I setup IS as Key Manager for API-M. Then I tried to create new tenant
Login IS carbon console with super tenant
Create new tenant with domain and admin user
Login IS carbon console with new tenant's admin successfully
Try to login API-M carbon console with new tenant's admin.
Console of API-M shows: CarbonAuthenticationUtil Failed Administrator login attempt 'newuser[3]'
However, i can login in API Publisher with new user
What additional configuration that i should do ?
It looks like you haven't shared user store and permission DB correctly across APIM and IS. Please check user-mgt.xml in both products. If possible attache user-mgt.xml and master-datasources.xml in both products by removing sensitive information like database, LDAP passwords ...etc.
Related
We are using WSO2 APIM Manager-3.2.0 for API publishing and
Integrated WSO2 Identity server-5.10.0 with APIM as a Key Manager.
Have changed the default admin password using IS management console and I am able to login to IS management console using new password, However I am unable to login to APIM publisher and devportal using new password and getting Internal Server error while logging.
Following below links resolved the above issue:
Changing admin password for IS-5.10.0:
https://is.docs.wso2.com/en/5.10.0/setup/maintaining-logins-and-passwords/#changing-the-super-admin-password
Changing admin password for APIM-3.2.0:
https://apim.docs.wso2.com/en/3.2.0/install-and-setup/setup/security/logins-and-passwords/maintaining-logins-and-passwords/#change-the-super-admin-credentials
We're integrating our asp.net MVC client with WSO2's Identity Server v5.8.0.
Below are the steps we've followed:
1) Created a Service provider for our MVC application & configured Inbound authentication with OAuth/OpenID configuration, also configured Inbound provisioning with primary user store.
2) In our MVC application, we've set up a WSO2 configuration using OWIN's WSO2 NuGet package with the generated client-id & client-secret from the service provider.
3) We've configured MongoDB as our primary user store.
Now we're trying to add a user using SCIM2 API (https://localhost:9443/scim2/Users). Below is the response we're getting:
{"schemas":["urn:ietf:params:scim:api:messages:2.0:Error"],"detail":"Cannot add user through scim to user store . SCIM is not enabled for user store WSO2.COM","status":"500"}
I've even changed below config in user-mgt.xml
<Property name="SCIMEnabled">true</Property>
What else do we need to configure? Is there any other way to add user in WSO2 Identity server apart from using SCIM APIs?
It seems like you are having two user stores the primary user store and a secondary user store named wso2.com. By adding the
<Property name="SCIMEnabled">true</Property>
To the user-mgt.xml you are enabling SCIM2 to the primary user store. Not the secondary user store. But from the API you are adding the user to the secondary user store. Since you havent enabled SCIM in the secondary user store you are getting this error. You have two options.
1) Add the user to PRIMARY user store
By analyzing the error that you are getting the user name of the user that you are trying to add should be some thing like
WSO2.COM/Abhishek
Change this to
Abhishek
2) Enable SCIM2 in the secondary user store
Log in to the management console and click list in User Stores sub menu under identity menu.
The User Store Management page opens. There should be a user store named WSO2.COM
Click on edit. Click on advanced tick the enable scim
Reference: https://docs.wso2.com/display/IS580/Using+the+SCIM+2.0+REST+APIs
I had migrated one user from source wso2 (4.6.0) to target wso2(5.5.0) using insert query in below tables only.
1. UM_USER (The Table contains users username, password etc.)
2. UM_USER_ATRIBUTES (The Table contains user attributes like sn, giveName etc.)
We have using wso2 manage user credential only(user add/delete) that's why we had directly inserted user details
in above tables instead of follows the complete migration step.
we have successfully creating token for migrated user base on password grant_type but unable to login in wso2 admin console using the same credential.
In order to create access tokens, the user doesn't need to have login permission. But in order to log in to management console & dashboard, the particular user should have login permission. Please assign login permission to the user and then login to management console.
I'm trying to create a self-signup client application which is using WSO2 API Manager and Identity Server.
When I tried to call a web service provided by Identity Server, I've observed that some of the java classes are trying to get a tenant admin credential from a registry file called self-signup.xml.
Due to this I am forced to change the tenant's admin credential manually in self-signup.xml whenever I change the admin's credential through carbon UI.
My questions are:
Is there any specific reason that WSO2 Identity Sever gets a tenant admin credential from that registry file rather than retrieving it from a database?
Is there any way to automatically update the tenant admin's credential written on that registry file when the credential is updated in the database (e.g. changed through carbon UI)
Thanks in advance.
What is the web service you are using for self sign up here?
If you are using UserRegistrationAdminService you should not require any admin credential for self sign up.
You should not require to read admin credentials from a file in your client. Usually if you want to call a web service which require authentication from your client, you need an user logged in to your client and you need to use the cookie retrieved by that user.
I am very new to wso2. I try to integrate wso2 identity server 5.0 with an external ldap. I configured it according to this : https://docs.wso2.com/display/IS500/Configuring+a+Read-only+LDAP+User+Store
At the end of the link, it says that try to sign in with admin user but how can I authenticate an another user which is available in LDAP? Is it possible to login to the identity server with another ldap user (other than admin).
Thanks
according the configuration how it is described, a new user 'admin' with 'admin' role is added after startup. I assume you want to log on another user. You should be able to authenticate other users as well for other service providers (applications), but not in the management console. For that the admin role is required.
What you can try is to use the 'dashboard' application ( https://your-is-server-hostname:9443/dashboard/ )
Have fun
g.
Since you are configuring a read-only LDAP as the primary user store,
The user that should have admin permissions is required to be stored in the user store when you start the system for the first time. After that you have to give the login permission for all users in the LDAP user store. Login permission defined under admin permissions, which allows users to login to the management console.
Configure----->Users and Roles----->Roles----->Select "Permissions" of "Internal/everyone" or "Internal/your configured application" that you would like to give the permission.
Select "Login".
Update.
For the more details you can refer [1].
[1] https://docs.wso2.com/display/IS500/Role-based+Permissions