Re: [Dev] [APIM]Cannot login to APIM Management console with admin credentials

[roshan wijesena]

So this is not because of java problem?

On Fri, Nov 24, 2017 at 10:24 PM Isuru Uyanage  wrote:

> Hi Irham,
> Yes it worked with *carbon/** with java build 1.8.0_144-b01.
>
>
> Thanks
> Isuru
>
> *Thanks and Best Regards,*
>
> *Isuru Uyanage*
> *Software Engineer - QA | WSO2*
> *Mobile : **+94 77 <+94%2077%20767%201807> 55 30752*
> *LinkedIn: **https://www.linkedin.com/in/isuru-uyanage/
> *
>
>
>
>
> On Fri, Nov 24, 2017 at 7:56 AM, Irham Iqbal  wrote:
>
>> Hi Isuru,
>>
>> The reason for the issue your facing is the request is not going
>> for /carbon/admin/* IMO if you making it /carbon/* it should work.
>>
>> Thanks,
>> Iqbal
>>
>> On Thu, Nov 23, 2017 at 8:20 PM, Bhathiya Jayasekara 
>> wrote:
>>
>>> Hi Roshan,
>>>
>>> No, that's not a public thread.
>>>
>>> Here[1] is the original bug.
>>>
>>> @Isuru: Make sure you don't have the previous version in your PATH
>>> variable.
>>>
>>> [1] https://bugs.openjdk.java.net/browse/JDK-8189789
>>>
>>> Thanks,
>>> Bhathiya
>>>
>>> On Thu, Nov 23, 2017 at 4:30 PM, Isuru Uyanage  wrote:
>>>
 Hi All,
 I downgraded Java to (build 1.8.0_144-b01) and restarted the APIM 2.1.0

 But still, I'm getting the same error. Any thoughts about this.

 *Thanks and Best Regards,*

 *Isuru Uyanage*
 *Software Engineer - QA | WSO2*
 *Mobile : **+94 77 <+94%2077%20767%201807> 55 30752*
 *LinkedIn: **https://www.linkedin.com/in/isuru-uyanage/
 *




 On Thu, Nov 23, 2017 at 1:22 PM, Isuru Uyanage 
 wrote:

> Hi All,
>
> I tried updating Owasp.CsrfGuard.Carbon.properties file, which is in
> $APIM_HOME/repository/conf/security folder by adding the below entry.
>
> org.owasp.csrfguard.unprotected.mgtconsolelogin=%servletContext%/carbon/admin/*
>
> I could log in to the Management console with admin credentials but
> once try to creating user/user roles, cannot proceed further and the same
> issue is repeating. I think the best option is to downgrade the java.
>
> Thanks,
>
> *Thanks and Best Regards,*
>
> *Isuru Uyanage*
> *Software Engineer - QA | WSO2*
> *Mobile : **+94 77 <+94%2077%20767%201807> 55 30752*
> *LinkedIn: **https://www.linkedin.com/in/isuru-uyanage/
> *
>
>
>
>
> On Thu, Nov 23, 2017 at 4:54 AM, roshan wijesena <
> roshan86...@gmail.com> wrote:
>
>> Hi Rumy,
>>
>> is this mail public ?, [Important][Critical] None of WSO2 products
>> are working with latest JDK.
>>
>> I am also facing the same problem, however downgrade java is not a
>> option for me :(
>>
>> On Wed, Nov 22, 2017 at 11:09 PM, Mushthaq Rumy 
>> wrote:
>>
>>> Hi Isuru,
>>>
>>> Seems like the java version is causing this issue. This issue is
>>> there with java JDK 8u151. Please refer [1] for more details.
>>>
>>> [1] - [Important][Critical] None of WSO2 products are working with
>>> latest JDK [Was: GZIP decoding issue in APIM/EI when deployed in MC]
>>>
>>> Thanks & Regards,
>>> Mushthaq
>>>
>>> On Wed, Nov 22, 2017 at 3:35 PM, Irham Iqbal  wrote:
>>>
 Hi Isuru,

 The reason might the java version you're using.

 You can update the Owasp.CsrfGuard.Carbon.properties file, which
 is in $APIM_HOME/repository/conf/security folder with the
 bellowing entry to ignore this error, IMO it's better if you use the 
 proper
 java version.

 org.owasp.csrfguard.unprotected.mgtconsolelogin=%servletContext%/carbon/admin/*

 Thanks,
 Iqbal

 On Wed, Nov 22, 2017 at 3:08 PM, Isuru Uyanage 
 wrote:

> Hi All,
>
> I'm using wum updated pack (wso2am-2.1.0.1511201090302) for API
> Manager. After APIM server is started with the fresh pack, I can 
> navigate
> to Management Console. But once I'm trying to log in with admin
> credentials, I cannot log in. The error is as below.
>
> Error: 403 Forbidden
> JavaLogger potential cross-site request forgery (CSRF) attack
> thwarted (user:, ip:10.100.5.136, method:POST,
> uri:/carbon/admin/login_action.jsp, error:required token is missing 
> from
> the request)
>
> Affected Product Version:
> wum updated pack: wso2am-2.1.0.1511201090302.zip
>
> Environment details and versions:
>
> macOS High Sierra
> Version 10.13.1
> Google Chrome: Version 62.0.3202.94 (Official Build) (64-bit)
> Firefox: 57.0
>

Re: [Dev] [APIM]Cannot login to APIM Management console with admin credentials

[roshan wijesena]

Ok, thanks Bhathiya.

On Fri, Nov 24, 2017 at 11:02 PM Bhathiya Jayasekara 
wrote:

> It is. What Irham has suggested is a workaround to fix one of a few issues
> which occur due to that bug, and it opens up a security vulnerability too.
> In a production environment, you shouldn't do that.
>
> Thanks,
> Bhathiya
>
> On Fri, Nov 24, 2017 at 4:56 PM, roshan wijesena 
> wrote:
>
>> So this is not because of java problem?
>>
>> On Fri, Nov 24, 2017 at 10:24 PM Isuru Uyanage  wrote:
>>
>>> Hi Irham,
>>> Yes it worked with *carbon/** with java build 1.8.0_144-b01.
>>>
>>>
>>> Thanks
>>> Isuru
>>>
>>> *Thanks and Best Regards,*
>>>
>>> *Isuru Uyanage*
>>> *Software Engineer - QA | WSO2*
>>> *Mobile : **+94 77 <+94%2077%20767%201807> 55 30752*
>>> *LinkedIn: **https://www.linkedin.com/in/isuru-uyanage/
>>> *
>>>
>>>
>>>
>>>
>>> On Fri, Nov 24, 2017 at 7:56 AM, Irham Iqbal  wrote:
>>>
 Hi Isuru,

 The reason for the issue your facing is the request is not going
 for /carbon/admin/* IMO if you making it /carbon/* it should work.

