Re: [Dev] Clarification on user account unlock - self signup users
Hi Isura, thanks for the reply. Created an issue for that. https://github.com/wso2/product-is/issues/2590 Thanks Isuru *Thanks and Best Regards,* *Isuru Uyanage* *Software Engineer - QA | WSO2* *Mobile : **+94 77 <+94%2077%20767%201807> 55 30752* *LinkedIn: **https://www.linkedin.com/in/isuru-uyanage/ <https://www.linkedin.com/in/isuru-uyanage/>* On Thu, Feb 22, 2018 at 2:55 PM, Isura Karunaratne <is...@wso2.com> wrote: > Hi Isuru, > > > > On Thu, Feb 22, 2018 at 2:26 PM, Isuru Uyanage <isur...@wso2.com> wrote: > >> Hi All, >> >> I tried the steps included in doc [1]. As it describes, after 5 invalid >> login attempts, the particular user account gets locked. After 5 minutes, >> as per the config, once user tries to log in with correct credentials, he >> is able to log in and the account gets unlocked. >> >> As per doc[2] step 6, it says if Authentication.Policy.Account.Lock.Time is >> not equal to zero only above process happens. If it is 0, then the admin >> user needs to unlock the user account through Management Console or through >> Admin Services. [3] >> >> When a user gets self signed up, the role which that user gets assigned >> is *Internal/selfsignup* and permission given is login only. But even >> if above value is 0, selfsignup user can get his account unlocked after the >> specified time. Admin user does not need to do it through the Management >> Console. >> >> Therefore, what is the actual purpose of >> Authentication.Policy.Account.Lock.Time >> property in /repository/conf/identity/identity-mgt.properties >> file? >> > > This doc needs to be corrected. It should be account.lock.handler.Time in > identity.xml. But, file based configuratoins applied for super tenant at > the first server startup only. > > Ideally, the self signup users should be unlocked based on unlock time > configurations. > > Regads, > Isura. > > That need > >> >> Is above information in the doc[2] and doc[3] not valid for >> self-signup users? >> >> [1] - https://docs.wso2.com/display/IS550/Self+Sign+Up+and+ >> Account+Confirmation#SelfSignUpandAccountConfirmation-Tryoutselfsignup >> [2] - https://docs.wso2.com/display/IS550/Account+Locking+by+ >> Failed+Login+Attempts >> [3] - https://docs.wso2.com/display/IS550/Locking+a+Specific+User+Account >> >> >> Any thoughts are appreciated. >> >> >> *Thanks and Best Regards,* >> >> *Isuru Uyanage* >> *Software Engineer - QA | WSO2* >> *Mobile : **+94 77 <+94%2077%20767%201807> 55 30752* >> *LinkedIn: **https://www.linkedin.com/in/isuru-uyanage/ >> <https://www.linkedin.com/in/isuru-uyanage/>* >> >> >> >> > > > -- > > *Isura Dilhara Karunaratne* > Associate Technical Lead | WSO2 > Email: is...@wso2.com > Mob : +94 772 254 810 <+94%2077%20225%204810> > Blog : http://isurad.blogspot.com/ > > > > ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
[Dev] Clarification on user account unlock - self signup users
Hi All, I tried the steps included in doc [1]. As it describes, after 5 invalid login attempts, the particular user account gets locked. After 5 minutes, as per the config, once user tries to log in with correct credentials, he is able to log in and the account gets unlocked. As per doc[2] step 6, it says if Authentication.Policy.Account.Lock.Time is not equal to zero only above process happens. If it is 0, then the admin user needs to unlock the user account through Management Console or through Admin Services. [3] When a user gets self signed up, the role which that user gets assigned is *Internal/selfsignup* and permission given is login only. But even if above value is 0, selfsignup user can get his account unlocked after the specified time. Admin user does not need to do it through the Management Console. Therefore, what is the actual purpose of Authentication.Policy.Account.Lock.Time property in /repository/conf/identity/identity-mgt.properties file? Is above information in the doc[2] and doc[3] not valid for self-signup users? [1] - https://docs.wso2.com/display/IS550/Self+Sign+Up+and+Account+Confirmation#SelfSignUpandAccountConfirmation-Tryoutselfsignup [2] - https://docs.wso2.com/display/IS550/Account+Locking+by+Failed+Login+Attempts [3] - https://docs.wso2.com/display/IS550/Locking+a+Specific+User+Account Any thoughts are appreciated. *Thanks and Best Regards,* *Isuru Uyanage* *Software Engineer - QA | WSO2* *Mobile : **+94 77 <+94%2077%20767%201807> 55 30752* *LinkedIn: **https://www.linkedin.com/in/isuru-uyanage/ <https://www.linkedin.com/in/isuru-uyanage/>* ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] Setting up primary and secondary logins
Thank you for the replies. Reported an issue for this. https://github.com/wso2/product-apim/issues/2589 Thanks Isuru *Thanks and Best Regards,* *Isuru Uyanage* *Software Engineer - QA | WSO2* *Mobile : **+94 77 <+94%2077%20767%201807> 55 30752* *LinkedIn: **https://www.linkedin.com/in/isuru-uyanage/ <https://www.linkedin.com/in/isuru-uyanage/>* On Wed, Jan 24, 2018 at 10:07 AM, Mushthaq Rumy <musht...@wso2.com> wrote: > This is getting reproduced to me as well. Even appending the tenant domain > does not work. Seems like we will have to fix this. > > Thanks, & Regards, > Mushthaq > > On Tue, Jan 23, 2018 at 7:26 PM, Isuru Uyanage <isur...@wso2.com> wrote: > >> Hi Chamin, >> >> I provided the below details in self-signup to the API Store[1]. When I >> provide the username and password as usual I could log in. >> >> As per doc, by above configuration enabled, user should be able to >> login to the API Store by providing email address as well as the username. >> Therefore I provided the email address as the username used in self-sign up >> process in order to login to the API Store. Please correct me if I have >> done anything wrong. >> >> [1] - signup.png >> >> >> Thanks, >> Isuru >> >> >> >> >> *Thanks and Best Regards,* >> >> *Isuru Uyanage* >> *Software Engineer - QA | WSO2* >> *Mobile : **+94 77 <+94%2077%20767%201807> 55 30752* >> *LinkedIn: **https://www.linkedin.com/in/isuru-uyanage/ >> <https://www.linkedin.com/in/isuru-uyanage/>* >> >> >> >> >> On Tue, Jan 23, 2018 at 6:56 PM, Chamin Dias <cham...@wso2.com> wrote: >> >>> Did you provide the tenant domain in the user name? Normally this might >>> happen when we do not specify the tenant domain. >>> >>> On Tue, Jan 23, 2018 at 6:46 PM, Isuru Uyanage <isur...@wso2.com> wrote: >>> >>>> Hi All, >>>> >>>> I'm configuring the setup for primary and secondary logins to the API >>>> Store as in [1]. As per the doc, it says users can use either username or >>>> email address in order to login to the API Store. I followed the below >>>> steps. >>>> >>>> 1. Self-signed up to the API Store. >>>> 2. As in the doc, enabled login config property in >>>> /repository/conf/api-manager.xml file. >>>> >>>> >>>> >>>> >>>> >>>> >>>> http://wso2.org/claims/emailaddress >>>> >>>> >>>> >>>> 3. Restarted the APIM server. >>>> 4. Tried to login to API Store with the email address provided. >>>> >>>> I get the following error. >>>> >>>> ERROR - APIStoreHostObject Invalid tenant domain. >>>> >>>> Any feedback would be appreciated if I've missed anything. >>>> >>>> [1] - https://docs.wso2.com/display/AM2xx/Maintaining+Logins+and >>>> +Passwords >>>> Section: Setting up primary and secondary logins >>>> Product: apim-2.1.0-update 6 >>>> >>>> >>>> *Thanks and Best Regards,* >>>> >>>> *Isuru Uyanage* >>>> *Software Engineer - QA | WSO2* >>>> *Mobile : **+94 77 <+94%2077%20767%201807> 55 30752* >>>> *LinkedIn: **https://www.linkedin.com/in/isuru-uyanage/ >>>> <https://www.linkedin.com/in/isuru-uyanage/>* >>>> >>>> >>>> >>>> >>> >>> >>> -- >>> Chamin Dias >>> Mobile : 0716097455 >>> Email : cham...@wso2.com >>> LinkedIn : https://www.linkedin.com/in/chamindias >>> >>> >> > > > -- > Mushthaq Rumy > *Software Engineer* > Mobile : +94 (0) 779 492140 <%2B94%20%280%29%20773%20451194> > Email : musht...@wso2.com > WSO2, Inc.; http://wso2.com/ > lean . enterprise . middleware. > > <http://wso2.com/signature> > ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] Certificate verification error when running the puppet agent
Hi All, I got corrected the above issue by cleaning the certs and folders, restarting the puppet master and then running the setup.sh file in puppet agent as below. 1. puppet agent *rm -rf /var/lib/puppet/** 2. Puppet master *puppet cert clean --allservice puppetmaster restart* Thanks Isuru *Thanks and Best Regards,* *Isuru Uyanage* *Software Engineer - QA | WSO2* *Mobile : **+94 77 <+94%2077%20767%201807> 55 30752* *LinkedIn: **https://www.linkedin.com/in/isuru-uyanage/ <https://www.linkedin.com/in/isuru-uyanage/>* On Mon, Jan 8, 2018 at 8:00 PM, Pubudu Gunatilaka <pubu...@wso2.com> wrote: > Hi Isuru, > > Make sure you have the correct hostname in puppet master. This can be > verified by using the hostname command. > > Thank you! > > On Mon, Jan 8, 2018 at 5:34 PM, Samitha Chathuranga <sami...@wso2.com> > wrote: > >> Hi Isuru, >> >> Hope you have correctly followed these steps to clean certs and try back. >> >> Enter the following commands with root permissions, >> 1) on agent>> >> >>- rm -rf /var/lib/puppet/ssl/ >> >> 2) on master>> >> >>- puppet cert clean --all >>- service puppetmaster restart >> >> Then try to run agent again. >> >> And if that is not working please check /etc/puppet/puppet.conf file of >> Puppet Agent. >> >> Is it correctly configured as belows as in [1]. >> >> [main] >> server = puppet >> >> And please check also the dns_alt_names configs in puppet master too. And >> is the hostname config in etc/hostname file in puppet master correct as >> guided in [1] >> >> >> [1] - step 2.2.2 in >> https://github.com/wso2/puppet-base/wiki/Use-WSO2-Puppet-Modules-in-puppet-master-agent-Environment >> >> Regards, >> >> Samitha >> >> >> On Mon, Jan 8, 2018 at 4:55 PM, Isuru Uyanage <isur...@wso2.com> wrote: >> >>> Hi Samitha, >>> >>> I tried followed doc[1] in order to create the APIM2xx cluster. >>> Puppetmaster was already configured. Once I tried to configure puppet >>> agent/analytics, at step 7(4), I get the following error. >>> >>> *Warning: Setting templatedir is deprecated. >>> See http://links.puppetlabs.com/env-settings-deprecations >>> <http://links.puppetlabs.com/env-settings-deprecations>* >>> >>> * (at /usr/lib/ruby/vendor_ruby/puppet/settings.rb:1139:in >>> `issue_deprecation_warning')* >>> >>> Info: Creating a new SSL key for analytics.openstacklocal >>> >>> Info: csr_attributes file loading from /etc/puppet/csr_attributes.yaml >>> >>> Info: Creating a new SSL certificate request for analytics.openstacklocal >>> >>> Info: Certificate Request fingerprint (SHA256): >>> 8B:F8:0D:18:8D:FC:A6:BB:C0:F4:5F:1B:39:75:4E:7D:F9:BD:39:C5: >>> D0:99:80:C6:AF:BC:40:F2:E5:24:5A:48 >>> >>> Info: Caching certificate for analytics.openstacklocal >>> >>> *Error: Could not request certificate: SSL_connect returned=1 errno=0 >>> state=SSLv3 read server certificate B: certificate verify failed: >>> [certificate revoked for /CN=puppetmaster.openstacklocal]* >>> >>> Exiting; failed to retrieve certificate and waitforcert is disabled >>> >>> >>> >>> I tried cleaning all certificates of puppet master and restarted it. In >>> puppet agent, did the same and still, I'm getting this error. >>> >>> >>> Any thoughts about this? >>> >>> >>> >>> [1] - https://docs.wso2.com/display/AM2xx/Using+Puppet+Modules+t >>> o+Set+up+WSO2+API-M+with+Pattern+6#f35a9087b2ac4a468b885bbe5aaa1a34 >>> >>> *Thanks and Best Regards,* >>> >>> *Isuru Uyanage* >>> *Software Engineer - QA | WSO2* >>> *Mobile : **+94 77 <+94%2077%20767%201807> 55 30752* >>> *LinkedIn: **https://www.linkedin.com/in/isuru-uyanage/ >>> <https://www.linkedin.com/in/isuru-uyanage/>* >>> >>> >>> >>> >> >> >> -- >> Samitha Chathuranga >> Software Engineer, WSO2 Inc. >> lean.enterprise.middleware >> Mobile: +94715123761 >> >> [image: http://wso2.com/signature] <http://wso2.com/signature> >> >> ___ >> Dev mailing list >> Dev@wso2.org >> http://wso2.org/cgi-bin/mailman/listinfo/dev >> >> > > > -- > *Pubudu Gunatilaka* > Committer and PMC Member - Apache Stratos > Senior Software Engineer > WSO2, Inc.: http://wso2.com > mobile : +94774078049 <%2B94772207163> > > ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
[Dev] Setting up primary and secondary logins
Hi All, I'm configuring the setup for primary and secondary logins to the API Store as in [1]. As per the doc, it says users can use either username or email address in order to login to the API Store. I followed the below steps. 1. Self-signed up to the API Store. 2. As in the doc, enabled login config property in /repository/conf/api-manager.xml file. http://wso2.org/claims/emailaddress 3. Restarted the APIM server. 4. Tried to login to API Store with the email address provided. I get the following error. ERROR - APIStoreHostObject Invalid tenant domain. Any feedback would be appreciated if I've missed anything. [1] - https://docs.wso2.com/display/AM2xx/Maintaining+Logins+and+Passwords Section: Setting up primary and secondary logins Product: apim-2.1.0-update 6 *Thanks and Best Regards,* *Isuru Uyanage* *Software Engineer - QA | WSO2* *Mobile : **+94 77 <+94%2077%20767%201807> 55 30752* *LinkedIn: **https://www.linkedin.com/in/isuru-uyanage/ <https://www.linkedin.com/in/isuru-uyanage/>* ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] [dev] Scope Management with OAuth Scopes
Hi Nuwan/ Chamin,
Thank you for the replies.
