GET ChallengeQuestion API in version 6.0 is not working - wso2-identity-server

As part of WSO2 identity server 6.0.0, SOAP APIs are deprecated and recommended to use REST-based APIs. We are using RemoteUserStoreManagerService.wsdl and UserIdentityManagementAdminService.wsdl SOAP APIs in our project, want to replace the SOAP APIs with recommended REST APIs. Can you help us to find the list of REST APIs to replace RemoteUserStoreManagerService.wsdl and UserIdentityManagementAdminService.wsdl SOAP APIs. The APIs document is not clear.
Under Challenge Questions API https://is.docs.wso2.com/en/6.0.0/apis/restapis/challenge.yaml we are calling /me/challenges and /me/challenge-answers GET APIs and we are getting response as No message body writer has been found for class java.util.ArrayList, ContentType: / , 500 Internal error. Can you please suggest what is going wrong here what is causing this error.

You have to pass 'Accept: application/json' header in the REST API request.
Try the following sample curl commands by changing the Authorization header value
/me/challenges:
curl --location --request GET 'https://localhost:9443/api/users/v1/me/challenges' \
--header 'Accept: application/json' \
--header 'Authorization: Basic <base64 encoded username:password>'
me/challenge-answers:
curl --location --request GET 'https://localhost:9443/api/users/v1/me/challenge-answers' \
--header 'Accept: application/json' \
--header 'Authorization: Basic <base64 encoded username:password>'

Related

How to make cloudfront https calls to origin in http

I have the origin http://app.mydomain.com/v2/check (no https)
I have configured my cloudfront with ssl cert *.mydomain.com
In Route53 I have created A record with alias app2.mydomain.com pointing to Cloudfront xyz.cloudfront.net
Now how to I set behavior such that I call (POST) https://app2.mydomain.com/v2/check it call http://app.mydomain.com:8081/v2/check.
curl command
Working
curl --location --request POST 'http://app.mydomain.com/v2/check' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'disabledRules=WHITESPACE_RULE' \
--data-urlencode 'text="The quick read focks jumped over the lazy broon dogg."' \
--data-urlencode 'language=en-US'
not working getting http 403 error
curl --location --request POST 'https://app2.mydomain.com/v2/check' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'disabledRules=WHITESPACE_RULE' \
--data-urlencode 'text="The quick read focks jumped over the lazy broon dogg."' \
--data-urlencode 'language=en-US'
This can be done by by modifying the origin.
In the console:
Select the Origin and Origin Groups tab.
Select the Origin and click Edit
Once you click edit there is an option for Origin Protocol Policy. Select the value of HTTP Only as shown below in the screenshot.
Click Yes/Edit
This can be performed in the CLI by performing the update-distribution function, or in CloudFormation by updating the OriginProtocolPolicy value to http-only.
As you're using POST requests ensure that it is enabled in the Allowed HTTP Methods within the Behaviour for the origin. This returns a 403 if the method is not enabled.
.
Other than this ensure the host that you're trying to connect to through either the browser or programmatically as an API call, is added as an alternative domain name in the CloudFront Distribution configuration.
In the Alternate Domain Names CNAME section I had to put app2.domain.com in the list. I had only domain.com do to which it was not working.

Connect to elasticsearch in AWS using key credentials

I'm trying to post a request using curl to my es cluster in AWS using my accessKey and secretKey. I have successfully done this through postman (details here) where you can specify AWS credentials but I would like to make this work with curl. Postman can auto-generate your curl request for you but all I get are errors.
This is the generated curl request along with the response
curl -X GET \
https://search-00000000000001.eu-west-1.es.amazonaws.com/_cat/indices \
-H 'Authorization: AWS4-HMAC-SHA256 Credential=11111111111111111111/20181119/eu-west-1/es/aws4_request, SignedHeaders=cache-control;content-type;host;postman-token;x-amz-date, Signature=11111111116401882398f46011f14fdb9d55e012a4fb912706d67c1111111111' \
-H 'Content-Type: application/x-www-form-urlencoded' \
-H 'Host: search-00000000000001.eu-west-1.es.amazonaws.com' \
-H 'Postman-Token: 00000000-0000-4001-8006-9291e208a000' \
-H 'X-Amz-Date: 20181119T220000Z' \
-H 'cache-control: no-cache'
{"message":"The request signature we calculated does not match the signature you provided. Check your AWS Secret Access Key and signing method. Consult the service documentation for details."}%
IDs have been changed to protect the innocent.
I have checked all my keys and region, and like i said this works through postman. Is it possible to access this AWS service using my keys through curl?
This is quite a long rabbit hole. Thanks to Adam for the comment that sent me in the correct direction. The link https://docs.aws.amazon.com/apigateway/api-reference/signing-requests/ really helps you understand what you need to do.
I've since found a script that follows the signing requests method outlined above. It runs in bash and whilst it is not written for use with elasticsearch requests it can be used for them.
https://github.com/riboseinc/aws-authenticating-secgroup-scripts many thanks to https://www.ribose.com for putting this on github.
If your host contains ':443' remove it and try again.
This worked for me.
"My initial problem: If I access it with Postman using the same url, I get the same error, but removing the ‘:443/’, it works fine, so it’s nothing wrong with the key and secret I’m using."