 Thanks,
 Iqbal

 On Thu, Nov 23, 2017 at 8:20 PM, Bhathiya Jayasekara  wrote:

> Hi Roshan,
>
> No, that's not a public thread.
>
> Here[1] is the original bug.
>
> @Isuru: Make sure you don't have the previous version in your PATH
> variable.
>
> [1] https://bugs.openjdk.java.net/browse/JDK-8189789
>
> Thanks,
> Bhathiya
>
> On Thu, Nov 23, 2017 at 4:30 PM, Isuru Uyanage 
> wrote:
>
>> Hi All,
>> I downgraded Java to (build 1.8.0_144-b01) and restarted the APIM
>> 2.1.0
>>
>> But still, I'm getting the same error. Any thoughts about this.
>>
>> *Thanks and Best Regards,*
>>
>> *Isuru Uyanage*
>> *Software Engineer - QA | WSO2*
>> *Mobile : **+94 77 <+94%2077%20767%201807> 55 30752*
>> *LinkedIn: **https://www.linkedin.com/in/isuru-uyanage/
>> *
>>
>>
>>
>>
>> On Thu, Nov 23, 2017 at 1:22 PM, Isuru Uyanage 
>> wrote:
>>
>>> Hi All,
>>>
>>> I tried updating Owasp.CsrfGuard.Carbon.properties file, which is
>>> in $APIM_HOME/repository/conf/security folder by adding the below
>>> entry.
>>>
>>> org.owasp.csrfguard.unprotected.mgtconsolelogin=%servletContext%/carbon/admin/*
>>>
>>> I could log in to the Management console with admin credentials but
>>> once try to creating user/user roles, cannot proceed further and the 
>>> same
>>> issue is repeating. I think the best option is to downgrade the java.
>>>
>>> Thanks,
>>>
>>> *Thanks and Best Regards,*
>>>
>>> *Isuru Uyanage*
>>> *Software Engineer - QA | WSO2*
>>> *Mobile : **+94 77 <+94%2077%20767%201807> 55 30752*
>>> *LinkedIn: **https://www.linkedin.com/in/isuru-uyanage/
>>> *
>>>
>>>
>>>
>>>
>>> On Thu, Nov 23, 2017 at 4:54 AM, roshan wijesena <
>>> roshan86...@gmail.com> wrote:
>>>
 Hi Rumy,

 is this mail public ?, [Important][Critical] None of WSO2 products
 are working with latest JDK.

 I am also facing the same problem, however downgrade java is not a
 option for me :(

 On Wed, Nov 22, 2017 at 11:09 PM, Mushthaq Rumy 
 wrote:

> Hi Isuru,
>
> Seems like the java version is causing this issue. This issue is
> there with java JDK 8u151. Please refer [1] for more details.
>
> [1] - [Important][Critical] None of WSO2 products are working
> with latest JDK [Was: GZIP decoding issue in APIM/EI when deployed in 
> MC]
>
> Thanks & Regards,
> Mushthaq
>
> On Wed, Nov 22, 2017 at 3:35 PM, Irham Iqbal 
> wrote:
>
>> Hi Isuru,
>>
>> The reason might the java version you're using.
>>
>> You can update the Owasp.CsrfGuard.Carbon.properties file, which
>> is in $APIM_HOME/repository/conf/security folder with the
>> bellowing entry to ignore this error, IMO it's better if you use the 
>> proper
>> java version.
>>
>> org.owasp.csrfguard.unprotected.mgtconsolelogin=%servletContext%/carbon/admin/*
>>
>> Thanks,
>> Iqbal
>>
>> On Wed, Nov 22, 2017 at 3:08 PM, Isuru Uyanage 
>> wrote:
>>
>>> Hi All,
>>>
>>> I'm using wum updated pack (wso2am-2.1.0.1511201090302) for API
>>> Manager. After APIM server is started with the fresh pack, I can 
>>> 

Re: [Dev] [APIM]Cannot login to APIM Management console with admin credentials

[Bhathiya Jayasekara]

It is. What Irham has suggested is a workaround to fix one of a few issues
which occur due to that bug, and it opens up a security vulnerability too.
In a production environment, you shouldn't do that.

Thanks,
Bhathiya

On Fri, Nov 24, 2017 at 4:56 PM, roshan wijesena 
wrote:

> So this is not because of java problem?
>
> On Fri, Nov 24, 2017 at 10:24 PM Isuru Uyanage  wrote:
>
>> Hi Irham,
>> Yes it worked with *carbon/** with java build 1.8.0_144-b01.
>>
>>
>> Thanks
>> Isuru
>>
>> *Thanks and Best Regards,*
>>
>> *Isuru Uyanage*
>> *Software Engineer - QA | WSO2*
>> *Mobile : **+94 77 <+94%2077%20767%201807> 55 30752*
>> *LinkedIn: **https://www.linkedin.com/in/isuru-uyanage/
>> *
>>
>>
>>
>>
>> On Fri, Nov 24, 2017 at 7:56 AM, Irham Iqbal  wrote:
>>
>>> Hi Isuru,
>>>
>>> The reason for the issue your facing is the request is not going
>>> for /carbon/admin/* IMO if you making it /carbon/* it should work.
>>>
>>> Thanks,
>>> Iqbal
>>>
>>> On Thu, Nov 23, 2017 at 8:20 PM, Bhathiya Jayasekara 
>>> wrote:
>>>
 Hi Roshan,

 No, that's not a public thread.

 Here[1] is the original bug.

 @Isuru: Make sure you don't have the previous version in your PATH
 variable.

 [1] https://bugs.openjdk.java.net/browse/JDK-8189789

 Thanks,
 Bhathiya

 On Thu, Nov 23, 2017 at 4:30 PM, Isuru Uyanage 
 wrote:

> Hi All,
> I downgraded Java to (build 1.8.0_144-b01) and restarted the APIM 2.1.0
>
> But still, I'm getting the same error. Any thoughts about this.
>
> *Thanks and Best Regards,*
>
> *Isuru Uyanage*
> *Software Engineer - QA | WSO2*
> *Mobile : **+94 77 <+94%2077%20767%201807> 55 30752*
> *LinkedIn: **https://www.linkedin.com/in/isuru-uyanage/
> *
>
>
>
>
> On Thu, Nov 23, 2017 at 1:22 PM, Isuru Uyanage 
> wrote:
>
>> Hi All,
>>
>> I tried updating Owasp.CsrfGuard.Carbon.properties file, which is in
>> $APIM_HOME/repository/conf/security folder by adding the below entry.
>> org.owasp.csrfguard.unprotected.mgtconsolelogin=%
>> servletContext%/carbon/admin/*
>>
>> I could log in to the Management console with admin credentials but
>> once try to creating user/user roles, cannot proceed further and the same
>> issue is repeating. I think the best option is to downgrade the java.
>>
>> Thanks,
>>
>> *Thanks and Best Regards,*
>>
>> *Isuru Uyanage*
>> *Software Engineer - QA | WSO2*
>> *Mobile : **+94 77 <+94%2077%20767%201807> 55 30752*
>> *LinkedIn: **https://www.linkedin.com/in/isuru-uyanage/
>> *
>>
>>
>>
>>
>> On Thu, Nov 23, 2017 at 4:54 AM, roshan wijesena <
>> roshan86...@gmail.com> wrote:
>>
>>> Hi Rumy,
>>>
>>> is this mail public ?, [Important][Critical] None of WSO2 products
>>> are working with latest JDK.
>>>
>>> I am also facing the same problem, however downgrade java is not a
>>> option for me :(
>>>
>>> On Wed, Nov 22, 2017 at 11:09 PM, Mushthaq Rumy 
>>> wrote:
>>>
 Hi Isuru,

 Seems like the java version is causing this issue. This issue is
 there with java JDK 8u151. Please refer [1] for more details.

 [1] - [Important][Critical] None of WSO2 products are working with
 latest JDK [Was: GZIP decoding issue in APIM/EI when deployed in MC]

 Thanks & Regards,
 Mushthaq

 On Wed, Nov 22, 2017 at 3:35 PM, Irham Iqbal 
 wrote:

> Hi Isuru,
>
> The reason might the java version you're using.
>
> You can update the Owasp.CsrfGuard.Carbon.properties file, which
> is in $APIM_HOME/repository/conf/security folder with the
> bellowing entry to ignore this error, IMO it's better if you use the 
> proper
> java version.
> org.owasp.csrfguard.unprotected.mgtconsolelogin=%
> servletContext%/carbon/admin/*
>
> Thanks,
> Iqbal
>
> On Wed, Nov 22, 2017 at 3:08 PM, Isuru Uyanage 
> wrote:
>
>> Hi All,
>>
>> I'm using wum updated pack (wso2am-2.1.0.1511201090302) for API
>> Manager. After APIM server is started with the fresh pack, I can 
>> navigate
>> to Management Console. But once I'm trying to log in with admin
>> credentials, I cannot log in. The error is as below.
>>
>> Error: 403 Forbidden
>> JavaLogger potential cross-site request forgery (CSRF) attack
>> thwarted (user:, 

Re: [Dev] [APIM]Cannot login to APIM Management console with admin credentials

[Isuru Uyanage]

Hi Irham,
Yes it worked with *carbon/** with java build 1.8.0_144-b01.