*Thanks and Best Regards,*
*Isuru Uyanage*
*Software Engineer - QA | WSO2*
*Mobile : **+94 77 <+94%2077%20767%201807> 55 30752*
*LinkedIn: **https://www.linkedin.com/in/isuru-uyanage/
<https://www.linkedin.com/in/isuru-uyanage/>*
On Fri, Jan 19, 2018 at 11:54 AM, Chamin Dias <cham...@wso2.com> wrote:
> On Thu, Jan 18, 2018 at 1:41 PM, Nuwan Dias <nuw...@wso2.com> wrote:
>
>> The permissions of the use role have no relevance to the issuance of the
>> token. For a user to obtain a token with a certain set of scopes, the two
>> criteria below needs to be fulfilled.
>>
>> 1) The user should be in a role that is bound to the scope being
>> requested.
>> 2) The particular application that makes the /token request needs to bear
>> a valid subscription to the API that has the scope attached to a Resource.
>>
>> Thanks,
>> NuwanD.
>>
>> On Thu, Jan 18, 2018 at 1:33 PM, Isuru Uyanage <isur...@wso2.com> wrote:
>>
>>> Hi All,
>>> I need to clarify if the below scenario is valid.
>>>
>>> Role Permission Scope Resource
>>> HRDept Admin Permission add_user POST
>>> Accounts Login, api create, api publish, api subscribe search_user GET
>>>
>>> 1. The role HRDept(With admin permission) can create an application and
>>> generate access token according to the scope from the Management Console as
>>> well as from a cURL command. Further, the particular resource can be
>>> invoked successfully.
>>>
>>> 2. The users belong to role Account *create a new application*, but
>>> they are not allowed select their own scope(search_user) from the
>>> Management console and generate the access token.
>>>
>> In this case, we use management console to create roles and assign those
> to users. Scopes are defined in API publisher UI (resource section). You
> can find an in-detail example in [1] as well. Please follow the
> instructions there and it will provide you the overall idea.
>
> [1] https://wso2.com/library/articles/2017/01/article-an-
> overview-of-scope-management-with-wso2-api-manager/#example
>
>
>
>> An access token is generated for a default scope and using that they
>>> cannot proceed the GET operation.
>>> The same thing was tried by the curl command and got the same above
>>> result.
>>>
>>> curl -k -d "grant_type=password=user1S=Test123=
>>> *search_user*" -H "Authorization: Basic TnNRUXpoZjhZR2EyYmNSU1kwblZScG
>>> lqcllFYTo4X21Rb0VfSzZyWVB6T2VjZnM5RVlEWjNJXzBh" -H "Content-Type:
>>> application/x-www-form-urlencoded" https://localhost:8243/token
>>>
>>>
>>> {"access_token":"b5484ade-42e4-3709-a6a6-cfc18008b6ec","refr
>>> esh_token":"56142251-f1e8-3951-91d2-091a98d07d70","scope":"*default*
>>> ","token_type":"Bearer","expires_in":3600}
>>>
>>>
>>>
>>>
>>> This happens only if access tokens are generated for newly created
>>> applications other than the default application. With the default
>>> application above scenario works successfully.
>>>
>>> In a summary,
>>>
>>>- *Users who do not have admin permissions(Role - Accounts) creates
>>>a new application, using that they cannot get the access token for
>>>particular scope(search_user), instead, they get a default scope. And the
>>>resource cannot be invoked through that. But, with the default
>>> application,
>>>they get the access token for the particular scope and the resource can
>>> be
>>> invoked successfully. *
>>>
>>>
>>>- *Users who have admin permission (Role HRDept) can create a new
>>>application, using that they can get an access token for particular
>>>scope(add_user) and invoke the resource successfully. *
>>>
>>> Could you please confirm if above concerns are valid. Any feedback would
>>> be appreciated if I've missed anything.
>>>
>>> References: https://docs.wso2.com/display/AM2xx/Scope+Manage
>>> ment+with+OAuth+Scopes
>>> Product: apim 2.1.0 update 6
>>>
>>> *Thanks and Best Regards,*
>>>
>>> *Isuru Uyanage*
>>> *Software Engineer - QA | WSO2*
>>> *Mobile : **+94 77 <+94%2077%20767%201807> 55 30752*
>>> *LinkedIn: **https://www.linkedin.com/in/isuru-uyanage/
>>> <https://www.linkedin.com/in/isuru-uyanage/>*
>>>
>>>
>>>
>>>
>>
>>
>> --
>> Nuwan Dias
>>
>> Software Architect - WSO2, Inc. http://wso2.com
>> email : nuw...@wso2.com
>> Phone : +94 777 775 729 <+94%2077%20777%205729>
>>
>
>
>
> --
> Chamin Dias
> Mobile : 0716097455
> Email : cham...@wso2.com
> LinkedIn : https://www.linkedin.com/in/chamindias
>
>
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev
[Dev] [dev] Scope Management with OAuth Scopes
Hi All,
I need to clarify if the below scenario is valid.
Role Permission Scope Resource
HRDept Admin Permission add_user POST
Accounts Login, api create, api publish, api subscribe search_user GET
1. The role HRDept(With admin permission) can create an application and
generate access token according to the scope from the Management Console as
well as from a cURL command. Further, the particular resource can be
invoked successfully.
2. The users belong to role Account *create a new application*, but they
are not allowed select their own scope(search_user) from the Management
console and generate the access token. An access token is generated for a
default scope and using that they cannot proceed the GET operation.
The same thing was tried by the curl command and got the same above result.
curl -k -d "grant_type=password=user1S=Test123=
*search_user*" -H "Authorization: Basic
TnNRUXpoZjhZR2EyYmNSU1kwblZScGlqcllFYTo4X21Rb0VfSzZyWVB6T2VjZnM5RVlEWjNJXzBh"
-H "Content-Type: application/x-www-form-urlencoded"
https://localhost:8243/token
{"access_token":"b5484ade-42e4-3709-a6a6-cfc18008b6ec","refresh_token":"56142251-f1e8-3951-91d2-091a98d07d70","scope":"
*default*","token_type":"Bearer","expires_in":3600}
This happens only if access tokens are generated for newly created
applications other than the default application. With the default
application above scenario works successfully.
In a summary,
- *Users who do not have admin permissions(Role - Accounts) creates a
new application, using that they cannot get the access token for particular
scope(search_user), instead, they get a default scope. And the resource
cannot be invoked through that. But, with the default application, they get
the access token for the particular scope and the resource can be invoked
successfully. *
- *Users who have admin permission (Role HRDept) can create a new
application, using that they can get an access token for particular
scope(add_user) and invoke the resource successfully. *
Could you please confirm if above concerns are valid. Any feedback would be
appreciated if I've missed anything.
References:
https://docs.wso2.com/display/AM2xx/Scope+Management+with+OAuth+Scopes
Product: apim 2.1.0 update 6
*Thanks and Best Regards,*
*Isuru Uyanage*
*Software Engineer - QA | WSO2*
*Mobile : **+94 77 <+94%2077%20767%201807> 55 30752*
*LinkedIn: **https://www.linkedin.com/in/isuru-uyanage/
<https://www.linkedin.com/in/isuru-uyanage/>*
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] [DEV][puppet-apim] pre-packed IS as the KM throwing The service cannot be found for the endpoint reference (EPR)
I got the same issue when implementing [1].
As I identified the reason for this issue is as below.
We are downloading wso2is-prepacked-puppet-module-hieradata-5.3.0.zip
<https://github.com/wso2/puppet-apim/releases/download/v2.1.0.1/wso2is-prepacked-puppet-module-hieradata-5.3.0.zip>
and
copying the hieradata folder. The default.yaml inside the folder contains
following details.
wso2::service_name: wso2is
wso2::hostname: is.dev.wso2.org
wso2::mgt_hostname: is.dev.wso2.org
This profile is referred in /opt/deployment.conf file. The particular
pattern's common.yaml file refers the hostname as km.dev.wso2.org.
Therefore we need to change this to is.dev.wso2.org. Further, as per the
READ.MD file, we can download the wso2is.5.3.0.zip from
http://product-dist.wso2.com/downloads/api-manager/2.1.0/identity-server/wso2is-5.3.0.zip
.
[1] -
https://docs.wso2.com/display/AM210/Using+Puppet+Modules+to+Set+up+WSO2+API-M+with+Pattern+6#5edd67ca3ad54014b6e4e85999c775c8
Thanks
Isuru
*Thanks and Best Regards,*
*Isuru Uyanage*
*Software Engineer - QA | WSO2*
*Mobile : **+94 77 <+94%2077%20767%201807> 55 30752*
*LinkedIn: **https://www.linkedin.com/in/isuru-uyanage/
<https://www.linkedin.com/in/isuru-uyanage/>*
On Fri, Nov 24, 2017 at 2:31 PM, Nuwan Silva <nuw...@wso2.com> wrote:
> Checked the /etc/hosts file and it seems to be pointing correctly. Im
> using the latest wum packs.
>
> Cheers,
> NuwanS.
>
> On Fri, Nov 24, 2017 at 1:14 PM, Samitha Chathuranga <sami...@wso2.com>
> wrote:
>
>> Hi Nuwan,
>>
>> Probably there is a connection issue from store node to is-as-km node.
>> Can you check whether the host mappings are correct in /etc/hosts file?
>>
>> Regards,
>> Samitha
>>
>> On Fri, Nov 24, 2017 at 12:34 PM, Chalitha Waldeniyage <chali...@wso2.com
>> > wrote:
>>
>>> Hi Nuwan,
>>>
>>> I'm working on similar setup and this flow is working for me(using 22nd
>>> WUM pack). I'm suspecting your WUM updated pack is having some issue
>>> Can you please check on this.
>>>
>>> Thank you,
>>> Chalitha
>>>
>>>
>>> On Fri, Nov 24, 2017 at 12:21 PM, Nuwan Silva <nuw...@wso2.com> wrote:
>>>
>>>> Hi Team,
>>>>
>>>> While deploying the IS as the KM via puppet I used [1] with the
>>>> pre-packaged IS that is updated through wum "wso2is-km-5.3.0.zip".
>>>> Installation was successful and after deploying I tried to generate keys
>>>> with the Default Application in the store. (please see below logs)
>>>>
>>>> I've notices this happens when the KM feature is not installed. but
>>>> shouldnt the pre-packaged wum downloadable IS instance come with the
>>>> feature installed?
