I'm using WSO2 API-Manager 3.0. When I browse to the DevPortal (before signing in) I can see the list of APIs.
But when I login (using my email as assigned by my organization's IAM team) I get a red pop-up message saying 'Error While Loading APIs':
The log file revels this message:
api-manager_1 | [2020-04-13 17:47:58,602] INFO - PermissionUpdater Permission cache updated for tenant -1234
api-manager_1 | [2020-04-13 17:48:00,125] ERROR - APIUtil Error while creating axis configuration for tenant mydomain.com
api-manager_1 | java.lang.RuntimeException: Error while getting tenant activation status.
api-manager_1 | at org.wso2.carbon.core.multitenancy.utils.TenantAxisUtils.getTenantConfigurationContext(TenantAxisUtils.java:126) ~[org.wso2.carbon.core_4.5.1.jar:?]
api-manager_1 | at org.wso2.carbon.core.multitenancy.utils.TenantAxisUtils.getTenantAxisConfiguration(TenantAxisUtils.java:104) ~[org.wso2.carbon.core_4.5.1.jar:?]
api-manager_1 | at org.wso2.carbon.apimgt.impl.utils.APIUtil.loadTenantConfigBlockingMode_aroundBody372(APIUtil.java:6166) [org.wso2.carbon.apimgt.impl_6.5.349.jar:?]
api-manager_1 | at org.wso2.carbon.apimgt.impl.utils.APIUtil.loadTenantConfigBlockingMode(APIUtil.java:6162) [org.wso2.carbon.apimgt.impl_6.5.349.jar:?]
api-manager_1 | at org.wso2.carbon.apimgt.rest.api.util.impl.WebAppAuthenticatorImpl.authenticate(WebAppAuthenticatorImpl.java:129) [org.wso2.carbon.apimgt.rest.api.util_6.5.349.jar:?]
api-manager_1 | at org.wso2.carbon.apimgt.rest.api.util.interceptors.auth.OAuthAuthenticationInterceptor.handleRequest(OAuthAuthenticationInterceptor.java:121) [org.wso2.carbon.apimgt.rest.api.util_6.5.349.jar:?]
api-manager_1 | at org.wso2.carbon.apimgt.rest.api.util.interceptors.auth.OAuthAuthenticationInterceptor.handleMessage(OAuthAuthenticationInterceptor.java:66) [org.wso2.carbon.apimgt.rest.api.util_6.5.349.jar:?]
api-manager_1 | at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:308) [cxf-core-3.2.8.jar:3.2.8]
api-manager_1 | at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121) [cxf-core-3.2.8.jar:3.2.8]
api-manager_1 | at org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:267) [cxf-rt-transports-http-3.2.8.jar:3.2.8]
api-manager_1 | at org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:234) [cxf-rt-transports-http-3.2.8.jar:3.2.8]
api-manager_1 | at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:208) [cxf-rt-transports-http-3.2.8.jar:3.2.8]
api-manager_1 | at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:160) [cxf-rt-transports-http-3.2.8.jar:3.2.8]
(plus another 200 lines of trace-back)
When I login to the Publisher the page loads with a spinning icon that says "Loading Settings" and stays there forever:
Again the log file reveals the same message as above.
Note: Other users in my organization are able to login and view the APIs just fine. But they are not using an email address to authenticate. I am the only using an email address to authenticate.
Another Note: Our organization uses an IAM server for authentication.
Any suggestions on what to try next to resolve this?
In WSO2 servers, the username john#tenant.com represents the user john in abc.com tenant. Therefore, you email domain has been identified as a tenant domain. Try the below format for your username. It should work.
john#gmail.com#tenant.com
If you don't have multiple tenants, use carbon.super as the tenant. So your username should go like this.
john#gmail.com#carbon.super
Related
I have developed a custom userstore that extends UniqueIDJDBCUserStoreManager to handle customer login (domain customer), but when I deploy this bundle, admin login is not working anymore, I don't know why it's triggering the custom user store database connection, in logs I can see it's calling a function doGetUserNameFromUserIDWithID in class UniqueIDJDBCUserStoreManager. Hence I got an SQL error since I'm using wrong DB password (check following logs).
