in wso2 3.0 on dev portal -> go-to application -> generate keys -> click generate curl for token
it shows the above image with localhost how do I change it with the domain of my dev portal or how do i update it to some other value
You can change it to the host name of the Gateway by updating the https_endpoint value under [[apim.gateway.environment]] in the deployment.toml. In this case the host name of the token url will be updated to the host name of the Gateway you define. For more info, check here.
Otherwise, if you have separate key-manager configurations, you can update the service_url value under [apim.key_manager] config in the deployment.toml. For more info, check here. In this case, the host name of the token url will be the host name of the key-manager service
For APIM v320, you can use the following configurations.
[[apim.gateway.environment]]
name = "Production and Sandbox"
type = "hybrid"
display_in_api_console = true
description = "This is a hybrid gateway that handles both production and sandbox token traffic."
show_as_token_endpoint_url = true
service_url = "https://localhost:${mgt.transport.https.port}/services/"
username= "${admin.username}"
password= "${admin.password}"
ws_endpoint = "ws://localhost:9099"
wss_endpoint = "wss://localhost:8099"
http_endpoint = "http://gw:${http.nio.port}"
https_endpoint = "https://gw:${https.nio.port}"
The following configs are used.
show_as_token_endpoint_url
https_endpoint
The endpoint is derived from the https endpoint and it appends the token context.
Related
I am trying to trigger a composer DAG through GCF. I am able to trigger it while web server access control for network was allowing all IPs to connect but after restricting the IP the Cloud Function is throwing 403- Forbidden Error.
Below are the steps I have followed.
Created a VPC network, Cloud router and Cloud NAT.
Rerouted all the egress traffic of cloud function through serverless VPC connector.
Whitelisted Cloud NAT's static external IP in composer webserver access control.
Changed composer cfg values for Stable API.
The service account I am using for GCF has below permissions.
Composer User
Editor
IAP-secured Web App User
Below is the GCF code I am using.
from google.auth.transport.requests import Request
from google.oauth2 import id_token
import requests
IAM_SCOPE = 'https://www.googleapis.com/auth/iam'
OAUTH_TOKEN_URI = 'https://www.googleapis.com/oauth2/v4/token'
# If you are using the stable API, set this value to False
# For more info about Airflow APIs see https://cloud.google.com/composer/docs/access-airflow-api
USE_EXPERIMENTAL_API = False
def trigger_dag(data, context=None):
# Fill in with your Composer info here
# Navigate to your webserver's login page and get this from the URL
# Or use the script found at
# https://github.com/GoogleCloudPlatform/python-docs-samples/blob/main/composer/rest/get_client_id.py
client_id = 'EXAMPLE.apps.googleusercontent.com'
# This should be part of your webserver's URL:
# {tenant-project-id}.appspot.com
webserver_id = 'EXAMPLE-tp'
# The name of the DAG you wish to trigger
dag_name = 'cf_test'
if USE_EXPERIMENTAL_API:
endpoint = f'api/experimental/dags/{dag_name}/dag_runs'
json_data = {'conf': data, 'replace_microseconds': 'false'}
else:
endpoint = f'api/v1/dags/{dag_name}/dagRuns'
json_data = {'conf': data}
webserver_url = (
'https://'
+ webserver_id
+ '.appspot.com/'
+ endpoint
)
# Make a POST request to IAP which then Triggers the DAG
make_iap_request(
webserver_url, client_id, method='POST', json=json_data)
def make_iap_request(url, client_id, method='GET', **kwargs):
# Set the default timeout, if missing
if 'timeout' not in kwargs:
kwargs['timeout'] = 90
# Obtain an OpenID Connect (OIDC) token from metadata server or using service
# account.
google_open_id_connect_token = id_token.fetch_id_token(Request(), client_id)
# Fetch the Identity-Aware Proxy-protected URL, including an
# Authorization header containing "Bearer " followed by a
# Google-issued OpenID Connect token for the service account.
resp = requests.request(
method, url,
headers={'Authorization': 'Bearer {}'.format(
google_open_id_connect_token)}, **kwargs)
if resp.status_code == 403:
print(resp.text)
raise Exception('Service account does not have permission to '
'access the IAP-protected application.')
elif resp.status_code != 200:
raise Exception(
'Bad response from application: {!r} / {!r} / {!r}'.format(
resp.status_code, resp.headers, resp.text))
else:
return resp.text
Can Someone please help me to sort this out?
I am new to flask app builder and am trying to set up user registration but for my purposes, I do not need reCAPTCHA. Is there a way to disable reCaptcha in the config file? Here is what my config file looks like below:
# Uncomment to setup Public role name, no authentication needed
# AUTH_ROLE_PUBLIC = 'Public'
# Will allow user self registration
AUTH_USER_REGISTRATION = True
# Config for Flask-WTF Recaptcha necessary for user registration
RECAPTCHA_PUBLIC_KEY = 'GOOGLE PUBLIC KEY FOR RECAPTCHA'
RECAPTCHA_PRIVATE_KEY = 'GOOGLE PRIVATE KEY FOR RECAPTCHA'
# Config for Flask-Mail necessary for user registration
MAIL_SERVER = 'smtp.gmail.com'
MAIL_USE_TLS = True
MAIL_USERNAME = 'yourappemail#gmail.com'
MAIL_PASSWORD = 'passwordformail'
MAIL_DEFAULT_SENDER = 'fabtest10#gmail.com'
# The default user self registration role
AUTH_USER_REGISTRATION_ROLE = "Public"
To disable the recaptcha feature and bypass validation, you will need to set RECAPTCHA_ENABLED = False
RECAPTCHA_ENABLED: Bool - True by default, when False it will bypass validation
Future calls to recaptcha.verify() in your flask server file will return True by default as a result.