>>>>
>>>> TID: [-1234] [] [2017-11-24 06:17:38,007] ERROR
>>>> {org.apache.axis2.engine.AxisEngine} - The service cannot be found
>>>> for the endpoint reference (EPR) https://km.dev.wso2.org:9443/s
>>>> ervices/APIKeyMgtSubscriberService
>>>> org.apache.axis2.AxisFault: The service cannot be found for the
>>>> endpoint reference (EPR) https://km.dev.wso2.org:9443/s
>>>> ervices/APIKeyMgtSubscriberService
>>>> at org.apache.axis2.engine.DispatchPhase.checkPostConditions(Di
>>>> spatchPhase.java:78)
>>>> at org.apache.axis2.engine.Phase.invoke(Phase.java:329)
>>>> at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:261)
>>>> at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:167)
>>>> at org.apache.axis2.transport.http.HTTPTransportUtils.processHT
>>>> TPPostRequest(HTTPTransportUtils.java:173)
>>>> at org.apache.axis2.transport.http.AxisServlet.doPost(AxisServl
>>>> et.java:147)
>>>> at org.wso2.carbon.core.transports.CarbonServlet.doPost(CarbonS
>>>> ervlet.java:231)
>>>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:650)
>>>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:731)
>>>> at org.eclipse.equinox.http.servlet.internal.ServletRegistratio
>>>> n.service(ServletRegistration.java:61)
>>>> at org.eclipse.equinox.http.servlet.internal.ProxyServlet.proce
>>>> ssAlias(ProxyServlet.java:128)
>>>> at org.eclipse.equinox.http.servlet.internal.ProxyServlet.servi
>>>> ce(ProxyServlet.java:68)
>>>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:731)
>>>> at org.wso2.carbon.tomcat.
Re: [Dev] [DEV][puppet-apim] pre-packed IS as the KM throwing The service cannot be found for the endpoint reference (EPR)
Hi Pubudu, I have already reported following issues. https://github.com/wso2/product-apim/issues/2337 https://github.com/wso2/product-apim/issues/2311 https://github.com/wso2/product-apim/issues/2333 https://github.com/wso2/product-apim/issues/2340 https://github.com/wso2/product-apim/issues/2341 https://github.com/wso2/product-apim/issues/2342 https://github.com/wso2/product-apim/issues/2346 https://github.com/wso2/product-apim/issues/2355 https://github.com/wso2/product-apim/issues/2357 https://github.com/wso2/product-apim/issues/2359 https://github.com/wso2/product-apim/issues/2360 https://github.com/wso2/product-apim/issues/2367 https://github.com/wso2/product-apim/issues/2368 https://github.com/wso2/product-apim/issues/2369 https://github.com/wso2/product-apim/issues/2373 https://github.com/wso2/product-apim/issues/2374 https://github.com/wso2/product-apim/issues/2450 https://github.com/wso2/product-apim/issues/2449 https://github.com/wso2/product-apim/issues/2442 https://github.com/wso2/product-apim/issues/2451 https://github.com/wso2/product-apim/issues/2452 Thanks Isuru *Thanks and Best Regards,* *Isuru Uyanage* *Software Engineer - QA | WSO2* *Mobile : **+94 77 <+94%2077%20767%201807> 55 30752* *LinkedIn: **https://www.linkedin.com/in/isuru-uyanage/ <https://www.linkedin.com/in/isuru-uyanage/>* On Wed, Jan 17, 2018 at 5:53 PM, Pubudu Gunatilaka <pubu...@wso2.com> wrote: > Hi Isuru, > > Please create a github issue in [1] with your findings to track this. We > will fix this in the next release. > > [1] - https://github.com/wso2/puppet-apim > > Thank you! > > On Wed, Jan 17, 2018 at 4:15 PM, Isuru Uyanage <isur...@wso2.com> wrote: > >> I got the same issue when implementing [1]. >> >> As I identified the reason for this issue is as below. >> We are downloading wso2is-prepacked-puppet-module-hieradata-5.3.0.zip >> <https://github.com/wso2/puppet-apim/releases/download/v2.1.0.1/wso2is-prepacked-puppet-module-hieradata-5.3.0.zip> >> and >> copying the hieradata folder. The default.yaml inside the folder contains >> following details. >> >> wso2::service_name: wso2is >> wso2::hostname: is.dev.wso2.org >> wso2::mgt_hostname: is.dev.wso2.org >> This profile is referred in /opt/deployment.conf file. The particular >> pattern's common.yaml file refers the hostname as km.dev.wso2.org. >> Therefore we need to change this to is.dev.wso2.org. Further, as per the >> READ.MD file, we can download the wso2is.5.3.0.zip from >> http://product-dist.wso2.com/downloads/api-manager/2.1. >> 0/identity-server/wso2is-5.3.0.zip. >> >> >> [1] - https://docs.wso2.com/display/AM210/Using+Puppet+Modules+ >> to+Set+up+WSO2+API-M+with+Pattern+6#5edd67ca3ad54014b6e4e85999c775c8 >> >> >> Thanks >> Isuru >> >> *Thanks and Best Regards,* >> >> *Isuru Uyanage* >> *Software Engineer - QA | WSO2* >> *Mobile : **+94 77 <+94%2077%20767%201807> 55 30752* >> *LinkedIn: **https://www.linkedin.com/in/isuru-uyanage/ >> <https://www.linkedin.com/in/isuru-uyanage/>* >> >> >> >> >> On Fri, Nov 24, 2017 at 2:31 PM, Nuwan Silva <nuw...@wso2.com> wrote: >> >>> Checked the /etc/hosts file and it seems to be pointing correctly. Im >>> using the latest wum packs. >>> >>> Cheers, >>> NuwanS. >>> >>> On Fri, Nov 24, 2017 at 1:14 PM, Samitha Chathuranga <sami...@wso2.com> >>> wrote: >>> >>>> Hi Nuwan, >>>> >>>> Probably there is a connection issue from store node to is-as-km node. >>>> Can you check whether the host mappings are correct in /etc/hosts file? >>>> >>>> Regards, >>>> Samitha >>>> >>>> On Fri, Nov 24, 2017 at 12:34 PM, Chalitha Waldeniyage < >>>> chali...@wso2.com> wrote: >>>> >>>>> Hi Nuwan, >>>>> >>>>> I'm working on similar setup and this flow is working for me(using >>>>> 22nd WUM pack). I'm suspecting your WUM updated pack is having some issue >>>>> Can you please check on this. >>>>> >>>>> Thank you, >>>>> Chalitha >>>>> >>>>> >>>>> On Fri, Nov 24, 2017 at 12:21 PM, Nuwan Silva <nuw...@wso2.com> wrote: >>>>> >>>>>> Hi Team, >>>>>> >>>>>> While deploying the IS as the KM via puppet I used [1] with the >>>>>> pre-packaged IS that is updated through wum "wso2is-km-5.3.0.zip". >>>>>> Installation was successfu
Re: [Dev] Configuring STS WebApp as the Service Provider through Admin Services
Hi Omindu,
Thank you for the reply. I could able to automate this with above.
Regards
Isuru
*Thanks and Best Regards,*
*Isuru Uyanage*
*Software Engineer - QA | WSO2*
*Mobile : **+94 77 <+94%2077%20767%201807> 55 30752*
*LinkedIn: **https://www.linkedin.com/in/isuru-uyanage/
<https://www.linkedin.com/in/isuru-uyanage/>*
On Fri, Dec 22, 2017 at 3:26 PM, Omindu Rathnaweera <omi...@wso2.com> wrote:
> Hi Isuru,
>
> [1] Has some information on setting up 'Passive STS Realm' config. The doc
> missing information on setting the 'WReply URL'. You can use something like
> below to configure passive STS in the *updateApplication* operation.
>
>
> TestSP
> passivests
>
> passiveSTSWReply
> {url}
>
>
>
>
> [1] - https://docs.wso2.com/display/IS530/Service+
> Provider+Configurations+used+with+APIs#ServiceProviderConfigurationsu
> sedwithAPIs-ConfiguringWS-Federation(passive)
>
> Regards,
> Omindu
>
>
> On Fri, Dec 22, 2017 at 2:58 PM, Isuru Uyanage <isur...@wso2.com> wrote:
>
>> Hi All,
>>
>> My requirement is to create Passive STS Web App as the Service
>> Provider[1] through Admin services. I tried searching for a relating admin
>> service as in the doc[2]. I found following.
>>
>> *IdentitySTSAdminService
>> - https://localhost:9443/services/IdentitySTSAdminService/
>> <https://localhost:9443/services/IdentitySTSAdminService/>*
>> *STSAdminService - https://localhost:9443/services/STSAdminService/
>> <https://localhost:9443/services/STSAdminService/>*
>>
>> While configuring it as the Service Provider, it needs to provide Passive
>> STS Realm and Passive STS WReply URL in Inbound Authentication
>> Configuration. But through above two admin services, I could not find the
>> related values.
>>
>> Could you kindly tell me what is the correct admin service that needs to
>> be used in order to implement above scenario? Please correct me if I have
>> missed anything in above steps.
>>
>>
>> [1] - https://docs.wso2.com/display/IS540/Testing+Passive+STS
>> [2] - https://docs.wso2.com/display/IS530/Calling+Admin+Services
>>
>>
>>
>> *Thanks and Best Regards,*
>>
>> *Isuru Uyanage*
>> *Software Engineer - QA | WSO2*
>> *Mobile : **+94 77 <+94%2077%20767%201807> 55 30752*
>> *LinkedIn: **https://www.linkedin.com/in/isuru-uyanage/
>> <https://www.linkedin.com/in/isuru-uyanage/>*
>>
>>
>>
>>
>
>
> --
> Omindu Rathnaweera
> Senior Software Engineer, WSO2 Inc.
