super-tenant user but whenever I try to login in as a user from other
> tenants, it throws following error,
>
> org.opensaml.xml.validation.ValidationException: Signature did not
> validate against the credential's key
>
For the moment, shall we disable the signature validation and try?


> at
> org.opensaml.xml.signature.SignatureValidator.validate(SignatureValidator.java:79)
> at
> org.jaggeryjs.modules.sso.common.util.Util.validateSignature(Util.java:290)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:606)
> at org.mozilla.javascript.MemberBox.invoke(MemberBox.java:126)
> at org.mozilla.javascript.NativeJavaMethod.call(NativeJavaMethod.java:225)
> at org.mozilla.javascript.optimizer.OptRuntime.callN(OptRuntime.java:52)
> at
> org.jaggeryjs.rhino..scripts.c0._c_anonymous_3(/scripts/sso.client.js:57)
> at org.jaggeryjs.rhino..scripts.c0.call(/scripts/sso.client.js)
> at org.mozilla.javascript.optimizer.OptRuntime.call2(OptRuntime.java:42)
> at
> org.jaggeryjs.rhino.portal.controllers.c3._c_anonymous_1(/portal/controllers/acs.jag:77)
> at
> org.jaggeryjs.rhino.portal.controllers.c3.call(/portal/controllers/acs.jag)
> at org.mozilla.javascript.optimizer.OptRuntime.call0(OptRuntime.java:23)
> at
> org.jaggeryjs.rhino.portal.controllers.c3._c_script_0(/portal/controllers/acs.jag:20)
> at
> org.jaggeryjs.rhino.portal.controllers.c3.call(/portal/controllers/acs.jag)
> at org.mozilla.javascript.ContextFactory.doTopCall(ContextFactory.java:394)
> at org.mozilla.javascript.ScriptRuntime.doTopCall(ScriptRuntime.java:3091)
> at
> org.jaggeryjs.rhino.portal.controllers.c3.call(/portal/controllers/acs.jag)
> at
> org.jaggeryjs.rhino.portal.controllers.c3.exec(/portal/controllers/acs.jag)
> at
> org.jaggeryjs.scriptengine.engine.RhinoEngine.execScript(RhinoEngine.java:567)
> at org.jaggeryjs.scriptengine.engine.RhinoEngine.exec(RhinoEngine.java:273)
> at
> org.jaggeryjs.jaggery.core.manager.WebAppManager.exec(WebAppManager.java:587)
> at
> org.jaggeryjs.jaggery.core.manager.WebAppManager.execute(WebAppManager.java:507)
> at org.jaggeryjs.jaggery.core.JaggeryServlet.doPost(JaggeryServlet.java:29)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:650)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:731)
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303)
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
> at
> org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:747)
> at
> org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDispatcher.java:485)
> at
> org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:377)
> at
> org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:337)
> at org.jaggeryjs.jaggery.core.JaggeryFilter.doFilter(JaggeryFilter.java:21)
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
> at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
> at
> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220)
> at
> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122)
> at
> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:505)
> at
> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:169)
> at
> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
> at
> org.wso2.carbon.tomcat.ext.valves.CompositeValve.continueInvocation(CompositeValve.java:99)
> at
> org.wso2.carbon.tomcat.ext.valves.CarbonTomcatValve$1.invoke(CarbonTomcatValve.java:47)
> at
> org.wso2.carbon.webapp.mgt.TenantLazyLoaderValve.invoke(TenantLazyLoaderValve.java:57)
> at
> org.wso2.carbon.event.receiver.core.internal.tenantmgt.TenantLazyLoaderValve.invoke(TenantLazyLoaderValve.java:48)
> at
> org.wso2.carbon.tomcat.ext.valves.TomcatValveContainer.invokeValves(TomcatValveContainer.java:47)
> at
>

