I'm using WSO2 IS 5.3.0 in a clustered environment.
It was noticed that the claims are not being displayed in the default user profile in any of the users even after they are given as "Supported by Default". I even restarted the nodes one by one assuming it was a caching issue but that did not solve the issue either.
What could be the possible reason for this behaviour?
Could this be a configuration error?
Where should I be looking specifically(which configurations) in order to narrow down the issue?
Any valuable solution/suggestion is highly appreciated.
Thanks in advance.
After some research found out that the exact issue was simply a missing tag in the user-mgt.xml file inside <WSO2_IS_HOME>/repository/conf
<Property name=”initializeNewClaimManager”>true</Property>
After adding the missing configuration as mentioned below, the default profile displayed the claims as expected.
<Configuration>
<AddAdmin>true</AddAdmin>
<AdminRole>admin</AdminRole>
<AdminUser>
<UserName>admin</UserName>
<Password>admin</Password>
</AdminUser>
<EveryOneRoleName>everyone</EveryOneRoleName>
<Property name=”isCascadeDeleteEnabled”>true</Property>
<Property name=”initializeNewClaimManager”>true</Property>
<Property name=”dataSource”>jdbc/WSO2UM_DB</Property>
</Configuration>
Related
I am trying to use the monetization feature in WSO2 APIM. I am testing it out with default Stripe as its billing engine. I have followed this documentation for the configuration WSO2 APIM Monetization. I have commented out the existing workflow definition for SubscriptionCreation and SubscriptionDeletion and added the definition mentioned in the steps.
The current workflow definition after the update looks like this ->
<WorkFlowExtensions>
<ApplicationCreation executor="org.wso2.carbon.apimgt.impl.workflow.ApplicationCreationSimpleWorkflowExecutor"/>
<!--ApplicationCreation executor="org.wso2.carbon.apimgt.impl.workflow.ApplicationCreationApprovalWorkflowExecutor"/-->
<ProductionApplicationRegistration executor="org.wso2.carbon.apimgt.impl.workflow.ApplicationRegistrationSimpleWorkflowExecutor"/>
<!--ProductionApplicationRegistration executor="org.wso2.carbon.apimgt.impl.workflow.ApplicationRegistrationApprovalWorkflowExecutor"/-->
<SandboxApplicationRegistration executor="org.wso2.carbon.apimgt.impl.workflow.ApplicationRegistrationSimpleWorkflowExecutor"/>
<!--SandboxApplicationRegistration executor="org.wso2.carbon.apimgt.impl.workflow.ApplicationRegistrationApprovalWorkflowExecutor"/-->
<!--<SubscriptionCreation executor="org.wso2.carbon.apimgt.impl.workflow.SubscriptionCreationSimpleWorkflowExecutor"/>-->
<SubscriptionCreation executor="org.wso2.apim.monetization.impl.workflow.StripeSubscriptionCreationWorkflowExecutor"/>
<!--SubscriptionCreation executor="org.wso2.carbon.apimgt.impl.workflow.SubscriptionCreationApprovalWorkflowExecutor"/-->
Subscription Update ->
<SubscriptionUpdate executor="org.wso2.carbon.apimgt.impl.workflow.SubscriptionUpdateSimpleWorkflowExecutor"/>
<!--SubscriptionUpdate executor="org.wso2.carbon.apimgt.impl.workflow.SubscriptionUpdateApprovalWorkflowExecutor"/-->
<!--SubscriptionUpdate executor="org.wso2.carbon.apimgt.impl.workflow.SubscriptionUpdateWSWorkflowExecutor">
<Property name="serviceEndpoint">http://localhost:9765/services/SubscriptionApprovalWorkFlowProcess/</Property>
<Property name="username">username</Property>
<Property name="password">password</Property>
<Property name="callbackURL">https://host:port/services/WorkflowCallbackService</Property>
</SubscriptionUpdate-->
<UserSignUp executor="org.wso2.carbon.apimgt.impl.workflow.UserSignUpSimpleWorkflowExecutor"/>
<!--UserSignUp executor="org.wso2.carbon.apimgt.impl.workflow.UserSignUpApprovalWorkflowExecutor"/-->
<!--
***NOTE:***
Users of deletion workflows are expected to implement their own deletion workflow executors and services.