> Mobile: +94 771 197 211 <+94%2077%20119%207211>
>
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev
[Dev] Configuring STS WebApp as the Service Provider through Admin Services
Hi All, My requirement is to create Passive STS Web App as the Service Provider[1] through Admin services. I tried searching for a relating admin service as in the doc[2]. I found following. *IdentitySTSAdminService - https://localhost:9443/services/IdentitySTSAdminService/ <https://localhost:9443/services/IdentitySTSAdminService/>* *STSAdminService - https://localhost:9443/services/STSAdminService/ <https://localhost:9443/services/STSAdminService/>* While configuring it as the Service Provider, it needs to provide Passive STS Realm and Passive STS WReply URL in Inbound Authentication Configuration. But through above two admin services, I could not find the related values. Could you kindly tell me what is the correct admin service that needs to be used in order to implement above scenario? Please correct me if I have missed anything in above steps. [1] - https://docs.wso2.com/display/IS540/Testing+Passive+STS [2] - https://docs.wso2.com/display/IS530/Calling+Admin+Services *Thanks and Best Regards,* *Isuru Uyanage* *Software Engineer - QA | WSO2* *Mobile : **+94 77 <+94%2077%20767%201807> 55 30752* *LinkedIn: **https://www.linkedin.com/in/isuru-uyanage/ <https://www.linkedin.com/in/isuru-uyanage/>* ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] Clarification on Federated Authenticators - Client IDs and Client Secrets
Hi Godwin/ Tharindu, Thank you for the explanation. Regards, Isuru *Thanks and Best Regards,* *Isuru Uyanage* *Software Engineer - QA | WSO2* *Mobile : **+94 77 <+94%2077%20767%201807> 55 30752* *LinkedIn: **https://www.linkedin.com/in/isuru-uyanage/ <https://www.linkedin.com/in/isuru-uyanage/>* On Wed, Dec 20, 2017 at 10:39 PM, Tharindu Edirisinghe <tharin...@wso2.com> wrote: > OAuth spec's section [1] doesn't mention the rules on how to generate the > client ID and secret values. What it says is the values should be URL > encoded. In that case, if it has spaces, those would be converted to %20 > and replaced the spaces, which should be OK. > > So, IMO it's totally up to the developers of the OAuth authorization > servers to decide the format of the client ID and secret. May be that's why > different OAuth providers support/doesn't support the spaces. > > [1] https://tools.ietf.org/html/rfc6749#section-2.3.1 > > On Wed, Dec 20, 2017 at 11:49 AM, Godwin Shrimal <god...@wso2.com> wrote: > >> Hi Isuru, >> >> AFAIK we don't want to allow spaces for ClientID and Secret since OAuth >> ClientID and Secret cannot have spaces. @Fara: Please confirm. >> >> Thanks >> Godwin >> >> >> On Wed, Dec 20, 2017 at 8:29 PM, Isuru Uyanage <isur...@wso2.com> wrote: >> >>> Hi All, >>> >>> When configuring external IDPs through connectors, we have client secret >>> and client ID. Some connectors like Facebook, Pinterest allows space >>> character in the client ID and service provider login is successful. >>> >>> Basecamp, Google, LinkedIn, MailChimp and etc connectors do not allow >>> spaces in the Client ID nor did in the Client Secret. >>> >>> Amazon does not allow spaces in the Client ID but it allows spaces in >>> the Client Secret. >>> >>> I want to clarify how it really should be. Shouldn't any of connectors >>> allow the space in the Client ID and Client secret? >>> >>> Any feedback would be appreciated. >>> >>> >>> *Thanks and Best Regards,* >>> >>> *Isuru Uyanage* >>> *Software Engineer - QA | WSO2* >>> *Mobile : **+94 77 <+94%2077%20767%201807> 55 30752* >>> *LinkedIn: **https://www.linkedin.com/in/isuru-uyanage/ >>> <https://www.linkedin.com/in/isuru-uyanage/>* >>> >>> >>> >>> >> >> >> -- >> *Godwin Amila Shrimal* >> Associate Technical Lead >> WSO2 Inc.; http://wso2.com >> lean.enterprise.middleware >> >> mobile: *+94772264165* >> linkedin: *https://www.linkedin.com/in/godwin-amila-2ba26844/ >> <https://www.linkedin.com/in/godwin-amila-2ba26844/>* >> twitter: https://twitter.com/godwinamila >> <http://wso2.com/signature> >> >> ___ >> Dev mailing list >> Dev@wso2.org >> http://wso2.org/cgi-bin/mailman/listinfo/dev >> >> > > > -- > > Tharindu Edirisinghe > Senior Software Engineer | WSO2 Inc > Platform Security Team > Blog : http://tharindue.blogspot.com > mobile : +94 775181586 <+94%2077%20518%201586> > ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
[Dev] Clarification on Federated Authenticators - Client IDs and Client Secrets
Hi All, When configuring external IDPs through connectors, we have client secret and client ID. Some connectors like Facebook, Pinterest allows space character in the client ID and service provider login is successful. Basecamp, Google, LinkedIn, MailChimp and etc connectors do not allow spaces in the Client ID nor did in the Client Secret. Amazon does not allow spaces in the Client ID but it allows spaces in the Client Secret. I want to clarify how it really should be. Shouldn't any of connectors allow the space in the Client ID and Client secret? Any feedback would be appreciated. *Thanks and Best Regards,* *Isuru Uyanage* *Software Engineer - QA | WSO2* *Mobile : **+94 77 <+94%2077%20767%201807> 55 30752* *LinkedIn: **https://www.linkedin.com/in/isuru-uyanage/ <https://www.linkedin.com/in/isuru-uyanage/>* ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] Configuring Yammer Authenticator
Hi Nilasini, Still, I'm getting the same error. I will try this in a 5.4.0 fresh pack. Thanks Isuru *Thanks and Best Regards,* *Isuru Uyanage* *Software Engineer - QA | WSO2* *Mobile : **+94 77 <+94%2077%20767%201807> 55 30752* *LinkedIn: **https://www.linkedin.com/in/isuru-uyanage/ <https://www.linkedin.com/in/isuru-uyanage/>* On Mon, Dec 18, 2017 at 11:48 AM, Nilasini Thirunavukkarasu < nilas...@wso2.com> wrote: > Hi Isuru, > > I also tried with IS5.4.0 GA pack, it works fine. Could you try to > download the authenticator[1] again and try?, sometimes your downloaded > authenticator may corrupted. > > > [1] https://store.wso2.com/store/assets/isconnector/ > details/0e1f0ba7-c4dc-4826-afa7-ba3adef00e7b > > > Thanks, > Nila. > > On Mon, Dec 18, 2017 at 11:24 AM, Isuru Uyanage <isur...@wso2.com> wrote: > >> Hi Omidu, >> I tried with the 5.4.0 pack. >> >> Thanks >> Isuru >> >> >> >> *Thanks and Best Regards,* >> >> *Isuru Uyanage* >> *Software Engineer - QA | WSO2* >> *Mobile : **+94 77 <+94%2077%20767%201807> 55 30752* >> *LinkedIn: **https://www.linkedin.com/in/isuru-uyanage/ >> <https://www.linkedin.com/in/isuru-uyanage/>* >> >> >> >> >> On Mon, Dec 18, 2017 at 11:16 AM, Omindu Rathnaweera <omi...@wso2.com> >> wrote: >> >>> Hi Isuru, >>> >>> What's the IS version you are trying this with ? I tried with a 5.4.0 >>> and server started up just fine and could see the authenticator configs in >>> IDP UI. >>> >>> Regards, >>> Omindu. >>> >>> On Mon, Dec 18, 2017 at 10:58 AM, Isuru Uyanage <isur...@wso2.com> >>> wrote: >>> >>>> Hi All, >>>> >>>> I'm trying to set up Yammer as the federated authenticator[1]. Once the >>>> authenticator >>>> .jar file is placed in /repository/components/dropins directory >>>> and restarted the IS, the following error is printed. >>>> >>>> java.lang.NoClassDefFoundError: org/wso2/carbon/identity/authe >>>> nticator/YammerOAuth2Authenticator >>>> >>>> at org.wso2.carbon.identity.authenticator.internal.YammerAuthen >>>> ticatorServiceComponent.activate(YammerAuthenticatorServiceC >>>> omponent.java:39) >>>> >>>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) >>>> >>>> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAcce >>>> ssorImpl.java:62) >>>> >>>> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMe >>>> thodAccessorImpl.java:43) >>>> >>>> at java.lang.reflect.Method.invoke(Method.java:498) >>>> >>>> at org.eclipse.equinox.internal.ds.model.ServiceComponent.activ >>>> ate(ServiceComponent.java:260) >>>> >>>> at org.eclipse.equinox.internal.ds.model.ServiceComponentProp.a >>>> ctivate(ServiceComponentProp.java:146) >>>> >>>> at org.eclipse.equinox.internal.ds.model.ServiceComponentProp.b >>>> uild(ServiceComponentProp.java:345) >>>> >>>> at org.eclipse.equinox.internal.ds.InstanceProcess.buildCompone >>>> nt(InstanceProcess.java:620) >>>> >>>> at org.eclipse.equinox.internal.ds.InstanceProcess.buildCompone >>>> nts(InstanceProcess.java:197) >>>> >>>> at org.eclipse.equinox.internal.ds.Resolver.buildNewlySatisfied >>>> (Resolver.java:473) >>>> >>>> at org.eclipse.equinox.internal.ds.Resolver.enableComponents(Re >>>> solver.java:217) >>>> >>>> at org.eclipse.equinox.internal.ds.SCRManager.performWork(SCRMa >>>> nager.java:816) >>>> >>>> at org.eclipse.equinox.internal.ds.SCRManager$QueuedJob.dispatc >>>> h(SCRManager.java:783) >>>> >>>> at org.eclipse.equinox.internal.ds.WorkThread.run(WorkThread.java:89) >>>> >>>> at java.lang.Thread.run(Thread.java:748) >>>> >>>> Caused by: java.lang.ClassNotFoundException: >>>> org.wso2.carbon.identity.authenticator.YammerOAuth2Authenticator >>>> cannot be found by org.wso2.carbon.identity.authenticator.yammer_1.0.0 >>>> >>>> at org.eclipse.osgi.internal.loader.BundleLoader.findClassInter >>>> nal(BundleLoader.java:455) >>>> >>>> at org.eclipse.osgi.internal.loader.BundleLoader.findClass(Bund >>>> leLoader.java:421)
Re: [Dev] Configuring Yammer Authenticator
Hi Omidu, I tried with the 5.4.0 pack. Thanks Isuru *Thanks and Best Regards,* *Isuru Uyanage* *Software Engineer - QA | WSO2* *Mobile : **+94 77 <+94%2077%20767%201807> 55 30752* *LinkedIn: **https://www.linkedin.com/in/isuru-uyanage/ <https://www.linkedin.com/in/isuru-uyanage/>* On Mon, Dec 18, 2017 at 11:16 AM, Omindu Rathnaweera <omi...@wso2.com> wrote: > Hi Isuru, > > What's the IS version you are trying this with ? I tried with a 5.4.0 and > server started up just fine and could see the authenticator configs in IDP > UI. > > Regards, > Omindu. > > On Mon, Dec 18, 2017 at 10:58 AM, Isuru Uyanage <isur...@wso2.com> wrote: > >> Hi All, >> >> I'm trying to set up Yammer as the federated authenticator[1]. Once the >> authenticator >> .jar file is placed in /repository/components/dropins directory >> and restarted the IS, the following error is printed. >> >> java.lang.NoClassDefFoundError: org/wso2/carbon/identity/authe >> nticator/YammerOAuth2Authenticator >> >> at org.wso2.carbon.identity.authenticator.internal.YammerAuthen >> ticatorServiceComponent.activate(YammerAuthenticatorSe >> rviceComponent.java:39) >> >> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) >> >> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAcce >> ssorImpl.java:62) >> >> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMe >> thodAccessorImpl.java:43) >> >> at java.lang.reflect.Method.invoke(Method.java:498) >> >> at org.eclipse.equinox.internal.ds.model.ServiceComponent.activ >> ate(ServiceComponent.java:260) >> >> at org.eclipse.equinox.internal.ds.model.ServiceComponentProp.a >> ctivate(ServiceComponentProp.java:146) >> >> at org.eclipse.equinox.internal.ds.model.ServiceComponentProp.b >> uild(ServiceComponentProp.java:345) >> >> at org.eclipse.equinox.internal.ds.InstanceProcess.buildCompone >> nt(InstanceProcess.java:620) >> >> at org.eclipse.equinox.internal.ds.InstanceProcess.buildCompone >> nts(InstanceProcess.java:197) >> >> at org.eclipse.equinox.internal.ds.Resolver.buildNewlySatisfied >> (Resolver.java:473) >> >> at org.eclipse.equinox.internal.ds.Resolver.enableComponents(Re >> solver.java:217) >> >> at org.eclipse.equinox.internal.ds.SCRManager.performWork(SCRMa >> nager.java:816) >> >> at org.eclipse.equinox.internal.ds.SCRManager$QueuedJob.dispatc >> h(SCRManager.java:783) >> >> at org.eclipse.equinox.internal.ds.WorkThread.run(WorkThread.java:89) >> >> at java.lang.Thread.run(Thread.java:748) >> >> Caused by: java.lang.ClassNotFoundException: >> org.wso2.carbon.identity.authenticator.YammerOAuth2Authenticator cannot >> be found by org.wso2.carbon.identity.authenticator.yammer_1.0.0 >> >> at org.eclipse.osgi.internal.loader.BundleLoader.findClassInter >> nal(BundleLoader.java:455) >> >> at org.eclipse.osgi.internal.loader.BundleLoader.findClass(Bund >> leLoader.java:421) >> >> at org.eclipse.osgi.internal.loader.BundleLoader.findClass(Bund >> leLoader.java:412) >> >> at org.eclipse.osgi.internal.baseadaptor.DefaultClassLoader. >> loadClass(DefaultClassLoader.java:107) >> >> at java.lang.ClassLoader.loadClass(ClassLoader.java:357) >> >> >> >> >> >> [1] - https://docs.wso2.com/display/ISCONNECTORS/Configuring+ >> Yammer+Authenticator >> >> >> Any thoughts about this would be appreciated. >> >> >> >> >> *Thanks and Best Regards,* >> >> *Isuru Uyanage* >> *Software Engineer - QA | WSO2* >> *Mobile : **+94 77 <+94%2077%20767%201807> 55 30752* >> *LinkedIn: **https://www.linkedin.com/in/isuru-uyanage/ >> <https://www.linkedin.com/in/isuru-uyanage/>* >> >> >> >> > > > -- > Omindu Rathnaweera > Senior Software Engineer, WSO2 Inc. > Mobile: +94 771 197 211 <+94%2077%20119%207211> > ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
