WSO2 IS 5.9.0 Updating user claims - wso2

I have two problems, when use the method setUserClaimValue from RemoteUserStoreManagerService SOAP endpoint, the update, works good.
But, the endpont /userinfo lost the values, I need to re-authenticate the user for generate a new access token and all works good again.
I need use the method setUserClaimValue from RemoteUserStoreManagerService for update more than one claim, but nothing happend, I don't have any error but the claims were not updated.
This is my env:
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ser="http://service.ws.um.carbon.wso2.org" xmlns:xsd="http://common.mgt.user.carbon.wso2.org/xsd">
<soapenv:Header/>
<soapenv:Body>
<ser:setUserClaimValues>
<!--Optional:-->
<ser:userName>username#mail.com</ser:userName>
<!--Zero or more repetitions:-->
<ser:claims>
<!--Optional:-->
<xsd:claimURI>http://wso2.org/claims/emailaddress</xsd:claimURI>
<!--Optional:-->
<xsd:value>newemail#mail.com</xsd:value>
</ser:claims>
<!--Optional:-->
<ser:profileName></ser:profileName>
</ser:setUserClaimValues>
</soapenv:Body>
</soapenv:Envelope>
What method I should use for update more thant one claim?
Why when update claims, my actual access token lost data from /userinfo endpoint, and is it necessary to generate a new access token?

1)
What method I should use for update more thant one claim?
You have to use setUserClaimValues from RemoteUserStoreManagerService. You can follow this document for further information on this RemoteUserStoreManagerService.
A sample soap service is given below.
<soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope" xmlns:ser="http://service.ws.um.carbon.wso2.org" xmlns:xsd="http://common.mgt.user.carbon.wso2.org/xsd">
<soap:Header/>
<soap:Body>
<ser:setUserClaimValues>
<ser:userName>piraveena</ser:userName>
<ser:claims>
<xsd:claimURI>http://wso2.org/claims/organization</xsd:claimURI>
<xsd:value>wso2</xsd:value>
</ser:claims>
<ser:claims>
<xsd:claimURI>http://wso2.org/claims/country</xsd:claimURI>
<xsd:value>srilanka</xsd:value>
</ser:claims>
<ser:profileName>default</ser:profileName>
</ser:setUserClaimValues>
</soap:Body>
</soap:Envelope>
2)
Why when update claims, my actual access token lost data from
/userinfo endpoint?
I couldn't reproduce this issue locally. I was able to obtain the userclaims without reauthenticating even after updating the claims via admin service.
When user claim is updated, the userattribute cache which is mapped against the accesstoken also will be cleared by an event. So the next time when you call the useinfo endpoint, the cache will be empty. In that case, the claim will be obtained from userstore. Please refer to this code here. Due to this, the user doesn't need to reauthenticate since the userattributes exist in the userstore.
But you may face this issue when you have enabled email as username and you update the email of the user via the service.

Related

How authenticate for webservice with JMeter?

I used JMeter as proxy to record all requests of a test scenario of our web services, and JMeter created request and one HTTP Authorization Manager, with stored authorizations for each request.
But when I launch this scenario, I get a 401 response code for all requests. I move HTTP Authorization manager in Thread Group, but I still get a 401 code.
All requests of our WS require authentication.
How do add authentication in one place for each request ? And, how parameterized them ?
Thanks, Denis
The answers may vary depending on web service security type and there are a lot of options, for example web service may require custom authentication header, custom HTTP header, custom cookie, custom token somewhere, etc.
Exhibit A: request without authentication
<soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope" xmlns:web="http://www.webserviceX.NET">
<soap:Header/>
<soap:Body>
<web:GetCitiesByCountry>
<!--Optional:-->
<web:CountryName>India</web:CountryName>
</web:GetCitiesByCountry>
</soap:Body>
</soap:Envelope>
Exhibit B: request with username/password authentication
<soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope" xmlns:web="http://www.webserviceX.NET">
<soap:Header>
<wsse:Security soap:mustUnderstand="true"
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsse:UsernameToken wsu:Id="UsernameToken-29FBADA106D95AD8E114818886210611">
<wsse:Username>johndoe</wsse:Username>
<wsse:Password
Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">
secret
</wsse:Password>
<wsse:Nonce
EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">
jnXB+PJ34M7aqfDU88glzg==
</wsse:Nonce>
<wsu:Created>2016-12-16T11:43:40.755Z</wsu:Created>
</wsse:UsernameToken>
</wsse:Security>
</soap:Header>
<soap:Body>
<web:GetCitiesByCountry>
<!--Optional:-->
<web:CountryName>India</web:CountryName>
</web:GetCitiesByCountry>
</soap:Body>
</soap:Envelope>
The most commonly used way of parametrizing a request is using CSV Data Set Config.
See Take the Pain out of Load Testing Secure Web Services article for more detailed explanation of some web services authentication types bypassing in JMeter test.

