We are using WSO2 Identity Server 5.10.0.
when creating users through Identity Server Management console, If user is already exists we are getting below error in logs and User is not getting added:
ERROR {org.wso2.carbon.user.mgt.ui.UserAdminClient} - UserAlreadyExisting:Username already exists in the system. Please pick another username. org.wso2.carbon.user.mgt.stub.UserAdminUserAdminException: UserAdminUserAdminException
However error message is not shown in IS management console
What is the WUM version of the WSO2IS-5.10 you are using? To find the WUM version of your WSO2IS use the WUM (WSO2 Update Manager)
[https://www.chakray.com/how-install-wso2-update-manager-wum-tool-apply-wso2-patches/]
I tried adding two same users named users in WSO2IS-5.10 but it seems to give me the error message in the admin console. check this image,
To check that there are any other issues is happening and blocking the display of error messages, can enable the debug mode in Log4J.properties file in < IS-HOME >/repository/conf folder. And check the link below to see how to set up Log4j.properties file.
[https://medium.com/identity-beyond-borders/enable-logging-in-wso2-identity-server-with-log4j2-4b2ef1374656]
Related
I have couple of dataservices to be run on wso2 esb. I have created a tenant instance and placed these dataservices in repository/tenants/[tenant_id]/dataservices. when I login into wso2 management console with tenant user and try to run any of the dataservice- I’m getting an error saying
the input stream of an incoming message is null
On the other hand the dataservices placed for the master user under folder repository/deployment/server/dataserivice is getting executed and fetching desired results when ran through admin master user. can I get some help to resolve this issue with tenant.
I've gotten WSO2 working on the server. I can login through the management console and EMM, publisher, and store are all working. I can create a new user through the EMM dashboard, and the email is sent correctly. So everything is fine while using the website.
I'm using the sample APK that comes with WSO2 to do some development, but every time I try to register the app pops up "Authentication Failed - Cannot proceed the authentication. Please contact an administrator." And there is no output in the console when this happens.
If I put in the incorrect credentials I get a separate error, "Authentication Failed - Incorrect login information. Please try again." So I know my credentials are correct.
What does this mean? Is there another place to find more detailed logs?
Have you tried debugging the Android-agent ? If so you might be able to provide more information regarding this issue by looking at agent debug logs.
BTW did you tried enrolling as the admin user?
I use WSO2 5.0.0 as IdP and the user store is an Active Directory (AD). User and Roles are listed in WSO2 Management console and I'am also being able to login in WSO2 with User/PW stored in AD.
Therefore everything works fine.
The only problem I have is that if I request roles of users (e.g. over RemoteUserStoreManagement- WebService with method getUserClaimValues) than I get the WSO2 roles and not the Active Directory Roles assigned to the users in the AD. Also only the WSO2- Roles are mapped to users in WSO2.
Actually I have only basic knowledge in AD (I haven't adjust the current connection between WSO2 and AD) - therefore I have no idea where I should have a look at in order to resolve this problem.
Has anybody a hint concerning this issue (user-mgt.xml or WSO2 console or ...)
Thanks a lot for help!
So, you need to retrieve the roles of the user? According what you have mentioned, Please do following to resolve this issue.
Please add following attributes under user store manager configuration in user-mgt.xml file, if there are not with the configuration.
<Property name="BackLinksEnabled">true</Property>
<Property name="MemberOfAttribute">memberOf</Property>
Please restart the server and verify.
Please enable the debug logs in the user kernel and verify where is the issue has been generated.
To enable logs,
Locate log4j.properties file which can be found at /repository/conf directory.
Add following entry in to the file
log4j.logger.org.wso2.carbon.identity.sso.saml=DEBUG
Restart the server and try to invoke the server. You would see LDAP related logs where it would help to identify the issue.
I have attached my Active Directory as a secondary user store and can see the list of users when i select "Users" however when accessing an APP through tomcat that is linked to SAML SSO i cannot login using an AD Account
can anyone suggest what i am missing?
the error in the system logs is
TID[-1234] [IS] [2014-02-13 13:49:02,321] DEBUG {org.wso2.carbon.identity.application.authenticator.basicauth.BasicAuthenticator} - user authentication failed due to invalid credentials.
however my login credentials are correct...
Because i was using email address as a login that was causing the issue!
the steps i took are as follows:
IS_HOME/repository/conf/carbon.xml file.
Open carbon.xml
Locate EnableEmailUserName element and uncomment it.
Finally, it should be similar to the following
true
Now, restart IS
You should be able to login using your user name
Could you check whether you can login to WSO2 management console using above credentials. If you can not, please go to Management Console -> Configure -> Users and Roles -> Roles and you can see the internal\everyone role. And configure "login" permission for everyone role. Then please try to login...
Also, if you enable the debug logs in org.wso2.carbon.user.core, you can see more debug logs about authentication failure.
I think your configuration is not ok.same login issue already solved here.cannot login to wso2 Identity server with the ldap credentials.
Make sure UserDNPattern property is correct
I have a situation where I need to setup a standalone version of wso2 Identity Server and have that act as the SSO provider into all of the products in Stratos.
Currently I have Stratos Identity Server configured so that I can login via the standalone Identity Server, using admin.
However, if I use another user I either
get a "Authorization Failure"
or cannot login.
First Question
1) I have the same user created in both Identity Server (that is not admin). Why would I get the "Authorization Failure" ?
Second Question
2) Why is it I can not even get to the "Authorization Failure" problem if I have a user created with username in format of user#domain.com ?
UPDATE:
I figured out that if I remove the property tags in user-mgt.xml that reference the usernames with regular expressions I am able to create usernames in the format of name#domain.com. But I am still unable to use that username to login, the error log says that the account has not been activated.
I also created two instances of wso2 identity server and configured them in such a way to test being able to use one to login to the other. I was able to do this by making sure that the same username and password was in both servers list of users. This way I do not get the "Authorization Failure"
The answers I came up with.
1. I need to have the same username and password in each Identity Server.
2. I cannot have format name#domain.com unless I have Multi-tenancy configured. Otherwise wso2 will try to find the ACTIVATE field in the Tenant table and not find it.
UPDATE: I got this installed and configured and it turned out that I now get another error about
Issuer details are not valid. Issuer details should be registered in advance
So my answer turned out not to to be valid.
I wonder why I get this new login failure?
UPDATE RESOLVED!!:
I resolved this problem by downloading just the wso2 stratos IS 1.5.2 package. I installed it. Configured with same configuration I was using before. Now I can login without problems across domains.