[Dev] Configuring Yammer Authenticator
Hi All, I'm trying to set up Yammer as the federated authenticator[1]. Once the authenticator .jar file is placed in /repository/components/dropins directory and restarted the IS, the following error is printed. java.lang.NoClassDefFoundError: org/wso2/carbon/identity/authenticator/YammerOAuth2Authenticator at org.wso2.carbon.identity.authenticator.internal.YammerAuthenticatorServiceComponent.activate(YammerAuthenticatorServiceComponent.java:39) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.eclipse.equinox.internal.ds.model.ServiceComponent.activate(ServiceComponent.java:260) at org.eclipse.equinox.internal.ds.model.ServiceComponentProp.activate(ServiceComponentProp.java:146) at org.eclipse.equinox.internal.ds.model.ServiceComponentProp.build(ServiceComponentProp.java:345) at org.eclipse.equinox.internal.ds.InstanceProcess.buildComponent(InstanceProcess.java:620) at org.eclipse.equinox.internal.ds.InstanceProcess.buildComponents(InstanceProcess.java:197) at org.eclipse.equinox.internal.ds.Resolver.buildNewlySatisfied(Resolver.java:473) at org.eclipse.equinox.internal.ds.Resolver.enableComponents(Resolver.java:217) at org.eclipse.equinox.internal.ds.SCRManager.performWork(SCRManager.java:816) at org.eclipse.equinox.internal.ds.SCRManager$QueuedJob.dispatch(SCRManager.java:783) at org.eclipse.equinox.internal.ds.WorkThread.run(WorkThread.java:89) at java.lang.Thread.run(Thread.java:748) Caused by: java.lang.ClassNotFoundException: org.wso2.carbon.identity.authenticator.YammerOAuth2Authenticator cannot be found by org.wso2.carbon.identity.authenticator.yammer_1.0.0 at org.eclipse.osgi.internal.loader.BundleLoader.findClassInternal(BundleLoader.java:455) at org.eclipse.osgi.internal.loader.BundleLoader.findClass(BundleLoader.java:421) at org.eclipse.osgi.internal.loader.BundleLoader.findClass(BundleLoader.java:412) at org.eclipse.osgi.internal.baseadaptor.DefaultClassLoader.loadClass(DefaultClassLoader.java:107) at java.lang.ClassLoader.loadClass(ClassLoader.java:357) [1] - https://docs.wso2.com/display/ISCONNECTORS/Configuring+Yammer+Authenticator Any thoughts about this would be appreciated. *Thanks and Best Regards,* *Isuru Uyanage* *Software Engineer - QA | WSO2* *Mobile : **+94 77 <+94%2077%20767%201807> 55 30752* *LinkedIn: **https://www.linkedin.com/in/isuru-uyanage/ <https://www.linkedin.com/in/isuru-uyanage/>* ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] Login to Identity Server using another Identity Server - OAuth2
Hi Nilasini/Hasanthi, Thank you for the clarification. Thanks, Isuru *Thanks and Best Regards,* *Isuru Uyanage* *Software Engineer - QA | WSO2* *Mobile : **+94 77 <+94%2077%20767%201807> 55 30752* *LinkedIn: **https://www.linkedin.com/in/isuru-uyanage/ <https://www.linkedin.com/in/isuru-uyanage/>* On Fri, Dec 15, 2017 at 2:26 PM, Nilasini Thirunavukkarasu < nilas...@wso2.com> wrote: > Created a documentation jira[1] to track this. > > > [1] https://wso2.org/jira/browse/DOCUMENTATION-7409 > > On Fri, Dec 15, 2017 at 2:07 PM, Nilasini Thirunavukkarasu < > nilas...@wso2.com> wrote: > >> Hi Isuru, >> >> Actual steps must be. >> >> 1) create a sp(sp name:-sample) in second one(9444) >> 2) create a sp(spname:- playground) in the first one(9443) >> 3) create an IDP in the first one(9443) by giving the second one(9444) >> authorization endpoint and etc as mentioned in the doc. Also fill the >> client_id & secret from the second one's(9444) SP you got by the step 1. >> >> >> Documentation is only mention about one service provider. We need to >> correct it. I will create a doc jira for that >> >> >> Thanks, >> Nila. >> >> >> On Fri, Dec 15, 2017 at 1:23 PM, Isuru Uyanage <isur...@wso2.com> wrote: >> >>> Hi All, >>> >>> I'm trying to login to Identity Server using another Identity Server. I >>> followed doc[1]. >>> It has been asked to follow the below steps. >>> >>>- Configure an IDP(Idp9443) in Identity Server1. >>>- Configure an SP(SP9444) in Identity Server2. >>>- In the second Identity Server, in Service Provider Configuration, >>>select Idp9443, which is created in first IS, as the federated >>>authenticator in Local and Outbound Authentication Configuration. >>> >>> >>> My question is it only displays the IDPs created in its own Identity >>> Server in Service Provider/Outbound Authentication Configuration. We >>> created the IDP in IS1. How is it going to be displayed in Federated >>> Authenticators in IS2? >>> >>> It would be highly appreciated if these steps can be verified and >>> specify if I have missed any configuration step here. >>> >>> [1]- https://docs.wso2.com/display/IS540/Login+to+Identity+S >>> erver+using+another+Identity+Server+-+OAuth2 >>> >>> >>> >>> *Thanks and Best Regards,* >>> >>> *Isuru Uyanage* >>> *Software Engineer - QA | WSO2* >>> *Mobile : **+94 77 <+94%2077%20767%201807> 55 30752* >>> *LinkedIn: **https://www.linkedin.com/in/isuru-uyanage/ >>> <https://www.linkedin.com/in/isuru-uyanage/>* >>> >>> >>> >>> >> >> >> -- >> Nilasini Thirunavukkarasu >> Software Engineer - WSO2 >> >> Email : nilas...@wso2.com >> Mobile : +94775241823 <+94%2077%20524%201823> >> Web : http://wso2.com/ >> >> >> <http://wso2.com/signature> >> > > > > -- > Nilasini Thirunavukkarasu > Software Engineer - WSO2 > > Email : nilas...@wso2.com > Mobile : +94775241823 <+94%2077%20524%201823> > Web : http://wso2.com/ > > > <http://wso2.com/signature> > ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
[Dev] Login to Identity Server using another Identity Server - OAuth2
Hi All, I'm trying to login to Identity Server using another Identity Server. I followed doc[1]. It has been asked to follow the below steps. - Configure an IDP(Idp9443) in Identity Server1. - Configure an SP(SP9444) in Identity Server2. - In the second Identity Server, in Service Provider Configuration, select Idp9443, which is created in first IS, as the federated authenticator in Local and Outbound Authentication Configuration. My question is it only displays the IDPs created in its own Identity Server in Service Provider/Outbound Authentication Configuration. We created the IDP in IS1. How is it going to be displayed in Federated Authenticators in IS2? It would be highly appreciated if these steps can be verified and specify if I have missed any configuration step here. [1]- https://docs.wso2.com/display/IS540/Login+to+Identity+Server+using+another+Identity+Server+-+OAuth2 *Thanks and Best Regards,* *Isuru Uyanage* *Software Engineer - QA | WSO2* *Mobile : **+94 77 <+94%2077%20767%201807> 55 30752* *LinkedIn: **https://www.linkedin.com/in/isuru-uyanage/ <https://www.linkedin.com/in/isuru-uyanage/>* ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] Federated authenticators - Connectors and protocols
Hi Shavindri, Yes, that is the exact requirement. Thanks Isuru *Thanks and Best Regards,* *Isuru Uyanage* *Software Engineer - QA | WSO2* *Mobile : **+94 77 <+94%2077%20767%201807> 55 30752* *LinkedIn: **https://www.linkedin.com/in/isuru-uyanage/ <https://www.linkedin.com/in/isuru-uyanage/>* On Wed, Dec 13, 2017 at 9:56 AM, Shavindri Dissanayake <shavin...@wso2.com> wrote: > Hi Isuru, Godwin, and Hasanthi, > > Thank you, for the info. > To ensure I have got the requirement clear: We need to update docs for > each connector in [1] and mention the underlying protocol they use? > > [1] https://docs.wso2.com/display/ISCONNECTORS/ > Authenticators+and+Connectors > ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] SP-SAML & Idp-OIDC
Hi Farasath,
Thank you for the reply. I tried this with Google Authentication pointing
to correct Authorization Endpoint URL & Token Endpoint URL using OIDC.
Ignore the previous reply.
It worked.
Thanks
Isuru
*Thanks and Best Regards,*
*Isuru Uyanage*
*Software Engineer - QA | WSO2*
*Mobile : **+94 77 <+94%2077%20767%201807> 55 30752*
*LinkedIn: **https://www.linkedin.com/in/isuru-uyanage/
<https://www.linkedin.com/in/isuru-uyanage/>*
On Tue, Dec 12, 2017 at 9:36 AM, Isuru Uyanage <isur...@wso2.com> wrote:
> Hi Farasath,
>
> I followed this doc[1] and it is said that they are the standard OAuth
> Authorization Endpoint URL and standard Token Endpoint URL. Is there any
> specific value that I should change these values to other than the
> following.
>
> Authorization Endpoint URL - https://localhost:9443/oauth2/authorize/
> Token Endpoint URL - https://localhost:9443/oauth2/token/
>
>
> [1] - https://docs.wso2.com/display/IS530/Configuring+
> OAuth2-OpenID+Connect
> Step 5
>
>
> Thanks
> Isuru
>
> *Thanks and Best Regards,*
>
> *Isuru Uyanage*
> *Software Engineer - QA | WSO2*
> *Mobile : **+94 77 <+94%2077%20767%201807> 55 30752*
> *LinkedIn: **https://www.linkedin.com/in/isuru-uyanage/
> <https://www.linkedin.com/in/isuru-uyanage/>*
>
>
>
>
> On Mon, Dec 11, 2017 at 10:20 PM, Farasath Ahamed <farasa...@wso2.com>
> wrote:
>
>> Token URL and Authorization URL are not pointing to LinkedIn endpoints.
>> Seems like thats the issue.
>>
>> Can you change the token and authorization endpoint urls to linkedIn
>> specific values anf retry the scenario?
>>
>>
>> On Monday, December 11, 2017, Isuru Uyanage <isur...@wso2.com> wrote:
>>
>>> Hi All,
>>>
>>> I'm trying to implement scenario 11 in the doc[1]. I followed following
>>> steps.
>>>
>>>- Configured Google as the Service Provider(SAML)
>>>- Configured LinkedIn as the external Identity Provider(Open ID
>>>Connect) - refer the configuration in the attached image ->
>>>LinkedInConfig.png
>>>- Google SP's Authentication Type is set to Federated Authentication
>>>- LinkedIn.
>>>
>>> Once I tried to log in to *mail.google.com <http://mail.google.com>*
>>> with the relavant email address, it does not redirect me to
>>> LinkedIn.Instead, it gives the following error in the Browser.
>>>
>>> {"error_description":"A valid OAuth client could not be found for
>>> client_id: 126217798160084","error":"invalid_client"}
>>>
>>> I tried the same scenario by configuring Facebook as the Identity
>>> Provider using OIDC. I got the same abouve result.
>>> Once these are configured through the relevant connectors, they work
>>> well.
>>>
>>> Any thoughts on this issue are highly appreciated.
>>>
>>>
>>> [1] - https://medium.facilelogin.com/thirty-solution-patterns-wi
>>> th-the-wso2-identity-server-16f9fd0c0389
>>>
>>> *Thanks and Best Regards,*
>>>
>>> *Isuru Uyanage*
>>> *Software Engineer - QA | WSO2*
>>> *Mobile : **+94 77 <+94%2077%20767%201807> 55 30752*
>>> *LinkedIn: **https://www.linkedin.com/in/isuru-uyanage/
>>> <https://www.linkedin.com/in/isuru-uyanage/>*
>>>
>>>
>>>
>>>
>>
>> --
>> Farasath Ahamed
>> Senior Software Engineer, WSO2 Inc.; http://wso2.com
>> Mobile: +94777603866
>> Blog: blog.farazath.com
>> Twitter: @farazath619 <https://twitter.com/farazath619>
>> <http://wso2.com/signature>
>>
>>
>>
>>
>>
>
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] SP-SAML & Idp-OIDC
Hi Farasath,
I followed this doc[1] and it is said that they are the standard OAuth
Authorization Endpoint URL and standard Token Endpoint URL. Is there any
specific value that I should change these values to other than the
following.
Authorization Endpoint URL - https://localhost:9443/oauth2/authorize/
Token Endpoint URL - https://localhost:9443/oauth2/token/
[1] - https://docs.wso2.com/display/IS530/Configuring+OAuth2-OpenID+Connect
Step 5
Thanks
Isuru
*Thanks and Best Regards,*
*Isuru Uyanage*
*Software Engineer - QA | WSO2*
*Mobile : **+94 77 <+94%2077%20767%201807> 55 30752*
*LinkedIn: **https://www.linkedin.com/in/isuru-uyanage/
<https://www.linkedin.com/in/isuru-uyanage/>*
On Mon, Dec 11, 2017 at 10:20 PM, Farasath Ahamed <farasa...@wso2.com>
wrote:
> Token URL and Authorization URL are not pointing to LinkedIn endpoints.
> Seems like thats the issue.
>
> Can you change the token and authorization endpoint urls to linkedIn
> specific values anf retry the scenario?
