wso2 Oauth Mediator Issue - wso2

We are using WSO2 EI 6.1.1 and WSO2 Identity server of version 5.5.0. We have a requirement of using Oauth Mediator to validate the access token. I have a service provider registered with the identity server and generated the oauth2.0 bearer access token using curl command. I tried the Oauth2webservice to validate the authorization which was succeed and request going to identity server. But if I use the Oauth Mediator of WSO2 Integrator getting the below error message and the request is not going to identity server which was confirmed from the logs of identity server.Please help on it.Is there any other jar files or configuration settings needed for the same.
<oauthService remoteServiceUrl="https://localhost:9444/services/" username="admin" password="admin"/>
ERROR - OAuthMediator Error occured while validating oauth access token.java.lang.Exception: Error while validating OAuth2 request. at org.wso2.carbon.identity.oauth.mediator.OAuth2TokenValidationServiceClient.validateAuthenticationRequest(OAuth2TokenValidationServiceClient.java:61).
Caused by: org.apache.axis2.AxisFault: SSL peer failed hostname validation for name: null.at org.apache.axis2.AxisFault.makeFault(AxisFault.java:430)

I have the same issue and can't resolve, This bug has not been corrected yet
https://wso2.org/jira/browse/IDENTITY-5243

Related

WSO2 OAuth Validation Error between Identity Server and Integration Studio

We are attempting to use the OAuth Mediator in Integration Studio to validate a token with the WSO2 Identity Server.
The token we are using is valid on the Identity Server because testing through SOAP UI returns a valid response. However, we are unable to do so using the OAuth Mediator in Integration Studio. We are using a password grant type.
When we attempt to pass the call through the OAuth mediator we receive the below errors:
WARN {org.apache.synapse.FaultHandler} - ERROR_EXCEPTION : org.apache.synapse.SynapseException: Error **occured while validating** oauth 2.0 access token
WARN {API_LOGGER.UserInfoRestAPI} - ERROR_CODE : 0 *ERROR_MESSAGE : Error occured while validating oauth 2.0 access token*
WARN {org.apache.synapse.FaultHandler} - FaultHandler : org.apache.synapse.mediators.MediatorFaultHandler#1f7c8500
WARN {org.apache.synapse.mediators.MediatorFaultHandler} - Executing fault handler mediator : org.apache.synapse.mediators.base.SequenceMediator
WARN {API_LOGGER.UserInfoRestAPI} - Executing fault sequence mediator : org.apache.synapse.mediators.base.SequenceMediator
For reference, we are using this documentation.
Calling the web service through SOAP UI returns successfully as shown here:
Information about the setup:
WSO2 Integration Studio: 7.0.2
WSO2 Identity Server: 5.10.0 (Running on port 9446)
All services are running on the same virtual machine
WSO2 EI 7.0.2 and even 6.6 are using org.wso2.carbon.identity.oauth.stub_6.1.0 containing oauth stub classes that are not compatible with WSO2 Identity Server 5.10. So what you need to do is:
Copy org.wso2.carbon.identity.oauth.stub_6.4.2,jar from WSO2 Identity Server to the wso2\components\plugins folder of the WSO2 EI 6.6 or 7.X
Update wso2\components\default\configuration\org.eclipse.equinox.simpleconfigurator\bundles.info replacing the old entry with the new updated one.
org.wso2.carbon.identity.oauth.stub,6.4.2,../plugins/org.wso2.carbon.identity.oauth.stub_6.4.2.jar,4,true
Restart.
The error should go away. However, this is not a very clean solution and maybe WSO2 should release a fix updating the WSO2 OAuth Mediator java classes.

wso2 revoke api is not revoking the token

WSO2 version: WSO2IS-5.7.0
I am doing proof of concept on WSO2 identity server and my goal is to achieve single sign on for the applications.
I generated the JWT token from WSO2 using OAUTH2 token API.
I used the revoke API to revoke the token and i got 200 response.
Again i invoked introspect token API and i got response as active:true but i suppose to get active:false.
This is a known issue in WSO2 Identity Server 5.7.0. It has been reported here and will be fixed in 5.8.0 GA release.

