I'm migrating WSO2 Identity Server from version 5.8.0 to 5.10.0 and I'm missing some properties in deployment.toml file. On WSO2 documentation I couldn't find these properties from user-mgt.xml to put in deployment.toml file:
AnonymousBind
TenantManager
UserSearchBase
UsernameJavaScriptRegEx
PasswordJavaScriptRegEx
RolenameJavaScriptRegEx
Have these properties been removed? Documentation 5.10.0
Use the following configs in deployment.toml file.
[user_store]
anonymous_bind = ""
user_search_base = ""
username_java_script_regex = ""
password_java_script_regex = ""
role_name_java_script_regex = ""
UPDATED SECTION
[user_store.properties]
IsBulkImportSupported = ""
EmptyRolesAllowed = ""
defaultRealmName=""
TenantManager = ""
Related
For some reason, there is an issue in aws-runas with the below config.
[default]
output = json
region = #####
aws_api_key_duration = 1h
saml_auth_url = #####
federated_username = #######
saml_provider = azure
saml_username = ######
[profile MyProd]
role_arn = ####
source_profile = default
region = ####
The error message it pops up is:
unable to determine client provider type
Looking for the correct configuration to run aws-runas to generate authentication tokens.
I need a sample configuration to keep JNDI in Wso2 EI and those name can be reuse in DB report mediator.
Thanks,
Ajay Babu Maguluri.
Find the deployment.toml file, it is a data source from which other config file are templated.
An example configuration creating a jdbc datasource inside the deployment.toml with name jndi/MY_DATA is like:
[[datasource]]
id = "MY_DATA" # "WSO2_COORDINATION_DB"
url = "jdbc:mysql://localhost:3306/mydata"
username = "root"
password = "root"
driver = "com.mysql.jdbc.Driver"
optionally you can specify other jdbc properties just after the [[datasource]] section
[datasource.pool_options]
maxActive = 10
maxWait = 60000
minIdle = 0
testOnBorrow = true
defaultAutoCommit = true
validationInterval = 30000
testWhileIdle = true
timeBetweenEvictionRunsMillis = 5000
minEvictableIdleTimeMillis = 60000
removeAbandoned = true
logAbandoned = true
removeAbandonedTimeout = 180
validationQuery = "SELECT 1"
I have a few questions regarding the upgrade of wso2 IS-
can we directly upgrade wso2 IS 5.7.0 to 5.11.0?
I'm using Postgres for wso2 IS 5.7.0, can I get some reference to changes I need to do in the wso2 configuration while preparing for migration?
Do I need to create another database in Postgres for 5.11.0 and then configure it as a datasource in IS?
update:
Im getting following error while performing upgrade-
erver/
[2021-09-20 12:49:26,279] [] INFO {org.wso2.carbon.core.multitenancy.eager.TenantLoadingConfig} - Using tenant lazy loading policy...
[2021-09-20 12:49:26,315] [] ERROR {org.wso2.carbon.core.internal.permission.update.PermissionUpdater} - Error when updating the permission cache for tenant : -1234 java.lang.NullPointerException
at org.wso2.carbon.core.internal.permission.update.PermissionUpdater.update(PermissionUpdater.java:72)
at org.wso2.carbon.core.internal.permission.update.PermissionUpdateServiceComponent.activate(PermissionUpdateServiceComponent.java:65)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.eclipse.equinox.internal.ds.model.ServiceComponent.activate(ServiceComponent.java:260)
at org.eclipse.equinox.internal.ds.model.ServiceComponentProp.activate(ServiceComponentProp.java:146)
at org.eclipse.equinox.internal.ds.model.ServiceComponentProp.build(ServiceComponentProp.java:345)