>
>
> On Monday, December 11, 2017, Isuru Uyanage <isur...@wso2.com> wrote:
>
>> Hi All,
>>
>> I'm trying to implement scenario 11 in the doc[1]. I followed following
>> steps.
>>
>>- Configured Google as the Service Provider(SAML)
>>- Configured LinkedIn as the external Identity Provider(Open ID
>>Connect) - refer the configuration in the attached image ->
>>LinkedInConfig.png
>>- Google SP's Authentication Type is set to Federated Authentication
>>- LinkedIn.
>>
>> Once I tried to log in to *mail.google.com <http://mail.google.com>*
>> with the relavant email address, it does not redirect me to
>> LinkedIn.Instead, it gives the following error in the Browser.
>>
>> {"error_description":"A valid OAuth client could not be found for
>> client_id: 126217798160084","error":"invalid_client"}
>>
>> I tried the same scenario by configuring Facebook as the Identity
>> Provider using OIDC. I got the same abouve result.
>> Once these are configured through the relevant connectors, they work
>> well.
>>
>> Any thoughts on this issue are highly appreciated.
>>
>>
>> [1] - https://medium.facilelogin.com/thirty-solution-patterns-wi
>> th-the-wso2-identity-server-16f9fd0c0389
>>
>> *Thanks and Best Regards,*
>>
>> *Isuru Uyanage*
>> *Software Engineer - QA | WSO2*
>> *Mobile : **+94 77 <+94%2077%20767%201807> 55 30752*
>> *LinkedIn: **https://www.linkedin.com/in/isuru-uyanage/
>> <https://www.linkedin.com/in/isuru-uyanage/>*
>>
>>
>>
>>
>
> --
> Farasath Ahamed
> Senior Software Engineer, WSO2 Inc.; http://wso2.com
> Mobile: +94777603866
> Blog: blog.farazath.com
> Twitter: @farazath619 <https://twitter.com/farazath619>
> <http://wso2.com/signature>
>
>
>
>
>
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev
[Dev] Configuring Email OTP - Step 2 - Configure the EmailOTP provider, Step 12 - Error
Hi All,
I'm trying to implement Configuring Email OPT scenario and followed upto
*Step2* - Step 12 mentioned in the doc [1]. In *Step 2 - Configure the
EmailOTP provider, *step 12, I tried executing the mentioned curl command
in the doc replacing my client id, client secret, and authorization_code.
curl -v -X POST --basic -u : -H "Content-Type:
application/x-www-form-urlencoded;charset=UTF-8" -k -d
"grant_type=authorization_code=_uri=
https://localhost:9443/commonauth; <https://localhost:9443/commonauth>
https://www.googleapis.com/oauth2/v3/token
curl -v -X POST --basic -u 854665841399
-l13g81ri4q98elpen1i1uhsdjulhp7ha.apps.googleusercontent.com:MK3h4fhSUT-aCTtSquMB3Vll
-H "Content-Type: application/x-www-form-urlencoded;charset=UTF-8" -k -d
"grant_type=authorization_code=4/KEDlA2KjGtib4KlyzaKzVNuDfvAmFZ10T82usT-6llY#_uri=
https://localhost:9443/commonauth; <https://localhost:9443/commonauth>
https://www.googleapis.com/oauth2/v3/token
I get the following error.
Trying 74.125.24.95...
* TCP_NODELAY set
* Connected to www.googleapis.com (74.125.24.95) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* Cipher selection:
ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
* CAfile: /etc/ssl/cert.pem
CApath: none
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Client hello (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS change cipher, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-ECDSA-AES128-GCM-SHA256
* ALPN, server accepted to use h2
* Server certificate:
* subject: C=US; ST=California; L=Mountain View; O=Google Inc; CN=*.
googleapis.com
* start date: Dec 5 09:28:00 2017 GMT
* expire date: Feb 27 09:28:00 2018 GMT
* issuer: C=US; O=Google Inc; CN=Google Internet Authority G2
* SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade:
len=0
* Server auth using Basic with user '
437826768736-gs2r8gf418g7drt019s5hi8gt0q1ni4p.apps.googleusercontent.com'
* Using Stream ID: 1 (easy handle 0x7fb6a4805400)
> POST /oauth2/v3/token HTTP/2
> Host: www.googleapis.com
> Authorization: Basic
NDM3ODI2NzY4NzM2LWdzMnI4Z2Y0MThnN2RydDAxOXM1aGk4Z3QwcTFuaTRwLmFwcHMuZ29vZ2xldXNlcmNvbnRlbnQuY29tOndBOEJPTzVJby0zX3dkUGdfQ2tqNkpqdA==
> User-Agent: curl/7.54.0
> Accept: */*
> Content-Type: application/x-www-form-urlencoded;charset=UTF-8
> Content-Length: 128
>
* Connection state changed (MAX_CONCURRENT_STREAMS updated)!
* We are completely uploaded and fine
< HTTP/2 400
< vary: X-Origin
< vary: Origin,Accept-Encoding
< content-type: application/json; charset=UTF-8
< date: Mon, 11 Dec 2017 13:30:01 GMT
< expires: Mon, 11 Dec 2017 13:30:01 GMT
< cache-control: private, max-age=0
< x-content-type-options: nosniff
< x-frame-options: SAMEORIGIN
< x-xss-protection: 1; mode=block
< server: GSE
< alt-svc: hq=":443"; ma=2592000; quic=51303431; quic=51303339;
quic=51303338; quic=51303337; quic=51303335,quic=":443"; ma=2592000;
v="41,39,38,37,35"
< accept-ranges: none
<
{
"error": "invalid_grant",
"error_description": "Bad Request"
}
* Connection #0 to host www.googleapis.com left intact
Could you please help me with this.
[1] - https://docs.wso2.com/display/IS530/Configuring+Email+OTP
*Thanks and Best Regards,*
*Isuru Uyanage*
*Software Engineer - QA | WSO2*
*Mobile : **+94 77 <+94%2077%20767%201807> 55 30752*
*LinkedIn: **https://www.linkedin.com/in/isuru-uyanage/
<https://www.linkedin.com/in/isuru-uyanage/>*
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev
[Dev] Register Google as Idp and SP
Hi All, I have a Travelocity app configured as a Service Provider and the external Idp is Google. When I'm trying to login to Travelocity with any usual Gmail credentials it works successfully. Further, I have configured Google as a Service Provider(in the same IS) for a specific domain(xyz.com). And for that SP, the Idp is configured as Facebook. Now, If I try to login to Travelocity from an email address which belongs to the specific domain(testu...@xyz.com), it redirects to the Facebook for authentication. With correct Facebook credentials, it successfully logins to the Travelocity app. I want to clarify if this behavior is correct. Any feedback would be appreciated. *Thanks and Best Regards,* *Isuru Uyanage* *Software Engineer - QA | WSO2* *Mobile : **+94 77 <+94%2077%20767%201807> 55 30752* *LinkedIn: **https://www.linkedin.com/in/isuru-uyanage/ <https://www.linkedin.com/in/isuru-uyanage/>* ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] Login to Identity Server using Instagram credentials
Hi All,
I created a JIRA for this.
https://wso2.org/jira/browse/IDENTITY-7087
Thanks,
Isuru
*Thanks and Best Regards,*
*Isuru Uyanage*
*Software Engineer - QA | WSO2*
*Mobile : **+94 77 <+94%2077%20767%201807> 55 30752*
*LinkedIn: **https://www.linkedin.com/in/isuru-uyanage/
<https://www.linkedin.com/in/isuru-uyanage/>*
On Thu, Dec 7, 2017 at 4:58 PM, Isuru Uyanage <isur...@wso2.com> wrote:
> Hi All,
>
> I have configured Travelocity app as the service provider and I need to
> log in with Instagram credentials. I followed doc[1].
>
> Once trying to login to Travelocity, it is successfully navigated to the
> Instagram page for credentials. Once the correct credentials are entered,
> I'm getting the below error in the server.
>
>
> *ERROR
> {org.wso2.carbon.identity.application.authentication.framework.handler.step.impl.DefaultStepHandler}
> - invalid_request, Missing parameters: access_token*
>
> *org.wso2.carbon.identity.application.authentication.framework.exception.AuthenticationFailedException:
> invalid_request, Missing parameters: access_token*
>
> * at
> org.wso2.carbon.identity.authenticator.instagram.InstagramAuthenticator.getOauthResponse(InstagramAuthenticator.java:256)*
>
> * at
> org.wso2.carbon.identity.authenticator.instagram.InstagramAuthenticator.processAuthenticationResponse(InstagramAuthenticator.java:173)*
>
> * at
> org.wso2.carbon.identity.application.authentication.framework.AbstractApplicationAuthenticator.process(AbstractApplicationAuthenticator.java:72)*
>
> * at
> org.wso2.carbon.identity.authenticator.instagram.InstagramAuthenticator.process(InstagramAuthenticator.java:135)*
>
> * at
> org.wso2.carbon.identity.application.authentication.framework.handler.step.impl.DefaultStepHandler.doAuthentication(DefaultStepHandler.java:487)*
>
> * at
> org.wso2.carbon.identity.application.authentication.framework.handler.step.impl.DefaultStepHandler.handleResponse(DefaultStepHandler.java:461)*
>
> * at
> org.wso2.carbon.identity.application.authentication.framework.handler.step.impl.DefaultStepHandler.handle(DefaultStepHandler.java:164)*
>
> * at
> org.wso2.carbon.identity.application.authentication.framework.handler.sequence.impl.DefaultStepBasedSequenceHandler.handle(DefaultStepBasedSequenceHandler.java:176)*
>
> * at
> org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultAuthenticationRequestHandler.handle(DefaultAuthenticationRequestHandler.java:132)*
>
> * at
> org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultRequestCoordinator.handle(DefaultRequestCoordinator.java:145)*
>
> * at
> org.wso2.carbon.identity.application.authentication.framework.servlet.CommonAuthenticationServlet.doPost(CommonAuthenticationServlet.java:53)*
>
> * at
> org.wso2.carbon.identity.application.authentication.framework.servlet.CommonAuthenticationServlet.doGet(CommonAuthenticationServlet.java:43)*
>
> * at javax.servlet.http.HttpServlet.service(HttpServlet.java:624)*
>
> * at javax.servlet.http.HttpServlet.service(HttpServlet.java:731)*
>
> * at
> org.eclipse.equinox.http.helper.ContextPathServletAdaptor.service(ContextPathServletAdaptor.java:37)*
>
> * at
> org.eclipse.equinox.http.servlet.internal.ServletRegistration.service(ServletRegistration.java:61)*
>
> * at
> org.eclipse.equinox.http.servlet.internal.ProxyServlet.processAlias(ProxyServlet.java:128)*
>
> * at
> org.eclipse.equinox.http.servlet.internal.ProxyServlet.service(ProxyServlet.java:60)*
>
> * at javax.servlet.http.HttpServlet.service(HttpServlet.java:731)*
>
> * at
> org.wso2.carbon.tomcat.ext.servlet.DelegationServlet.service(DelegationServlet.java:68)*
>
> * at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303)*
>
> * at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)*
>
> * at
> org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)*
>
> * at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)*
>
> * at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)*
>
> * at
> org.wso2.carbon.identity.captcha.filter.CaptchaFilter.doFilter(CaptchaFilter.java:76)*
>
> * at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)*
>
> * at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)*
>
> * at org.owasp.csrfguard.CsrfGuardFilter.doFilter(CsrfGuardFilter.java:88)*
>
> * at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChai
[Dev] Login to Identity Server using Instagram credentials
)*
* at
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:506)*
* at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:169)*
* at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)*
* at
org.wso2.carbon.identity.context.rewrite.valve.TenantContextRewriteValve.invoke(TenantContextRewriteValve.java:80)*
* at
org.wso2.carbon.identity.authz.valve.AuthorizationValve.invoke(AuthorizationValve.java:91)*
* at
org.wso2.carbon.identity.auth.valve.AuthenticationValve.invoke(AuthenticationValve.java:60)*
* at
org.wso2.carbon.tomcat.ext.valves.CompositeValve.continueInvocation(CompositeValve.java:99)*
* at
org.wso2.carbon.tomcat.ext.valves.CarbonTomcatValve$1.invoke(CarbonTomcatValve.java:47)*
* at
org.wso2.carbon.webapp.mgt.TenantLazyLoaderValve.invoke(TenantLazyLoaderValve.java:57)*
* at
org.wso2.carbon.tomcat.ext.valves.TomcatValveContainer.invokeValves(TomcatValveContainer.java:47)*
* at
org.wso2.carbon.tomcat.ext.valves.CompositeValve.invoke(CompositeValve.java:62)*
* at
org.wso2.carbon.tomcat.ext.valves.CarbonStuckThreadDetectionValve.invoke(CarbonStuckThreadDetectionValve.java:159)*
* at
org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:962)*
* at
org.wso2.carbon.tomcat.ext.valves.CarbonContextCreatorValve.invoke(CarbonContextCreatorValve.java:57)*
* at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)*
* at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:445)*
* at
org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1115)*
* at
org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:637)*
* at
org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1775)*
* at
org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1734)*
* at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)*
* at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)*
* at
org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)*
* at java.lang.Thread.run(Thread.java:748)*
*Caused by: OAuthProblemException{error='invalid_request',
description='Missing parameters: access_token', uri='null', state='null',
scope='null', redirectUri='null', responseStatus=0, parameters={}}*
* at
org.apache.oltu.oauth2.common.exception.OAuthProblemException.error(OAuthProblemException.java:59)*
* at
org.apache.oltu.oauth2.common.utils.OAuthUtils.handleOAuthProblemException(OAuthUtils.java:167)*
* at
org.apache.oltu.oauth2.common.utils.OAuthUtils.handleMissingParameters(OAuthUtils.java:185)*
* at
org.apache.oltu.oauth2.client.validator.OAuthClientValidator.validateRequiredParameters(OAuthClientValidator.java:90)*
* at
org.apache.oltu.oauth2.client.validator.OAuthClientValidator.validateParameters(OAuthClientValidator.java:53)*
* at
org.apache.oltu.oauth2.client.validator.OAuthClientValidator.validate(OAuthClientValidator.java:49)*
* at
org.apache.oltu.oauth2.client.response.OAuthClientResponse.validate(OAuthClientResponse.java:64)*
* at
org.apache.oltu.oauth2.client.response.OAuthClientResponse.init(OAuthClientResponse.java:59)*
* at
org.apache.oltu.oauth2.client.response.OAuthAccessTokenResponse.init(OAuthAccessTokenResponse.java:52)*
* at
org.apache.oltu.oauth2.client.response.OAuthClientResponseFactory.createCustomResponse(OAuthClientResponseFactory.java:60)*
* at
org.apache.oltu.oauth2.client.URLConnectionClient.execute(URLConnectionClient.java:111)*
* at
org.apache.oltu.oauth2.client.OAuthClient.accessToken(OAuthClient.java:65)*
* at
org.apache.oltu.oauth2.client.OAuthClient.accessToken(OAuthClient.java:55)*
* at
org.apache.oltu.oauth2.client.OAuthClient.accessToken(OAuthClient.java:71)*
* at
org.wso2.carbon.identity.authenticator.instagram.InstagramAuthenticator.getOauthResponse(InstagramAuthenticator.java:252)*
Other than the configurations in the document[1], I have enabled
emailasusername in the carbon.xml.
