wso2 - workflow management - 400 Bad Request - wso2

I was trying to configure workflow management as given in the documentation with 5.8.0 version.
The DB used is default H2.
Link followed:
https://is.docs.wso2.com/en/5.9.0/learn/workflow-management/
http://cdwijayarathna.blogspot.com/2016/04/making-use-of-wso2-identity-servers.html
When I logged into User Dashboard https://localhost:9443/dashboard nothing is displayed, PFA screenshot in approval section:
Getting 400 Bad request in network as below:
Get API
https://localhost:9443/portal/gadgets/approvals/index.jag?profileList=[object%20Object]
Response: 400 Bad Request
Bad Request Error
Here are the users created and user is waiting for approval:
Waiting for Approval
Below are the logs:
[2020-06-01 20:39:59,187] approver#abc.com [2] [IS] INFO {org.wso2.carbon.core.services.util.CarbonAuthenticationUtil} - 'approver#abc.com [2]' logged in at [2020-06-01 20:39:59,186+0530]
[2020-06-01 21:00:33,938] INFO {org.wso2.carbon.core.services.util.CarbonAuthenticationUtil} - 'admin#carbon.super [-1234]' logged in at [2020-06-01 21:00:33,938+0530]
[2020-06-01 21:00:43,044] INFO {org.wso2.carbon.core.services.authentication.AuthenticationAdmin} - 'admin#carbon.super [-1234]' logged out at [2020-06-01 21:00:43,0043]
[2020-06-01 21:00:54,059] #abc.com [2] [IS] INFO {org.wso2.carbon.user.core.ldap.ReadWriteLDAPUserStoreManager} - LDAP connection created successfully in read-write mode
[2020-06-01 21:00:54,102] pandry#abc.com [2] [IS] INFO {org.wso2.carbon.core.services.util.CarbonAuthenticationUtil} - 'pandry#abc.com [2]' logged in at [2020-06-01 21:00:54,102+0530]
[2020-06-01 21:31:22,815] #abc.com [2] [IS] INFO {org.wso2.carbon.core.multitenancy.utils.TenantAxisUtils} - Starting to clean tenant : abc.com
[2020-06-01 21:31:22,819] #abc.com [2] [IS] INFO {org.wso2.carbon.bpel.core.Axis2ConfigurationContextObserverImpl} - Unloading TenantProcessStore for tenant 2.
[2020-06-01 21:31:22,907] #abc.com [2] [IS] INFO {org.wso2.carbon.user.core.ldap.ReadWriteLDAPUserStoreManager} - LDAP connection created successfully in read-write mode
[2020-06-01 21:31:22,965] #abc.com [2] [IS] INFO {org.wso2.carbon.humantask.core.Axis2ConfigurationContextObserverImpl} - Unloading TenantTaskStore for tenant 2.
[2020-06-01 21:31:22,984] #abc.com [2] [IS] INFO {org.wso2.carbon.core.deployment.DeploymentInterceptor} - Removing Axis2 Service: LoginApprovalTaskService {abc.com[2]}
[2020-06-01 21:31:23,016] #abc.com [2] [IS] INFO {org.wso2.carbon.core.deployment.DeploymentInterceptor} - Removing Axis2 Service: userCreateApprovalTaskService {abc.com[2]}
[2020-06-01 21:31:23,028] #abc.com [2] [IS] WARN ***{org.wso2.carbon.humantask.core.store.HumanTaskStore} - Could not find matching AxisService in Tenant AxisConfiguration for service name*** :userCreateApprovalTaskService
[2020-06-01 21:31:23,039] #abc.com [2] [IS] INFO {org.wso2.carbon.core.multitenancy.utils.TenantAxisUtils} - Cleaned up tenant abc.com


With more research I found out this is an known issue as mentioned https://github.com/wso2/product-is/issues/5678 with the change mentioned https://github.com/wso2/product-is/pull/5887/files here

Related

Unable to authenticate using adfs as the federated authenticator in wso2 with travelocity app

