I register the API with the publisher, go to the tryout tab, generate a key, and then verify it, but an error appears as shown below. What part did I set wrong? I need help.
Log file
[2021-10-06 13:50:07,068] ERROR - InternalAPIKeyAuthenticator Invalid Internal Key.XXXXXUlMyNTYifQ
[2021-10-06 13:50:07,069] WARN - APIAuthenticationHandler API authentication failure due to Invalid Credentials
https://i.stack.imgur.com/NPfQW.png
Related
I just downloaded and installed WSO2 API Manager to a Linux server. As per the installation guide, I have not made any changes.
The only wrinkle I had was that the wso2server.sh script did not have execute permission so I set that manually. I did not check or modify any other permissions.
After startup, I am able to access each of the Admin, Publisher and Store apps.
In the Admin app, the first screen shows the message: "No tasks assigned to the login user or no connectivity with BPS engine."
When I dig into the logs, I see this entry in wso2carbon.log
TID: [-1234] [] [2017-03-02 10:26:12,049] WARN {JAGGERY.site.blocks.user.login.ajax.login:jag} - Not Retrieving Pending Tasks. Check BPS Connectivity. java.lang.IllegalArgumentException: Illegal character in authority at index 8: https://<BPSHost>:<BPSPort>/services/AuthenticationAdmin {JAGGERY.site.blocks.user.login.ajax.login:jag}
the wso2-apigw-errors.log has a largely identical error
2017-03-02 10:26:12,049 [-] [http-nio-9443-exec-17] WARN login:jag Not Retrieving Pending Tasks. Check BPS Connectivity. java.lang.IllegalArgumentException: Illegal character in authority at index 8: https://<BPSHost>:<BPSPort>/services/AuthenticationAdmin
This may or may not be relevant, I am also seeing warnings about being unable to flush and lock system prefs, even though its successfully creating the directory earlier.
TID: [-1234] [] [2017-03-02 09:28:30,285] INFO {java.util.prefs.FileSystemPreferences$1} - Created user preferences directory. {java.util.prefs.FileSystemPreferences$1}
TID: [-1] [] [2017-03-02 11:11:19,058] WARN {java.util.prefs.FileSystemPreferences} - Could not lock System prefs. Unix error code 32645. {java.util.prefs.FileSystemPreferences}
TID: [-1] [] [2017-03-02 11:11:19,058] WARN {java.util.prefs.FileSystemPreferences} - Couldn't flush system prefs: java.util.prefs.BackingStoreException: Couldn't get file lock. {java.util.prefs.FileSystemPreferences}
I am assuming I need to configure or download something else to get this work. Please advise!
I am not sure what your use case is. You can integrate a BPS engine with WSO2 API Manager for the following tasks.
User Signup Workflow
Application Creation Workflow
Application Registration Workflow
API Subscription Workflow
This blog explains how you can integrate WSO2 Business Process Server with WSO2 API Manager. You can check the official documentation which explains the avaiable workflow extensions.
You are getting this warning message when you are logging to admin portal as it checks if there are any pending approval tasks. You can ignore this warning if you are not using any BPS integrations. Based on your use case you can add a BPS engine for workflows.
We are using the ResetPassword API from UserInformationRecoveryService WSDL (https://localhost:9443/services/UserInformationRecoveryService), to request a password reset without captcha for the user 'dummy' with the following body, providing the admin/admin user.
<x:Envelope xmlns:x="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ser="http://services.mgt.identity.carbon.wso2.org" xmlns:xsd="http://beans.mgt.captcha.carbon.wso2.org/xsd">
<x:Header/>
<x:Body>
<ser:verifyUser>
<ser:username>dummy</ser:username>
</ser:verifyUser>
</x:Body>
</x:Envelope>
The request returns a 200 status code with the token but when checking the console, it reports the following error:
Invalid remote address detected.
org.wso2.carbon.core.common.AuthenticationException: Authentication Failed : Invalid remote address passed - 0:0:0:0:0:0:0:1
Am I missing any configuration? The WSDL doesn't show any remote address field to send like the login API, so it should be something else.
Or is this log error expected?
UPDATE:
Here are the requested DEBUG logs of multiple wso2 components: http://hastebin.com/ubasixagev.coffee
log4j.logger.org.wso2.carbon.user.core=DEBUG
log4j.logger.org.wso2.carbon.identity=DEBUG
log4j.logger.org.wso2.carbon.identity.sso.saml=DEBUG
log4j.logger.org.wso2.carbon.identity.application=DEBUG
log4j.logger.org.wso2.carbon.identity.application.authentication.framework=DEBUG
log4j.logger.org.wso2.carbon.core=DEBUG
log4j.logger.org.wso2.carbon.identity.core=DEBUG
I've been trying to configure WSO2is to accept a SAML auth request from Spring Security and pass it along to an external IDP for authentication. I've configured the SP and IDP on WSO2 correctly enough to have my request be redirected to SSOCircle, but when Circle sends the SAML response back to WSO2 it gives a "Not a valid SAML 2.0 Request Message!" error page. Which this makes sense as it's not a request being sent to the server.