Any help to solve this issue is appreciated.
[1] -
https://docs.wso2.com/display/ISCONNECTORS/Configuring+Instagram+Authenticator
*Thanks and Best Regards,*
*Isuru Uyanage*
*Software Engineer - QA | WSO2*
*Mobile : **+94 77 <+94%2077%20767%201807> 55 30752*
*LinkedIn: **https://www.linkedin.com/in/isuru-uyanage/
<https://www.linkedin.com/in/isuru-uyanage/>*
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] [APIM]Cannot login to APIM Management console with admin credentials
Hi Irham, Yes it worked with *carbon/** with java build 1.8.0_144-b01. Thanks Isuru *Thanks and Best Regards,* *Isuru Uyanage* *Software Engineer - QA | WSO2* *Mobile : **+94 77 <+94%2077%20767%201807> 55 30752* *LinkedIn: **https://www.linkedin.com/in/isuru-uyanage/ <https://www.linkedin.com/in/isuru-uyanage/>* On Fri, Nov 24, 2017 at 7:56 AM, Irham Iqbal <iq...@wso2.com> wrote: > Hi Isuru, > > The reason for the issue your facing is the request is not going > for /carbon/admin/* IMO if you making it /carbon/* it should work. > > Thanks, > Iqbal > > On Thu, Nov 23, 2017 at 8:20 PM, Bhathiya Jayasekara <bhath...@wso2.com> > wrote: > >> Hi Roshan, >> >> No, that's not a public thread. >> >> Here[1] is the original bug. >> >> @Isuru: Make sure you don't have the previous version in your PATH >> variable. >> >> [1] https://bugs.openjdk.java.net/browse/JDK-8189789 >> >> Thanks, >> Bhathiya >> >> On Thu, Nov 23, 2017 at 4:30 PM, Isuru Uyanage <isur...@wso2.com> wrote: >> >>> Hi All, >>> I downgraded Java to (build 1.8.0_144-b01) and restarted the APIM 2.1.0 >>> >>> But still, I'm getting the same error. Any thoughts about this. >>> >>> *Thanks and Best Regards,* >>> >>> *Isuru Uyanage* >>> *Software Engineer - QA | WSO2* >>> *Mobile : **+94 77 <+94%2077%20767%201807> 55 30752* >>> *LinkedIn: **https://www.linkedin.com/in/isuru-uyanage/ >>> <https://www.linkedin.com/in/isuru-uyanage/>* >>> >>> >>> >>> >>> On Thu, Nov 23, 2017 at 1:22 PM, Isuru Uyanage <isur...@wso2.com> wrote: >>> >>>> Hi All, >>>> >>>> I tried updating Owasp.CsrfGuard.Carbon.properties file, which is in >>>> $APIM_HOME/repository/conf/security folder by adding the below entry. >>>> org.owasp.csrfguard.unprotected.mgtconsolelogin=%servletCont >>>> ext%/carbon/admin/* >>>> >>>> I could log in to the Management console with admin credentials but >>>> once try to creating user/user roles, cannot proceed further and the same >>>> issue is repeating. I think the best option is to downgrade the java. >>>> >>>> Thanks, >>>> >>>> *Thanks and Best Regards,* >>>> >>>> *Isuru Uyanage* >>>> *Software Engineer - QA | WSO2* >>>> *Mobile : **+94 77 <+94%2077%20767%201807> 55 30752* >>>> *LinkedIn: **https://www.linkedin.com/in/isuru-uyanage/ >>>> <https://www.linkedin.com/in/isuru-uyanage/>* >>>> >>>> >>>> >>>> >>>> On Thu, Nov 23, 2017 at 4:54 AM, roshan wijesena <roshan86...@gmail.com >>>> > wrote: >>>> >>>>> Hi Rumy, >>>>> >>>>> is this mail public ?, [Important][Critical] None of WSO2 products >>>>> are working with latest JDK. >>>>> >>>>> I am also facing the same problem, however downgrade java is not a >>>>> option for me :( >>>>> >>>>> On Wed, Nov 22, 2017 at 11:09 PM, Mushthaq Rumy <musht...@wso2.com> >>>>> wrote: >>>>> >>>>>> Hi Isuru, >>>>>> >>>>>> Seems like the java version is causing this issue. This issue is >>>>>> there with java JDK 8u151. Please refer [1] for more details. >>>>>> >>>>>> [1] - [Important][Critical] None of WSO2 products are working with >>>>>> latest JDK [Was: GZIP decoding issue in APIM/EI when deployed in MC] >>>>>> >>>>>> Thanks & Regards, >>>>>> Mushthaq >>>>>> >>>>>> On Wed, Nov 22, 2017 at 3:35 PM, Irham Iqbal <iq...@wso2.com> wrote: >>>>>> >>>>>>> Hi Isuru, >>>>>>> >>>>>>> The reason might the java version you're using. >>>>>>> >>>>>>> You can update the Owasp.CsrfGuard.Carbon.properties file, which is >>>>>>> in $APIM_HOME/repository/conf/security folder with the bellowing >>>>>>> entry to ignore this error, IMO it's better if you use the proper java >>>>>>> version. >>>>>>> org.owasp.csrfguard.unprotected.mgtconsolelogin=%servletCont >>>>>>> ext%/carbon/admin/* >>>>>>> >>>>>>> Thank
Re: [Dev] [APIM]Cannot login to APIM Management console with admin credentials
Hi All, I tried updating Owasp.CsrfGuard.Carbon.properties file, which is in $APIM_HOME/repository/conf/security folder by adding the below entry. org.owasp.csrfguard.unprotected.mgtconsolelogin=% servletContext%/carbon/admin/* I could log in to the Management console with admin credentials but once try to creating user/user roles, cannot proceed further and the same issue is repeating. I think the best option is to downgrade the java. Thanks, *Thanks and Best Regards,* *Isuru Uyanage* *Software Engineer - QA | WSO2* *Mobile : **+94 77 <+94%2077%20767%201807> 55 30752* *LinkedIn: **https://www.linkedin.com/in/isuru-uyanage/ <https://www.linkedin.com/in/isuru-uyanage/>* On Thu, Nov 23, 2017 at 4:54 AM, roshan wijesena <roshan86...@gmail.com> wrote: > Hi Rumy, > > is this mail public ?, [Important][Critical] None of WSO2 products are > working with latest JDK. > > I am also facing the same problem, however downgrade java is not a option > for me :( > > On Wed, Nov 22, 2017 at 11:09 PM, Mushthaq Rumy <musht...@wso2.com> wrote: > >> Hi Isuru, >> >> Seems like the java version is causing this issue. This issue is there >> with java JDK 8u151. Please refer [1] for more details. >> >> [1] - [Important][Critical] None of WSO2 products are working with >> latest JDK [Was: GZIP decoding issue in APIM/EI when deployed in MC] >> >> Thanks & Regards, >> Mushthaq >> >> On Wed, Nov 22, 2017 at 3:35 PM, Irham Iqbal <iq...@wso2.com> wrote: >> >>> Hi Isuru, >>> >>> The reason might the java version you're using. >>> >>> You can update the Owasp.CsrfGuard.Carbon.properties file, which is in >>> $APIM_HOME/repository/conf/security folder with the bellowing entry to >>> ignore this error, IMO it's better if you use the proper java version. >>> org.owasp.csrfguard.unprotected.mgtconsolelogin=%servletCont >>> ext%/carbon/admin/* >>> >>> Thanks, >>> Iqbal >>> >>> On Wed, Nov 22, 2017 at 3:08 PM, Isuru Uyanage <isur...@wso2.com> wrote: >>> >>>> Hi All, >>>> >>>> I'm using wum updated pack (wso2am-2.1.0.1511201090302) for API >>>> Manager. After APIM server is started with the fresh pack, I can navigate >>>> to Management Console. But once I'm trying to log in with admin >>>> credentials, I cannot log in. The error is as below. >>>> >>>> Error: 403 Forbidden >>>> JavaLogger potential cross-site request forgery (CSRF) attack thwarted >>>> (user:, ip:10.100.5.136, method:POST, >>>> uri:/carbon/admin/login_action.jsp, error:required token is missing >>>> from the request) >>>> >>>> Affected Product Version: >>>> wum updated pack: wso2am-2.1.0.1511201090302.zip >>>> >>>> Environment details and versions: >>>> >>>> macOS High Sierra >>>> Version 10.13.1 >>>> Google Chrome: Version 62.0.3202.94 (Official Build) (64-bit) >>>> Firefox: 57.0 >>>> >>>> Any thoughts about this are highly appreciated. >>>> >>>> >>>> *Thanks and Best Regards,* >>>> >>>> *Isuru Uyanage* >>>> *Software Engineer - QA | WSO2* >>>> *Mobile : **+94 77 <+94%2077%20767%201807> 55 30752* >>>> *LinkedIn: **https://www.linkedin.com/in/isuru-uyanage/ >>>> <https://www.linkedin.com/in/isuru-uyanage/>* >>>> >>>> >>>> >>>> >>>> ___ >>>> Dev mailing list >>>> Dev@wso2.org >>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>> >>>> >>> >>> >>> -- >>> Irham Iqbal >>> Software Engineer >>> WSO2 >>> phone: +94 777888452 >>> <http://wso2.com/signature> >>> >>> >>> ___ >>> Dev mailing list >>> Dev@wso2.org >>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>> >>> >> >> >> -- >> Mushthaq Rumy >> *Software Engineer* >> Mobile : +94 (0) 779 492140 <%2B94%20%280%29%20773%20451194> >> Email : musht...@wso2.com >> WSO2, Inc.; http://wso2.com/ >> lean . enterprise . middleware. >> >> <http://wso2.com/signature> >> >> ___ >> Dev mailing list >> Dev@wso2.org >> http://wso2.org/cgi-bin/mailman/listinfo/dev >> >> > > ___ > Dev mailing list > Dev@wso2.org > http://wso2.org/cgi-bin/mailman/listinfo/dev > > ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] [APIM]Cannot login to APIM Management console with admin credentials
Hi All, I downgraded Java to (build 1.8.0_144-b01) and restarted the APIM 2.1.0 But still, I'm getting the same error. Any thoughts about this. *Thanks and Best Regards,* *Isuru Uyanage* *Software Engineer - QA | WSO2* *Mobile : **+94 77 <+94%2077%20767%201807> 55 30752* *LinkedIn: **https://www.linkedin.com/in/isuru-uyanage/ <https://www.linkedin.com/in/isuru-uyanage/>* On Thu, Nov 23, 2017 at 1:22 PM, Isuru Uyanage <isur...@wso2.com> wrote: > Hi All, > > I tried updating Owasp.CsrfGuard.Carbon.properties file, which is in > $APIM_HOME/repository/conf/security folder by adding the below entry. > org.owasp.csrfguard.unprotected.mgtconsolelogin=%servletCont > ext%/carbon/admin/* > > I could log in to the Management console with admin credentials but once > try to creating user/user roles, cannot proceed further and the same issue > is repeating. I think the best option is to downgrade the java. > > Thanks, > > *Thanks and Best Regards,* > > *Isuru Uyanage* > *Software Engineer - QA | WSO2* > *Mobile : **+94 77 <+94%2077%20767%201807> 55 30752* > *LinkedIn: **https://www.linkedin.com/in/isuru-uyanage/ > <https://www.linkedin.com/in/isuru-uyanage/>* > > > > > On Thu, Nov 23, 2017 at 4:54 AM, roshan wijesena <roshan86...@gmail.com> > wrote: > >> Hi Rumy, >> >> is this mail public ?, [Important][Critical] None of WSO2 products are >> working with latest JDK. >> >> I am also facing the same problem, however downgrade java is not a option >> for me :( >> >> On Wed, Nov 22, 2017 at 11:09 PM, Mushthaq Rumy <musht...