Thanks
Isuru

*Thanks and Best Regards,*

*Isuru Uyanage*
*Software Engineer - QA | WSO2*
*Mobile : **+94 77 <+94%2077%20767%201807> 55 30752*
*LinkedIn: **https://www.linkedin.com/in/isuru-uyanage/
*




On Fri, Nov 24, 2017 at 7:56 AM, Irham Iqbal  wrote:

> Hi Isuru,
>
> The reason for the issue your facing is the request is not going
> for /carbon/admin/* IMO if you making it /carbon/* it should work.
>
> Thanks,
> Iqbal
>
> On Thu, Nov 23, 2017 at 8:20 PM, Bhathiya Jayasekara 
> wrote:
>
>> Hi Roshan,
>>
>> No, that's not a public thread.
>>
>> Here[1] is the original bug.
>>
>> @Isuru: Make sure you don't have the previous version in your PATH
>> variable.
>>
>> [1] https://bugs.openjdk.java.net/browse/JDK-8189789
>>
>> Thanks,
>> Bhathiya
>>
>> On Thu, Nov 23, 2017 at 4:30 PM, Isuru Uyanage  wrote:
>>
>>> Hi All,
>>> I downgraded Java to (build 1.8.0_144-b01) and restarted the APIM 2.1.0
>>>
>>> But still, I'm getting the same error. Any thoughts about this.
>>>
>>> *Thanks and Best Regards,*
>>>
>>> *Isuru Uyanage*
>>> *Software Engineer - QA | WSO2*
>>> *Mobile : **+94 77 <+94%2077%20767%201807> 55 30752*
>>> *LinkedIn: **https://www.linkedin.com/in/isuru-uyanage/
>>> *
>>>
>>>
>>>
>>>
>>> On Thu, Nov 23, 2017 at 1:22 PM, Isuru Uyanage  wrote:
>>>
 Hi All,

 I tried updating Owasp.CsrfGuard.Carbon.properties file, which is in
 $APIM_HOME/repository/conf/security folder by adding the below entry.
 org.owasp.csrfguard.unprotected.mgtconsolelogin=%servletCont
 ext%/carbon/admin/*

 I could log in to the Management console with admin credentials but
 once try to creating user/user roles, cannot proceed further and the same
 issue is repeating. I think the best option is to downgrade the java.

 Thanks,

 *Thanks and Best Regards,*

 *Isuru Uyanage*
 *Software Engineer - QA | WSO2*
 *Mobile : **+94 77 <+94%2077%20767%201807> 55 30752*
 *LinkedIn: **https://www.linkedin.com/in/isuru-uyanage/
 *




 On Thu, Nov 23, 2017 at 4:54 AM, roshan wijesena  wrote:

> Hi Rumy,
>
> is this mail public ?, [Important][Critical] None of WSO2 products
> are working with latest JDK.
>
> I am also facing the same problem, however downgrade java is not a
> option for me :(
>
> On Wed, Nov 22, 2017 at 11:09 PM, Mushthaq Rumy 
> wrote:
>
>> Hi Isuru,
>>
>> Seems like the java version is causing this issue. This issue is
>> there with java JDK 8u151. Please refer [1] for more details.
>>
>> [1] - [Important][Critical] None of WSO2 products are working with
>> latest JDK [Was: GZIP decoding issue in APIM/EI when deployed in MC]
>>
>> Thanks & Regards,
>> Mushthaq
>>
>> On Wed, Nov 22, 2017 at 3:35 PM, Irham Iqbal  wrote:
>>
>>> Hi Isuru,
>>>
>>> The reason might the java version you're using.
>>>
>>> You can update the Owasp.CsrfGuard.Carbon.properties file, which is
>>> in $APIM_HOME/repository/conf/security folder with the bellowing
>>> entry to ignore this error, IMO it's better if you use the proper java
>>> version.
>>> org.owasp.csrfguard.unprotected.mgtconsolelogin=%servletCont
>>> ext%/carbon/admin/*
>>>
>>> Thanks,
>>> Iqbal
>>>
>>> On Wed, Nov 22, 2017 at 3:08 PM, Isuru Uyanage 
>>> wrote:
>>>
 Hi All,

 I'm using wum updated pack (wso2am-2.1.0.1511201090302) for API
 Manager. After APIM server is started with the fresh pack, I can 
 navigate
 to Management Console. But once I'm trying to log in with admin
 credentials, I cannot log in. The error is as below.

 Error: 403 Forbidden
 JavaLogger potential cross-site request forgery (CSRF) attack
 thwarted (user:, ip:10.100.5.136, method:POST,
 uri:/carbon/admin/login_action.jsp, error:required token is
 missing from the request)

 Affected Product Version:
 wum updated pack: wso2am-2.1.0.1511201090302.zip

 Environment details and versions:

 macOS High Sierra
 Version 10.13.1
 Google Chrome: Version 62.0.3202.94 (Official Build) (64-bit)
 Firefox: 57.0

 Any thoughts about this are highly appreciated.


 *Thanks and Best Regards,*

 *Isuru Uyanage*
 *Software Engineer - QA | WSO2*
 *Mobile : **+94 77 <+94%2077%20767%201807> 55 30752*
 *LinkedIn: **https://www.linkedin.com/in/isuru-uyanage/

Re: [Dev] [APIM]Cannot login to APIM Management console with admin credentials

[Irham Iqbal]

Hi Isuru,

The reason for the issue your facing is the request is not going
for /carbon/admin/* IMO if you making it /carbon/* it should work.

Thanks,
Iqbal

On Thu, Nov 23, 2017 at 8:20 PM, Bhathiya Jayasekara 
wrote:

> Hi Roshan,
>
> No, that's not a public thread.
>
> Here[1] is the original bug.
>
> @Isuru: Make sure you don't have the previous version in your PATH
> variable.
>
> [1] https://bugs.openjdk.java.net/browse/JDK-8189789
>
> Thanks,
> Bhathiya
>
> On Thu, Nov 23, 2017 at 4:30 PM, Isuru Uyanage  wrote:
>
>> Hi All,
>> I downgraded Java to (build 1.8.0_144-b01) and restarted the APIM 2.1.0
>>
>> But still, I'm getting the same error. Any thoughts about this.
>>
>> *Thanks and Best Regards,*
>>
>> *Isuru Uyanage*
>> *Software Engineer - QA | WSO2*
>> *Mobile : **+94 77 <+94%2077%20767%201807> 55 30752*
>> *LinkedIn: **https://www.linkedin.com/in/isuru-uyanage/
>> *
>>
>>
>>
>>
>> On Thu, Nov 23, 2017 at 1:22 PM, Isuru Uyanage  wrote:
>>
>>> Hi All,
>>>
>>> I tried updating Owasp.CsrfGuard.Carbon.properties file, which is in
>>> $APIM_HOME/repository/conf/security folder by adding the below entry.
>>> org.owasp.csrfguard.unprotected.mgtconsolelogin=%servletCont
>>> ext%/carbon/admin/*
>>>
>>> I could log in to the Management console with admin credentials but once
>>> try to creating user/user roles, cannot proceed further and the same issue
>>> is repeating. I think the best option is to downgrade the java.
>>>
>>> Thanks,
>>>
>>> *Thanks and Best Regards,*
>>>
>>> *Isuru Uyanage*
>>> *Software Engineer - QA | WSO2*
>>> *Mobile : **+94 77 <+94%2077%20767%201807> 55 30752*
>>> *LinkedIn: **https://www.linkedin.com/in/isuru-uyanage/
>>> *
>>>
>>>
>>>
>>>
>>> On Thu, Nov 23, 2017 at 4:54 AM, roshan wijesena 
>>> wrote:
>>>
 Hi Rumy,

 is this mail public ?, [Important][Critical] None of WSO2 products are
 working with latest JDK.

