I am currently evaluating WSO2 IS for authentication for APIM. Basically, the APIM login, authentication and token generation should happen through WSO2 IS.
I have read through many documentation which are present in wso2 sites but could not getting through it.
I am using IS as version 5.7.0 and APIM as version 2.5.0
If some one could help me in getting the proper documentation link which has step by steps process, it could be of great support.
However, I have gone through the below links
Here's [link1] (https://docs.wso2.com/display/CLUSTER44x/Configuring+the+Identity+Server+5.2.0+as+a+Key+Manager+with+API+Manager+2.0.0#)
and
Here's [link2] https://docs.wso2.com/display/CLUSTER420/Configuring+the+Identity+Server+5.0.0+with+API+Manager+1.9.1
As updated earlier, now I have integrated IS with IAM but when I am trying to fetch the application subscription token from store, I am getting below error
ERROR - AbstractKeyManager Can not retrieve OAuth application for the given consumer key : xxxxxxxxxxxxxxxxxxxx
org.apache.axis2.AxisFault: The service cannot be found for the endpoint reference (EPR) https://localhost:9445/services/APIKeyMgtSubscriberService
at org.apache.axis2.util.Utils.getInboundFaultFromMessageContext(Utils.java:531)
at org.apache.axis2.description.OutInAxisOperationClient.handleResponse(OutInAxisOperation.java:381)
at org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:456)
at org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:227)
at org.apache.axis2.client.OperationClient.execute(OperationClient.java:149)
Can someone please check and let me know how this can be avoided. Do i have to update the Hostname anywhere?
Thanks
Refer this doc - https://docs.wso2.com/display/AM250/Configuring+WSO2+Identity+Server+as+a+Key+Manager. It contains the steps to configure IS as Key manager for APIM
Related
Having WSO2 API Manager 2.1.0 and WSO2 IS 5.3.0 KM (with prepackaged Key Manager) I set up the Key Manager as described in the documentation.
The main intention is authenticate and authorize users with other federated IdPs and add some authorization capabilities. My assumption is that users auhorized with WSO2IS will receive an OAuth token valid for the defined APP and API.
So far all on localhost with IS offset 1. I created an API, an application and that is usable from the API Store.
When trying to authorize a client through WSO2 IS using the code grant_type authorization:
https://localhost:9444/oauth2/authorize?response_type=code&client_id=KJTbkbFmcDvslo2fjhzfQkaBH3Ea&redirect_uri=http%3A//localhost%3A8080/test2/callback
I am asked for credentials and authorization grant (looks ok) and then I receive an exception on IS:
[2018-03-27 10:43:51,822] ERROR {org.apache.catalina.core.StandardWrapperValve} - Servlet.service() for servlet [OAuth2Endpoints] in context with path [/oauth2] threw exception
java.lang.RuntimeException: org.apache.cxf.interceptor.Fault
at org.apache.cxf.interceptor.AbstractFaultChainInitiatorObserver.onMessage(AbstractFaultChainInitiatorObserver.java:116)
...
Caused by: java.lang.NullPointerException
at org.wso2.carbon.identity.oauth.endpoint.authz.OAuth2AuthzEndpoint.authorize(OAuth2AuthzEndpoint.java:251)
at org.wso2.carbon.identity.oauth.endpoint.authz.OAuth2AuthzEndpoint.sendRequestToFramework(OAuth2AuthzEndpoint.java:1163)
at org.wso2.carbon.identity.oauth.endpoint.authz.OAuth2AuthzEndpoint.authorize(OAuth2AuthzEndpoint.java:135)
at org.wso2.carbon.identity.oauth.endpoint.authz.OAuth2AuthzEndpoint.authorizePost(OAuth2AuthzEndpoint.java:574)
What I assume I misconfigured some endpoint, however - any idea which service is invoked by the OAuth2AuthzEndpoint implementation or potential cause for this exception?
This is already reported in https://wso2.org/jira/browse/IDENTITY-5581.
You can WUM update the WSO2 IS 5.3.0 to resolve the issue.
I'm using wso2am 2.0.0 and trying to configure SSO for access to the store and publisher application.