@wso2.com> >> wrote: >> >>> Hi Isuru, >>> >>> Seems like the java version is causing this issue. This issue is there >>> with java JDK 8u151. Please refer [1] for more details. >>> >>> [1] - [Important][Critical] None of WSO2 products are working with >>> latest JDK [Was: GZIP decoding issue in APIM/EI when deployed in MC] >>> >>> Thanks & Regards, >>> Mushthaq >>> >>> On Wed, Nov 22, 2017 at 3:35 PM, Irham Iqbal <iq...@wso2.com> wrote: >>> >>>> Hi Isuru, >>>> >>>> The reason might the java version you're using. >>>> >>>> You can update the Owasp.CsrfGuard.Carbon.properties file, which is in >>>> $APIM_HOME/repository/conf/security folder with the bellowing entry to >>>> ignore this error, IMO it's better if you use the proper java version. >>>> org.owasp.csrfguard.unprotected.mgtconsolelogin=%servletCont >>>> ext%/carbon/admin/* >>>> >>>> Thanks, >>>> Iqbal >>>> >>>> On Wed, Nov 22, 2017 at 3:08 PM, Isuru Uyanage <isur...@wso2.com> >>>> wrote: >>>> >>>>> Hi All, >>>>> >>>>> I'm using wum updated pack (wso2am-2.1.0.1511201090302) for API >>>>> Manager. After APIM server is started with the fresh pack, I can navigate >>>>> to Management Console. But once I'm trying to log in with admin >>>>> credentials, I cannot log in. The error is as below. >>>>> >>>>> Error: 403 Forbidden >>>>> JavaLogger potential cross-site request forgery (CSRF) attack thwarted >>>>> (user:, ip:10.100.5.136, method:POST, >>>>> uri:/carbon/admin/login_action.jsp, error:required token is missing >>>>> from the request) >>>>> >>>>> Affected Product Version: >>>>> wum updated pack: wso2am-2.1.0.1511201090302.zip >>>>> >>>>> Environment details and versions: >>>>> >>>>> macOS High Sierra >>>>> Version 10.13.1 >>>>> Google Chrome: Version 62.0.3202.94 (Official Build) (64-bit) >>>>> Firefox: 57.0 >>>>> >>>>> Any thoughts about this are highly appreciated. >>>>> >>>>> >>>>> *Thanks and Best Regards,* >>>>> >>>>> *Isuru Uyanage* >>>>> *Software Engineer - QA | WSO2* >>>>> *Mobile : **+94 77 <+94%2077%20767%201807> 55 30752* >>>>> *LinkedIn: **https://www.linkedin.com/in/isuru-uyanage/ >>>>> <https://www.linkedin.com/in/isuru-uyanage/>* >>>>> >>>>> >>>>> >>>>> >>>>> ___ >>>>> Dev mailing list >>>>> Dev@wso2.org >>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>>> >>>>> >>>> >>>> >>>> -- >>>> Irham Iqbal >>>> Software Engineer >>>> WSO2 >>>> phone: +94 777888452 >>>> <http://wso2.com/signature> >>>> >>>> >>>> ___ >>>> Dev mailing list >>>> Dev@wso2.org >>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>> >>>> >>> >>> >>> -- >>> Mushthaq Rumy >>> *Software Engineer* >>> Mobile : +94 (0) 779 492140 <%2B94%20%280%29%20773%20451194> >>> Email : musht...@wso2.com >>> WSO2, Inc.; http://wso2.com/ >>> lean . enterprise . middleware. >>> >>> <http://wso2.com/signature> >>> >>> ___ >>> Dev mailing list >>> Dev@wso2.org >>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>> >>> >> >> ___ >> Dev mailing list >> Dev@wso2.org >> http://wso2.org/cgi-bin/mailman/listinfo/dev >> >> > ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] [APIM]Cannot login to APIM Management console with admin credentials
Hi Irham/Malintha, Thank you for the prompt reply. It worked. Regards, Isuru *Thanks and Best Regards,* *Isuru Uyanage* *Software Engineer - QA | WSO2* *Mobile : **+94 77 <+94%2077%20767%201807> 55 30752* *LinkedIn: **https://www.linkedin.com/in/isuru-uyanage/ <https://www.linkedin.com/in/isuru-uyanage/>* On Wed, Nov 22, 2017 at 3:35 PM, Irham Iqbal <iq...@wso2.com> wrote: > Hi Isuru, > > The reason might the java version you're using. > > You can update the Owasp.CsrfGuard.Carbon.properties file, which is in > $APIM_HOME/repository/conf/security folder with the bellowing entry to > ignore this error, IMO it's better if you use the proper java version. > org.owasp.csrfguard.unprotected.mgtconsolelogin=% > servletContext%/carbon/admin/* > > Thanks, > Iqbal > > On Wed, Nov 22, 2017 at 3:08 PM, Isuru Uyanage <isur...@wso2.com> wrote: > >> Hi All, >> >> I'm using wum updated pack (wso2am-2.1.0.1511201090302) for API Manager. >> After APIM server is started with the fresh pack, I can navigate to >> Management Console. But once I'm trying to log in with admin credentials, I >> cannot log in. The error is as below. >> >> Error: 403 Forbidden >> JavaLogger potential cross-site request forgery (CSRF) attack thwarted >> (user:, ip:10.100.5.136, method:POST, >> uri:/carbon/admin/login_action.jsp, error:required token is missing from >> the request) >> >> Affected Product Version: >> wum updated pack: wso2am-2.1.0.1511201090302.zip >> >> Environment details and versions: >> >> macOS High Sierra >> Version 10.13.1 >> Google Chrome: Version 62.0.3202.94 (Official Build) (64-bit) >> Firefox: 57.0 >> >> Any thoughts about this are highly appreciated. >> >> >> *Thanks and Best Regards,* >> >> *Isuru Uyanage* >> *Software Engineer - QA | WSO2* >> *Mobile : **+94 77 <+94%2077%20767%201807> 55 30752* >> *LinkedIn: **https://www.linkedin.com/in/isuru-uyanage/ >> <https://www.linkedin.com/in/isuru-uyanage/>* >> >> >> >> >> ___ >> Dev mailing list >> Dev@wso2.org >> http://wso2.org/cgi-bin/mailman/listinfo/dev >> >> > > > -- > Irham Iqbal > Software Engineer > WSO2 > phone: +94 777888452 > <http://wso2.com/signature> > > ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
[Dev] [APIM]Cannot login to APIM Management console with admin credentials
Hi All, I'm using wum updated pack (wso2am-2.1.0.1511201090302) for API Manager. After APIM server is started with the fresh pack, I can navigate to Management Console. But once I'm trying to log in with admin credentials, I cannot log in. The error is as below. Error: 403 Forbidden JavaLogger potential cross-site request forgery (CSRF) attack thwarted (user:, ip:10.100.5.136, method:POST, uri:/carbon/admin/login_action.jsp, error:required token is missing from the request) Affected Product Version: wum updated pack: wso2am-2.1.0.1511201090302.zip Environment details and versions: macOS High Sierra Version 10.13.1 Google Chrome: Version 62.0.3202.94 (Official Build) (64-bit) Firefox: 57.0 Any thoughts about this are highly appreciated. *Thanks and Best Regards,* *Isuru Uyanage* *Software Engineer - QA | WSO2* *Mobile : **+94 77 <+94%2077%20767%201807> 55 30752* *LinkedIn: **https://www.linkedin.com/in/isuru-uyanage/ <https://www.linkedin.com/in/isuru-uyanage/>* ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
[Dev] Invoking an API through Android Application
Hi All, I have an Android application developed and need to invoke an API created in WSO2 API Manager(2.1.0) through the Android app. The following tasks have been done. 1. I have created an API using an existing SOAP Endpoint(wsdl) 2. Downloaded the SDK from API Manager for Android. 3. Android application has been developed. 4. As in the README.md file(which has been downloaded with the SDK), when I'm trying to generate the jar by executing *'mvn package' *command, the build gets failed as below. The API which I created was TestApi1. /TestApi1_1.0.0_android/src/main/java/org/wso2/client/api/ TestApi1/DefaultApi.java:[31,1] package org.wso2.client.model.TestApi1 does not exist org.apache.maven.lifecycle.LifecycleExecutionException: Failed to execute goal org.apache.maven.plugins:maven-compiler-plugin:3.5.1:compile *(default-compile)* on projectorg.wso2.client.TestApi1: *Compilation failure* at org.apache.maven.lifecycle.internal.MojoExecutor.execute( MojoExecutor.java:213) at org.apache.maven.lifecycle.internal.MojoExecutor.execute( MojoExecutor.java:154) at org.apache.maven.lifecycle.internal.MojoExecutor.execute( MojoExecutor.java:146) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject( LifecycleModuleBuilder.java:117) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject( LifecycleModuleBuilder.java:81) at org.apache.maven.lifecycle.internal.builder.singlethreaded. SingleThreadedBuilder.build(SingleThreadedBuilder.java:51) at org.apache.maven.lifecycle.internal.LifecycleStarter. execute(LifecycleStarter.java:128) at org.apache.maven.DefaultMaven.doExecute(DefaultMaven.java:309) at org.apache.maven.DefaultMaven.doExecute(DefaultMaven.java:194) at org.apache.maven.DefaultMaven.execute(DefaultMaven.java:107) at org.apache.maven.cli.MavenCli.execute(MavenCli.java:993) at org.apache.maven.cli.MavenCli.doMain(MavenCli.java:345) at org.apache.maven.cli.MavenCli.main(MavenCli.java:191) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke( NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke( DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.codehaus.plexus.classworlds.launcher.Launcher. launchEnhanced(Launcher.java:289) at org.codehaus.plexus.classworlds.launcher.Launcher. launch(Launcher.java:229) at org.codehaus.plexus.classworlds.launcher.Launcher. mainWithExitCode(Launcher.java:415) at org.codehaus.plexus.classworlds.launcher.Launcher.main(Launcher.java:356) Caused by: org.apache.maven.plugin.compiler.CompilationFailureException: Compilation failure at org.apache.maven.plugin.compiler.AbstractCompilerMojo. execute(AbstractCompilerMojo.java:972) at org.apache.maven.plugin.compiler.CompilerMojo.execute( CompilerMojo.java:129) at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo( DefaultBuildPluginManager.java:134) at org.apache.maven.lifecycle.internal.MojoExecutor.execute( MojoExecutor.java:208) ... 20 more Any thoughts on what should be done to invoke API created through the Android Application. And any comments are appreciated on what has gone wrong here in step 4. *Thanks and Best Regards,* *Isuru Uyanage* *Software Engineer - QA | WSO2* *Mobile : **+94 77 <+94%2077%20767%201807> 55 30752* *LinkedIn: **https://www.linkedin.com/in/isuru-uyanage/ <https://www.linkedin.com/in/isuru-uyanage/>* ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