WSO2 ESB : how to retrive the Carbon Applications List

for monitoring purpose I was looking for a way, possibly via JMX or SNMP, to retrieve the Carbon Applications List and for each one of those the version.
I googled and read the docs but wasn't able to find anything
Any idea ?
TIA
Max
You can view the list or carbon apps deployed by calling admin services.
To get the list of carbon apps you should invoke ApplicationAdmin admin service.
Admin Service URL: https://localhost:9443/services/ApplicationAdmin
Sample Request Payload:
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:mgt="http://mgt.application.carbon.wso2.org">
<soapenv:Header/>
<soapenv:Body>
<mgt:listAllApplications/>
</soapenv:Body>
</soapenv:Envelope>
Sample Response Payload:
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
<soapenv:Body>
<ns:listAllApplicationsResponse xmlns:ns="http://mgt.application.carbon.wso2.org" xmlns:ax21="http://mgt.application.carbon.wso2.org/xsd">
<ns:return>ContainerAPICompositeApplication_1.0.0</ns:return>
<ns:return>SalesforceCompositeProject_1.0.0</ns:return>
</ns:listAllApplicationsResponse>
</soapenv:Body>
</soapenv:Envelope>
Make sure you pass in the authenticated session ID when making the request. You can find more details on this at : http://itsmaheeka.blogspot.com/2016/06/wso2-admin-services.html

Creating application with permissions using webservice API

I'm trying to create a serviceProvider including permissions using the webservice API of WSO2IS 5.1.0
The API I'm using is the one you can find on https://docs.wso2.com/display/IS510/Identity+Application+Management+API
Simply creating a serviceProvider with the request below works fine.
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://org.apache.axis2/xsd" xmlns:xsd1="http://model.common.application.identity.carbon.wso2.org/xsd">
<soapenv:Header/>
<soapenv:Body>
<xsd:createApplication>
<xsd:serviceProvider>
<xsd1:applicationName>APP_NAME</xsd1:applicationName>
<xsd1:description>My application name</xsd1:description>
</xsd:serviceProvider>
</xsd:createApplication>
Trying to create a serviceProvider with permissions with the request below fails with the message
Error while storing permissions for application APP_NAME
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://org.apache.axis2/xsd" xmlns:xsd1="http://model.common.application.identity.carbon.wso2.org/xsd">
<soapenv:Header/>
<soapenv:Body>
<xsd:createApplication>
<xsd:serviceProvider>
<xsd1:applicationName>APP_NAME</xsd1:applicationName>
<xsd1:description>My application name</xsd1:description>
<xsd1:permissionAndRoleConfig>
<xsd1:permissions>
<xsd1:value>permission1</xsd1:value>
</xsd1:permissions>
</xsd1:permissionAndRoleConfig>
</xsd:serviceProvider>
</xsd:createApplication>
I cannot find any further information in the logs and also the example request messages on the WSO2 documentation site are lacking any information.
Any help or suggestion is welcome