When i have a single adfs configured as a identity server on wso2, authentication from wso2 fails with the below error.
ator returned: INCOMPLETE TID: [-1234] [] [2017-02-24 06:50:04,580]
DEBUG
{org.wso2.carbon.identity.application.authentication.framework.handler.step.impl.DefaultStepHandler}
- SAMLSSOAuthenticator is redirecting TID: [-1234] [] [2017-02-24 06:50:04,580] DEBUG
{org.wso2.carbon.identity.application.authentication.framework.handler.sequence.impl.DefaultStepBasedSequenceHandler}
- Step is not complete yet. Redirechttp://stackoverflow.com/questionsting to outside. TID: [-1234]
[] [2017-02-24 06:50:09,958] DEBUG
{org.wso2.carbon.identity.application.authentication.framework.util.FrameworkUtils}
- Authentication Context is null TID: [-1234] [] [2017-02-24 06:50:09,959] DEBUG
{org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultRequestCoordinator}
- Session data key is null in the request TID: [-1234] [] [2017-02-24 06:50:09,959] ERROR
{org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultRequestCoordinator}
- Context does not exist. Probably due to invalidated cache
At the same time if there are more than one federated authentication say 2 adfs servers configured on wso2 as identity server and using the advanced configuration option on wso2-sp , authentication from travelocity is happening fine.
please guide what am i missing here.

This is supported out-of-the-box with Identity Server 5.1.0 M3 onwards. If you are to use this with Identity Server 5.0.0 (with SP 1) you’ll need to some modifications to the source. The details can be found at [1] & [2].
Follow Document[3] for more details for Setting ADFS 3.0 as a Federated Authenticator in WSO2 Identity Server
[1] - https://wso2.org/jira/browse/IDENTITY-3181
[2] - https://wso2.org/jira/browse/IDENTITY-3349
[3] - https://omindu.wordpress.com/2015/06/19/setting-ad-fs-3-0-as-federated-authenticator-in-wso2-identity-server/

wso2 API manager publishing runtime to DAS : DAS has no data in WSO2_STATS_DB

I use independent wso2 API manager 1.10.0 and wso2 DAS 3.0.0 on AWS ec2 to gather statistics of my API usage and I use postgresql to be external RDBMS to store summary data.
APIM configurations on Admin-Dashboard
Event Receiver Configurations :
tcp://DAS-IP:7611
Data Analyzer Configurations :
https://DAS-IP:9443
Statistics Summary Datasource :
My-postgresql-url
APIM configuration in api-manager.xml
Disable rest client and enable RDBMS client
DAS configuration
Set datasource WSO2AM_STATS_DB in master-datasources.xml
Scenario
Login to APIM publisher
Deploy sample API
Go to APIM store
Subscribe sample API
Go to APIM publisher
Click statistics > API usage
Only show example statistics page.
APIM Logs
[2016-04-22 06:12:47,787] INFO - EmbeddedRegistryService Configured Registry in 0ms
[2016-04-22 06:12:48,015] INFO - CarbonAuthenticationUtil 'admin#carbon.super [-1234]' logged in at [2016-04-22 06:12:48,015+0000]
[2016-04-22 06:12:48,360] INFO - CarbonAuthenticationUtil 'admin#carbon.super [-1234]' logged in at [2016-04-22 06:12:48,359+0000]
[2016-04-22 06:12:48,605] INFO - CarbonAuthenticationUtil 'admin#carbon.super [-1234]' logged in at [2016-04-22 06:12:48,605+0000]
[2016-04-22 06:12:48,664] INFO - CarbonAuthenticationUtil 'admin#carbon.super [-1234]' logged in at [2016-04-22 06:12:48,664+0000]
[2016-04-22 06:12:48,920] INFO - CarbonAuthenticationUtil 'admin#carbon.super [-1234]' logged in at [2016-04-22 06:12:48,920+0000]
[2016-04-22 06:12:49,296] INFO - API Initializing API: admin--CalculatorAPI:v1.0
[2016-04-22 06:13:05,384] INFO - **ReceiverGroup Resending the failed published data...**
DAS Logs
[2016-04-22 04:09:00,218] INFO {org.wso2.carbon.databridge.core.DataBridge} - user admin connected
[2016-04-22 04:09:32,439] INFO {org.wso2.carbon.databridge.core.DataBridge} - user admin connected
[2016-04-22 04:09:47,474] INFO {org.wso2.carbon.databridge.core.DataBridge} - user admin connected
[2016-04-22 04:33:10,239] INFO {org.wso2.carbon.databridge.core.DataBridge} - user admin connected
[2016-04-22 04:35:28,672] INFO {org.wso2.carbon.databridge.core.DataBridge} - user admin connected
[2016-04-22 06:05:18,848] INFO {org.wso2.carbon.databridge.core.DataBridge} - user admin connected
[2016-04-22 06:12:53,017] INFO {org.wso2.carbon.databridge.core.DataBridge} - user admin connected
[2016-04-22 06:13:09,173] INFO {org.wso2.carbon.databridge.core.DataBridge} - user admin connected
DAS WSO2_STATS_DB status
From DAS dashboard > configure > data sources,I've checked the status of all DB is active and tested connection is healthy.
I don't know if WSO2AM_STATS_DB doesn't support postgresql or my configuration gets something wrong.
thanks