[Dev] Help setup SSO in APIM

2016-05-31 Thread Megala Uthayakumar

Hi All,

I am trying to configure SSO in APIM 2.0.x by following [1]. Publisher and
Store jaggery apps work as expected but when I try to login to portal
app(Portal of Dashboard Server) using SSO, it works fine when I am logging
in as super-tenant user but whenever I try to login in as a user from other
tenants, it throws following error,

org.opensaml.xml.validation.ValidationException: Signature did not validate
against the credential's key
at
org.opensaml.xml.signature.SignatureValidator.validate(SignatureValidator.java:79)
at
org.jaggeryjs.modules.sso.common.util.Util.validateSignature(Util.java:290)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at org.mozilla.javascript.MemberBox.invoke(MemberBox.java:126)
at org.mozilla.javascript.NativeJavaMethod.call(NativeJavaMethod.java:225)
at org.mozilla.javascript.optimizer.OptRuntime.callN(OptRuntime.java:52)
at
org.jaggeryjs.rhino..scripts.c0._c_anonymous_3(/scripts/sso.client.js:57)
at org.jaggeryjs.rhino..scripts.c0.call(/scripts/sso.client.js)
at org.mozilla.javascript.optimizer.OptRuntime.call2(OptRuntime.java:42)
at
org.jaggeryjs.rhino.portal.controllers.c3._c_anonymous_1(/portal/controllers/acs.jag:77)
at
org.jaggeryjs.rhino.portal.controllers.c3.call(/portal/controllers/acs.jag)
at org.mozilla.javascript.optimizer.OptRuntime.call0(OptRuntime.java:23)
at
org.jaggeryjs.rhino.portal.controllers.c3._c_script_0(/portal/controllers/acs.jag:20)
at
org.jaggeryjs.rhino.portal.controllers.c3.call(/portal/controllers/acs.jag)
at org.mozilla.javascript.ContextFactory.doTopCall(ContextFactory.java:394)
at org.mozilla.javascript.ScriptRuntime.doTopCall(ScriptRuntime.java:3091)
at
org.jaggeryjs.rhino.portal.controllers.c3.call(/portal/controllers/acs.jag)
at
org.jaggeryjs.rhino.portal.controllers.c3.exec(/portal/controllers/acs.jag)
at
org.jaggeryjs.scriptengine.engine.RhinoEngine.execScript(RhinoEngine.java:567)
at org.jaggeryjs.scriptengine.engine.RhinoEngine.exec(RhinoEngine.java:273)
at
org.jaggeryjs.jaggery.core.manager.WebAppManager.exec(WebAppManager.java:587)
at
org.jaggeryjs.jaggery.core.manager.WebAppManager.execute(WebAppManager.java:507)
at org.jaggeryjs.jaggery.core.JaggeryServlet.doPost(JaggeryServlet.java:29)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:650)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:731)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at
org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:747)
at
org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDispatcher.java:485)
at
org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:377)
at
org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:337)
at org.jaggeryjs.jaggery.core.JaggeryFilter.doFilter(JaggeryFilter.java:21)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220)
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122)
at
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:505)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:169)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
at
org.wso2.carbon.tomcat.ext.valves.CompositeValve.continueInvocation(CompositeValve.java:99)
at
org.wso2.carbon.tomcat.ext.valves.CarbonTomcatValve$1.invoke(CarbonTomcatValve.java:47)
at
org.wso2.carbon.webapp.mgt.TenantLazyLoaderValve.invoke(TenantLazyLoaderValve.java:57)
at
org.wso2.carbon.event.receiver.core.internal.tenantmgt.TenantLazyLoaderValve.invoke(TenantLazyLoaderValve.java:48)
at
org.wso2.carbon.tomcat.ext.valves.TomcatValveContainer.invokeValves(TomcatValveContainer.java:47)
at
org.wso2.carbon.tomcat.ext.valves.CompositeValve.invoke(CompositeValve.java:62)
at
org.wso2.carbon.tomcat.ext.valves.CarbonStuckThreadDetectionValve.invoke(CarbonStuckThreadDetectionValve.java:159)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:956)
at
org.wso2.carbon.tomcat.ext.valves.CarbonContextCreatorValve.invoke(CarbonContextCreatorValve.java:57)
at

Re: [Dev] Help setup SSO in APIM

Re: [Dev] Help setup SSO in APIM

Re: [Dev] Help setup SSO in APIM

Re: [Dev] Help setup SSO in APIM

Re: [Dev] Help setup SSO in APIM

Re: [Dev] Help setup SSO in APIM

Re: [Dev] Help setup SSO in APIM

Re: [Dev] Help setup SSO in APIM

Re: [Dev] Help setup SSO in APIM

Re: [Dev] Help setup SSO in APIM

Re: [Dev] Help setup SSO in APIM

Re: [Dev] Help setup SSO in APIM

[Dev] Help setup SSO in APIM

13 matches

Site Navigation

Mail list logo

Footer information