I think my problem revolves around the AssertionConsumerService in the metadata I've uploaded to Circle "https://MyLocalHost:8080/samlsso" which is the url for the Resident Identity Provider. I've been hunting around different end point to use for, but have not been find anything.
The closest I've been able to get was following the example here https://docs.wso2.com/display/IS500/Configuring+Single+Sign-On+with+SAML+2.0 but this appears to be used for just logging into the WSO2 server itself.
EDIT after changing the endpoint to commonauth
Here are the logs after the request lands on the server.
DEBUG {org.wso2.carbon.identity.application.authentication.framework.handler.step.impl.DefaultStepHandler} - SAMLSSOAuthenticator returned: INCOMPLETE {org.wso2.carbon.identity.application.authentication.framework.handler.step.impl.DefaultStepHandler}
DEBUG {org.wso2.carbon.identity.application.authentication.framework.handler.step.impl.DefaultStepHandler} - SAMLSSOAuthenticator is redirecting {org.wso2.carbon.identity.application.authentication.framework.handler.step.impl.DefaultStepHandler}
DEBUG {org.wso2.carbon.identity.application.authentication.framework.handler.sequence.impl.DefaultStepBasedSequenceHandler} - Step is not complete yet. Redirecting to outside. {org.wso2.carbon.identity.application.authentication.framework.handler.sequence.impl.DefaultStepBasedSequenceHandler}
DEBUG {org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultRequestCoordinator} - Session data key is null in the request {org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultRequestCoordinator}
ERROR {org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultRequestCoordinator} - Context does not exist. Probably due to invalidated cache {org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultRequestCoordinator}
I have a WSO2 Identity Server installed (SP1 included) and I was doing some integration tests with Liferay. I was able to do saml sso login without any problem (with included attributes), but then I installed the critical patch 1256 and it doesn't let me to sign on anymore.
Here's what the log says:
TID: [0] [IS] [2015-05-28 12:16:22,774] ERROR {org.wso2.carbon.identity.sso.saml.builders.assertion.DefaultSAMLAssertionBuilder} - Error when reading claim values for generating SAML Response {org.wso2.carbon.identity.sso.saml.builders.assertion.DefaultSAMLAssertionBuilder}
TID: [0] [IS] [2015-05-28 12:16:22,775] ERROR {org.wso2.carbon.identity.sso.saml.processors.SPInitSSOAuthnRequestProcessor} - Error processing the authentication request {org.wso2.carbon.identity.sso.saml.processors.SPInitSSOAuthnRequestProcessor}org.wso2.carbon.identity.base.IdentityException: Error while building the saml assertion
I was trying to figure out what could change between patches. When I delete all requested claims or deactivate the option " Include Attributes in the Response Always" it has no problem at all, but it doesn't work for me that way.
Thanks in advance
Did you change the Subject Claim URI? By default it is not select... If this can be an bug in WSO2IS with above patch. I also see this error when i selecte the email address as the Subject Claim URI. There is public jira as well.
I have configured the sample travelocity.com webapp to work with saml2 SSO following link configure SSO web app
But when i try to login using account i get following error message on browser
Here is what i get in logs:
TID: [0] [IS] [2015-03-10 21:06:26,835] WARN {org.wso2.carbon.identity.sso.saml.processors.SPInitSSOAuthnRequestProcessor} - Signature validation for Authentication Request failed. {org.wso2.carbon.identity.sso.saml.processors.SPInitSSOAuthnRequestProcessor}
After again i tried without restart of server i got this error:
TID: [0] [IS] [2015-03-10 20:30:51,261] ERROR {org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultRequestCoordinator} - Context does not exist. Probably due to invalidated cache {org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultRequestCoordinator}
I am not sure what is wrong. I have also installed latest service pack . I am using wso2is-5.0.0
Please help.
This same web application is working fine with WSO2IS. I have already tried out it..Details can be found from here as well
According to the error, it says Signature validation for Authentication Request failed it means that SAML2 Auth request that is sent by Web application has been signed and WSO2IS tries to validate the signature of it. WSO2IS does not validate the signature by default, you may have probably tick on following configuration in the SAML2 SSO configuration.
Enable Signature Validation in Authentication Requests and Logout Requests
Please verify it and un-tick it and see.
If you want to really validate the signature of SAML2 Auth requests, you need to tick it. Then you must chose the proper Certificate Alias value from the combo box. Please note proper value is NOT the wso2carbon.cert. Proper value is wso2carbon. Then it would work for you.
Second error may be related to browser cache, just clear the browser cache and try out.. (or open new browser)
Most probably this is a mismatch in the keystores.
Just copy
$WSO2IS/repository/resources/security/keystore.jks
To
$TOMCAT/saml2-web-app-pickup-dispatch.com/WEB-INF/classes
This way, both keystores are the same. Restart Tomcat and it should work fine.