I raised a public jira for the APIM Stat scripts folder does not have the PostgreSQL script.
APIM does not publish subscription events to the DAS. Subscription details are kept in the WSO2AM_DB database and we used AM_SUBSCRIBER and AM_SUBSCRIPTION table for that purpose.
Hope you followed this documentation.

Unable to access WSO2 Identity server Management console

I have setup WSO2 Identity server 5.0.0 on Windows 2012 R2 server.
I changed the primary user store to Active Directory following the instructions from WSO2 Documentation.
https://docs.wso2.com/display/IS500/Configuring+an+Active+Directory+User+Store
Since then i am not able to login into the Identity server Management Console.
I tried to login with the AD admin user as well as the WSO2 admin user, none of them work. Below are the errors from the log.
**TID: [0] [IS] [2016-01-05 10:17:22,965] WARN {org.wso2.carbon.core.services.util.CarbonAuthenticationUtil} - Failed Administrator login attempt 'wso2\test1[-1234]' at [2016-01-05 10:17:22,965+0000] {org.wso2.carbon.core.services.util.CarbonAuthenticationUtil}
TID: [0] [IS] [2016-01-05 10:17:35,420] WARN {org.wso2.carbon.core.services.util.CarbonAuthenticationUtil} - Failed Administrator login attempt 'test1[-1234]' at [2016-01-05 10:17:35,418+0000] {org.wso2.carbon.core.services.util.CarbonAuthenticationUtil}
TID: [0] [IS] [2016-01-05 10:17:46,485] WARN {org.wso2.carbon.core.services.util.CarbonAuthenticationUtil} - Failed Administrator login attempt 'admin[-1234]' at [2016-01-05 10:17:46,485+0000] {org.wso2.carbon.core.services.util.CarbonAuthenticationUtil}**
Below is the user-mgt xml file.
http://pastebin.com/zTJ2SJmN
Any help is greatly appreciated ..!!!
Thanks you
Kbasa