The question is why without my bundle the admin can log normally to console, when I deploy the bundle JAR along with user store xml (e.g. customer.xml) the admin is trying to use this secondary store to authenticate instead of primary store?
Please support, thank you,
PFB config details
wso2is 5.11 console url: https://localhost:9443/carbon/admin/login.jsp
Custom userstore Java class:
org.wso2.emkan.user.store.manager.SecondaryCustomUserStore
public class SecondaryCustomUserStore extends UniqueIDJDBCUserStoreManager{...}
snippet of userstore xml: /repository/deployment/server/userstores/customer.xml:
<?xml version="1.0" encoding="UTF-8"?><UserStoreManager class="org.wso2.emkan.user.store.manager.SecondaryCustomUserStore">
<Property name="url">jdbc:oracle:thin:#//test.com</Property>
<Property name="userName">test1</Property>
<Property encrypted="true" name="password">wrong_password</Property>
<Property name="driverName">oracle.jdbc.driver.OracleDriver</Property>
Deployment.toml snippet:
[super_admin]
username = "admin"
password = "admin"
create_admin_account = true
[user_store]
type = "read_write_ldap_unique_id"
connection_url = "ldap://localhost:${Ports.EmbeddedLDAP.LDAPServerPort}"
connection_name = "uid=admin,ou=system"
connection_password = "admin"
base_dn = "dc=wso2,dc=org"
[database.identity_db]
url = "jdbc:oracle:thin:#(DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=host.docker.internal)(PORT=1521))(CONNECT_DATA=(SERVER=DEDICATED)(SERVICE_NAME=orclpdb2)))"
username = "user"
password = "Id#333333"
driver = "oracle.jdbc.OracleDriver"
[user_store_mgt]
allowed_user_stores=["org.wso2.carbon.user.core.jdbc.UniqueIDJDBCUserStoreManager", "org.wso2.carbon.user.core.ldap.UniqueIDActiveDirectoryUserStoreManager","org.wso2.carbon.user.core.ldap.UniqueIDReadOnlyLDAPUserStoreManager","org.wso2.carbon.user.core.ldap.UniqueIDReadWriteLDAPUserStoreManager","org.wso2.emkan.user.store.manager.SecondaryCustomUserStore"]
Error logs:
wso2is511_1 | [2022-10-18 17:46:44,984] [8e36165e-ad29-4520-890f-9624450ce205] INFO {org.wso2.emkan.user.store.manager.SecondaryCustomUserStore} - Second
aryCustomUserStore doGetUserNameFromUserIDWithID...userID=56c92c55-519e-4e53-af03-916c41005e24
wso2is511_1 | [2022-10-18 17:46:50,842] [8e36165e-ad29-4520-890f-9624450ce205] ERROR {org.apache.tomcat.jdbc.pool.ConnectionPool} - Unable to create initi
al connections of pool. java.sql.SQLException: ORA-01017: invalid username/password; logon denied
wso2is511_1 |
wso2is511_1 | at oracle.jdbc.driver.T4CTTIoer11.processError(T4CTTIoer11.java:494)
wso2is511_1 | at oracle.jdbc.driver.T4CTTIoer11.processError(T4CTTIoer11.java:441)
wso2is511_1 | at oracle.jdbc.driver.T4CTTIoer11.processError(T4CTTIoer11.java:436)
wso2is511_1 | at oracle.jdbc.driver.T4CTTIfun.processError(T4CTTIfun.java:1027)
wso2is511_1 | at oracle.jdbc.driver.T4CTTIoauthenticate.processError(T4CTTIoauthenticate.java:551)
wso2is511_1 | at oracle.jdbc.driver.T4CTTIfun.receive(T4CTTIfun.java:537)
wso2is511_1 | at oracle.jdbc.driver.T4CTTIfun.doRPC(T4CTTIfun.java:255)
wso2is511_1 | at oracle.jdbc.driver.T4CTTIoauthenticate.doOAUTH(T4CTTIoauthenticate.java:500)
wso2is511_1 | at oracle.jdbc.driver.T4CTTIoauthenticate.doOAUTH(T4CTTIoauthenticate.java:1280)
