I configured APIM with build-in Identety Server inside kubernetes cluster. Everything was working fine but recently we got an error related to expired certificate:
2021-07-29 14:30:35,308 INFO [wso2/gateway/src/gateway/utils] - [APIGatewayListener] [-] HTTP listener is active on port 9090
[ballerina/http] started HTTPS/WSS listener 0.0.0.0:9095
2021-07-29 14:30:35,310 INFO [wso2/gateway/src/gateway/utils] - [APIGatewayListener] [-] HTTPS listener is active on port 9095
2021-07-29 14:31:31,816 INFO [wso2/gateway/src/gateway/utils] - [NotificationEventListener] [-] Recieved event with type : SUBSCRIPTIONS_CREATE
2021-07-29 14:31:59,940 ERROR [ballerina/jwt] - Public key certificate validity period has passed.
2021-07-29 14:31:59,943 ERROR [ballerina/jwt] - JWT validation failed. : error {ballerina/jwt}Error message=Public key certificate validity period has passed.
2021-07-29 14:31:59,945 ERROR [wso2/gateway/src/gateway/utils] - Failed to authenticate with jwt auth provider. : error {ballerina/auth}Error message=JWT validation failed. cause=error {ballerina/jwt}Error message=Public key certificate validity period has passed.
Configmap to deploy certificate
After that I got another error related signature validation failed:
2021-07-29 19:16:42,517 ERROR [ballerina/jwt] - JWT signature validation has failed.
2021-07-29 19:16:42,517 ERROR [ballerina/jwt] - JWT validation failed. : error {ballerina/jwt}Error message=JWT signature validation has failed.
2021-07-29 19:16:42,518 ERROR [wso2/gateway/src/gateway/utils] - Failed to authenticate with jwt auth provider. : error {ballerina/auth}Error message=JWT validation failed. cause=error {ballerina/jwt}Error message=JWT signature validation has failed.
I guess I need to add this new cert to some part to APIM or probably need to add it to keystore. Can you help here please?
Related
I have setted up salml2-pickup-dispatch.com sample application and when I trying to login to the application I got below errors.
WARN {org.apache.xml.security.signature.XMLSignature} - Signature verification failed.
WARN {org.wso2.carbon.identity.sso.saml.validators.SPInitSSOAuthnRequestValidator} - Signature validation for Authentication Request failed for the request of Issuer :saml2-web-app-pickup-dispatch.com in tenantDomain:carbon.super
Any solution for this?
This is due to Signature verification issue.
You can quickly fix this issue by replacing the Keystore in the salml2-pickup-dispatch sample app(<saml2-pickup-dispatch_home>/WEB-INF/classes/wso2carbon.jks) with the keystore of the WSO2 Identity Server (/repository/resources/security/wso2carbon.jks).
You can refer to the answer https://stackoverflow.com/a/61093340/9514885 for more details
I'm trying to create a new API from a rest service in WSO2 Publisher and I'm getting an error when I try to validate the endpoint:
When I go to log it shows the message:
[2021-03-30 22:09:54,744] ERROR - ApisApiServiceImpl Error occurred while sending the HEAD request to the given endpoint url:
java.net.ConnectException: Connection refused (Connection refused)
What am I doing wrong?
If I progress the creation when I try to test I get another error:
[2021-03-30 22:15:31,311] WARN - SourceHandler I/O error: Received fatal alert: certificate_unknown
[2021-03-30 22:15:31,351] WARN - ConnectCallback Connection refused or failed for : localhost/127.0.0.1:8888
[2021-03-30 22:15:31,353] WARN - EndpointContext Endpoint : CpoExecutorAPI--v1.0.0_APIproductionEndpoint with address http://localhost:8888/cpo-executor/dev will be marked SUSPENDED as it failed
Apart from the certificate issue, another possible cause for this error is network connectivity. Please make sure that there weren't any network issues while invoking the request and the network connectivity was stable. Also, please check whether you can directly connect to the provided endpoint URL and get the responses without any issues.
WARN - SourceHandler I/O error: Received fatal alert: certificate_unknown
With the above-mentioned warning, we can suspect there is an issue with certificates.
Therefore, if you have made any recent certificate changes in your environment can you check whether the required certs are available in the API Manager Keystore?
I have a docker environment running openldap, mysql, wso2is and wso2am. I'm trying to publish an API using API Manager Publisher and I'm facing the following error:
docker log:
[2021-03-18 21:40:32,764] INFO - CarbonAuthenticationUtil 'admin#wso2.com#carbon.super [-1234]' logged in at [2021-03-18 21:40:32,764+0000]
[2021-03-18 21:40:32,899] ERROR - APIGatewayManager Error occurred when publish to gateway Production and Sandbox
org.apache.axis2.AxisFault: Error while Deploying API
at org.wso2.carbon.apimgt.impl.utils.APIGatewayAdminClient.deployAPI_aroundBody14(APIGatewayAdminClient.java:215) ~[org.wso2.carbon.apimgt.impl_6.7.206.jar:?]
Caused by:
at java.lang.Thread.run(Thread.java:834) [?:?]
Caused by: org.apache.axis2.AxisFault: Error while obtaining API information from gateway. null
at org.apache.axis2.util.Utils.getInboundFaultFromMessageContext(Utils.java:531) ~[axis2_1.6.1.wso2v41.jar:?]
More info:
[2021-03-18 21:40:33,178] INFO - DataBridge user admin#wso2.com connected
[2021-03-18 21:40:33,187] ERROR - DataEndpointConnectionWorker Error while trying to connect to the endpoint. Cannot borrow client for ssl://172.29.0.5:9712.
org.wso2.carbon.databridge.agent.exception.DataEndpointLoginException: Cannot borrow client for ssl://172.29.0.5:9712.