curl usage wso2-am example api

just started with wso2-am. I published the example PizzaShackAPI: /pizzashack/1.0.0 API and registered a default application against it. I can (re)generate keys for the default application and with this, I can call e.g. the GET/menu item in the API console. This gives me the expected list as long as the access token is valid.
However in the API console the equivalent curl command is also given as :
curl -X GET --header 'Accept: application/json' --header 'Authorization: Bearer 00cb3832-f73f-3536-b287-4330a47ef4bd' 'https://192.168.1.9:8243/pizzashack/1.0.0/menu'
I run this under windows (curl-7.54.0-win64-mingw) but this doesn't work. Tried replacing some quotes with double quotes etc. but all to no avail. Furthermore, I assume that I am using one-way SSL to the service running in wso2-am itself (on port 8243) and I don't need to supply any certificate myself. I also realize that the server side uses a self signed certificate and not sure whether this has any implications in this situation.
Hope someone can help me out on this.
As an addition - just noticed that in the sys$output of the wso2-am server the following is listed:
[2017-05-13 00:38:38,858] ERROR - SourceHandler I/O error: Received fatal alert:
unknown_ca
javax.net.ssl.SSLException: Received fatal alert: unknown_ca
at sun.security.ssl.Alerts.getSSLException(Alerts.java:208)
at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1639)
at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1607)
at sun.security.ssl.SSLEngineImpl.recvAlert(SSLEngineImpl.java:1776)
at sun.security.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:1068)
at sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:890)
at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:764)
at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:624)
at org.apache.http.nio.reactor.ssl.SSLIOSession.doUnwrap(SSLIOSession.ja
va:245)
I think that this is caused by the curl command hitting the API service .
Thanks Peter
You are accessing HTTPS url of the API, You have to either use a keystore or suppress the SSL in cURL with -k option
curl -X GET --header 'Accept: application/json' --header 'Authorization: Bearer 00cb3832-f73f-3536-b287-4330a47ef4bd' 'https://192.168.1.9:8243/pizzashack/1.0.0/menu' -k
You also can use below HTTP URL of the API, note the port difference.
curl -X GET --header 'Accept: application/json' --header 'Authorization: Bearer 00cb3832-f73f-3536-b287-4330a47ef4bd' 'http://192.168.1.9:8280/pizzashack/1.0.0/menu'

wso2 api manager PUT method does not work in api store

Wso2 API Manager 1.10.0. PUT method does not work in API store.
GET, POST, DELETE methods work, but PUT dose not work.
Error,
Curl
curl -X PUT --header "Content-Type: application/json" --header "Accept: application/json" --header "Authorization: Bearer c6c90338514e561c8a02a7b6a1c96553" -d "{\"payment\":\"PAID\"}" "https://10.138.31.22:8243/Starbucks_API/1/order_1"
Request URL
https://10.138.31.22:8243/Starbucks_API/1/order_1
Response Body
<ams:fault xmlns:ams="http://wso2.org/apimanager/security">
<ams:code>900906</ams:code>
<ams:message>No matching resource found in the API for the given request</ams:message>
<ams:description>Access failure for API: /Starbucks_API/1, version: 1. Check the API documentation and add a proper REST resource path to the invocation URL</ams:description>
</ams:fault>
Response Code
403
Response Headers
{
"content-type": "application/xml; charset=UTF-8"
}
Resource given in the request is actually matching, which I mentioned in API.
Any help is appreciated.
Resource Definition
You are having two PUT with same URL. You can't have two different HTTP resource with same URL.

converting curl api call into restful api call

i am very new to the java EE.
I have built some simple restful client for calling rest api's from java using jersey framework.
I have one curl request which i have to call from java
curl -i -X POST 'https://{url}' -H 'Content-Type: application/x-www-form-urlencoded' -H "Accept: application/vnd.newbay.dv-1.8+json" -H "X-HTTP-METHOD-OVERRIDE: DELETE" -H "X-Client-Platform: SERVICES" -H "X-Client-Identifier: IL" --insecure --data 'path=%2FMy+Samsung+GT-I9082%2F20130822_172409.jpg&path=%2FMy+Samsung+GT-I9082%2F20130905_085407.jpg'
Here the paths of file are passed as form post in curl using --data.
Can anyone tell me how to call this api from my java program using jersey framework? I am having difficulty because of this --data part? how exactly i will pass that in my restful java client that i cant understand.
Also can anyone tell me how to pass form post --data part while calling the same api from soapUI?
In your cURL command, --data provides post data in a classic html form format. You shoud alrealy be aware of that because the content-type is explicit : application/x-www-form-urlencoded
Jersey can handle this encoding for you, using MultivaluedMapImpl.
see Sending Name Value Pair in POST using Jersey Client