I'm not using wso2 IS but just configured the api manager directly to my IdP server(I have edited the site.json file to with my IdP setting)
I'm getting this exception after being authenticated to my IdP:
SAML Response contains invalid number of assertions. {org.wso2.carbon.hostobjects.sso.SAMLSSORelyingPartyObject}
It look like my SAML response isn't correct but i'm unable to find why?
There was no problem with my SAML response .
The problem was caused by a difference between my IdP server and the api manager timezone (they are deployed in two different environment), so the exception is thrown when comparing the current time in the gateway with the NotBefore/NotOnOrAfter
So may be a more significant error message could help
You can use an online SAML Response decoders like this and see what's wrong with you SAML response.
Another option is to use SAML Tracer in firefox.
How to integrate WSO2 am 1.10.0 with PingFederate SAML 2.0? Any instructions?
From WSO2 web site, I only saw docs on how to set up SSO among WSO2 products: https://docs.wso2.com/display/AM1100/Configuring+Single+Sign-on+with+SAML2 . But I did not see documentation on how to enable WSO2 AM 1.10.0 with external identity providers such as PingFederate via SAML2.
Any help is appreciated.
*** UPDATE:
I followed the instructions here https://docs.wso2.com/display/AM1100/Configuring+Single+Sign-on+with+SAML2 - just assuming WSO2 IS as PingIdentity. For the mojority part it's working, but I cannot generate keys when subscribing to an API. It says "invalid credentials" even if I have logged into applications and subscriptions and can create applications from /store UI.
I can confirm that this can be done without adding a separate wso2 IS server into the picture. I fixed several issues (Cannot generate keys, cannot publish APIs, etc..) by: What I did to fix the issue was to 1) add admin user inside ApiKeyValidaor in api-manager.xml also into admin user via management console and into user-mgt.xml; 2) Inside api-manager.xml:
Change the following:
https://${carbon.local.ip}:${mgt.transport.https.port}${carbon.context}/services/
to: https://[FQDN_OF_HOST}:${mgt.transport.https.port}${carbon.context}/services/
Reason is my server certificate only recorded the domain name, not ip address.
The solution was also mentioned here: wso2 am 1.10.0 API Store: "Error occurred while executing the action generateApplicationKey" with " Invalid credentials provided."
Basically, you can do this by adding PingFederate as an IDP in WSO2 AM and configuring federated SAML SSO configurations. An example of how to achieve this with Shibboleth is given in [1]. You can follow the same steps to do any configurations according to your requirement.
Refer [2] for configuring SAML SSO Federated authenticator in general
[1] https://docs.wso2.com/display/IS510/How+To%3A+Configure+Shibboleth+IdP+as+a+Trusted+Identity+Provider
[2] https://docs.wso2.com/display/IS510/Configuring+SAML+2.0+Web+SSO
I'm setting up WSO2 API Manager & WSO2 BAM. I folloed each and every step given in the below article.
http://umeshagunasinghe.blogspot.com/2013/11/how-to-configure-wso2-api-manager-to.html
I see below error in the terminal when I try to access the statistics page.
[2015-02-06 14:15:29,405] ERROR - usage:jag java.lang.NullPointerException: null
Below is the page I get.
I checked below questions as well. but didn't work out for me.
Why am I unable to view stats in the WSO2 API Manager Store?
Configuring WSO2 API Manager to use the WSO2 BAM Server
How can I fix this?
You see this error because there are no data to be shown. Please invoke APIs and try this page.
Please read the comments for more info
Following
http://docs.wso2.org/wiki/display/ESB460/Config+and+Governance+Partitions+in+Separate+Nodes
i tried to integrated WSO2 API manager with Governance registry.
I am running both of them with different offsets.
After login to API Manager Mgtm Console i get errors while accessing different links 'OAuth' 'Service Bus - APIs' etc.
Error occurred while reading OAuth application data
The following error details are available. Please refer logs for more details.
org.apache.axis2.AxisFault: Failed to get server context
Error while loading authorized applications
error
The following error details are available. Please refer logs for more details.
org.apache.axis2.AxisFault: The service cannot be found for the endpoint reference (EPR) local://services/FlowsAdminService
Seems some thing missing in document.
I was able to resolve this issue by updating the domain thing based on the product and did not kept it wso2.carbon.domain as is by default. For e.g
<parameter name="domain">wso2.esb.domain</parameter>
this solved my problem and i am running all WSO2 products this way.