 I am also facing the same problem, however downgrade java is not a
 option for me :(

 On Wed, Nov 22, 2017 at 11:09 PM, Mushthaq Rumy 
 wrote:

> Hi Isuru,
>
> Seems like the java version is causing this issue. This issue is there
> with java JDK 8u151. Please refer [1] for more details.
>
> [1] - [Important][Critical] None of WSO2 products are working with
> latest JDK [Was: GZIP decoding issue in APIM/EI when deployed in MC]
>
> Thanks & Regards,
> Mushthaq
>
> On Wed, Nov 22, 2017 at 3:35 PM, Irham Iqbal  wrote:
>
>> Hi Isuru,
>>
>> The reason might the java version you're using.
>>
>> You can update the Owasp.CsrfGuard.Carbon.properties file, which is
>> in $APIM_HOME/repository/conf/security folder with the bellowing
>> entry to ignore this error, IMO it's better if you use the proper java
>> version.
>> org.owasp.csrfguard.unprotected.mgtconsolelogin=%servletCont
>> ext%/carbon/admin/*
>>
>> Thanks,
>> Iqbal
>>
>> On Wed, Nov 22, 2017 at 3:08 PM, Isuru Uyanage 
>> wrote:
>>
>>> Hi All,
>>>
>>> I'm using wum updated pack (wso2am-2.1.0.1511201090302) for API
>>> Manager. After APIM server is started with the fresh pack, I can 
>>> navigate
>>> to Management Console. But once I'm trying to log in with admin
>>> credentials, I cannot log in. The error is as below.
>>>
>>> Error: 403 Forbidden
>>> JavaLogger potential cross-site request forgery (CSRF) attack
>>> thwarted (user:, ip:10.100.5.136, method:POST,
>>> uri:/carbon/admin/login_action.jsp, error:required token is missing
>>> from the request)
>>>
>>> Affected Product Version:
>>> wum updated pack: wso2am-2.1.0.1511201090302.zip
>>>
>>> Environment details and versions:
>>>
>>> macOS High Sierra
>>> Version 10.13.1
>>> Google Chrome: Version 62.0.3202.94 (Official Build) (64-bit)
>>> Firefox: 57.0
>>>
>>> Any thoughts about this are highly appreciated.
>>>
>>>
>>> *Thanks and Best Regards,*
>>>
>>> *Isuru Uyanage*
>>> *Software Engineer - QA | WSO2*
>>> *Mobile : **+94 77 <+94%2077%20767%201807> 55 30752*
>>> *LinkedIn: **https://www.linkedin.com/in/isuru-uyanage/
>>> *
>>>
>>>
>>>
>>>
>>> ___
>>> Dev mailing list
>>> Dev@wso2.org
>>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>>
>>>
>>
>>
>> --
>> Irham Iqbal
>> Software Engineer
>> WSO2
>> phone: +94 777888452
>> 
>>
>>
>> ___
>> Dev mailing list
>> Dev@wso2.org
>> 

Re: [Dev] [APIM]Cannot login to APIM Management console with admin credentials

[Isuru Uyanage]

Hi All,

I tried updating Owasp.CsrfGuard.Carbon.properties file, which is in
$APIM_HOME/repository/conf/security folder by adding the below entry.
org.owasp.csrfguard.unprotected.mgtconsolelogin=%
servletContext%/carbon/admin/*

I could log in to the Management console with admin credentials but once
try to creating user/user roles, cannot proceed further and the same issue
is repeating. I think the best option is to downgrade the java.

Thanks,

*Thanks and Best Regards,*

*Isuru Uyanage*
*Software Engineer - QA | WSO2*
*Mobile : **+94 77 <+94%2077%20767%201807> 55 30752*
*LinkedIn: **https://www.linkedin.com/in/isuru-uyanage/
*




On Thu, Nov 23, 2017 at 4:54 AM, roshan wijesena 
wrote:

> Hi Rumy,
>
> is this mail public ?, [Important][Critical] None of WSO2 products are
> working with latest JDK.
>
> I am also facing the same problem, however downgrade java is not a option
> for me :(
>
> On Wed, Nov 22, 2017 at 11:09 PM, Mushthaq Rumy  wrote:
>
>> Hi Isuru,
>>
>> Seems like the java version is causing this issue. This issue is there
>> with java JDK 8u151. Please refer [1] for more details.
>>
>> [1] - [Important][Critical] None of WSO2 products are working with
>> latest JDK [Was: GZIP decoding issue in APIM/EI when deployed in MC]
>>
>> Thanks & Regards,
>> Mushthaq
>>
>> On Wed, Nov 22, 2017 at 3:35 PM, Irham Iqbal  wrote:
>>
>>> Hi Isuru,
>>>
>>> The reason might the java version you're using.
>>>
>>> You can update the Owasp.CsrfGuard.Carbon.properties file, which is in
>>> $APIM_HOME/repository/conf/security folder with the bellowing entry to
>>> ignore this error, IMO it's better if you use the proper java version.
>>> org.owasp.csrfguard.unprotected.mgtconsolelogin=%servletCont
>>> ext%/carbon/admin/*
>>>
>>> Thanks,
>>> Iqbal
>>>
>>> On Wed, Nov 22, 2017 at 3:08 PM, Isuru Uyanage  wrote:
>>>
 Hi All,

 I'm using wum updated pack (wso2am-2.1.0.1511201090302) for API
 Manager. After APIM server is started with the fresh pack, I can navigate
 to Management Console. But once I'm trying to log in with admin
 credentials, I cannot log in. The error is as below.

 Error: 403 Forbidden
 JavaLogger potential cross-site request forgery (CSRF) attack thwarted
 (user:, ip:10.100.5.136, method:POST,
 uri:/carbon/admin/login_action.jsp, error:required token is missing
 from the request)

 Affected Product Version:
 wum updated pack: wso2am-2.1.0.1511201090302.zip

 Environment details and versions:

 macOS High Sierra
 Version 10.13.1
 Google Chrome: Version 62.0.3202.94 (Official Build) (64-bit)
 Firefox: 57.0

 Any thoughts about this are highly appreciated.


 *Thanks and Best Regards,*

 *Isuru Uyanage*
 *Software Engineer - QA | WSO2*
 *Mobile : **+94 77 <+94%2077%20767%201807> 55 30752*
 *LinkedIn: **https://www.linkedin.com/in/isuru-uyanage/
 *




 ___
 Dev mailing list
 Dev@wso2.org
 http://wso2.org/cgi-bin/mailman/listinfo/dev


>>>
>>>
>>> --
>>> Irham Iqbal
>>> Software Engineer
>>> WSO2
>>> phone: +94 777888452
>>> 
>>>
>>>
>>> ___
>>> Dev mailing list
>>> Dev@wso2.org
>>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>>
>>>
>>
>>
>> --
>> Mushthaq Rumy
>> *Software Engineer*
>> Mobile : +94 (0) 779 492140 <%2B94%20%280%29%20773%20451194>
>> Email : musht...@wso2.com
>> WSO2, Inc.; http://wso2.com/
>> lean . enterprise . middleware.
>>
>> 
>>
>> ___
>> Dev mailing list
>> Dev@wso2.org
>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>
>>
>
> ___
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [APIM]Cannot login to APIM Management console with admin credentials

[Bhathiya Jayasekara]

Hi Roshan,

No, that's not a public thread.

Here[1] is the original bug.

