I'm trying to update an user information created in WSO2 Identity Server having LDAP as user store and using SCIM Client Java Application. Consuming SCIM Rest Endpoints from JAVA Client Application
I've configured the certificates and hostname to this application and tested the CreateUser class with the "hasini#gmail.com" user and it worked.
My problem is when I try to use the UpdateUser class for this user. WSO2IS server shows an error:
[2021-06-24 14:57:15,979] [f9d70e10-be8c-4f84-944f-394070b187db] ERROR {org.wso2.charon.core.protocol.endpoints.UserResourceEndpoint} -
Internal Server Error while updating User org.wso2.charon.core.exceptions.CharonException:
Error while updating attributes of user: hasini#gmail.com
at org.wso2.carbon.identity.scim.provider.impl.SCIMUserManager.updateUser(SCIMUserManager.java:570)
at org.wso2.charon.core.protocol.endpoints.UserResourceEndpoint.updateWithPUT(UserResourceEndpoint.java:546)
at org.wso2.carbon.identity.scim.provider.resources.UserResource.updateUser(UserResource.java:268)
at jdk.internal.reflect.GeneratedMethodAccessor307.invoke(Unknown Source)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:566)
Caused by: org.wso2.carbon.user.core.UserStoreException: Profile information could not be updated in LDAP user store for user : hasini#gmail.com
at org.wso2.carbon.user.core.common.AbstractUserStoreManager.callSecure(AbstractUserStoreManager.java:205)
at org.wso2.carbon.user.core.common.AbstractUserStoreManager.deleteUserClaimValue(AbstractUserStoreManager.java:4116)
at org.wso2.carbon.identity.scim.provider.impl.SCIMUserManager.updateUser(SCIMUserManager.java:554)
... 63 more
Caused by: java.security.PrivilegedActionException: java.lang.reflect.InvocationTargetException
at java.base/java.security.AccessController.doPrivileged(Native Method)
at org.wso2.carbon.user.core.common.AbstractUserStoreManager.callSecure(AbstractUserStoreManager.java:191)
... 65 more
Caused by: org.wso2.carbon.user.core.UserStoreException: Profile information could not be updated in LDAP user store for user : hasini#gmail.com
at org.wso2.carbon.user.core.ldap.ReadWriteLDAPUserStoreManager.handleException(ReadWriteLDAPUserStoreManager.java:2135)
at org.wso2.carbon.user.core.ldap.ReadWriteLDAPUserStoreManager.doDeleteUserClaimValue(ReadWriteLDAPUserStoreManager.java:1081)
at org.wso2.carbon.user.core.common.AbstractUserStoreManager.deleteUserClaimValue(AbstractUserStoreManager.java:4177)
... 72 more
Caused by: javax.naming.InvalidNameException: mail=hasini#gmail.com:
[LDAP: error code 64 - naming attribute 'mail' is not present in entry]; remaining name 'mail=hasini#gmail.com'
at java.naming/com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3097)
at java.naming/com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2895)
at java.naming/com.sun.jndi.ldap.LdapCtx.c_modifyAttributes(LdapCtx.java:1409)
at java.naming/com.sun.jndi.toolkit.ctx.ComponentDirContext.p_modifyAttributes(ComponentDirContext.java:257)
at java.naming/com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.modifyAttributes(PartialCompositeDirContext.java:167)
at java.naming/com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.modifyAttributes(PartialCompositeDirContext.java:156)
at org.wso2.carbon.user.core.ldap.ReadWriteLDAPUserStoreManager.doDeleteUserClaimValue(ReadWriteLDAPUserStoreManager.java:1077)
... 73 more
pom.xml:
<parent>
<groupId>org.wso2.samples.is</groupId>
<artifactId>wso2is-identity-samples-scim</artifactId>
<version>4.3.7-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>
Is it the best way to integrate a React Application with WSO2-Identity Server or there is a better way? I want to create, update, delete, change user's password, etc, by my application.
If you are trying to integrate React Application with WSO2 IS, it would be better if you can make use of SCIM REST endpoints 1 for create, update, delete, change user's password
FYI you can refer 2 3, React application developed by WSO2 IS.
Related
I created a user (testinguser) in WSO2 identity server version 5.10.0 and deleted them afterwards cause I had created them in the primary user store yet I wanted to add them to the secondary user store (MySQL).