To disable and hide the recaptcha in the HTML template code, simply omit any code with {{ recaptcha }} in your form.
Found from the documentation here: https://github.com/mardix/flask-recaptcha
I am trying to send mail with using SES and already setup the mail configuration. Now SES running on production mode -not sandbox-. But in Django App, when I try to send mail nothing happens. it's only keep trying to send, no error.
in setting.py made the configuration.
INSTALLED_APPS = [
'django_ses',
]
EMAIL_BACKEND = 'django_ses.SESBackend'
AWS_ACCESS_KEY_ID = config('AWS_ACCESS_KEY_ID')
AWS_SECRET_ACCESS_KEY = config('AWS_SECRET_ACCESS_KEY')
AWS_SES_REGION_NAME = 'ap-northeast-1'
AWS_SES_REGION_ENDPOINT = 'email-smtp.ap-northeast-1.amazonaws.com'
and email method.
def send_mail(request, user, emails, subject, path):
current_site = get_current_site(request)
message = render_to_string(f"store/emails/{path}.html", {
"some": "context"
})
send_email = EmailMessage(subject, message, "info#mydomain.com", to=emails)
send_email.send()
By the way I already verified the info#mydomain.com in SES console. And when I try to send email from the SES console using send test email option, I can send without a problem. But in Django App. I can't.
Is there any other settings should I do. Because I can't see any error popping when I try to send mail. It's only keep trying to send. But it can't.
AWS SES provides two types of endpoints: API and SMTP
You are using SMTP one
AWS_SES_REGION_ENDPOINT = 'email-smtp.ap-northeast-1.amazonaws.com'
But 'django_ses.SESBackend' working with API type.
Try to set:
EMAIL_BACKEND = 'django_ses.SESBackend'
AWS_SES_REGION_ENDPOINT = 'email.ap-northeast-1.amazonaws.com'
If you want to use usual SMTP connection, you probably need to swap current backend with backends.smtp.EmailBackend and set SMTP connection parameters.
so i have hosted my site on lambda using zappa. and i am using django-amazon-ses to send email after submitting a form.
settings.py
AWS_ACCESS_KEY_ID = os.environ.get("AWS_ACCESS_KEY_ID", "my access key")
AWS_SECRET_ACCESS_KEY = os.environ.get("AWS_SECRET_ACCESS_KEY", "my secret key")
DEFAULT_FROM_EMAIL = 'xxxx#xxx.xx'
EMAIL_BACKEND = 'django_amazon_ses.EmailBackend'
AWS_SES_REGION = 'ap-south-1'
AWS_SES_REGION_ENDPOINT = 'email-smtp.ap-south-1.amazonaws.com'
view
#csrf_exempt
def formSubmit(request):
if request.method == 'POST':
var = json.loads(request.body)
name = var['name1']
email = var['email1']
company = var['company1']
description = var['description1']
send_mail('subject',
'msg',
'xxxx#xxx.xx',
[email])
send_mail('subject',
'msg',
'xxxx#xxx.xx',
['toemail#gmail.com'])
return JsonResponse({'result': 'done'})
now this works fine on my local host but, when i try to do it online, it shows the following error on submitting.
ClientError at /submit/
An error occurred (InvalidClientTokenId) when calling the SendRawEmail operation: The security token included in the request is invalid.
At first, i thought it is because i havent configued a vpc with the lambda function, but then it showed me the same error after i configured a public/private vpc wizard.
not sure what am i doing wrong. any help would be appreciated.
This AWS blog post may sort things out for you.
Essentially AWS now allows you to connect to SES through a VPC endpoint, which means you no longer need to use an internet gateway or NAT device.
You'll have to edit your security group's inbound rules by adding rules for both SMTP and SMTPS. Once you've done that, you create an endpoint, attach the edited security group, and it should work from there once the endpoint becomes available.
I followed the WSO2 documentation (https://apim.docs.wso2.com/en/latest/install-and-setup/setup/setting-up-databases/changing-default-databases/changing-to-mysql/) to change the default DB to MySQL.
I executed the below steps:
Created 2 databases named wso2am_db and wso2shared_db using MySQL 8.0 client.
Ran the scripts to create the required tables in both the DB's.
Created a user named wso2carbon and granted access on both the DB's.
Verified that the DB's, tables and users are created successfully.
Made the required configuration changes in deployment.toml file as shown below.
[database.apim_db]
type = "mysql"
driver="com.mysql.cj.jdbc.Driver"
url = "jdbc:mysql://localhost:3306/wso2am_db"
username = "wso2carbon"
password = "wso2carbon"
[database.shared_db]
type = "mysql"
driver="com.mysql.cj.jdbc.Driver"
url = "jdbc:mysql://localhost:3306/wso2shared_db"
username = "wso2carbon"
password = "wso2carbon"
But on restarting the WSO2 APIM server, I am getting the below error in terminal and the server doesn't start.
It gets stuck after this message and nothing comes up after this. Am i going wrong somewhere? Need help with this.
This might be happening due to mutual SSL connection failure when connecting to the SQL server. Can you try out this again with the following configuration in deployment.toml file.
[database.apim_db]
type = "mysql"
url = "jdbc:mysql://localhost:3306/wso2am_db?useSSL=false"
username = "wso2carbon"
password = "wso2carbon"
[database.shared_db]
type = "mysql"
url = "jdbc:mysql://localhost:3306/wso2shared_db?useSSL=false"
username = "wso2carbon"
password = "wso2carbon"