@Isuru: Make sure you don't have the previous version in your PATH variable.

[1] https://bugs.openjdk.java.net/browse/JDK-8189789

Thanks,
Bhathiya

On Thu, Nov 23, 2017 at 4:30 PM, Isuru Uyanage  wrote:

> Hi All,
> I downgraded Java to (build 1.8.0_144-b01) and restarted the APIM 2.1.0
>
> But still, I'm getting the same error. Any thoughts about this.
>
> *Thanks and Best Regards,*
>
> *Isuru Uyanage*
> *Software Engineer - QA | WSO2*
> *Mobile : **+94 77 <+94%2077%20767%201807> 55 30752*
> *LinkedIn: **https://www.linkedin.com/in/isuru-uyanage/
> *
>
>
>
>
> On Thu, Nov 23, 2017 at 1:22 PM, Isuru Uyanage  wrote:
>
>> Hi All,
>>
>> I tried updating Owasp.CsrfGuard.Carbon.properties file, which is in
>> $APIM_HOME/repository/conf/security folder by adding the below entry.
>> org.owasp.csrfguard.unprotected.mgtconsolelogin=%servletCont
>> ext%/carbon/admin/*
>>
>> I could log in to the Management console with admin credentials but once
>> try to creating user/user roles, cannot proceed further and the same issue
>> is repeating. I think the best option is to downgrade the java.
>>
>> Thanks,
>>
>> *Thanks and Best Regards,*
>>
>> *Isuru Uyanage*
>> *Software Engineer - QA | WSO2*
>> *Mobile : **+94 77 <+94%2077%20767%201807> 55 30752*
>> *LinkedIn: **https://www.linkedin.com/in/isuru-uyanage/
>> *
>>
>>
>>
>>
>> On Thu, Nov 23, 2017 at 4:54 AM, roshan wijesena 
>> wrote:
>>
>>> Hi Rumy,
>>>
>>> is this mail public ?, [Important][Critical] None of WSO2 products are
>>> working with latest JDK.
>>>
>>> I am also facing the same problem, however downgrade java is not a
>>> option for me :(
>>>
>>> On Wed, Nov 22, 2017 at 11:09 PM, Mushthaq Rumy 
>>> wrote:
>>>
 Hi Isuru,

 Seems like the java version is causing this issue. This issue is there
 with java JDK 8u151. Please refer [1] for more details.

 [1] - [Important][Critical] None of WSO2 products are working with
 latest JDK [Was: GZIP decoding issue in APIM/EI when deployed in MC]

 Thanks & Regards,
 Mushthaq

 On Wed, Nov 22, 2017 at 3:35 PM, Irham Iqbal  wrote:

> Hi Isuru,
>
> The reason might the java version you're using.
>
> You can update the Owasp.CsrfGuard.Carbon.properties file, which is
> in $APIM_HOME/repository/conf/security folder with the bellowing
> entry to ignore this error, IMO it's better if you use the proper java
> version.
> org.owasp.csrfguard.unprotected.mgtconsolelogin=%servletCont
> ext%/carbon/admin/*
>
> Thanks,
> Iqbal
>
> On Wed, Nov 22, 2017 at 3:08 PM, Isuru Uyanage 
> wrote:
>
>> Hi All,
>>
>> I'm using wum updated pack (wso2am-2.1.0.1511201090302) for API
>> Manager. After APIM server is started with the fresh pack, I can navigate
>> to Management Console. But once I'm trying to log in with admin
>> credentials, I cannot log in. The error is as below.
>>
>> Error: 403 Forbidden
>> JavaLogger potential cross-site request forgery (CSRF) attack
>> thwarted (user:, ip:10.100.5.136, method:POST,
>> uri:/carbon/admin/login_action.jsp, error:required token is missing
>> from the request)
>>
>> Affected Product Version:
>> wum updated pack: wso2am-2.1.0.1511201090302.zip
>>
>> Environment details and versions:
>>
>> macOS High Sierra
>> Version 10.13.1
>> Google Chrome: Version 62.0.3202.94 (Official Build) (64-bit)
>> Firefox: 57.0
>>
>> Any thoughts about this are highly appreciated.
>>
>>
>> *Thanks and Best Regards,*
>>
>> *Isuru Uyanage*
>> *Software Engineer - QA | WSO2*
>> *Mobile : **+94 77 <+94%2077%20767%201807> 55 30752*
>> *LinkedIn: **https://www.linkedin.com/in/isuru-uyanage/
>> *
>>
>>
>>
>>
>> ___
>> Dev mailing list
>> Dev@wso2.org
>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>
>>
>
>
> --
> Irham Iqbal
> Software Engineer
> WSO2
> phone: +94 777888452
> 
>
>
> ___
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>


 --
 Mushthaq Rumy
 *Software Engineer*
 Mobile : +94 (0) 779 492140 <%2B94%20%280%29%20773%20451194>
 Email : musht...@wso2.com
 WSO2, Inc.; http://wso2.com/
 lean . enterprise . middleware.

 

 ___
 Dev mailing list
 Dev@wso2.org
 

Re: [Dev] [APIM]Cannot login to APIM Management console with admin credentials

[Malintha Amarasinghe]

I was under the impression this is only specific to 8u151, however, make
sure you have done the basic checks. (java -version returns the correct
java version, and you are using a new terminal to start the server once
java is updated.)

PS: I am using 1.8.0_131-b11 and not getting this issue.

Thanks!

On Thu, Nov 23, 2017 at 4:30 PM, Isuru Uyanage  wrote:

> Hi All,
> I downgraded Java to (build 1.8.0_144-b01) and restarted the APIM 2.1.0
>
> But still, I'm getting the same error. Any thoughts about this.
>
> *Thanks and Best Regards,*
>
> *Isuru Uyanage*
> *Software Engineer - QA | WSO2*
> *Mobile : **+94 77 <+94%2077%20767%201807> 55 30752*
> *LinkedIn: **https://www.linkedin.com/in/isuru-uyanage/
> *
>
>
>
>
> On Thu, Nov 23, 2017 at 1:22 PM, Isuru Uyanage  wrote:
>
>> Hi All,
>>
>> I tried updating Owasp.CsrfGuard.Carbon.properties file, which is in
>> $APIM_HOME/repository/conf/security folder by adding the below entry.
>> org.owasp.csrfguard.unprotected.mgtconsolelogin=%servletCont
>> ext%/carbon/admin/*
>>
>> I could log in to the Management console with admin credentials but once
>> try to creating user/user roles, cannot proceed further and the same issue
>> is repeating. I think the best option is to downgrade the java.
>>
>> Thanks,
>>
>> *Thanks and Best Regards,*
>>
>> *Isuru Uyanage*
>> *Software Engineer - QA | WSO2*
>> *Mobile : **+94 77 <+94%2077%20767%201807> 55 30752*
>> *LinkedIn: **https://www.linkedin.com/in/isuru-uyanage/
>> *
>>
>>
>>
>>
>> On Thu, Nov 23, 2017 at 4:54 AM, roshan wijesena 
>> wrote:
>>
>>> Hi Rumy,
>>>
>>> is this mail public ?, [Important][Critical] None of WSO2 products are
>>> working with latest JDK.
>>>
>>> I am also facing the same problem, however downgrade java is not a
>>> option for me :(
>>>
>>> On Wed, Nov 22, 2017 at 11:09 PM, Mushthaq Rumy 
>>> wrote:
>>>
 Hi Isuru,

 Seems like the java version is causing this issue. This issue is there
 with java JDK 8u151. Please refer [1] for more details.