at org.eclipse.equinox.internal.ds.InstanceProcess.buildComponent(InstanceProcess.java:620)
at org.eclipse.equinox.internal.ds.InstanceProcess.buildComponents(InstanceProcess.java:197)
at org.eclipse.equinox.internal.ds.Resolver.getEligible(Resolver.java:343)
at org.eclipse.equinox.internal.ds.SCRManager.serviceChanged(SCRManager.java:222)
at org.eclipse.osgi.internal.serviceregistry.FilteredServiceListener.serviceChanged(FilteredServiceListener.java:113)
at org.eclipse.osgi.internal.framework.BundleContextImpl.dispatchEvent(BundleContextImpl.java:985)
at org.eclipse.osgi.framework.eventmgr.EventManager.dispatchEvent(EventManager.java:234)
at org.eclipse.osgi.framework.eventmgr.ListenerQueue.dispatchEventSynchronous(ListenerQueue.java:151)
at org.eclipse.osgi.internal.serviceregistry.ServiceRegistry.publishServiceEventPrivileged(ServiceRegistry.java:866)
at org.eclipse.osgi.internal.serviceregistry.ServiceRegistry.publishServiceEvent(ServiceRegistry.java:804)
at org.eclipse.osgi.internal.serviceregistry.ServiceRegistrationImpl.register(ServiceRegistrationImpl.java:130)
at org.eclipse.osgi.internal.serviceregistry.ServiceRegistry.registerService(ServiceRegistry.java:228)
at org.eclipse.osgi.internal.framework.BundleContextImpl.registerService(BundleContextImpl.java:525)
at org.eclipse.osgi.internal.framework.BundleContextImpl.registerService(BundleContextImpl.java:544)
at org.wso2.carbon.core.init.CarbonServerManager.initializeCarbon(CarbonServerManager.java:529)
at org.wso2.carbon.core.init.CarbonServerManager.removePendingItem(CarbonServerManager.java:305)
at org.wso2.carbon.core.init.PreAxis2ConfigItemListener.bundleChanged(PreAxis2ConfigItemListener.java:118)
at org.eclipse.osgi.internal.framework.BundleContextImpl.dispatchEvent(BundleContextImpl.java:973)
at org.eclipse.osgi.framework.eventmgr.EventManager.dispatchEvent(EventManager.java:234)
at org.eclipse.osgi.framework.eventmgr.EventManager$EventThread.run(EventManager.java:345)
[2021-09-20 12:49:29,790] [] INFO {org.wso2.carbon.identity.core.internal.IdentityCoreServiceComponent} - Executing Migration client : org.wso2.carbon.is.migration.MigrationClientImpl
[2021-09-20 12:49:29,853] [] INFO {org.wso2.carbon.is.migration.config.Config} - WSO2 Product Migration Service Task : Loading Migration Configs, PATH:C:\Users\msingh11\DOWNLO~1\WSO2IS~1.0\bin..\migration-resources\migration-config.yaml
[2021-09-20 12:49:29,951] [] INFO {org.wso2.carbon.is.migration.config.Config} - WSO2 Product Migration Service Task : Successfully loaded the config file.
[2021-09-20 12:49:29,952] [] INFO {org.wso2.carbon.is.migration.Mi}
The deployemnt.toml file is-
[server]
hostname = "localhost"
node_ip = "127.0.0.1"
base_path = "https://$ref{server.hostname}:${carbon.management.port}"
[super_admin]
username = "wso2admin"
password = "admin"
create_admin_account = false
[user_store]
class="org.wso2.carbon.user.core.ldap.ReadWriteLDAPUserStoreManager"
connection_url = "ldap://localhost:${Ports.EmbeddedLDAP.LDAPServerPort}"
connection_name = "uid=admin,ou=system"
connection_password = "admin"
user_search_base="ou=Users,dc=wso2,dc=org"
user_name_list_filter="(objectClass\u003dperson)"
user_name_search_filter="(\u0026amp;(objectClass\u003dperson)(uid\u003d?)"
user_name_attribute= "uid"
user_entry_object_class= "identityPerson"
group_entry_object_class= "groupOfNames"
group_name_attribute= "cn"
group_name_search_filter= "(\u0026amp;(objectClass\u003dgroupOfNames)(cn\u003d?))"