By default API Manager only implements the core functionalities required to support deletion workflows and
simple deletion workflow executors. Default WS deletion workflow implementations are not available with the
distribution.
-->
<!--<SubscriptionDeletion executor="org.wso2.carbon.apimgt.impl.workflow.SubscriptionDeletionSimpleWorkflowExecutor"/>-->
<SubscriptionDeletion executor="org.wso2.apim.monetization.impl.workflow.StripeSubscriptionDeletionWorkflowExecutor"/>
<!--SubscriptionDeletion executor="org.wso2.carbon.apimgt.impl.workflow.SubscriptionDeletionSimpleWorkflowExecutor">
<Property name="serviceEndpoint">http://host:port/services/SubscriptionApprovalWorkFlowProcess/</Property>
<Property name="username">username</Property>
<Property name="password">password</Property>
<Property name="callbackURL">https://host:port/services/WorkflowCallbackService</Property>
</SubscriptionDeletion -->
<ApplicationDeletion executor="org.wso2.carbon.apimgt.impl.workflow.ApplicationDeletionSimpleWorkflowExecutor"/>
<!--ApplicationDeletion executor="org.wso2.carbon.apimgt.impl.workflow.ApplicationDeletionSimpleWorkflowExecutor">
<Property name="serviceEndpoint">http://host:port/services/ApplicationApprovalWorkFlowProcess/</Property>
<Property name="username">username</Property>
<Property name="password">password</Property>
<Property name="callbackURL">https://host:port/services/WorkflowCallbackService</Property>
</ApplicationDeletion-->
<!-- Publisher related workflows -->
<APIStateChange executor="org.wso2.carbon.apimgt.impl.workflow.APIStateChangeSimpleWorkflowExecutor" />
<!--APIStateChange executor="org.wso2.carbon.apimgt.impl.workflow.APIStateChangeApprovalWorkflowExecutor">
<Property name="stateList">Created:Publish,Published:Block</Property>
</APIStateChange-->
<APIProductStateChange executor="org.wso2.carbon.apimgt.impl.workflow.APIProductStateChangeSimpleWorkflowExecutor" />
<!--APIProductStateChange executor="org.wso2.carbon.apimgt.impl.workflow.APIProductStateChangeApprovalWorkflowExecutor">
<Property name="stateList">Created:Publish,Published:Block</Property>
</APIProductStateChange-->
`
When I try to monetize a policy or when I try to subscribe API to an application using the monetized policy, I get the following error ->
ERROR - StripeSubscriptionCreationWorkflowExecutor Error while creating a customer in Stripe for username
ERROR - APIConsumerImpl Could not execute Workflow
org.wso2.carbon.apimgt.impl.workflow.WorkflowException: Error while creating a customer in Stripe for username
Caused by: com.stripe.exception.ApiConnectionException: IOException during API request to Stripe (https://api.stripe.com): HTTPS hostname wrong: should be <api.stripe.com> Please check your internet connection and try again. If this problem persists,you should check Stripe's service status at https://twitter.com/stripestatus, or let us know at support#stripe.com.
It seems the issue is due to the workflow update, but I couldn't figure out the exact issue.
Update: -
I tried removing the workflow changes, and with that configuration, I am able to create an API subscription (Hostname error occurs sometimes and sometimes it does not) but even if the subscription is created respective customer is not getting created on the connected Stripe account.
It seems like your server is unable to communicate with Stripe API endpoint (https://api.stripe.com). You might want to add Stripe domains to your server's allowlist.
I'm currently trying to use Role-based permission on Micro-Integrator v 7.1.0 while calling api request, i've already managed to use REST Basic AuthHandler as shown below, which works just fine.
<handlers>
<handler class="org.wso2.micro.integrator.security.handler.RESTBasicAuthHandler"/>
</handlers>
Now i want to add role permission to it, but i can't seem to find a way on how to.
I found some code that worked on older versions, but apparently not on 7.1
<handler class="org.wso2.api.authorization.RoleBasedAuthorizationHandler">
<property name="roles" value="testRole"/>
</handler>
Any suggestions on how to make this work? Thanks.