wso2is511_1 | at oracle.jdbc.driver.T4CConnection.logon(T4CConnection.java:690)
wso2is511_1 | at oracle.jdbc.driver.PhysicalConnection.connect(PhysicalConnection.java:782)
wso2is511_1 | at oracle.jdbc.driver.T4CDriverExtension.getConnection(T4CDriverExtension.java:39)
wso2is511_1 | at oracle.jdbc.driver.OracleDriver.connect(OracleDriver.java:704)
wso2is511_1 | at org.apache.tomcat.jdbc.pool.PooledConnection.connectUsingDriver(PooledConnection.java:319)
wso2is511_1 | at org.apache.tomcat.jdbc.pool.PooledConnection.connect(PooledConnection.java:212)
wso2is511_1 | at org.apache.tomcat.jdbc.pool.ConnectionPool.createConnection(ConnectionPool.java:744)
wso2is511_1 | at org.apache.tomcat.jdbc.pool.ConnectionPool.borrowConnection(ConnectionPool.java:676)
wso2is511_1 | at org.apache.tomcat.jdbc.pool.ConnectionPool.init(ConnectionPool.java:483)
wso2is511_1 | at org.apache.tomcat.jdbc.pool.ConnectionPool.(ConnectionPool.java:154)
wso2is511_1 | at org.apache.tomcat.jdbc.pool.DataSourceProxy.pCreatePool(DataSourceProxy.java:118)
wso2is511_1 | at org.apache.tomcat.jdbc.pool.DataSourceProxy.createPool(DataSourceProxy.java:107)
wso2is511_1 | at org.apache.tomcat.jdbc.pool.DataSourceProxy.getConnection(DataSourceProxy.java:131)
wso2is511_1 | at org.wso2.carbon.user.core.jdbc.JDBCUserStoreManager.getDBConnection(JDBCUserStoreManager.java:1197)
wso2is511_1 | at org.wso2.carbon.user.core.jdbc.UniqueIDJDBCUserStoreManager.doGetUserNameFromUserIDWithID(UniqueIDJDBCUserStoreManager.java:1344)
wso2is511_1 | at org.wso2.emkan.user.store.manager.SecondaryCustomUserStore.doGetUserNameFromUserIDWithID(SecondaryCustomUserStore.java:62)
wso2is511_1 | at org.wso2.carbon.user.core.common.AbstractUserStoreManager.getUserStoreInternalWithId(AbstractUserStoreManager.java:7286)
As far as I understood this is expected. Seems like from the deployment.toml you have configured the secondary custom user store as your user store. I don't see any configuration for the another primary user store configuration. In that case in the custom user store xml file if you use the wrong password it will fail the login with the oracle database.
I'm able now to login as admin along with deploying my custom userstore, now the custom store is different than primary one. I have changed the extends of custom store class (SecondaryCustomUserStore) from UniqueIDJDBCUserStoreManager to JDBCUserStoreManager and used the 5.9 methods implementation. Also updated deployment file.
public class SecondaryCustomUserStore extends JDBCUserStoreManager {....}
[super_admin]
admin_role = "admin"
username = "admin"
password = "admin"
create_admin_account= true
[user_store]
type = "read_write_ldap_unique_id"
connection_url = "ldap://localhost:${Ports.EmbeddedLDAP.LDAPServerPort}"
connection_name = "uid=admin,ou=system"
connection_password = "admin"
base_dn = "dc=wso2,dc=org"
[user_store_mgt]
allowed_user_stores=["org.wso2.carbon.user.core.ldap.UniqueIDReadWriteLDAPUserStoreManager","org.wso2.carbon.user.core.jdbc.UniqueIDJDBCUserStoreManager", "org.wso2.carbon.user.core.ldap.UniqueIDActiveDirectoryUserStoreManager","org.wso2.carbon.user.core.ldap.UniqueIDReadOnlyLDAPUserStoreManager","org.wso2.emkan.user.store.manager.SecondaryCustomUserStore"]
[database.identity_db]
............