 [1] - [Important][Critical] None of WSO2 products are working with
 latest JDK [Was: GZIP decoding issue in APIM/EI when deployed in MC]

 Thanks & Regards,
 Mushthaq

 On Wed, Nov 22, 2017 at 3:35 PM, Irham Iqbal  wrote:

> Hi Isuru,
>
> The reason might the java version you're using.
>
> You can update the Owasp.CsrfGuard.Carbon.properties file, which is
> in $APIM_HOME/repository/conf/security folder with the bellowing
> entry to ignore this error, IMO it's better if you use the proper java
> version.
> org.owasp.csrfguard.unprotected.mgtconsolelogin=%servletCont
> ext%/carbon/admin/*
>
> Thanks,
> Iqbal
>
> On Wed, Nov 22, 2017 at 3:08 PM, Isuru Uyanage 
> wrote:
>
>> Hi All,
>>
>> I'm using wum updated pack (wso2am-2.1.0.1511201090302) for API
>> Manager. After APIM server is started with the fresh pack, I can navigate
>> to Management Console. But once I'm trying to log in with admin
>> credentials, I cannot log in. The error is as below.
>>
>> Error: 403 Forbidden
>> JavaLogger potential cross-site request forgery (CSRF) attack
>> thwarted (user:, ip:10.100.5.136, method:POST,
>> uri:/carbon/admin/login_action.jsp, error:required token is missing
>> from the request)
>>
>> Affected Product Version:
>> wum updated pack: wso2am-2.1.0.1511201090302.zip
>>
>> Environment details and versions:
>>
>> macOS High Sierra
>> Version 10.13.1
>> Google Chrome: Version 62.0.3202.94 (Official Build) (64-bit)
>> Firefox: 57.0
>>
>> Any thoughts about this are highly appreciated.
>>
>>
>> *Thanks and Best Regards,*
>>
>> *Isuru Uyanage*
>> *Software Engineer - QA | WSO2*
>> *Mobile : **+94 77 <+94%2077%20767%201807> 55 30752*
>> *LinkedIn: **https://www.linkedin.com/in/isuru-uyanage/
>> *
>>
>>
>>
>>
>> ___
>> Dev mailing list
>> Dev@wso2.org
>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>
>>
>
>
> --
> Irham Iqbal
> Software Engineer
> WSO2
> phone: +94 777888452
> 
>
>
> ___
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>


 --
 Mushthaq Rumy
 *Software Engineer*
 Mobile : +94 (0) 779 492140 <%2B94%20%280%29%20773%20451194>
 Email : musht...@wso2.com
 WSO2, Inc.; http://wso2.com/
 lean . enterprise . middleware.

 

 

Re: [Dev] [APIM]Cannot login to APIM Management console with admin credentials

[Isuru Uyanage]

Hi All,
I downgraded Java to (build 1.8.0_144-b01) and restarted the APIM 2.1.0

But still, I'm getting the same error. Any thoughts about this.

*Thanks and Best Regards,*

*Isuru Uyanage*
*Software Engineer - QA | WSO2*
*Mobile : **+94 77 <+94%2077%20767%201807> 55 30752*
*LinkedIn: **https://www.linkedin.com/in/isuru-uyanage/
*




On Thu, Nov 23, 2017 at 1:22 PM, Isuru Uyanage  wrote:

> Hi All,
>
> I tried updating Owasp.CsrfGuard.Carbon.properties file, which is in
> $APIM_HOME/repository/conf/security folder by adding the below entry.
> org.owasp.csrfguard.unprotected.mgtconsolelogin=%servletCont
> ext%/carbon/admin/*
>
> I could log in to the Management console with admin credentials but once
> try to creating user/user roles, cannot proceed further and the same issue
> is repeating. I think the best option is to downgrade the java.
>
> Thanks,
>
> *Thanks and Best Regards,*
>
> *Isuru Uyanage*
> *Software Engineer - QA | WSO2*
> *Mobile : **+94 77 <+94%2077%20767%201807> 55 30752*
> *LinkedIn: **https://www.linkedin.com/in/isuru-uyanage/
> *
>
>
>
>
> On Thu, Nov 23, 2017 at 4:54 AM, roshan wijesena 
> wrote:
>
>> Hi Rumy,
>>
>> is this mail public ?, [Important][Critical] None of WSO2 products are
>> working with latest JDK.
>>
>> I am also facing the same problem, however downgrade java is not a option
>> for me :(
>>
>> On Wed, Nov 22, 2017 at 11:09 PM, Mushthaq Rumy 
>> wrote:
>>
>>> Hi Isuru,
>>>
>>> Seems like the java version is causing this issue. This issue is there
>>> with java JDK 8u151. Please refer [1] for more details.
>>>
>>> [1] - [Important][Critical] None of WSO2 products are working with
>>> latest JDK [Was: GZIP decoding issue in APIM/EI when deployed in MC]
>>>
>>> Thanks & Regards,
>>> Mushthaq
>>>
>>> On Wed, Nov 22, 2017 at 3:35 PM, Irham Iqbal  wrote:
>>>
 Hi Isuru,

 The reason might the java version you're using.

 You can update the Owasp.CsrfGuard.Carbon.properties file, which is in
 $APIM_HOME/repository/conf/security folder with the bellowing entry to
 ignore this error, IMO it's better if you use the proper java version.
 org.owasp.csrfguard.unprotected.mgtconsolelogin=%servletCont
 ext%/carbon/admin/*

 Thanks,
 Iqbal

 On Wed, Nov 22, 2017 at 3:08 PM, Isuru Uyanage 
 wrote:

> Hi All,
>
> I'm using wum updated pack (wso2am-2.1.0.1511201090302) for API
> Manager. After APIM server is started with the fresh pack, I can navigate
> to Management Console. But once I'm trying to log in with admin
> credentials, I cannot log in. The error is as below.
>
> Error: 403 Forbidden
> JavaLogger potential cross-site request forgery (CSRF) attack thwarted
> (user:, ip:10.100.5.136, method:POST,
> uri:/carbon/admin/login_action.jsp, error:required token is missing
> from the request)
>
> Affected Product Version:
> wum updated pack: wso2am-2.1.0.1511201090302.zip
>
> Environment details and versions:
>
> macOS High Sierra
> Version 10.13.1
> Google Chrome: Version 62.0.3202.94 (Official Build) (64-bit)
> Firefox: 57.0
>
> Any thoughts about this are highly appreciated.
>
>
> *Thanks and Best Regards,*
>
> *Isuru Uyanage*
> *Software Engineer - QA | WSO2*
> *Mobile : **+94 77 <+94%2077%20767%201807> 55 30752*
> *LinkedIn: **https://www.linkedin.com/in/isuru-uyanage/
> *
>
>
>
>
> ___
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>


 --
 Irham Iqbal
 Software Engineer
 WSO2
 phone: +94 777888452
 


 ___
 Dev mailing list
 Dev@wso2.org
 http://wso2.org/cgi-bin/mailman/listinfo/dev


>>>
>>>
>>> --
>>> Mushthaq Rumy
>>> *Software Engineer*
>>> Mobile : +94 (0) 779 492140 <%2B94%20%280%29%20773%20451194>
>>> Email : musht...@wso2.com
>>> WSO2, Inc.; http://wso2.com/
>>> lean . enterprise . middleware.
>>>
>>> 
>>>
>>> ___
>>> Dev mailing list
>>> Dev@wso2.org
>>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>>
>>>
>>
>> ___
>> Dev mailing list
>> Dev@wso2.org
>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>
>>
>
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [APIM]Cannot login to APIM Management console with admin credentials

[roshan wijesena]

Hi Rumy,

is this mail public ?, [Important][Critical] None of WSO2 products are
working with latest JDK.