However, when I try to add the user with any name, I am getting the error Could not add user wso2is/renault. Error: Error while persisting user : renault yet renault is not created as a user
I also see this in the logs
[2020-04-25 00:18:19,727] [2f2cdf35-4c34-447e-9ffa-c14490a7e101] ERROR {org.wso2.carbon.user.mgt.ui.UserAdminClient} - Error while persisting user : renault org.wso2.carbon.user.mgt.stub.UserAdminUserAdminException: UserAdminUserAdminException
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAcc
You have used JDBCUserStoreManager as the User Store Manager Class when adding the new user store. Select UniqueIDJDBCUserStoreManager instead.
As described in the documentation,
From WSO2 IS 5.10.0 onwards, all user store managers have UniqueID included as part of the user store manager name.
The user store managers that do not have UniqueID as part of the user store manager name are only available for backward compatibility
purposes and can only be used if you are migrating from a previous
version of WSO2 Identity Server.
Refer: Configuring Secondary User Stores
I have a simple setup of WSO2 APIM with MYSQL and have published APIs using the admin user.
On changing the default admin password for API manager I am able to login using the new password on Publisher/Store but not use the published apis.
Have followed the WSO2 documentation on changing the password. Restarted the WSO2 APIM
On calling the published API, I see the following response:
{"fault":{"code":900900,"message":"Unclassified Authentication Failure","description":"Error while accessing backend services for API key validation"}}
Below is the stacktrace of the error observed in wso2-apigw-errors.log:
org.wso2.carbon.databridge.agent.exception.DataEndpointLoginException: Cannot borrow client for ssl://10.93.16.127:9711.
at org.wso2.carbon.databridge.agent.endpoint.DataEndpointConnectionWorker.connect(DataEndpointConnectionWorker.java:134)
at org.wso2.carbon.databridge.agent.endpoint.DataEndpointConnectionWorker.run(DataEndpointConnectionWorker.java:59)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:748)
Caused by: org.wso2.carbon.databridge.agent.exception.DataEndpointLoginException: Error while trying to login to data receiver :/10.93.16.127:9711
at org.wso2.carbon.databridge.agent.endpoint.binary.BinaryDataEndpoint.login(BinaryDataEndpoint.java:50)
at org.wso2.carbon.databridge.agent.endpoint.DataEndpointConnectionWorker.connect(DataEndpointConnectionWorker.java:128)
... 6 more
Caused by: org.wso2.carbon.databridge.commons.exception.AuthenticationException: wrong userName or password
at sun.reflect.GeneratedConstructorAccessor194.newInstance(Unknown Source)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
at java.lang.reflect.Constructor.newInstance(Constructor.java:423)
at org.wso2.carbon.databridge.agent.endpoint.binary.BinaryEventSender.processResponse(BinaryEventSender.java:163)
at org.wso2.carbon.databridge.agent.endpoint.binary.BinaryDataEndpoint.login(BinaryDataEndpoint.java:44)
... 7 more
This error goes away as soon as I change the password back to the default "admin".
Please check if you have correct password here.
<ThrottlingConfigurations>
<EnableAdvanceThrottling>true</EnableAdvanceThrottling>
<TrafficManager>
<Type>Binary</Type>
<ReceiverUrlGroup>tcp://${carbon.local.ip}:${receiver.url.port}</ReceiverUrlGroup>
<AuthUrlGroup>ssl://${carbon.local.ip}:${auth.url.port}</AuthUrlGroup>
<Username>admin</Username>
<Password>admin</Password>
</TrafficManager>
I have a API Manager 2.6.0 deployment within 3 nodes i.e. 3 VMs. Abbreviations:
GW - Gateway
AIO - Traffic Manager, Key Manager, Dev portal, Publisher
Analytucs - Api M Analytics 2.6.0
DB - PostgreSQL.
I've set everything working between components, till I changed the default admin password, username stood the same.
As per manual I did
Changed the admin password from UI, sice I did a tests already with default credentials
Changed password in api-manager.xml on AIO and GW
Changed password in user-mgt.xml on AIO and GW
Changed password in jndi.properties on AIO and GW
Above 4 points as noted in manual- https://docs.wso2.com/display/AM260/Maintaining+Logins+and+Passwords
This manual does not tell how to make distributed analytics node to accept that password.
The Analytics Install manual told to install WSO2 API-M Analytics and WSO2 API-M(which as I understand is meant if both are on same machine). Again, this manual does not tell much about user configuring on Analytics server.
I tried to look from DAS and SP manual, but the Analytics does not have auth.configs: in YAML files and nor adding them manually from SP source code helps.
Error returned on GW and AIO:
2019-02-21 15:13:52,090 [-] [DataBridge-ConnectionService-tcp://192.168.102.39:7612-pool-11-thread-1] ERROR DataEndpointConnectionWorker Error while trying to connect to the endpoint. Cannot borrow client for ssl://192.168.102.39:7712.
org.wso2.carbon.databridge.agent.exception.DataEndpointLoginException: Cannot borrow client for ssl://192.168.102.39:7712.