[database.shared_db]
...........
The first thing is you need to configure this as a secondary userstore. Since this is extending the UniqueIDJDBCUserStoreManager you need to extend several more methods than in JDBCUserStoreManager
IS 5.11.0 does support backward compatibility to you should be able to deploy the existing implementation given the dependencies does match with IS 5.11.0.
Could you check why user kcizek is not able to login to either hub.tess.io nor ecr? This is first time login but it should work with corp and PIN + Yubi. Login works for me just fine.
I am unable to access https://ecr.vip.ebayc3.com/repository/
When I log in, I am faced with this. The ‘contact us’ link doesn’t have any contact information, so I’m trying here. Any ideas? Thanks.
Potentially relevant background: this is my first time attempting to get access.
enter image description here
It's found the email info is absent in user account.
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | default |
| email | |
| enabled | True |
| id | e69fe5b9d9384b338b3c397c7c84e33f |
| name | kcizek |
+-----------+----------------------------------+
Solution is to contact Tess oncall to add email info.
Related Command
openstack user set kcizek --email kcizek#ebay.com
I want to transfer data from GCS to BigQuery by embulk and digdag.
But error occurs.
com.google.api.client.googleapis.json.GoogleJsonResponseException: 401 Unauthorized
.......
Error: org.embulk.config.ConfigException: com.google.cloud.storage.StorageException: Anonymous caller does not have storage.objects.list access to the Google Cloud Storage bucket.
↓ Details
command :
embulk run XXXX.yaml
XXXX.yaml :
in:
type: gcs
bucket: <bucket name>
path_prefix: <file path>
auth_method: compute_engine
parser:
type: poi_excel
sheets: <sheet name>
skip_header_lines: 4
columns:
- {name: 'name', type: string}
.
.
.
out:
type: bigquery
mode: replace
project: <project name>
dataset: <dataset name>
table: <table name>
auth_method: compute_engine
schema_file: <file name of json type>
gcs_bucket: <gcs tmp bucket name>
output :
$ embulk run target_item_bottoms_config.yaml
2020-07-22 14:27:36.559 +0900: Embulk v0.9.23
2020-07-22 14:27:37.609 +0900 [WARN] (main): DEPRECATION: JRuby org.jruby.embed.ScriptingContainer is directly injected.
2020-07-22 14:27:40.577 +0900 [INFO] (main): Gem's home and path are set by default: "/Users/oniki/.embulk/lib/gems"
2020-07-22 14:27:41.662 +0900 [INFO] (main): Started Embulk v0.9.23
2020-07-22 14:27:41.853 +0900 [INFO] (0001:transaction): Loaded plugin embulk-input-gcs (0.3.2)
2020-07-22 14:27:46.263 +0900 [INFO] (0001:transaction): Loaded plugin embulk-output-bigquery (0.6.4)
2020-07-22 14:27:46.369 +0900 [INFO] (0001:transaction): Loaded plugin embulk-parser-poi_excel (0.1.7)
org.embulk.exec.PartialExecutionException: org.embulk.config.ConfigException: com.google.cloud.storage.StorageException: Anonymous caller does not have storage.objects.list access to the Google Cloud Storage bucket.