I am also facing the same problem, however downgrade java is not a option
for me :(

On Wed, Nov 22, 2017 at 11:09 PM, Mushthaq Rumy  wrote:

> Hi Isuru,
>
> Seems like the java version is causing this issue. This issue is there
> with java JDK 8u151. Please refer [1] for more details.
>
> [1] - [Important][Critical] None of WSO2 products are working with
> latest JDK [Was: GZIP decoding issue in APIM/EI when deployed in MC]
>
> Thanks & Regards,
> Mushthaq
>
> On Wed, Nov 22, 2017 at 3:35 PM, Irham Iqbal  wrote:
>
>> Hi Isuru,
>>
>> The reason might the java version you're using.
>>
>> You can update the Owasp.CsrfGuard.Carbon.properties file, which is in
>> $APIM_HOME/repository/conf/security folder with the bellowing entry to
>> ignore this error, IMO it's better if you use the proper java version.
>> org.owasp.csrfguard.unprotected.mgtconsolelogin=%servletCont
>> ext%/carbon/admin/*
>>
>> Thanks,
>> Iqbal
>>
>> On Wed, Nov 22, 2017 at 3:08 PM, Isuru Uyanage  wrote:
>>
>>> Hi All,
>>>
>>> I'm using wum updated pack (wso2am-2.1.0.1511201090302) for API Manager.
>>> After APIM server is started with the fresh pack, I can navigate to
>>> Management Console. But once I'm trying to log in with admin credentials, I
>>> cannot log in. The error is as below.
>>>
>>> Error: 403 Forbidden
>>> JavaLogger potential cross-site request forgery (CSRF) attack thwarted
>>> (user:, ip:10.100.5.136, method:POST,
>>> uri:/carbon/admin/login_action.jsp, error:required token is missing
>>> from the request)
>>>
>>> Affected Product Version:
>>> wum updated pack: wso2am-2.1.0.1511201090302.zip
>>>
>>> Environment details and versions:
>>>
>>> macOS High Sierra
>>> Version 10.13.1
>>> Google Chrome: Version 62.0.3202.94 (Official Build) (64-bit)
>>> Firefox: 57.0
>>>
>>> Any thoughts about this are highly appreciated.
>>>
>>>
>>> *Thanks and Best Regards,*
>>>
>>> *Isuru Uyanage*
>>> *Software Engineer - QA | WSO2*
>>> *Mobile : **+94 77 <+94%2077%20767%201807> 55 30752*
>>> *LinkedIn: **https://www.linkedin.com/in/isuru-uyanage/
>>> *
>>>
>>>
>>>
>>>
>>> ___
>>> Dev mailing list
>>> Dev@wso2.org
>>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>>
>>>
>>
>>
>> --
>> Irham Iqbal
>> Software Engineer
>> WSO2
>> phone: +94 777888452
>> 
>>
>>
>> ___
>> Dev mailing list
>> Dev@wso2.org
>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>
>>
>
>
> --
> Mushthaq Rumy
> *Software Engineer*
> Mobile : +94 (0) 779 492140 <%2B94%20%280%29%20773%20451194>
> Email : musht...@wso2.com
> WSO2, Inc.; http://wso2.com/
> lean . enterprise . middleware.
>
> 
>
> ___
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [APIM]Cannot login to APIM Management console with admin credentials

[Malintha Amarasinghe]

Hi Isuru,

There was some recent similar issue which happens in the latest JDK
version. If you are using 8u151, please downgrade it to a lower minor
version and check.

Thanks!

On Wed, Nov 22, 2017 at 3:08 PM, Isuru Uyanage  wrote:

> Hi All,
>
> I'm using wum updated pack (wso2am-2.1.0.1511201090302) for API Manager.
> After APIM server is started with the fresh pack, I can navigate to
> Management Console. But once I'm trying to log in with admin credentials, I
> cannot log in. The error is as below.
>
> Error: 403 Forbidden
> JavaLogger potential cross-site request forgery (CSRF) attack thwarted
> (user:, ip:10.100.5.136, method:POST, 
> uri:/carbon/admin/login_action.jsp,
> error:required token is missing from the request)
>
> Affected Product Version:
> wum updated pack: wso2am-2.1.0.1511201090302.zip
>
> Environment details and versions:
>
> macOS High Sierra
> Version 10.13.1
> Google Chrome: Version 62.0.3202.94 (Official Build) (64-bit)
> Firefox: 57.0
>
> Any thoughts about this are highly appreciated.
>
>
> *Thanks and Best Regards,*
>
> *Isuru Uyanage*
> *Software Engineer - QA | WSO2*
> *Mobile : **+94 77 <+94%2077%20767%201807> 55 30752*
> *LinkedIn: **https://www.linkedin.com/in/isuru-uyanage/
> *
>
>
>
>
> ___
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>


-- 
Malintha Amarasinghe
*WSO2, Inc. - lean | enterprise | middleware*
http://wso2.com/

Mobile : +94 712383306
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [APIM]Cannot login to APIM Management console with admin credentials

[Isuru Uyanage]

Hi Irham/Malintha,
Thank you for the prompt reply. It worked.


Regards,
Isuru

*Thanks and Best Regards,*

*Isuru Uyanage*
*Software Engineer - QA | WSO2*
*Mobile : **+94 77 <+94%2077%20767%201807> 55 30752*
*LinkedIn: **https://www.linkedin.com/in/isuru-uyanage/
*




On Wed, Nov 22, 2017 at 3:35 PM, Irham Iqbal  wrote:

> Hi Isuru,
>
> The reason might the java version you're using.
>
> You can update the Owasp.CsrfGuard.Carbon.properties file, which is in
> $APIM_HOME/repository/conf/security folder with the bellowing entry to
> ignore this error, IMO it's better if you use the proper java version.
> org.owasp.csrfguard.unprotected.mgtconsolelogin=%
> servletContext%/carbon/admin/*
>
> Thanks,
> Iqbal
>
> On Wed, Nov 22, 2017 at 3:08 PM, Isuru Uyanage  wrote:
>
>> Hi All,
>>
>> I'm using wum updated pack (wso2am-2.1.0.1511201090302) for API Manager.
>> After APIM server is started with the fresh pack, I can navigate to
>> Management Console. But once I'm trying to log in with admin credentials, I
>> cannot log in. The error is as below.
>>
>> Error: 403 Forbidden
>> JavaLogger potential cross-site request forgery (CSRF) attack thwarted
>> (user:, ip:10.100.5.136, method:POST,
>> uri:/carbon/admin/login_action.jsp, error:required token is missing from
>> the request)
>>
>> Affected Product Version:
>> wum updated pack: wso2am-2.1.0.1511201090302.zip
>>
>> Environment details and versions:
>>
>> macOS High Sierra
>> Version 10.13.1
>> Google Chrome: Version 62.0.3202.94 (Official Build) (64-bit)
>> Firefox: 57.0
>>
>> Any thoughts about this are highly appreciated.
>>
>>
>> *Thanks and Best Regards,*
>>
>> *Isuru Uyanage*
>> *Software Engineer - QA | WSO2*
>> *Mobile : **+94 77 <+94%2077%20767%201807> 55 30752*
>> *LinkedIn: **https://www.linkedin.com/in/isuru-uyanage/
>> *
>>
>>
>>
>>
>> ___
>> Dev mailing list
>> Dev@wso2.org
>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>
>>
>
>
> --
> Irham Iqbal
> Software Engineer
> WSO2
> phone: +94 777888452
> 
>
>
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [APIM]Cannot login to APIM Management console with admin credentials

[Bhathiya Jayasekara]

On Wed, Nov 22, 2017 at 3:35 PM, Irham Iqbal  wrote:

> Hi Isuru,
>
> The reason might the java version you're using.
>
> You can update the Owasp.CsrfGuard.Carbon.properties file, which is in
> $APIM_HOME/repository/conf/security folder with the bellowing entry to
> ignore this error, IMO it's better if you use the proper java version.
> org.owasp.csrfguard.unprotected.mgtconsolelogin=%
> servletContext%/carbon/admin/*
>

Due to the gzip bug in JDK 8u151, there are other problems too. Better to
use JDK 8u144.