group_name_list_filter= "(objectClass\u003dgroupOfNames)"
group_search_base="ou=Groups,dc=wso2,dc=org"
membership_attribute= "member"
anonymous_bind= "false"
display_name_attribute= ""
back_links_enabled= "false"
is_bulk_import_supported= "false"
empty_roles_allowed= "true"
password_hash_method= "PLAIN_TEXT"
kdc_enabled= "false"
default_realm_name= "WSO2.ORG"
connection_pooling_enabled= "true"
lDAP_connection_timeout= "5000"
base_dn = "dc=wso2,dc=org" #refers the base dn on which the user and group search bases will be generated
[user_store.properties]
TenantManager="org.wso2.carbon.user.core.tenant.CommonHybridLDAPTenantManager"
[database.carbon_db]
type = "RDBMS"
url = "jdbc:postgresql://localhost:5432/wso2"
username = "wso2admin"
password = "admin"
driver="org.postgresql.Driver"
[database.identity_db]
type = "RDBMS"
url = "jdbc:postgresql://localhost:5432/wso2"
username = "wso2admin"
password = "admin"
driver="org.postgresql.Driver"
[database.shared_db]
type = "RDBMS"
url = "jdbc:postgresql://localhost:5432/wso2"
username = "wso2admin"
password = "admin"
driver="org.postgresql.Driver"
[keystore.primary]
file_name = "wso2carbon.jks"
password = "wso2carbon"
[truststore]
file_name="client-truststore.jks"
password="wso2carbon"
type="JKS"
[account_recovery.endpoint.auth]
hash= "66cd9688a2ae068244ea01e70f0e230f5623b7fa4cdecb65070a09ec06452262"
[identity.auth_framework.endpoint]
app_password= "dashboard"
[[datasource]]
id="source"
url="jdbc:postgresql://localhost:5432/wso2"
username="wso2admin"
password="admin"
driver="org.postgresql.Driver"
[datasource.pool_options]
maxActive="80"
maxWait="60000"
minIdle="5"
testOnBorrow="true"
validationQuery="SELECT 1"
validationInterval="30000"
defaultAutoCommit="false"
[[datasource]]
id="target"
url="jdbc:postgresql://localhost:5432/wso2_new"
username="wso2admin"
password="admin"
driver="org.postgresql.Driver"
[datasource.pool_options]
maxActive="80"
maxWait="60000"
minIdle="5"
testOnBorrow="true"
validationQuery="SELECT 1"
validationInterval="30000"
defaultAutoCommit="false"
# The KeyStore which is used for encrypting/decrypting internal data. By default the primary keystore is used as the internal keystore.
#[keystore.internal]
#file_name = "$ref{keystore.primary.file_name}"
#type = "$ref{keystore.primary.type}"
#password = "$ref{keystore.primary.password}"
#alias = "$ref{keystore.primary.alias}"
#key_password = "$ref{keystore.primary.key_password}"
# The KeyStore which is used for tls communication. By default the primary keystore is used as the tls keystore.
#[keystore.tls]
#file_name = "$ref{keystore.primary.file_name}"
#type = "$ref{keystore.primary.type}"
#password = "$ref{keystore.primary.password}"
#alias = "$ref{keystore.primary.alias}"
#key_password = "$ref{keystore.primary.key_password}"
#Google reCAPTCHA settings.
#[recaptcha]
#enabled = "true"
#api_url = "https://www.google.com/recaptcha/api.js"
#verify_url = "https://www.google.com/recaptcha/api/siteverify"
#site_key = ""
#secret_key = ""
# SMTP email sender settings.
#[output_adapter.email]
#from_address= "abcd#gmail.com"
#username= "abcd"
#password= "xxxx"
#hostname= "smtp.gmail.com"
#port= 587
what I'm missing in the config?
Can we directly upgrade wso2is-5.7.0 to wso2is-5.11.0?
Yes, but you need to do few steps to configure the migration from wso2is-5.7.0 to wso2is-5.11.0
Make sure that all the prerequisites are met, you can see the prerequisites from here
Next do the pre-steps for the migration by following the details in here
For the resources like the custom components, custom libraries, Keystore managers, tenants, etc. follow the link in here
I'm using Postgres for wso2is-5.7.0, can I get some reference >to changes I need to do in the wso2 configuration while preparing >for migration?
If you are using the Postgres, during the migration, uuid-ossp extension is created in the database. In order to create this extension, the database user should have the superuser permission. If the user is not already a superuser, assign the permission before starting the migration.
ALTER USER <user> WITH SUPERUSER;
Do I need to create another database in Postgres for wso2is-5.11.0 and then
configure it as a data source in IS?
No, you don't want to create another database in Postgres for 5.11.0 and configure it, but for the safety measures, you can have a snapshot of your 5.7.0 database and plug it in the 5.11.0
I want to use slf4j for logging, based on logging doc. These config should be changed in application.conf:
akka {
loggers = ["akka.event.slf4j.Slf4jLogger"]
logging-filter = "akka.event.slf4j.Slf4jLoggingFilter"
}
I'm using application.properties instead of application.conf:
akka.loggers[0]=akka.event.slf4j.Slf4jLogger
akka.logging-filter=akka.event.slf4j.Slf4jLoggingFilter
But above config does not change akka.loggers value (the value is still the default value: akka.event.Logging$DefaultLogger).