WSO2 API with WSO2 IS as KeyManager - NPE when using OAuth authorization

Having WSO2 API Manager 2.1.0 and WSO2 IS 5.3.0 KM (with prepackaged Key Manager) I set up the Key Manager as described in the documentation.
The main intention is authenticate and authorize users with other federated IdPs and add some authorization capabilities. My assumption is that users auhorized with WSO2IS will receive an OAuth token valid for the defined APP and API.
So far all on localhost with IS offset 1. I created an API, an application and that is usable from the API Store.
When trying to authorize a client through WSO2 IS using the code grant_type authorization:
https://localhost:9444/oauth2/authorize?response_type=code&client_id=KJTbkbFmcDvslo2fjhzfQkaBH3Ea&redirect_uri=http%3A//localhost%3A8080/test2/callback
I am asked for credentials and authorization grant (looks ok) and then I receive an exception on IS:
[2018-03-27 10:43:51,822] ERROR {org.apache.catalina.core.StandardWrapperValve} - Servlet.service() for servlet [OAuth2Endpoints] in context with path [/oauth2] threw exception
java.lang.RuntimeException: org.apache.cxf.interceptor.Fault
at org.apache.cxf.interceptor.AbstractFaultChainInitiatorObserver.onMessage(AbstractFaultChainInitiatorObserver.java:116)
...
Caused by: java.lang.NullPointerException
at org.wso2.carbon.identity.oauth.endpoint.authz.OAuth2AuthzEndpoint.authorize(OAuth2AuthzEndpoint.java:251)
at org.wso2.carbon.identity.oauth.endpoint.authz.OAuth2AuthzEndpoint.sendRequestToFramework(OAuth2AuthzEndpoint.java:1163)
at org.wso2.carbon.identity.oauth.endpoint.authz.OAuth2AuthzEndpoint.authorize(OAuth2AuthzEndpoint.java:135)
at org.wso2.carbon.identity.oauth.endpoint.authz.OAuth2AuthzEndpoint.authorizePost(OAuth2AuthzEndpoint.java:574)
What I assume I misconfigured some endpoint, however - any idea which service is invoked by the OAuth2AuthzEndpoint implementation or potential cause for this exception?
This is already reported in https://wso2.org/jira/browse/IDENTITY-5581.
You can WUM update the WSO2 IS 5.3.0 to resolve the issue.

WSO2 api manager and SSO

I'm using wso2am 2.0.0 and trying to configure SSO for access to the store and publisher application.
I'm not using wso2 IS but just configured the api manager directly to my IdP server(I have edited the site.json file to with my IdP setting)
I'm getting this exception after being authenticated to my IdP:
SAML Response contains invalid number of assertions. {org.wso2.carbon.hostobjects.sso.SAMLSSORelyingPartyObject}
It look like my SAML response isn't correct but i'm unable to find why?
There was no problem with my SAML response .
The problem was caused by a difference between my IdP server and the api manager timezone (they are deployed in two different environment), so the exception is thrown when comparing the current time in the gateway with the NotBefore/NotOnOrAfter
So may be a more significant error message could help
You can use an online SAML Response decoders like this and see what's wrong with you SAML response.
Another option is to use SAML Tracer in firefox.

Is OpenId Connect response_type id_token supported by WSO2 Identity Server 5.0

I'm trying to implement OpenId Connect in an SPA application with WSO2 Identity Server 5.0.0. I'm trying to use Implicit Flow but I always received an error from the identity server.
GET Request:
https://idserver:9443/oauth2/authorize?response_type=id_token&
client_id=abcd&
redirect_uri=https%3A%2F%2Flocalhost%3A44326%2F
Error Response:
invalid_request, Invalid response_type parameter value
Is response_type=id_token supported?
With WSO2 Identity Server 5.0.0 OpenID Connect "id_token" response type is not implemented. The "Implicit" settings in the configuration only work for OAuth 2.0 "token" response type. You might wait until 5.1.0 or take the pain of implementing a patch for it.