Unable to login to Dashboard for WSO2 Identity Server

I have setup a WSO2 Identity Server 5.0.0 and I was able to login to carbon managment console with the user "admin". But when I try to login to dashboard, it failed.
Been troubleshooting and reading the documentation and stackoverflow for clue but couldn't find one and I am not sure which part of the configuration I did wrong.
Following are the things that I set for my WSO2IS:
I change the host name from localhost to my server ip in the following files:
repository/conf/carbon.xml
repository/conf/identity.xml
repository/conf/security/sso-idp-config.xml
repository/conf/security/saml2.federation.properties
repository/conf/security/authenticators.xml
repository/conf/tomcat/catalina-server.xml
I also did the same steps indicated in this Cannot see any option in WSO2 Identity Server dashboard
Following are the server log produced from the server where I setup the WSO2IS
[2015-08-10 11:47:48,530] INFO {org.wso2.carbon.core.init.CarbonServerManager} - Repository : /opt/WSO2/wso2is-5.0.0/repository/deployment/server/
[2015-08-10 11:47:49,038] INFO {org.wso2.carbon.core.internal.permission.update.PermissionUpdater} - Permission cache updated for tenant -1234
[2015-08-10 11:47:49,774] INFO {org.wso2.carbon.identity.application.mgt.ui.internal.ApplicationMgtUIServiceComponent} - Application Management UI bundle acticated!
[2015-08-10 11:47:49,944] INFO {org.wso2.carbon.identity.sso.saml.admin.FileBasedConfigManager} - A SSO Service Provider is registered for : wso2.my.dashboard
[2015-08-10 11:47:50,039] INFO {org.wso2.carbon.idp.mgt.internal.IdPManagementServiceComponent} - Identity Application Management Database initialization not attempted since 'setup' variable was not provided during startup
[2015-08-10 11:47:50,299] INFO {org.wso2.carbon.identity.core.internal.IdentityCoreServiceComponent} - Identity Database schema initialization check was skipped since 'setup' variable was not given during startup
[2015-08-10 11:47:51,868] INFO {org.wso2.carbon.core.transports.http.HttpsTransportListener} - HTTPS port : 9443
[2015-08-10 11:47:51,868] INFO {org.wso2.carbon.core.transports.http.HttpTransportListener} - HTTP port : 9763
[2015-08-10 11:47:53,001] INFO {org.wso2.carbon.core.init.JMXServerManager} - JMX Service URL : service:jmx:rmi://172.18.64.178:11111/jndi/rmi://172.18.64.178:9999/jmxrmi
[2015-08-10 11:47:53,001] INFO {org.wso2.carbon.core.internal.StartupFinalizerServiceComponent} - Server : WSO2 Identity Server-5.0.0
[2015-08-10 11:47:53,002] INFO {org.wso2.carbon.core.internal.StartupFinalizerServiceComponent} - WSO2 Carbon started in 109 sec
[2015-08-10 11:47:53,410] INFO {org.wso2.carbon.ui.internal.CarbonUIServiceComponent} - Mgt Console URL : https://172.18.64.178:9443/carbon/
[2015-08-10 11:47:54,205] INFO {org.wso2.carbon.identity.entitlement.internal.EntitlementServiceComponent} - Started thrift entitlement service at port:10500
[2015-08-10 11:48:09,003] INFO {org.wso2.carbon.identity.entitlement.internal.SchemaBuilder} - XACML policy schema loaded successfully.
[2015-08-10 11:49:08,437] INFO {org.wso2.carbon.core.services.util.CarbonAuthenticationUtil} - 'WSO2/admin#carbon.super [-1234]' logged in at [2015-08-10 11:49:08,437+0800]
[2015-08-10 11:49:24,528] INFO {JAGGERY.login:jag} - connecting to https://172.18.64.178:9443/services
[2015-08-10 11:49:43,806] INFO {org.wso2.carbon.core.internal.permission.update.PermissionUpdater} - Permission cache updated for tenant -1234
[2015-08-10 11:49:43,847] ERROR {org.wso2.carbon.identity.authenticator.saml2.sso.SAML2SSOAuthenticator} - Authentication Request is rejected. Authorization Failure.
[2015-08-10 11:49:43,848] WARN {org.wso2.carbon.core.services.util.CarbonAuthenticationUtil} - Failed Administrator login attempt 'admin[-1234]' at [2015-08-10 11:49:43,848+0800]

A reason for this issue can be the user you try to login does not have log permission. Therefore Can you please check the user has login permission
You can view roles and users from the Identity Server management console.

wso2is session timeouts only working with 'Remember Me', otherwise default to 15 minutes