at org.embulk.exec.BulkLoader$LoaderState.buildPartialExecuteException(BulkLoader.java:340)
at org.embulk.exec.BulkLoader.doRun(BulkLoader.java:566)
at org.embulk.exec.BulkLoader.access$000(BulkLoader.java:35)
at org.embulk.exec.BulkLoader$1.run(BulkLoader.java:353)
at org.embulk.exec.BulkLoader$1.run(BulkLoader.java:350)
at org.embulk.spi.Exec.doWith(Exec.java:22)
at org.embulk.exec.BulkLoader.run(BulkLoader.java:350)
at org.embulk.EmbulkEmbed.run(EmbulkEmbed.java:242)
at org.embulk.EmbulkRunner.runInternal(EmbulkRunner.java:291)
at org.embulk.EmbulkRunner.run(EmbulkRunner.java:155)
at org.embulk.cli.EmbulkRun.runSubcommand(EmbulkRun.java:431)
at org.embulk.cli.EmbulkRun.run(EmbulkRun.java:90)
at org.embulk.cli.Main.main(Main.java:64)
Suppressed: java.lang.NullPointerException
at org.embulk.exec.BulkLoader.doCleanup(BulkLoader.java:463)
at org.embulk.exec.BulkLoader$3.run(BulkLoader.java:397)
at org.embulk.exec.BulkLoader$3.run(BulkLoader.java:394)
at org.embulk.spi.Exec.doWith(Exec.java:22)
at org.embulk.exec.BulkLoader.cleanup(BulkLoader.java:394)
at org.embulk.EmbulkEmbed.run(EmbulkEmbed.java:245)
... 5 more
Caused by: org.embulk.config.ConfigException: com.google.cloud.storage.StorageException: Anonymous caller does not have storage.objects.list access to the Google Cloud Storage bucket.
at org.embulk.input.gcs.AuthUtils.newClient(AuthUtils.java:81)
at org.embulk.input.gcs.GcsFileInput.listFiles(GcsFileInput.java:49)
at org.embulk.input.gcs.GcsFileInputPlugin.transaction(GcsFileInputPlugin.java:59)
at org.embulk.spi.FileInputRunner.transaction(FileInputRunner.java:62)
at org.embulk.exec.BulkLoader.doRun(BulkLoader.java:507)
... 11 more
Caused by: com.google.cloud.storage.StorageException: Anonymous caller does not have storage.objects.list access to the Google Cloud Storage bucket.
at com.google.cloud.storage.spi.v1.HttpStorageRpc.translate(HttpStorageRpc.java:226)
at com.google.cloud.storage.spi.v1.HttpStorageRpc.list(HttpStorageRpc.java:366)
at com.google.cloud.storage.StorageImpl$8.call(StorageImpl.java:338)
at com.google.cloud.storage.StorageImpl$8.call(StorageImpl.java:335)
at com.google.api.gax.retrying.DirectRetryingExecutor.submit(DirectRetryingExecutor.java:105)
at com.google.cloud.RetryHelper.run(RetryHelper.java:76)
at com.google.cloud.RetryHelper.runWithRetries(RetryHelper.java:50)
at com.google.cloud.storage.StorageImpl.listBlobs(StorageImpl.java:334)
at com.google.cloud.storage.StorageImpl.list(StorageImpl.java:290)
at org.embulk.input.gcs.AuthUtils.newClient(AuthUtils.java:77)
... 15 more
Caused by: com.google.api.client.googleapis.json.GoogleJsonResponseException: 401 Unauthorized
{
"code" : 401,
"errors" : [ {
"domain" : "global",
"location" : "Authorization",
"locationType" : "header",
"message" : "Anonymous caller does not have storage.objects.list access to the Google Cloud Storage bucket.",
"reason" : "required"
} ],
"message" : "Anonymous caller does not have storage.objects.list access to the Google Cloud Storage bucket."