Caused by: org.wso2.carbon.databridge.agent.exception.DataEndpointLoginException: Error while trying to login to the data receiver.
Caused by: ThriftAuthenticationException(message:wrong userName or password)
On Analytics obvious:
[2019-02-21 15:16:49,016] ERROR {org.wso2.carbon.databridge.core.internal.authentication.CarbonAuthenticationHandler} - Authentication failed for username 'admin'. Error : 'Invalid_Credentials'. Error Description : 'The login credential used for login are invalid, username : 'admin'.'
[2019-02-21 15:16:49,016] ERROR {org.wso2.carbon.databridge.core.internal.authentication.Authenticator} - wrong userName or password
The question is, how to make WSO2 APIM Analytics(2.6.0) node, which is separated from API Manager, to accept the changed credentials.
Last tought is do I need to connect Analytics to Carbon DB?
You have to add the auth.configs element to the conf/worker/deployment.yaml file, (Please note the password has to be The Base64(UTF-8) encrypted)
auth.configs:
type: 'local'
userManager:
adminRole: admin
userStore:
users:
-
user:
username: admin
password: YWRtaW4=
roles: 1
roles:
-
role:
id: 1
displayName: admin
Having WSO2 API Manager 2.1.0 and WSO2 IS 5.3.0 KM (with prepackaged Key Manager) I set up the Key Manager as described in the documentation.
The main intention is authenticate and authorize users with other federated IdPs and add some authorization capabilities. My assumption is that users auhorized with WSO2IS will receive an OAuth token valid for the defined APP and API.
So far all on localhost with IS offset 1. I created an API, an application and that is usable from the API Store.
When trying to authorize a client through WSO2 IS using the code grant_type authorization:
https://localhost:9444/oauth2/authorize?response_type=code&client_id=KJTbkbFmcDvslo2fjhzfQkaBH3Ea&redirect_uri=http%3A//localhost%3A8080/test2/callback
I am asked for credentials and authorization grant (looks ok) and then I receive an exception on IS:
[2018-03-27 10:43:51,822] ERROR {org.apache.catalina.core.StandardWrapperValve} - Servlet.service() for servlet [OAuth2Endpoints] in context with path [/oauth2] threw exception
java.lang.RuntimeException: org.apache.cxf.interceptor.Fault
at org.apache.cxf.interceptor.AbstractFaultChainInitiatorObserver.onMessage(AbstractFaultChainInitiatorObserver.java:116)
...
Caused by: java.lang.NullPointerException
at org.wso2.carbon.identity.oauth.endpoint.authz.OAuth2AuthzEndpoint.authorize(OAuth2AuthzEndpoint.java:251)
at org.wso2.carbon.identity.oauth.endpoint.authz.OAuth2AuthzEndpoint.sendRequestToFramework(OAuth2AuthzEndpoint.java:1163)
at org.wso2.carbon.identity.oauth.endpoint.authz.OAuth2AuthzEndpoint.authorize(OAuth2AuthzEndpoint.java:135)
at org.wso2.carbon.identity.oauth.endpoint.authz.OAuth2AuthzEndpoint.authorizePost(OAuth2AuthzEndpoint.java:574)
What I assume I misconfigured some endpoint, however - any idea which service is invoked by the OAuth2AuthzEndpoint implementation or potential cause for this exception?
This is already reported in https://wso2.org/jira/browse/IDENTITY-5581.
You can WUM update the WSO2 IS 5.3.0 to resolve the issue.
While I am trying to authenticate so that I can use Wso2 either through the panel or through API call I get this error:
ERROR {org.wso2.carbon.core.services.authentication.AuthenticationAdmin}
- System error while Authenticating/Authorizing User :
org.wso2.carbon.user.core.UserStoreException: org.wso2.carbon.user.core.UserStoreException:
Mapped attribute cannot be found for claim :
urn:ietf:params:scim:schemas:core:2.0:User:active in user store : PRIMARY
I don't want to add an additional field at my user store just for this. Is it possible to change authentication so that it does not look for urn:ietf:params:scim:schemas:core:2.0:User:active in the user store?
I'm assuming you cannot login to the management console at all. Even as the admin user. Can you provide the following info.
What's the user store type (LDAP, JDBC, AD) ? Is it a read-only user store?
In the documentation there are 2 methods for configuring claims under Configure claim dialects section. Which method did you use ?