Why WSO2 API Manager gives Hostname verification failed while getting the token? - wso2

I have one WSO2 Identity server running on docker container and My API-Manager is configured to use it as key manager. API Manager is also running on docker.
When Iam Trying to get a token in Postman, I call this https://myhost.com:8243/token?grant_type=client_credentials with base64 encoded "client_id:secret" it gives me this exception:
[2021-04-27 17:13:21,704] ERROR - TargetHandler I/O error: Host name verification failed for host : is.com javax.net.ssl.SSLException: Host name verification failed for host : is.com
Also the [apim.key_manager] is configured like this:
[apim.key_manager]
service_url = "https://is.com:9442/services/"
username = "$ref{super_admin.username}"
password = "$ref{super_admin.password}"
type = "WSO2-IS"
"is.com" is the domain for my identity server container.
I dont know why is this happening and HostNameVerification is disabled in apim.
How can I fix it?
Thank you.

I guess you haven't disabled hostname verification in Synapse level. This can be done using the following config in the deployment.toml
[transport.passthru_https.sender.parameters]
HostnameVerifier = "AllowAll"
The recommended approach is to use the correct hostname. For this, you can use a DNS entry.

Related

HostnameVerifier = AllowAll for WSO2 Micro Integrator 4.xx

I built an API using Micro Integrator and it is calling an internal API endpoint with self-signed certificate. I am having this error message
ERROR_CODE : 101500,ERROR_MESSAGE :Error in Sender,ERROR_DETAIL : javax.net.ssl.SSLException: Host name verification failed for host : app-name.namespace.svc.cluster.local\n\tat org.apache.synapse.transport.http.conn.ClientSSLSetupHandler.verify(ClientSSLSetupHandler.java:182)\n\tat org.apache.http.nio.reactor.ssl.SSLIOSession.doHandshake(SSLIOSession.java:371)\n\tat org.apache.http.nio.reactor.ssl.SSLIOSession.isAppInputReady(SSLIOSession.java:541)\n\tat org.apache.http.impl.nio.reactor.AbstractIODispatch.inputReady(AbstractIODispatch.java:120)\n\tat org.apache.http.impl.nio.reactor.BaseIOReactor.readable(BaseIOReactor.java:162)\n\tat org.apache.http.impl.nio.reactor.AbstractIOReactor.processEvent(AbstractIOReactor.java:337)\n\tat org.apache.http.impl.nio.reactor.AbstractIOReactor.processEvents(AbstractIOReactor.java:315)\n\tat org.apache.http.impl.nio.reactor.AbstractIOReactor.execute(AbstractIOReactor.java:276)\n\tat org.apache.http.impl.nio.reactor.BaseIOReactor.execute(BaseIOReactor.java:104)\n\tat org.apache.http.impl.nio.reactor.AbstractMultiworkerIOReactor$Worker.run(AbstractMultiworkerIOReactor.java:591)\n\tat java.base/java.lang.Thread.run(Thread.java:834)\n
Is it possible to configure the Micro Integrator to allow all for the hostname verification? I added this on my deployment.toml and still encountering the issue. This is the same code block that I added on my APIM deployment.toml to disable hostname verification.
[transport.passthru_https.sender.parameters]
HostnameVerifier = "AllowAll"
You can use the following configuration in the deployment.toml of MI.
[transport.http]
sender.hostname_verifier = "AllowAll"

WSO2-APIM - InboundWebsocketSourceHandler Endpoint not found for port : 8099 tenant domain : null

i am using api manager 3.1.0 , i have configured web socket in api publisher and configured tenant=carbon.super
i am trying to access wss with domain name., i have updated host name with deployment.toml file,the problem is unable to access wss secure socket-.wss://test.com:8099/Notification/v1?access_token=xxx123 .i am getting error in connection, please guide me, how to resolve this
[2020-09-11 14:06:17,276] ERROR - InboundWebsocketSourceHandler Endpoint not found for port : 8099 tenant domain : null
Error message screen clip