}
at com.google.api.client.googleapis.json.GoogleJsonResponseException.from(GoogleJsonResponseException.java:150)
at com.google.api.client.googleapis.services.json.AbstractGoogleJsonClientRequest.newExceptionOnError(AbstractGoogleJsonClientRequest.java:113)
at com.google.api.client.googleapis.services.json.AbstractGoogleJsonClientRequest.newExceptionOnError(AbstractGoogleJsonClientRequest.java:40)
at com.google.api.client.googleapis.services.AbstractGoogleClientRequest$1.interceptResponse(AbstractGoogleClientRequest.java:401)
at com.google.api.client.http.HttpRequest.execute(HttpRequest.java:1097)
at com.google.api.client.googleapis.services.AbstractGoogleClientRequest.executeUnparsed(AbstractGoogleClientRequest.java:499)
at com.google.api.client.googleapis.services.AbstractGoogleClientRequest.executeUnparsed(AbstractGoogleClientRequest.java:432)
at com.google.api.client.googleapis.services.AbstractGoogleClientRequest.execute(AbstractGoogleClientRequest.java:549)
at com.google.cloud.storage.spi.v1.HttpStorageRpc.list(HttpStorageRpc.java:356)
... 23 more
Error: org.embulk.config.ConfigException: com.google.cloud.storage.StorageException: Anonymous caller does not have storage.objects.list access to the Google Cloud Storage bucket.
my environment :
$ gcloud config list
[compute]
region = us-east1
zone = us-east1-c
[core]
account = myname#xxx.com
disable_usage_reporting = False
project = <project ID>
Your active configuration is: [default]
$ gcloud auth list
Credentialed Accounts
ACTIVE ACCOUNT
* myname#xxxx.com
To set the active account, run:
$ gcloud config set account `ACCOUNT`
$ gsutil ls
gs://<bucket name>
my gcp IAM role :
owner
I understand that the solution to this error is authorization.
But my preferences seem to be fine.
what's wrong?
As the documentation [1], if we have 401- Unauthorized error then there could be many reasons, please have a related list of reasons listed below [followed the link 1], which could be helpful for troubleshooting:
Reason:AuthenticationRequiredRequesterPays
Access to a Requester Pays bucket requires authentication.
Reason: authError
This error indicates a problem with the authorization provided in the request to Cloud Storage. The following are some situations where that will occur:
The OAuth access token has expired and needs to be refreshed. This can be avoided by refreshing the access token early, but code can also catch this error, refresh the token and retry automatically.
Multiple non-matching authorizations were provided; choose one mode only.
The OAuth access token's bound project does not match the project associated with the provided developer key.
The Authorization header was of an unrecognized format or uses an unsupported credential type.
reason:lockedDomainExpired
When downloading content from a cookie-authenticated site, e.g., using the Storage Browser, the response will redirect to a temporary domain. This error will occur if access to said domain occurs after the domain expires. Issue the original request again, and receive a new redirect.
Reason: push.webhookUrlUnauthorized
Requests to storage.objects.watchAll will fail unless you verify you own the domain.
Reason: required
Access to a non-public method that requires authorization was made, but none was provided in the Authorization header or through other means.
[1] https://cloud.google.com/storage/docs/json_api/v1/status-codes#401_Unauthorized
I try locally , and create Service Account Key and save at local .
◾️XXXX.yaml
before
auth_method: compute_engine
after
auth_method: json_key
json_keyfile: /path/to/json_keyfile.json
1) What we want:
We want Carbon (WSO2 API-Manager 3.0) to be proxied by Nginx through and after its interactions with our IAM login process.
2) what we did:
We reverse proxy to the initial page at our_proxy/wso2 and clients had no mention of the wso2_host machine.
We followed instruction from "Configuring the Proxy Server and the Load Balancer" to setup the reverse proxy.
https://apim.docs.wso2.com/en/latest/install-and-setup/setup/setting-up-proxy-server-and-the-load-balancer/configuring-the-proxy-server-and-the-load-balancer/#step-2-configure-the-load-balancerreverse-proxy-server
These are the settings we used in Step 3, "Configure the reverse proxy settings in the product":
[transport.https.properties]
proxyPort = 443
[server]
hostname = "our-api-store-url"
inside the file <API-M_HOME>/repository/conf/deployment.toml.
3) What we got:
During the authentication process, clients were redirected to Carbon on wso2_host:port and remained there after receiving their authentication token, so subsequent work was not proxied.
This is a problem because we cannot manage the URL appearance of our gateway or expose it without revealing wso2_host and requiring application port openings.