Printing all configuration:
"loggers" : [
# reference.conf # jar:file:/home/user/.m2/repository/com/typesafe/akka/akka-actor_2.12/2.5.18/akka-actor_2.12-2.5.18.jar!/reference.conf: 17
"akka.event.Logging$DefaultLogger"
],
# application.properties # file:/home/user/workspace/x-platform/target/test-classes/application.properties
"loggers[0]" : "akka.event.slf4j.Slf4jLogger",
# application.properties # file:/home/user/workspace/x-platform/target/test-classes/application.properties
"logging-filter" : "akka.event.slf4j.Slf4jLoggingFilter",
So my question is: how can i set/change value for a list prpperty in application.properties?
I'm using akka 2.5.18 with Java.
Have you tried this the parseString thing?
val customConf = ConfigFactory.parseString("""
akka {
loggers = ["akka.event.slf4j.Slf4jLogger"]
logging-filter = "akka.event.slf4j.Slf4jLoggingFilter"
}
""")
val system = ActorSystem("MySystem", ConfigFactory.load(customConf))
or combining custom config with the usual one
Config myConfig =ConfigFactory.parseString("loggers=['akka.event.slf4j.Slf4jLogger']");
Config regularConfig = ConfigFactory.load();
Config combined = myConfig.withFallback(regularConfig);
I am implementing OMI client on CentOs in C++ to communicate with windows WMI
I have installed OMI on Linux CentOS 7 and trying to connect to Windows 7
using the sample utility provided by OMI.
Reference: https://github.com/Microsoft/omi
Also configured WINRM on Windows to receive basic authentication calls.
I am not able to get the sample working. Getting the following error:
root#LinuxMachine bin]# ./omicli --auth Basic --hostname WinMachine.TEST.COM -u admin -p adminpassaword ei root/cimv2 Win32_Environment --port 5985
./omicli: result: MI_RESULT_FAILED
./omicli: result: ERROR_INTERNAL_ERROR: The WS-Management service cannot process the request. A DMTF resource URI was used to access a non-DMTF class. Try again using a non-DMTF resource URI.
Below is the WINRM configuration for the destination machine for reference
C:\Windows\system32>winrm get winrm/config
Config
MaxEnvelopeSizekb = 150
MaxTimeoutms = 60000
MaxBatchItems = 32000
MaxProviderRequests = 4294967295
Client
NetworkDelayms = 5000
URLPrefix = wsman
AllowUnencrypted = true [Source="GPO"]
Auth
Basic = true [Source="GPO"]
Digest = true [Source="GPO"]
Kerberos = true [Source="GPO"]
Negotiate = true [Source="GPO"]
Certificate = true
CredSSP = true [Source="GPO"]
DefaultPorts
HTTP = 5985
HTTPS = 5986
TrustedHosts
Service
RootSDDL = O:NSG:BAD:P(A;;AG;;;BA)S:P(AU;FA;GA;;;WD)(AU;SA;GWGX;;;WD)
MaxConcurrentOperations = 4294967295
MaxConcurrentOperationsPerUser = 15
EnumerationTimeoutms = 60000
MaxConnections = 25
MaxPacketRetrievalTimeSeconds = 120
AllowUnencrypted = true
Auth
Basic = true [Source="GPO"]
Kerberos = true [Source="GPO"]
Negotiate = true [Source="GPO"]
Certificate = false
CredSSP = true [Source="GPO"]
CbtHardeningLevel = Relaxed
DefaultPorts
HTTP = 5985
HTTPS = 5986
IPv4Filter = *
IPv6Filter = *
EnableCompatibilityHttpListener = false
EnableCompatibilityHttpsListener = false
CertificateThumbprint
Winrs
AllowRemoteShellAccess = true
IdleTimeout = 180000
MaxConcurrentUsers = 5
MaxShellRunTime = 2147483647
MaxProcessesPerShell = 15
MaxMemoryPerShellMB = 150
MaxShellsPerUser = 5
Am I missing anything obvious? Any help with getting the sample working is much appreciated.
I had encountered similar issue. I have resolved this by upgrading power-shell version on my server.
Windows 7 by-default shows uses powershell version 2.0.
PS C:\> test-wsman <clientName>
wsmid : http://schemas.dmtf.org/wbem/wsman/identity/1/wsmanidentity.xsd
ProtocolVersion : http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd
ProductVendor : Microsoft Corporation
ProductVersion : OS: 0.0.0 SP: 0.0 Stack: 2.0
By-default CIM session uses WSMAN protocol, specifically newer version of protocol.
This won't work for computers running powershell version 2.0 or no powershell at all.
Upgrade your to resolve this issue.
Refer URL https://mcpmag.com/articles/2013/05/07/remote-to-second-powershell.aspx for more details.