Hi Senduran,
Regarding the LC issue, here is what happen.
1. In your cloud setup you have a governance space[1], which contains
set of assets with references to MobileAppLifeCycle.
2. Governance Registry keeps lifecycles in the config space
3. When ES is mounted to the above governanc
FYI
This issue can be tracked here https://wso2.org/jira/browse/STORE-607
@Ruchira, Thanks for the workaround at the moment
On Fri, Jan 23, 2015 at 9:47 PM, Senduran Balasubramaniyam <
sendu...@wso2.com> wrote:
> Sure Ruchira,
>
> Thanks
> Senduran
>
> On Fri, Jan 23, 2015 at 7:23 PM, Ruchira Wa
Sure Ruchira,
Thanks
Senduran
On Fri, Jan 23, 2015 at 7:23 PM, Ruchira Wageesha wrote:
>
> On Fri, Jan 23, 2015 at 4:21 PM, Senduran Balasubramaniyam <
> sendu...@wso2.com> wrote:
>
>> Hi,
>>
>> Even when I add the "UseAuthenticatedUserDomainCrypto" to true in IS, I
>> am still getting the same
On Fri, Jan 23, 2015 at 4:21 PM, Senduran Balasubramaniyam <
sendu...@wso2.com> wrote:
> Hi,
>
> Even when I add the "UseAuthenticatedUserDomainCrypto" to true in IS, I am
> still getting the same exception.
> Is this because IS couldn't identify whether it is tenant or admin who has
> logged in ?
Hi,
Even when I add the "UseAuthenticatedUserDomainCrypto" to true in IS, I am
still getting the same exception.
Is this because IS couldn't identify whether it is tenant or admin who has
logged in ? as Malithi mentioned in "[IS] [ES] Signature Validation fails
when tenant logs into SSO enabled Pu
Hi Pushpalanka,
Is Using tenant keystore the deprecated way or the recommended way?
According to the doc, it seems the older approach, but I was under the
impression it is the recommended way.
On Fri, Jan 23, 2015 at 3:19 PM, Pushpalanka Jayawardhana
wrote:
> Hi Ruchira,
>
> There is property i
Hi Ruchira,
There is property introduced in IS 5.0.0 called "
UseAuthenticatedUserDomainCrypto" to make it backward compatible.
Below link has a description of it's usage.
[1] - https://docs.wso2.com/display/IS500/Configuring+identity.xml
Thanks,
Pushpalanka.
--
Pushpalanka Jayawardhana, B.Sc.E
Hi Kasun,
I worked with Senduran and it seemed like a certificate mismatch. AFAICR,
due to the latest changes in IS code base, the tenant key store is used
during SSO. Hence, ES, which is based on newer IS code expects tenants
certs to be used where IS 5.0 expects super-tenant certs to be used. AF
Hi ES team,
We have spent quite a lot of time on this issue but haven't found a
resolution yet. This will be a blocker for ES as well as iPaaS milestones.
Can we get somebody from ES team to look in to this ASAP please?
On Wed, Jan 21, 2015 at 8:39 AM, Senduran Balasubramaniyam <
sendu...@wso2.c
Hi Sameera,
Unfortunately the exception is still there, I tried as you instructed. What
I guess is if a tenant is logged in ES is trying to verify the signature
against the tenant's specific keystore, while IS consider the wso2carbon
keystore
Is there any configuration in ES to check with the wso2
Hi Senduran,
Can we try the following:
Export the primary key of the IS:
keytool -export -keystore wso2carbon.jks -alias wso2carbon -file wso2.cert
Then import the certificate to the tenant's key store
(Home > Configure > KeyStores > Import Certificates To)
Thank You,
Sameera
On Tue, Jan 2
Hi,
I debugged the org.wso2.store.sso.common.util.Util
(product-es/modules/components/sso-common). Also I attached
xmltooling-1.3.1-sources.jar and xmlsec-1.5.5-sources.jar to get the
complete executing code.
I compared the signingCert variable (in the
org.wso2.store.sso.common.util.X509Credenti
Hi,
Thanks Malithi for the response.
I tried, un-checking the Enable Response Signing , but even when I login as
admin I got the following exception
java.lang.NullPointerException
at
org.opensaml.xml.signature.SignatureValidator.buildSignature(SignatureValidator.java:91)
at
org.opensaml.xml.signat
Hii Senduran,
There's a separate primary keystore generated for the tenant. Since you
have enabled response signing also, the service provider that you have
registered should know the public key of the IdP in order to validate.
Hence, the service provider should have the public key of the IdP in i
Hi,
I am experiencing $subject, with ES 2.0.0 M5. Following are the changes I
made to configure SSO.
- Shared registry and user database between ES and IS
- In ES's user-mgt.xml, pointed the "UserStoreManager" to IS's embedded
LDAP
- Modified as following in publisher, store json
"id
15 matches
Mail list logo