(I know that this sounds as a newbie questions, but, you know, really, I don't finde the answer in docs)
In WSO2 products, and specifically in API Manager (2.1.0), we have to modify a lot of configuration files just to start.
We have seen that some configuration files (api-manager.xml, carbon.xml) use configurations variables. E.g., ${admin.username} to substitute by admin user.
We have found an old post (2016) explaining the use of configuration variables in WSO2 products
https://medium.com/#shan1024/overriding-configurations-in-wso2-products-using-deployment-properties-file-f096e96f782d
But we are not able to find the deployment.properties files referenced in that post, neither and official documentation.
Do you know if this works in APIM? Where have I to install this file?
As far as I know, deployment.yaml was introduced in Carbon kernel 5.2 onwards. But WSO2 APIM 2.x is based on Carbon kernel 4.4.X. Therefore APIM 2.x doesn't support that.
WSO2 APIM 3.X will support this feature.
Related
I am looking out for suggestions on the recent vulnerability(https://blogs.apache.org/security/entry/cve-2022-42889) which is also coming from the wso2 IS 5.11 binary downloaded from(https://github.com/wso2/product-is/releases/tag/v5.11.0) and the carbon libraries we are using in custom plugins like:
<groupId>org.wso2.carbon.identity.framework</groupId><artifactId>org.wso2.carbon.identity.mgt</artifactId>
<version>5.18.187</version>
<groupId>org.wso2.carbon.identity.framework</groupId>
<artifactId>org.wso2.carbon.identity.application.authentication.framework</artifactId>
<version>5.18.187</version>
<groupId>org.wso2.carbon.identity.framework</groupId>
<artifactId>org.wso2.carbon.identity.provisioning</artifactId>
<version>5.18.187</version>
As there any upgrades to these which is compatible with wso2 IS v5.11?
From wso2 advisories, it is mentioned that the vulnerability has no impact on the products [1] since the preconditions are not met and the team promises of fixing the vulnerable versions and (paid) customers will be able to obtain it through their security update once it is available. Along with this effort, the public fix will be done for the current public branch and will be available if you build the product-is from the repository. The timeline for the public fix is yet to be known.
And the suggested upgrade would be to 1.10.0 of Apache Commons Text library for 5.11.0.
This library comes to Identity server 5.11 pack mainly through Forget me tool. And in the latest release (wso2is-6.0.0), forget me tool has been externalized[2] which could be used in the product on demand.
Refer:
[1] https://docs.wso2.com/display/Security/CVE-2022-42889
[2] https://is.docs.wso2.com/en/latest/deploy/remove-references-to-deleted-user-identities/#building-the-identity-anonymization-tool
I would like to implement a distributed architecture using API-Manager. There are several patterns to use according to WSO2 deployment guide (https://docs.wso2.com/display/AM210/Deployment+Patterns). I'm interested in pattern 4.
I would like to know if there is any puppet module already available for these new patterns or when they are planned to be released.
Thank you very much
WSO2 hasn't released puppet modules for latest patterns. You can refer the latest (https://github.com/wso2/puppet-apim/releases/tag/v2.1.0.1).
I'm looking for some guidance about two specific WSO2 products, API Manager and Identity Server and for the best solution to solve the problem I'm going to explain below.
In my company, we are using ADFS 3.0 for Single Sign On support in our applications. However we are now building applications that will require OpenID Connect Specification (SPA's+Rest API's) and ADFS does not support this out of the box so we've decided to use WSO2 products for that purpose.
I already managed to install WSO2 Identity Server 5.0.0 SP1 and configured ADFS as a federated Identity Provider (the new applications will still have to authenticate users using ADFS). I also installed WSO2 API Manager 1.9.1 and configured it to use WSO2 Identity Server as the Key Manager (Configuration tutorial).
Now the problem:
Using WSO2 Identity Server 5.0.0 SP1 I couldn't get the Logout feature to work due to the issue reported here. It seems that this issue has been solved in version 5.1.0M4 so I tried to install version 5.1.0-alpha and managed to make the logout to work with ADFS (I tested it by enabling SSO for the carbon administration). However, now I'm not able to install the Key Manager feature through the carbon repositories due to incompatibilities.