This is the corresponding error message from the log files:
api-manager_1 | JAVA_HOME environment variable is set to /opt/java/o penjdk
api-manager_1 | CARBON_HOME environment variable is set to /home/wso 2carbon/wso2am-3.0.0
api-manager_1 | Using Java memory options: -Xms256m -Xmx1024m
api-manager_1 | [2020-05-07 10:52:41,478] INFO {org.wso2.config.map per.ConfigParser} - Applying Configurations upon new Templates
api-manager_1 | [2020-05-07 10:52:41,483] WARN {org.wso2.config.map per.ConfigParser} - Overriding files in configuration directory /home/wso2carbon /wso2am-3.0.0
api-manager_1 | [2020-05-07 10:52:41,730] ERROR {org.wso2.config.map per.TomlParser} - server previously defined at line 1, column 1 (line 237, colum n 1)
api-manager_1 | [2020-05-07 10:52:41,732] SEVERE {org.wso2.carbon.s erver.Main handleConfiguration} - Error while performing configuration changes
api-manager_1 | org.wso2.config.mapper.ConfigParserException: Error parsing deployment configuration
api-manager_1 | at org.wso2.config.mapper.TomlParser.parse(TomlP arser.java:140)
api-manager_1 | at org.wso2.config.mapper.ConfigParser.parse(Con figParser.java:249)
api-manager_1 | at org.wso2.config.mapper.ConfigParser.deploy(Co nfigParser.java:217)
api-manager_1 | at org.wso2.config.mapper.ConfigParser.deployAnd StoreMetadata(ConfigParser.java:180)
api-manager_1 | at org.wso2.config.mapper.ConfigParser.parse(Con figParser.java:127)
api-manager_1 | at org.wso2.carbon.server.Main.handleConfigurati on(Main.java:231)
api-manager_1 | at org.wso2.carbon.server.Main.main(Main.java:10 3)
api-manager_1 | at sun.reflect.NativeMethodAccessorImpl.invoke0( Native Method)
api-manager_1 | at sun.reflect.NativeMethodAccessorImpl.invoke(N ativeMethodAccessorImpl.java:62)
api-manager_1 | at sun.reflect.DelegatingMethodAccessorImpl.invo ke(DelegatingMethodAccessorImpl.java:43)
api-manager_1 | at java.lang.reflect.Method.invoke(Method.java:4 98)
api-manager_1 | at org.wso2.carbon.bootstrap.Bootstrap.loadClass (Bootstrap.java:70)
api-manager_1 | at org.wso2.carbon.bootstrap.Bootstrap.main(Boot strap.java:51)
api-manager_1 |
apim-with-analytics_api-manager_1 exited with code 0
api-manager_1 | [2020-05-07 10:52:41,732] SEVERE {org.wso2.carbon.s erver.Main handleConfiguration} - Error while performing configuration changes
api-manager_1 | org.wso2.config.mapper.ConfigParserException: Error parsing deployment configuration
api-manager_1 | at org.wso2.config.mapper.TomlParser.parse(TomlP arser.java:140)
api-manager_1 | at org.wso2.config.mapper.ConfigParser.parse(Con figParser.java:249)
api-manager_1 | at org.wso2.config.mapper.ConfigParser.deploy(Co nfigParser.java:217)
api-manager_1 | at org.wso2.config.mapper.ConfigParser.deployAnd StoreMetadata(ConfigParser.java:180)
api-manager_1 | at org.wso2.config.mapper.ConfigParser.parse(Con figParser.java:127)
api-manager_1 | at org.wso2.carbon.server.Main.handleConfigurati on(Main.java:231)
api-manager_1 | at org.wso2.carbon.server.Main.main(Main.java:10 3)
api-manager_1 | at sun.reflect.NativeMethodAccessorImpl.invoke0( Native Method)
api-manager_1 | at sun.reflect.NativeMethodAccessorImpl.invoke(N ativeMethodAccessorImpl.java:62)
api-manager_1 | at sun.reflect.DelegatingMethodAccessorImpl.invo ke(DelegatingMethodAccessorImpl.java:43)
api-manager_1 | at java.lang.reflect.Method.invoke(Method.java:4 98)
api-manager_1 | at org.wso2.carbon.bootstrap.Bootstrap.loadClass (Bootstrap.java:70)
