I am trying to automate the creation of users and roles in wso2 by way of the included api's. I can list the wsdl with no problem. I can call the api authenticate with no problem. But if I call any other api endpoint such as isExistingUser I get a UserStoreException returned and a "Error occurred while accessing java Security Manager Privilege Block" in the logs. How exactly do I make an api call to check the existence of a user, add/remove a user, add/remove a role to a user?
an example of an api call that works is
https://ip address:9443/services/RemoteUserStoreManagerService/authenticate?userName=admin&credential=admin
and example of an api call that does not work is
https://ip address:9443/services/RemoteUserStoreManagerService/isExistingUser?admin
The request seems to be wrong. Try with parameter name as mentioned below:
https://ip address:9443/services/RemoteUserStoreManagerService/isExistingUser?userName=admin
Related
I want to use the wso2 SCIM2.0 API for CRUD operations on my users.
When I call the API to get ALL the users, it works, but when I try to call the API to get a specific User by its ID, it returns a 403 forbidden error.
The API I'm calling is this one:
https://localhost:9443/t/carbon.super/scim2/Users/29ae81f4-37eb-4e5c-a3c9-33cba98f4f47
and I'm passing the access token generated with the scope: internal_user_mgt_list
and the users logged in that is trying to call the API has all the User Managment permissions.
I solved the problem. The documentation specifies the wrong scope. The required scope is not internal_user_mgt_list but internal_user_mgt_view
I have an API that I have setup in WSO2's API Manager Publisher tool. All the calls work fine when called correctly with an Access Token.
But I have one url that I want anyone to be able to call. (It is a customized Swagger UI page (different from the one built into the WSO2 tooling).)
To do this I add the Swagger UI url as a resource. But when I go there it says:
Required OAuth credentials not provided. Make sure your API invocation call has a header: 'Authorization : Bearer ACCESS_TOKEN'
Generally, I really like this default. (I want all my other API resources to require an Access Token.) But for this one I don't have an access token and don't expect to.)
Is it possible to publish one resource and not need any authentication?
Also it can be done in 2.x versions of API Manager through disabling for each endpoint the security in publisher tool. In manage tab, resources section, for each resource/endpoint set the value x-auth-type to "None". Default value is "Application & Application User". This disable security and then authentication required for accesing to the selected API resources.
This can be done as mentioned in https://stackoverflow.com/a/61133046/3176125
Basically you can turn off for one of the resources while you allow security for the rest of the resources.
Is it possible to get the name of the Application that triggered the API call on WSO2 API Manager and pass it on to the call as a header?
Any can help how to do this please.
Yes, application name is part of the JWT token that you get with the calls. Here's documentation.
JWT tokens are enabled by default in WSO2 API Cloud (the public hosted service from WSO2). So if you are using it - everything just works.
If you are deploying API Manager yourself, you need to configure JWT yourself as explained here.
One option would be to implement an custom handler. See Writing Custom Handlers
APIMgtUsageHandler is one of the handlers in API manager which collects the application name (to collect usage data). So you can refer it as a sample handler on how to get the application name. see APIMgtUsageHandler.java
I have downloaded the new version of API Manager 1.0.0 GA.
I am confused about publishing the WSDLs, since that has not a related API KEY, everyone can access it.
For that reason I have tried to add access token from ESB, but that will not authenticate the API Manager's Users (like Apisubscriber) only the users inside the ESB (even if I have configured an external JDBC db for both APIManager and ESB user-mgt.xml).
So, is there a way to create an API key for WSDLs as well from the API Manager? Or How do I control the access to the published WSDLs in the API store?
Many thanks
EDIT:
From the ESB I have added security to the service by using the built-in security scenarios, in my case I have used "UsernameToken". This authenticates users based on roles defined in the ESB "admin/everyone..." and only accepts users defined in the ESB's user store "admin/admin" (and others you might have created).
I have ESB and AM configured to share the same mysqlDB for user store, but that does not work in my Security Scenario described before: if I create a user "apicreator" inside AP and I create "usertest" inside ESB, they store the users inside the same MySQL db, but under different "tentant", i.e. "apicreator" is not a valid user to authenticate in my Security Scenario (UsernameToken). I hope this description helps to clarify the problem. thanks
With WSO2 API Manager, you couldn't control the access to a published WSDL in API Store.Currently there's no way of creating an API key for WSDLs as well from the API Manager.But that controlling has to be done through your back-end service. How-ever when creating an API from WSO2 API Manager ,giving the Wsdl url as an input is not a required field,but an optional field.
Apart from that I'm not clear about your following phrase."For that reason I have tried to add access token from ESB, but that will not authenticate the API Manager's Users (like Apisubscriber) only the users inside the ESB".Can you explain a bit more what you mean by "add access token from ESB"?
Thanks;
/Lalaji
I am working with the Facebook Graph API using an account that manages a few other accounts. I can perform most operation just fine, such as adgroups, stats, etc. However, when I try to call adcampaigns or adcreatives I get the error message:
(#294) Managing advertisements requires the extended permission ads_management, and a participating API key
This also happens in the graph explorer. I generate a token and I check the ads_management permission and run the same operations, but I get the same problem. I can call adgroups, adaccounts, stats, etc., but I cannot call adcampaigns or adcreatives. Does anyone have any ideas as to what I'm missing?
Jorge this just means that you need to apply to have your Facebook app given the capability to call into the Facebook Ads API. Once your app is approved, you'll be able to call into the Ads API. You can start the process here:
https://developers.facebook.com/marketingapis/