Error in WSO2 ESB when calling service without Header element

I believe I found bug in WSO2 ESB.
I defined proxy service for our customer.
With security turned off I always get expected result, but when I enable security (scenario 1 - UsernameToken), then I get error "SOAP Envelope can not have children other than SOAP Header and Body".
I'm able to reproduce this bug with 'echo' service.
Here is request:
<soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope" xmlns:echo="http://echo.services.core.carbon.wso2.org">
<soap:Body>
<echo:echoString>
<in>ABC</in>
</echo:echoString>
</soap:Body>
</soap:Envelope>
Turning security off or adding <soap:Header /> element before <soap:Body> element provides expected response again.
I'm using WSO2 ESB version 4.8.1, SoapUI 5.0.0 as client.
The SOAP headers contain application specific information related to the SOAP message. They typically contain routing information, authentication information, transaction semantics etc.
If you removed <soapenv:Header/> SoapUI will not send your user name and password to rampart.
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:echo="http://echo.services.core.carbon.wso2.org">
<soapenv:Header/>
<soapenv:Body>
<echo:echoString>
<!--Optional:-->
<in>ABC</in>
</echo:echoString>
</soapenv:Body>
</soapenv:Envelope>
So your error was return by org.apache.axiom.soap.SOAPProcessingException due to AxisEngine System error.
When your sending request to secured one header is must..

How to handle null Request Tags in wso2 BPS

I have created a service in wso2 BPS. Now while i am testing my service i have come accross a problem. That is my request payload is like :
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:roms="http://tempuri.org/">
<soapenv:Header/>
<soapenv:Body>
<roms:CreateSceduler>
<roms:SampleID>?</roms:SampleID>
<!--Optional:-->
<roms:ScheduleID>?</roms:ScheduleID>
<roms:PersonID>?</roms:PersonID>
<!--Optional:-->
<roms:PersonName>?</roms:PersonName>
<roms:Location>?</roms:Location>
<roms:CreatedDateUTC>?</roms:CreatedDateUTC>
<!--Optional:-->
<roms:RecordDateTimeUTC>?</roms:RecordDateTimeUTC>
<!--Optional:-->
<roms:RecordedBy>?</roms:RecordedBy>
<!--Optional:-->
<roms:RecordedAt>?</roms:RecordedAt>
<!--Optional:-->
<roms:LastModifiedBy>?</roms:LastModifiedBy>
<!--Optional:-->
<roms:LastModifiedDateUTC>?</roms:LastModifiedDateUTC>
<!--Optional:-->
<roms:LastModifiedAt>?</roms:LastModifiedAt>
<!--Optional:-->
<roms:Comments>?</roms:Comments>
</roms:CreateRoundTask>
</soapenv:Body>
</soapenv:Envelope>
Now as seen above, there are optional as well as mandatory tags.
Now my boss wants that while i am trying to hit the service in soap ui i will not pass the optional tags and will only pass the mandatory ones like :
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:roms="http://tempuri.org/">
<soapenv:Header/>
<soapenv:Body>
<roms:CreateSceduler>
<roms:SampleID>?</roms:SampleID>
<roms:PersonID>?</roms:PersonID>
<roms:Location>?</roms:Location>
<roms:CreatedDateUTC>?</roms:CreatedDateUTC>
</roms:CreateRoundTask>
</soapenv:Body>
</soapenv:Envelope>
But when i invoke my BPS service with this payload in soap ui i get selection failure fault.
How can i achieve above functionality which my boss wants in wso2 BPS.
Looking forward to your answers. Thanks in advance
A BPEL selection failure means that your BPEL process tries to access an element on your message that is not there.
If this selection failure happens in an <assign> activity, you can set the ignoreMissingFromData attribute in the <copy> element in order to ignore such cases. See the BPEL spec, page 63:
The optional ignoreMissingFromData attribute of the construct is used to specify
whether a bpel:selectionFailure standard fault is suppressed as specified in section 8.4.1.
Selection Result of Copy Operations. The default value of the ignoreMissingFromData is "no".
If the selection failure happens in a condition, you'd need to check for the existence of this element first.