api-manager_1 | at org.wso2.carbon.bootstrap.Bootstrap.main(Boot strap.java:51)
api-manager_1 |
apim-with-analytics_api-manager_1 exited with code 0
api-manager_1 | JAVA_HOME environment variable is set to /opt/java/o penjdk
api-manager_1 | CARBON_HOME environment variable is set to /home/wso 2carbon/wso2am-3.0.0
api-manager_1 | Using Java memory options: -Xms256m -Xmx1024m
api-manager_1 | [2020-05-07 10:52:41,478] INFO {org.wso2.config.map per.ConfigParser} - Applying Configurations upon new Templates
api-manager_1 | [2020-05-07 10:52:41,483] WARN {org.wso2.config.map per.ConfigParser} - Overriding files in configuration directory /home/wso2carbon /wso2am-3.0.0
api-manager_1 | [2020-05-07 10:52:41,730] ERROR {org.wso2.config.map per.TomlParser} - server previously defined at line 1, column 1 (line 237, colum n 1)
api-manager_1 | [2020-05-07 10:52:41,732] SEVERE {org.wso2.carbon.s erver.Main handleConfiguration} - Error while performing configuration changes
api-manager_1 | org.wso2.config.mapper.ConfigParserException: Error parsing deployment configuration
api-manager_1 | at org.wso2.config.mapper.TomlParser.parse(TomlP arser.java:140)
api-manager_1 | at org.wso2.config.mapper.ConfigParser.parse(Con figParser.java:249)
api-manager_1 | at org.wso2.config.mapper.ConfigParser.deploy(Co nfigParser.java:217)
api-manager_1 | at org.wso2.config.mapper.ConfigParser.deployAnd StoreMetadata(ConfigParser.java:180)
api-manager_1 | at org.wso2.config.mapper.ConfigParser.parse(Con figParser.java:127)
api-manager_1 | at org.wso2.carbon.server.Main.handleConfigurati on(Main.java:231
Any ideas on what we can change to fix the problem?
We solved the problem by following the steps in "Troubleshooting 'Registered callback does not match with the provided url' error" in the API Manager Documentation.
https://apim.docs.wso2.com/en/latest/troubleshooting/troubleshooting-invalid-callback-error/
In addition, we had our Identity Provider (IDP/IAM) team update the settings with the same callback to carbon which then calls to the webapp of store and publisher.
I'm creating a database cluster and a DMS in the same stack. I'm using SecretsManager to pass the connection properties of the DB Cluster to the Endpoint. I've added a dependency between the endpoint and DB Cluster, but when I try to deploy the stack I get a problem like this:
11/14 | 10:08:49 AM | CREATE_COMPLETE | AWS::RDS::DBCluster | FooDBCluster
11/14 | 10:08:51 AM | CREATE_IN_PROGRESS | AWS::DMS::Endpoint | fooendpoint
11/14 | 10:08:51 AM | CREATE_IN_PROGRESS | AWS::SecretsManager::SecretTargetAttachment | FooDBSecretAttachment (FooDBSecretAttachmentE2E5F50F)
12/14 | 10:08:52 AM | CREATE_FAILED | AWS::DMS::Endpoint | fooendpoint Could not find a value associated with JSONKey in SecretString
The same does not happen if I have complemented the deployment of the DB Cluster some time before starting to deploy the Endpoint. This implies the host & port are not present in the Secret right after the DB Cluster has been created. Indeed in CDK they are declared after the DB Cluster.
However, I cannot add a dependency between the Endpoint and SecretTargetAttachment as SecretTargetAttackment is not a CfnResource type expected by the CfnEndpoint addDependencyOn method.
You can add the dependency if you access the underlying node, like so.
if (secretsAttachment.node.defaultChild) {
endPoint.node.addDependency(secretsAttachment.node.defaultChild);
}