[2021-03-18 21:40:33,234] INFO - CarbonAuthenticationUtil 'admin#wso2.com#carbon.super [-1234]' logged in at [2021-03-18 21:40:33,233+0000]
[2021-03-18 21:40:33,264] ERROR - APIGatewayManager Error occurred when check api is published on gatewayProduction and Sandbox
Where is defined port 9712 for ssl? Because I don't have this port available on docker:
wso2am:3.2.0-alpine "/home/wso2carbon/wa…" 7 days ago Up 12 minutes (healthy) 0.0.0.0:8243->8243/tcp, 5672/tcp, 9099/tcp, 0.0.0.0:8280->8280/tcp, 9443/tcp, 9611/tcp, 9711/tcp, 9763/tcp, 9999/tcp, 11111/tcp, 0.0.0.0:9444->9444/tcp
I'm using WSO2 IS as key manager and the integration is working. Now my problem is only when I try to publish an API.
wso2is:5.10.0-alpine
wso2am:3.2.0-alpine
PS: I have disabled network from docker-compose to not have host problems.
Issue 01:
Caused by: org.apache.axis2.AxisFault: Error while obtaining API information from gateway. null
The above error can be seen most probably due to a connection issue between the Publisher and the Gateway server/s.
To resolve this, you may need to validate the Gateway configuration in the Publisher node. To do that, open the <PUBLISHER_HOME>/repository/conf/deployment.toml file and
check whether the following configuration is correct.
[[apim.gateway.environment]]
service_url = "https://<hostname_of_the_GW>:9443/services/"
Issue 02:
ERROR - DataEndpointConnectionWorker Error while trying to connect to the endpoint. Cannot borrow client for ssl://172.29.0.5:9712.
org.wso2.carbon.databridge.agent.exception.DataEndpointLoginException: Cannot borrow client for ssl://172.29.0.5:9712.
The above error indicates that the 9712 port is not accessible. This 9712 is the default port which is started by BinaryDataReceiver for Binary SSL Transport and it will be used to authenticate data published to the Traffic Manager. Therefore, you need to make this port available.
I am using wso2 standalone on Linux machine, I have changed configuration for SSL to use own certificate. I followed this guide,
https://docs.wso2.com/display/ADMIN44x/Creating+New+Keystores
Now I am having some issue, when I am regenerating the tokens in store > applications > sandboxkeys or productionkeys then it is giving an error,
Token revoke failed : HTTP error code : 500
in logs,
[2017-09-20 06:58:56,114] WARN - EndpointContext Endpoint : AnonymousEndpoint with address https://{uri.var.hostname}:{uri.var.portnum}/oauth2/revoke will be marked SUSPENDED as it failed
[2017-09-20 06:58:56,114] WARN - EndpointContext Suspending endpoint : AnonymousEndpoint with address https://{uri.var.hostname}:{uri.var.portnum}/oauth2/revoke - last suspend duration was : 30000ms and current suspend duration is : 30000ms - Next retry after : Wed Sep 20 06:59:26 UTC 2017
[2017-09-20 06:58:56,114] INFO - LogMediator STATUS = Executing token 'fault' sequence, ERROR_CODE = 101500, ERROR_MESSAGE = Error in Sender
[2017-09-20 06:58:56,115] INFO - HandlerUtils Massage Info: Transaction id=5857679204959341105735016 Message direction=OUT Server name=gitcapp.com Timestamp=1505890736115 Service name=__SynapseService Operation Name=mediate
[2017-09-20 06:58:56,146] ERROR - subscription-add:jag java.lang.RuntimeException: Token revoke failed : HTTP error code : 500
However rest is working fine, endpoints are working fine for HTTPS.
Can anyone please help me out here?
Thanks in advance.
Make sure you have configured <APIKeyValidator> section in api-manager.xml properly, like this.
<APIKeyValidator>
<!-- Server URL of the API key manager -->
<ServerURL>https://your.new hostname.com:9443/services/</ServerURL>
I have configured Open Weather API in API Manager (Version 1.6.0). Steps:
Add API
Name: weather
Context: /weather
Version: v1
Tier Availability: All
Transports: HTTP & HTTPS
Endpoint Type: HTTP endpoint
Production Endpoint: http://api.openweathermap.org/data/2.5/weather
==> At this point, if I click "Test", I get "Invalid" error.
I still go ahead and save and publish the API.
In Store, subscribe to the API and try to run in REST Client:
http://localhost:8280/weather/v1
Authorization: xxxx
Error response is seen after a while:
<am:fault
xmlns:am="http://wso2.org/apimanager">
<am:code>101503</am:code>
<am:type>Status report</am:type>
<am:message>Runtime Error</am:message>
<am:description>Error connecting to the back end</am:description>
</am:fault>
Error seen on the console:
[2014-05-22 14:11:39,067] WARN - ConnectCallback Connection refused
or failed f or : api.openweathermap.org/162.243.44.32:80 [2014-05-22
14:11:39,093] INFO - LogMediator STATUS = Executing default 'fault'
sequence, ERROR_CODE = 101503, ERROR_MESSAGE = Error connecting to the
back end
I am running the AM behind a proxy. I assume AM needs to be told to go through proxy when connecting to external URLs.
I have tried below option:
When starting the server use the command:
wso2server.bat -Dhttp.proxyHost= -Dhttp.proxyPort=8085 start
With this, I am unable to login to publisher or store. When clicked on the Login prompt, nothing happens.
How to configure the proxy server in AM, so that that AM uses the proxy server to connect to external URLs?
You can set the proxyhost and prort number in de axis2.xml file:
$WSO2APU_HOME/repository/conf/axis2/axis2.xml
Note: you must set http.proxyHost=your.internet.proxy.com, do not leave it empty