WSO2 IoTS APIMClientOAuthException: failed to retrieve oauth token using jwt

I have uploaded WSO2 IoTS 3.1.0 to my remote virtual machine with static IP address.
I have unzipped zip file then run sudo ./change-ip.sh
In first step I have entered localhost
In second step I have entered my_own_ip_address
Then my hostname is my_own_ip_address
When I launch IoT Server and open device management then I login where it shows me this page:
When I try to open any other page and even try to logout it redirects me to this page.
My logs shows this:
TID[-1234] [IoT] [2017-09-09 08:32:30,079] ERROR {auth-module} -
org.wso2.carbon.apimgt.integration.client.exception.APIMClientOAuthException: failed to retrieve oauth token using jwt
org.mozilla.javascript.Context.throwAsScriptRuntimeEx(Context.java:1754)
org.mozilla.javascript.MemberBox.invoke(MemberBox.java:148)
org.mozilla.javascript.NativeJavaMethod.call(NativeJavaMethod.java:225)
org.mozilla.javascript.optimizer.OptRuntime.callProp0(OptRuntime.java:85)
It shows that there is an error in jaggery JS.
What did I miss?
One reason for the issue could be that you are having a DNS entry against that IP in /etc/hosts file. Please make sure that your /etc/hosts file does not contain any DNS entry pointing your IP to a hostname. When WSO2 IoT Server tries to resolve DNS to call the endpoints, the first thing it looks at is your local DNS setting. If your IP is pointing to a hostname, it takes that host name as the server hostname. And when IoT server tries to verify the common name of the SSL certificate, it gets conflicting information. This leads to hostname verification fail issue. And that could result in JWT token failure as it cannot access the endpoints.
Similar issue was discussed here

WSO2API Manager : Api Store Error: Error in getting new access token

I have updated WSO2 default SLL with the custom SSL certificate on my Production Server on which WSO2Api installed.
SSL issues have been fixed, but now I am getting error while re-generating access token
Logs
Caused by: org.wso2.carbon.apimgt.keymgt.APIKeyMgtException: Error in getting new accessToken
at org.wso2.carbon.apimgt.keymgt.service.APIKeyMgtSubscriberService.renewAccessToken(APIKeyMgtSubscriberService.java:281)
... 45 more
Caused by: java.lang.RuntimeException: Failed : HTTP error code : 500
at org.wso2.carbon.apimgt.keymgt.service.APIKeyMgtSubscriberService.renewAccessToken(APIKeyMgtSubscriberService.java:252)
... 45 more
TID: [0] [AM] [2014-08-27 10:57:41,440] ERROR {org.wso2.carbon.apimgt.hostobjects.APIStoreHostObject} - Error in getting new accessToken {org.wso2.carbon.apimgt.hostobjects.APIStoreHostObject}
If APIManager runs with a port offset,you need to do addtional changes.
Change the endpoint ports defined in default APIs shipped with APIManager
Find all default APIs of the API Manager in /repository/deployment/server/synapse-configs/default/api folder. Those are Authorize API, Login API, Token API and Revoke API. Open each of them and change the address endpoint config included port value to match with offset value.The default address endpoint config is
"address uri="https://192.168.1.7:9443/oauth2/token".If the AM standalone pack running with port offset 2 change that config as
address uri="https://192.168.1.7:9445/oauth2/token"
What I did to fix the issue was to 1) add admin user inside ApiKeyValidaor in api-manager.xml also into admin user via management console and into user-mgt.xml; 2) Inside api-manager.xml:
Change the following:
https://${carbon.local.ip}:${mgt.transport.https.port}${carbon.context}/services/
to:
https://[FQDN_OF_HOST}:${mgt.transport.https.port}${carbon.context}/services/
Reason is my server certificate only recorded the domain name, not ip address.
My setup: Product: WSO2 AM 1.10.0 DB: MSSQL Security: SAML2 integrated with PingIdentity OS: Linux
Please also refer to this question:
wso2 am 1.10.0 API Store: "Error occurred while executing the action generateApplicationKey" with " Invalid credentials provided."
The error may be due to one of these two things:
Your admin password is not set for ApiKeyManager in api_manager.xml.
SSL is not set properly.

coldfusion exchange connection to Office 365

I'm trying to set up a cfexchangeconnection to our office365 server to retrieve calendar settings but can't get the connection settings right.
If i do:
<cfexchangeconnection
action = "open"
connection = "exCon"
server = "outlook.office365.com"
username = "email#address"
password = "**********"
port="995">
I get 500: Could not log in to the Exchange server. Verify server name, username, and password.
I don't know if this means its an auth issue or whether I just got the server name wrong
If I take the port setting off I get the same error.
The server name is the one provided for setting up mail using imap or pop. The username is just the email and the password is obvious....
Switching the protocol to https I get the following error:
Cannot access Exchange server as a web application at outlook.office365.com.
Ensure that the Exchange web application is configured in IIS and Web Service Extension for the Exchange server is allowed. HTTP response code : 404
The below configuration worked for me. You have to install the certificate using keytool.exe. Make sure to add the serverversion, and select 2010. Also, make sure to specify https protocol. The default is 2007.
<cfexchangeconnection action="open"
username="#username#"
password="#password#"
mailboxname="#mailboxname#"
server="outlook.office365.com"
protocol="https"
serverversion="2010"
connection="testconn1"
formBasedAuthentication="true"
formBasedAuthenticationURL="https://outlook.office365.com/owa/auth/owaauth.dll">