I implemented a new authorization handler for MI. You can find it here. If you find any bugs please report them back to the Github project.
Once you add the Jar you can engage the Handler as shown below.
<handlers>
<handler class="com.ycr.auth.handlers.AuthorizationHandler">
<property name="roles" value="admin,test" />
<property name="authorize" value="true" />
</handler>
</handlers>
I'm new to WSO2,
In the WSO2 ESB profile, I tried to send a message like this:
{"name":"中国"}
but after proxy service and in my back-end service it printed:
{"name":"???"}
it also appeared both in API, when I debug the api, I can see the payload as already unreadable.
So I think I must set up character encoding before the payload coming in. But where can I do this?
Can you help me?
Can you try adding the following (as suggested in this blog):
<property name="CHARACTER_SET_ENCODING" value="UTF-8" scope="axis2" type="STRING"/>
I would like to know if there is a way to maintain certain custom configuration values in a .properties file (in Java) and load the properties at ESB startup and use the custom property values within a mediation flow? any ideas on this would be really helpful.
This might be what you are looking for:
https://dzone.com/articles/retrieve-values-xml-config (page dated ~2013)
It shows how you can have a file in the WSO2 registry and read it in your proxy.
(the file stored in the registry can contain your properties)
I would agree with the suggestion to save the properties in an XML file which you then upload to your registry, independent of the code.
That way, the properties can be updated or deleted without having to touch the code.
If you are constrained to use Java .properties files, then it might be advisable to create a JAR that is deployed as a library, which you then call from your ESB sequence.
For a similar use case, we had a custom configuration values / parameters or constants into a global_parameter.xml file and have it managed in a governance registry (decide based on your stack).
For example, the global_parameter.xml can be like the following.
<custom>
<Version>2.3</Version>
<Type>FOR</Type>
</custom>
We can load the parameters through a sequence and then use the parameters by reusing the sequence file.
<sequence xmlns="http://ws.apache.org/ns/synapse" name="loadProperties_seq">
<property xmlns:ns="http://org.apache.synapse/xsd" name="localProperties" expression="get-property('registry', 'gov:/common/utils/properties/global_parameter.xml')" scope="default" type="OM"/>
</sequence>
Refer the properties..
<property name="url_reg" expression="//custom/Version"/>
<property name="user_reg" expression="//constants/Type"/>
I am trying to enable UsernameToken security on a service within WSO2 Dev Studio. I can do this through the WSO2 web GUI easily. My desire to do this through the dev studio is to produce a .car file that can easily be deployed.
I see that the web gui creates a policy file and can include that in the exported .car file. The problem, I believe, is that when you use the web gui to enable usernametoken security, the second screen asks for a list of user groups to be selected. I don't see where that data ends up. It's not defined in the policy. It appears that it is stored internally by WSO2. If that is accurate, is there anyway to interact with that via the deployment of a .car file?
Ultimately, I just want to authenticate using the username and password and any user group is fine since I'm going to use an entitlement mediator after authentication to control access.
Edit: It looks like it ends up in the UM_ROLE_PERMISSION table in the WSO2CARBON database. I guess what I need is a way to put some piece of code in my .car file that will get executed upon deployment in order to write into that table. (Or a less terrible solution where I can just describe the authentication scheme in whole without having to manipulate the database.)
The list of user roles is stored in the user management db. By default, it will be stored in the default h2 database.
You can configure the roles allowed by setting a parameter named allowRoles in the proxy configuration. Set comma separated roles that will be authorized to access the given service.
Eg:
<parameter name="allowRoles">role1,role2</parameter>
Sample proxy config:
<?xml version="1.0" encoding="UTF-8"?>
<proxy xmlns="http://ws.apache.org/ns/synapse" name="test_ws_security" transports="http https" startOnLoad="true" trace="disable">
<target>
<inSequence>
<respond/>
</inSequence>
<outSequence/>
</target>
<parameter name="allowRoles">admin,myrole</parameter>
<policy key="conf:/custom/UsernameTokenPolicy_v1.xml"/>
<enableSec/>
</proxy>