Thanks,
Bhathiya


>
>
> Thanks,
> Iqbal
>
> On Wed, Nov 22, 2017 at 3:08 PM, Isuru Uyanage  wrote:
>
>> Hi All,
>>
>> I'm using wum updated pack (wso2am-2.1.0.1511201090302) for API Manager.
>> After APIM server is started with the fresh pack, I can navigate to
>> Management Console. But once I'm trying to log in with admin credentials, I
>> cannot log in. The error is as below.
>>
>> Error: 403 Forbidden
>> JavaLogger potential cross-site request forgery (CSRF) attack thwarted
>> (user:, ip:10.100.5.136, method:POST,
>> uri:/carbon/admin/login_action.jsp, error:required token is missing from
>> the request)
>>
>> Affected Product Version:
>> wum updated pack: wso2am-2.1.0.1511201090302.zip
>>
>> Environment details and versions:
>>
>> macOS High Sierra
>> Version 10.13.1
>> Google Chrome: Version 62.0.3202.94 (Official Build) (64-bit)
>> Firefox: 57.0
>>
>> Any thoughts about this are highly appreciated.
>>
>>
>> *Thanks and Best Regards,*
>>
>> *Isuru Uyanage*
>> *Software Engineer - QA | WSO2*
>> *Mobile : **+94 77 <+94%2077%20767%201807> 55 30752*
>> *LinkedIn: **https://www.linkedin.com/in/isuru-uyanage/
>> *
>>
>>
>>
>>
>> ___
>> Dev mailing list
>> Dev@wso2.org
>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>
>>
>
>
> --
> Irham Iqbal
> Software Engineer
> WSO2
> phone: +94 777888452
> 
>
>
> ___
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>


-- 
*Bhathiya Jayasekara*
*Associate Technical Lead,*
*WSO2 inc., http://wso2.com *

*Phone: +94715478185*
*LinkedIn: http://www.linkedin.com/in/bhathiyaj
*
*Twitter: https://twitter.com/bhathiyax *
*Blog: http://movingaheadblog.blogspot.com
*
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [APIM]Cannot login to APIM Management console with admin credentials

[Mushthaq Rumy]

Hi Isuru,

Seems like the java version is causing this issue. This issue is there with
java JDK 8u151. Please refer [1] for more details.

[1] - [Important][Critical] None of WSO2 products are working with
latest JDK [Was: GZIP decoding issue in APIM/EI when deployed in MC]

Thanks & Regards,
Mushthaq

On Wed, Nov 22, 2017 at 3:35 PM, Irham Iqbal  wrote:

> Hi Isuru,
>
> The reason might the java version you're using.
>
> You can update the Owasp.CsrfGuard.Carbon.properties file, which is in
> $APIM_HOME/repository/conf/security folder with the bellowing entry to
> ignore this error, IMO it's better if you use the proper java version.
> org.owasp.csrfguard.unprotected.mgtconsolelogin=%
> servletContext%/carbon/admin/*
>
> Thanks,
> Iqbal
>
> On Wed, Nov 22, 2017 at 3:08 PM, Isuru Uyanage  wrote:
>
>> Hi All,
>>
>> I'm using wum updated pack (wso2am-2.1.0.1511201090302) for API Manager.
>> After APIM server is started with the fresh pack, I can navigate to
>> Management Console. But once I'm trying to log in with admin credentials, I
>> cannot log in. The error is as below.
>>
>> Error: 403 Forbidden
>> JavaLogger potential cross-site request forgery (CSRF) attack thwarted
>> (user:, ip:10.100.5.136, method:POST,
>> uri:/carbon/admin/login_action.jsp, error:required token is missing from
>> the request)
>>
>> Affected Product Version:
>> wum updated pack: wso2am-2.1.0.1511201090302.zip
>>
>> Environment details and versions:
>>
>> macOS High Sierra
>> Version 10.13.1
>> Google Chrome: Version 62.0.3202.94 (Official Build) (64-bit)
>> Firefox: 57.0
>>
>> Any thoughts about this are highly appreciated.
>>
>>
>> *Thanks and Best Regards,*
>>
>> *Isuru Uyanage*
>> *Software Engineer - QA | WSO2*
>> *Mobile : **+94 77 <+94%2077%20767%201807> 55 30752*
>> *LinkedIn: **https://www.linkedin.com/in/isuru-uyanage/
>> *
>>
>>
>>
>>
>> ___
>> Dev mailing list
>> Dev@wso2.org
>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>
>>
>
>
> --
> Irham Iqbal
> Software Engineer
> WSO2
> phone: +94 777888452
> 
>
>
> ___
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>


-- 
Mushthaq Rumy
*Software Engineer*
Mobile : +94 (0) 779 492140 <%2B94%20%280%29%20773%20451194>
Email : musht...@wso2.com
WSO2, Inc.; http://wso2.com/
lean . enterprise . middleware.


___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [APIM]Cannot login to APIM Management console with admin credentials

[Irham Iqbal]

Hi Isuru,

The reason might the java version you're using.

You can update the Owasp.CsrfGuard.Carbon.properties file, which is in
$APIM_HOME/repository/conf/security folder with the bellowing entry to
ignore this error, IMO it's better if you use the proper java version.
org.owasp.csrfguard.unprotected.mgtconsolelogin=%servletContext%/carbon/admin/*

Thanks,
Iqbal

On Wed, Nov 22, 2017 at 3:08 PM, Isuru Uyanage  wrote:

> Hi All,
>
> I'm using wum updated pack (wso2am-2.1.0.1511201090302) for API Manager.
> After APIM server is started with the fresh pack, I can navigate to
> Management Console. But once I'm trying to log in with admin credentials, I
> cannot log in. The error is as below.
>
> Error: 403 Forbidden
> JavaLogger potential cross-site request forgery (CSRF) attack thwarted
> (user:, ip:10.100.5.136, method:POST, 
> uri:/carbon/admin/login_action.jsp,
> error:required token is missing from the request)
>
> Affected Product Version:
> wum updated pack: wso2am-2.1.0.1511201090302.zip
>
> Environment details and versions:
>
> macOS High Sierra
> Version 10.13.1
> Google Chrome: Version 62.0.3202.94 (Official Build) (64-bit)
> Firefox: 57.0
>
> Any thoughts about this are highly appreciated.
>
>
> *Thanks and Best Regards,*
>
> *Isuru Uyanage*
> *Software Engineer - QA | WSO2*
> *Mobile : **+94 77 <+94%2077%20767%201807> 55 30752*
> *LinkedIn: **https://www.linkedin.com/in/isuru-uyanage/
> *
>
>
>
>
> ___
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>


-- 
Irham Iqbal
Software Engineer
WSO2
phone: +94 777888452

___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

[Dev] [APIM]Cannot login to APIM Management console with admin credentials

[Isuru Uyanage]

Hi All,

I'm using wum updated pack (wso2am-2.1.0.1511201090302) for API Manager.
After APIM server is started with the fresh pack, I can navigate to
Management Console. But once I'm trying to log in with admin credentials, I
cannot log in. The error is as below.

Error: 403 Forbidden
JavaLogger potential cross-site request forgery (CSRF) attack thwarted
(user:, ip:10.100.5.136, method:POST,
uri:/carbon/admin/login_action.jsp, error:required token is missing from
the request)

Affected Product Version:
wum updated pack: wso2am-2.1.0.1511201090302.zip

Environment details and versions:

macOS High Sierra
Version 10.13.1
Google Chrome: Version 62.0.3202.94 (Official Build) (64-bit)
Firefox: 57.0

Any thoughts about this are highly appreciated.


*Thanks and Best Regards,*

*Isuru Uyanage*
*Software Engineer - QA | WSO2*
*Mobile : **+94 77 <+94%2077%20767%201807> 55 30752*
*LinkedIn: **https://www.linkedin.com/in/isuru-uyanage/
*
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev