wso2 IS custom federated authenticator not showing in list - wso2

I have tried the custom federated authenticator sample given in wso2 doumentation(https://github.com/wso2/samples-is/tree/master/authenticators/components/org.wso2.carbon.identity.sample.federated.authenticator), after building I have deployed in /repository/components/dropins folder. But after deployment it is not showing in the federated authenticator list. I am using wso2 IS 5.10.0
Below is the build which I used from the sample,
https://github.com/VIKRAMAS/wso2-custom-federated-authentor
But I tried to deploy github authenticator from IS connector store page, but it is working and showing in the federated authenticator list, but it is not working for the sample which I have deployed. But same build works in wso2 IS version 5.12.

Your component is not activating (In INSTALLED state) in the IS5.10.0 pack due to the following issue.
It may have a dependency on the application authentication framework, and you have specified the range as version 5.18.0 or above. But, 5.17.5 is the framework version available in runtime.
Check the framework version range in the pom file and correct it to a version range that contains 5.17.5 . Check the framework version range used for <Import-Package> in
<plugin>
<groupId>org.apache.felix</groupId>
<artifactId>maven-bundle-plugin</artifactId>
<plugin>
If the framework component is not defined with a range inside <Import-Package>, and <DynamicImport-Package>*</DynamicImport-Package> is used the runtime versions will be resolved dynamically. It takes the version range based on the framework version defined for dependencies (normally used for compilation).
eg: If the framework version is 5.18.21, it searches 5.18.0 - 6.0.0 version in runtime.
You can refer to Useful OSGi commands to debug section of https://anuradha-15.medium.com/lets-write-and-run-your-first-osgi-service-on-wso2-platform-482f6e5e3ea5 to learn more about OSGi activation issue trouble shooting.

Related

how to apply bug fixes on open source wso2 API Manager 4.0.0 and wso2 Micro Integrator 1.2.0

We are working on WSO2 Open source API Manger 4.0.0 and Micro Integrator 1.2.0. we need to apply the bug fixes. We are unable get the latest build of specific WSO2 API Manager and Micro Integrator versions from the source code.
We are trying to get latest build by building the product from source code available in below github. But the master branch contains latest APIM and MI versions. could you please help on build the product of specific APIM and MI versions (APIM 4.0.0 and MI 1.2.0)
API Manager:
https://github.com/wso2/product-apim
Micro Integrator:
https://github.com/wso2/micro-integrator
You can checkout from the tag and apply the fixes.
https://github.com/wso2/product-apim/tree/v4.0.0
https://github.com/wso2/micro-integrator/tree/v1.2.0
Carbon APIMGT version for APIM v4 - https://github.com/wso2/carbon-apimgt/tree/v9.0.174
Carbon APIMGT contains the core functionalities of the product APIM.
WSO2 API Manager and MI are a collection of different jars and webapps. In our opensource code base, each product has a product repo (product-apim, micro-integrator, product-is) and multiple component repositories (carbon-apimgt, wso2-synapse). All of these are in the WSO2 or WSO2-extensions organization.
If you want to find the codebase for a specific version of a product or a component, you can check the release tag of the repository. For an example, if you want to find the APIM 4.0.0 related code base, you first need to get the 4.0.0 tag in product-apim repository.
Since we use maven as the build tool, pom.xml in the product repository includes all the component versions. Most of the time, fix is sent to a component repository and you can find the relevant component version by referring to this pom.xml. For example, most of the apim specific components are included in the carbon-apimgt repository. You can find the relevant carbon-apimgt version in the pom.xml as 9.0.174.
If you check out the carbon-apimgt repo's 9.0.174 tag, you can find the relevant code base. Similarly, synapse version is 2.1.7-wso2v227.
Once you find the relevant code base, you can apply your fix and build the component locally. This will build the jar with your fix and you can patch the product by adding this jar to the /repository/component/patches/patch0001/<Jar_name>.jar.
Make sure that use the same name as the jar included in the /repository/component/plugins repository (Sometimes the "-" in the name is converted to "_" in the name).

Vulnerability fix for Apache Commons Text with wso2 carbon libraries

I am looking out for suggestions on the recent vulnerability(https://blogs.apache.org/security/entry/cve-2022-42889) which is also coming from the wso2 IS 5.11 binary downloaded from(https://github.com/wso2/product-is/releases/tag/v5.11.0) and the carbon libraries we are using in custom plugins like:
<groupId>org.wso2.carbon.identity.framework</groupId><artifactId>org.wso2.carbon.identity.mgt</artifactId>
<version>5.18.187</version>
<groupId>org.wso2.carbon.identity.framework</groupId>
<artifactId>org.wso2.carbon.identity.application.authentication.framework</artifactId>
<version>5.18.187</version>
<groupId>org.wso2.carbon.identity.framework</groupId>
<artifactId>org.wso2.carbon.identity.provisioning</artifactId>
<version>5.18.187</version>
As there any upgrades to these which is compatible with wso2 IS v5.11?
From wso2 advisories, it is mentioned that the vulnerability has no impact on the products [1] since the preconditions are not met and the team promises of fixing the vulnerable versions and (paid) customers will be able to obtain it through their security update once it is available. Along with this effort, the public fix will be done for the current public branch and will be available if you build the product-is from the repository. The timeline for the public fix is yet to be known.
And the suggested upgrade would be to 1.10.0 of Apache Commons Text library for 5.11.0.
This library comes to Identity server 5.11 pack mainly through Forget me tool. And in the latest release (wso2is-6.0.0), forget me tool has been externalized[2] which could be used in the product on demand.
Refer:
[1] https://docs.wso2.com/display/Security/CVE-2022-42889
[2] https://is.docs.wso2.com/en/latest/deploy/remove-references-to-deleted-user-identities/#building-the-identity-anonymization-tool