As a result, with the first combination (wso2is 5.0.0 SP1/wso2am 1.9.1) I had the logout issue with ADFS and with the second combination (wso2is 5.1.0-alpha/wso2am 1.9.1), I'm not able to install the Key Manager feature in Identity Server.
Is there any way to apply a patch to solve the logout issue in the first combination? Is there a way to install the key manager feature on WSO2IS 5.1.0-alpha? Or can someone point me to another solution to solve this issue?
The issue you pointed above, marked as it type as "Patch". Usually that means WSO2 have fixed this issue for a earlier version and provided a patch to its customer. Easiest thing would be, if you are already a customer of WSO2 ask for the patch directly from their support.
If you are not a paid customer of WSO2 you are in bit of a trouble. As per this question, the source of the Service Pack also not available in public.
But luckily in your case, the component which need to have this fix not a core component. So you wouldn't be in trouble if you change the authenticator code bit. But the warning is, it would lose any fixes done for org.wso2.carbon.identity.application.authenticator.samlsso_4.2.1.jar in the service pack.
Anyway, these are the steps you should follow.
Checkout the source. Lazy path would be checkout the whole source from here. That is the most easy way which you will face less troubles when you try to build the source but the downside of that is, it would take bit of time to checkout. If you know how to build specific component from WSO2 source, you can directly checkout component it needed to changed.
Try to build the component without doing any change just to make sure there are not any issues upto this point.
Goto the class DefaultSAML2SSOManager and do the same change done in the PR.
Build the component again.
Create folder named like "patch9000" inside the <IS_HOME>/repository/components/patches/ folder.
Copy build jar (org.wso2.carbon.identity.application.authenticator.samlsso-4.2.1.jar ) in step 4 from the target folder to the <IS_HOME>/repository/components/patches/patch9000 folder.
Restart the server. If you have done everything to the point, in the server startup it would print a log like, org.wso2.carbon.server.extensions.PatchInstaller - Patch changes detected
Now retry the your flow and it would work as expected.
If you too lazy to do all above, you can wait until Identity Server Service Pack 2, which will have your fix.
We are trying to implement CORS support in our APIs, and it we are getting an error from API Manager that is exactly the same as what is described here.
We are using API Manager 1.3.
Can someone confirm that there is no way to support OPTIONS with API Manager 1.3? We don't want to upgrade to 1.4 at this time.
There was another issue which we found when using PUT and OPTIONS method from APIs as described in [1].
This was fixed with AM 1.4.0.Hence better option is to upgrade to 1.4.0 as it contains fix for both your mentioned issue and mine mentioned one.And additionally AM 1.4.0 contains several new features with it.
[1] https://issues.apache.org/jira/browse/SYNAPSE-919
Thanks;
I want to include multiple WSO2 products in 1 Carbon Management console. I started with Carbon 4.1.0. However, when installing features, not all products are listed (e.g. BRS, Identity Server etc). I understand that these will added in the future (?).
You can add additional repositories in the console, pointing to other versions of Carbon.
Now my questions are:
Will this result in a stable environment (multiple carbon versions) and products that can work together?
Is this the way to go (having 1 management console for multiple products)?
Are 4.x carbon based products compatible with 3.x carbon based products?
Is there an overview of WSO2 product versions and what Carbon version contains the features?
1) It is not recommended to install multiple features without careful analysis of them. Actually products are carefully analysed and proven features that are grouped together to solve common problems. As an example if you combine AS + ESB features yes you can have it but
it may result in poor performance in ESB since your services are hosted in the same server too. (Likewise there are many negatives). Further some of the combinations are not properly tested in an production environment and will have some unidentified issues, But released products are tested properly and used in production too.
2) Not compatible. You cannot install 3.x features in 4.x.
3) You may refer this for product overviews
http://wso2.com/products/carbon/release-matrix/
About your initial question, under carbon 4.1.0 still only AS(5.1.0) is released. Rest will be released later on (sometimes may be with carbon 4.1.x or 4.2.x).