I have wso2is 5+SP1 setup to persist sessions per https://docs.wso2.com/display/IS500/Enabling+Authentication+Session+Persistence
However, users that have not selected 'Remember Me' will be forced to re-authenticate by wso2is after 15 minutes. These users have their commonAuthId cookie set w/ no expiration time (end of browsing session). Users that have selected 'Remember Me' will get their commonAuthId cookie set with the configured 24 hour expiration time and won't be prompted for re-authorization after 15 minutes.
In both scenarios it appears that session serialization / caching is working correctly, since both commonAuthId values will be stored in the IDN_AUTH_SESSION_STORE table of the backing database.
For the non-RememberMe, the log looks like this:
[2015-07-17 08:16:00,257] DEBUG {org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultRequestCoordinator} - retrieving authentication request from cache.. {org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultRequestCoordinator}
[2015-07-17 08:16:00,258] DEBUG {org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultRequestCoordinator} - Initializing the flow {org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultRequestCoordinator}
[2015-07-17 08:16:00,258] DEBUG {org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultRequestCoordinator} - Framework contextId: 07084e16-7dd9-4726-bf9c-a9a42b06dfe1 {org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultRequestCoordinator}
[2015-07-17 08:16:00,258] DEBUG {org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultRequestCoordinator} - Starting an authentication flow {org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultRequestCoordinator}
[2015-07-17 08:16:00,259] DEBUG {org.wso2.carbon.identity.application.mgt.dao.impl.ApplicationDAOImpl} - Loading Basic Application Data of default {org.wso2.carbon.identity.application.mgt.dao.impl.ApplicationDAOImpl}
[2015-07-17 08:16:00,260] DEBUG {org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultRequestCoordinator} - commonAuthId cookie is available with the value: 4536ad78-26f5-44cb-97bb-080dfc319d13 {org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultRequestCoordinator}
[2015-07-17 08:16:00,260] DEBUG {org.wso2.carbon.caching.impl.CacheImpl} - Using local cache {org.wso2.carbon.caching.impl.CacheImpl}
[2015-07-17 08:16:00,285] DEBUG {org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultRequestCoordinator} - Failed to find the SessionContext from the cache. Possible cache timeout. {org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultRequestCoordinator}
That last line is the failure of
SessionContext sessionContext = FrameworkUtils.getSessionContextFromCache(cookie
.getValue());
in DefaultRequestCoordinator. I'm just not sure why it returns null for non-RememberMe users. In contrast, here's the log from a RememberMe user:
[2015-07-20 12:37:47,123] DEBUG {org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultRequestCoordinator} - retrieving authentication request from cache.. {org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultRequestCoordinator}
[2015-07-20 12:37:47,123] DEBUG {org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultRequestCoordinator} - Initializing the flow {org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultRequestCoordinator}
[2015-07-20 12:37:47,123] DEBUG {org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultRequestCoordinator} - Framework contextId: a6bb7032-e089-4e8f-8ca4-c2f790a767f4 {org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultRequestCoordinator}
[2015-07-20 12:37:47,123] DEBUG {org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultRequestCoordinator} - Starting an authentication flow {org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultRequestCoordinator}
[2015-07-20 12:37:47,127] DEBUG {org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultRequestCoordinator} - commonAuthId cookie is available with the value: c2b28178-ddcb-4156-b258-4e0fb5ffcdb8 {org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultRequestCoordinator}
[2015-07-20 12:37:47,127] DEBUG {org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultRequestCoordinator} - Service Provider is: default {org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultRequestCoordinator}
[2015-07-20 12:37:47,127] DEBUG {org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultRequestCoordinator} - A previously authenticated sequence found for the SP: default {org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultRequestCoordinator}
[2015-07-20 12:37:47,127] DEBUG {org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultRequestCoordinator} - Already authenticated by username: dillon {org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultRequestCoordinator}
Here's the relevant sections of our identity.xml and web.xml that have the timeouts set. Our datastore is an Oracle db.
identity.xml:
<SessionDataPersist>
<PoolSize>0</PoolSize>
<Enable>true</Enable>
<RememberMePeriod>1440</RememberMePeriod>
<CleanUp>
<Enable>true</Enable>
<Period>30</Period>
<TimeOut>720</TimeOut>
</CleanUp>
<Temporary>false</Temporary>
</SessionDataPersist>
...
<SessionContextCache>
<Enable>true</Enable>
<Capacity>100000</Capacity>
</SessionContextCache>
web.xml
<session-config>
<session-timeout>720</session-timeout>
</session-config>

In WSO2 IS, you can set the SSO session cookie timeout value in /repository/conf/identity/identity.xml file
you can find the below config.
<TimeConfig>
<SessionIdleTimeout>15</SessionIdleTimeout>
................