Adding Functions and packages to Device managemnt Core and common

I created a package and org.wso2.carbon.device.mgt.core.log.mgt created some functions in it.
Added my new Build of Carbon Device core as a project dependency to
WSO2 MDM - Mobile Device Management Admin Services
precisely the Operations Class
Build the project and Deployed it.
On loading it failed with Error being
Caused by: java.lang.IncompatibleClassChangeError: Implementing class
Any Help will be greatly apreciated. My Goal
Create functions in Carbon device Core and Common following your Design. Call the functions in my webservice
Please follow the instruction given in the below webinar and the tutorial in order to create your feature as an OSJI bundle(Carbon component) and add it to the EMM server. This is the correct and advisable approach for include new functionalities to WSO2 products.
http://wso2.com/premium/webinars/creating-your-own-wso2-carbon-components http://wso2.com/library/tutorials/2014/03/how-to-write-a-wso2-carbon-component/
First of all you need to create the carbon component(in here your newly created package).
Then Create the feature accordingly.
Then need to add created feature to the pom.xml file of the
product-emm p2-profile-gen.
then makes it packs in the project target by adding a entry to the bin.xml of the product-emm
following attached tutorials gave you a better guidance and clear idea about how to create your own carbon component.
tutorial
http://wso2.com/library/tutorials/2014/03/how-to-write-a-wso2-carbon-component/

Configuring WSO2 Identity Server as Key Manager with API Manager

I'm looking for some guidance about two specific WSO2 products, API Manager and Identity Server and for the best solution to solve the problem I'm going to explain below.
In my company, we are using ADFS 3.0 for Single Sign On support in our applications. However we are now building applications that will require OpenID Connect Specification (SPA's+Rest API's) and ADFS does not support this out of the box so we've decided to use WSO2 products for that purpose.
I already managed to install WSO2 Identity Server 5.0.0 SP1 and configured ADFS as a federated Identity Provider (the new applications will still have to authenticate users using ADFS). I also installed WSO2 API Manager 1.9.1 and configured it to use WSO2 Identity Server as the Key Manager (Configuration tutorial).
Now the problem:
Using WSO2 Identity Server 5.0.0 SP1 I couldn't get the Logout feature to work due to the issue reported here. It seems that this issue has been solved in version 5.1.0M4 so I tried to install version 5.1.0-alpha and managed to make the logout to work with ADFS (I tested it by enabling SSO for the carbon administration). However, now I'm not able to install the Key Manager feature through the carbon repositories due to incompatibilities.
As a result, with the first combination (wso2is 5.0.0 SP1/wso2am 1.9.1) I had the logout issue with ADFS and with the second combination (wso2is 5.1.0-alpha/wso2am 1.9.1), I'm not able to install the Key Manager feature in Identity Server.
Is there any way to apply a patch to solve the logout issue in the first combination? Is there a way to install the key manager feature on WSO2IS 5.1.0-alpha? Or can someone point me to another solution to solve this issue?
The issue you pointed above, marked as it type as "Patch". Usually that means WSO2 have fixed this issue for a earlier version and provided a patch to its customer. Easiest thing would be, if you are already a customer of WSO2 ask for the patch directly from their support.
If you are not a paid customer of WSO2 you are in bit of a trouble. As per this question, the source of the Service Pack also not available in public.
But luckily in your case, the component which need to have this fix not a core component. So you wouldn't be in trouble if you change the authenticator code bit. But the warning is, it would lose any fixes done for org.wso2.carbon.identity.application.authenticator.samlsso_4.2.1.jar in the service pack.
Anyway, these are the steps you should follow.
Checkout the source. Lazy path would be checkout the whole source from here. That is the most easy way which you will face less troubles when you try to build the source but the downside of that is, it would take bit of time to checkout. If you know how to build specific component from WSO2 source, you can directly checkout component it needed to changed.
Try to build the component without doing any change just to make sure there are not any issues upto this point.
Goto the class DefaultSAML2SSOManager and do the same change done in the PR.
Build the component again.
Create folder named like "patch9000" inside the <IS_HOME>/repository/components/patches/ folder.
Copy build jar (org.wso2.carbon.identity.application.authenticator.samlsso-4.2.1.jar ) in step 4 from the target folder to the <IS_HOME>/repository/components/patches/patch9000 folder.
Restart the server. If you have done everything to the point, in the server startup it would print a log like, org.wso2.carbon.server.extensions.PatchInstaller - Patch changes detected
Now retry the your flow and it would work as expected.
If you too lazy to do all above, you can wait until Identity Server Service Pack 2, which will have your fix.

WSO2 Governance Registry nightly builds?

Are there nightly builds of the WSO2 GREG somewhere? I'm behind a customer's proxy which has a weird configuration, building from source is getting very difficult. My specific need is to test the new WADL support, which doesn't look available in the 4.5.0 distribution. On the other hand, is there any alternative way to test the new WADL support without building the GREG from scratch?
If you need to evaluate nightly build the location given is correct. But WADL support has been removed from WSO2 4.5.1 distribution at the moment. So this binary pack does not include it.