I am configuring WSO2 with ldap and want to read the "objectGUID" property which is a binary attribute in LDAP. Is there a way to get this data?
We can read binary attributes with the property as below.
<Property name="java.naming.ldap.attributes.binary">objectGUID</Property>
However due to the objectGUID's encoding, it won't be shown by its actual value(as a UUID) in the latest GA releases.
Showing objectGUID as a UUID is also fixed for the upcoming release (5.4.0) and more details can be found in this JIRA. In case you are interested you can try this out in the latest pre-releases for IS 5.4.0 from here.
On newer wso2 releases the setting can be found in deployment.toml:
[user_store]
ldap_binary_attributes= "objectGUID AnotherObjectGUID"
Related
I have installed wso2 Api Manager 3.0 on my windows by downloading the binaries.
I wonder if the datamapper does work in the v3.0 of the Api Manager.
it does not work in my case.
I am using OOTB sequences, but unfortunately unable to actually save it:
The logs are saying that the XML sequence are not found for the datamapper, regarding the apache-synapse configuration.
Steps to reproduce the issue:
1.)Downlaod AM3.0 Binaries and install in windows machine
2.)Open publisher and create a dummy api and in request mediator select the json_to_xml or any ootb sequences. and click on save button.
SAME FLOW WORK PERFECTLY FINE IN 2.6
Please find the errror log file attached.
Please find the server logs:
org.wso2.carbon.apimgt.api.APIManagementException: Issue is in accessing the Registry[2019-11-18 17:41:43,883] ERROR - APIUtil Issue is in accessing the Registry
[2019-11-18 17:41:43,900] ERROR - APIMappingUtil Error occurred while getting the uuid of the mediation sequence
org.wso2.carbon.apimgt.api.APIManagementException: Issue is in accessing the Registry
at org.wso2.carbon.apimgt.impl.utils.APIUtil.getMediationPolicyAttributes_aroundBody322(APIUtil.java:5438) ~[org.wso2.carbon.apimgt.impl_6.5.349.jar:?]
at org.wso2.carbon.apimgt.impl.utils.APIUtil.getMediationPolicyAttributes(APIUtil.java:5373) ~[org.wso2.carbon.apimgt.impl_6.5.349.jar:?]
at
Caused by: org.wso2.carbon.registry.core.exceptions.ResourceNotFoundException: Resource does not exist at path /_system/governance/apimgt/customsequences\in
at org.wso2.carbon.registry.core.jdbc.handlers.builtin.MountHandler.get(MountHandler.java:449) ~[org.wso2.carbon.registry.core_4.5.1.jar:?]
at org.wso2.carbon.registry.core.jdbc.handlers.HandlerManager.get(HandlerManager.java:2446) ~[org.wso2.carbon.registry.core_4.5.1.jar:?]
Having WSO2 Identity Server v5.4.0 and following the documentation from this link Configuring OAuth2-OpenID Connect Single-Sign-On, I am unable to set Callback Url using regexp= for multiple URLs, even setting the example from the documentation:
regexp=(https://myapp.com/callback|https://testapp:8000/callback)
I'm getting the error:
"Please enter valid URI for Callback URL":
NOTE: with single URL (like "https://myapp.com/callback" I have no problems.
This should be due to https://wso2.org/jira/browse/IDENTITY-7149 and the fix is available in the latest 5.4.0 update (update 6) or the latest GA version IS 5.4.1. My recommendation is to use IS 5.4.1 as it is the latest available GA.
I recently updated my environment from WSO2 IS 5.0.0 to WSO2 IS 5.2.0. My environment consists of 2 machines that are creating a cluster (using the WKA membership scheme and Load Balancer(AWS ELB) with sticky session enabled). I am using MySQL(not the default H2 database). The machines on which the IS is deployed are Windows Server 2012 R2 (EC2 AWS machines).
In the IS 5.0.0 version we had custom grant OAuth grant type. It was implemented following the article below:
https://docs.wso2.com/display/IS500/Writing+a+Custom+OAuth+2.0+Grant+Type
After the upgrade process, the .jar file was added in the [IS_HOME]\repository\components\lib and the system was started successfully without errors in the console.log. But then when we started calling the token endpoint, the systems tarted to error out:
https://slack-files.com/T0DDMMC9Y-F2QRF2JLA-bcd85857dc
https://slack-files.com/T0DDMMC9Y-F2QRFES10-ab528f64e5
Then we rebuilt the custom OAuth grant type. We updated the org.wso2.carbon.identity.oauth_4.2.3.jar to version 4.2.7. We followed these article:
https://docs.wso2.com/display/IS520/Extension+Points+for+OAuth#ExtensionPointsforOAuth-CustomOAuthgranthandler
https://docs.wso2.com/display/IS520/Writing+a+Custom+OAuth+2.0+Grant+Type
But still when we enable the custom grant type and the start calling the token endpoint, the mentioned above errors are logged in the console.log and are returned as response by the tomcat server.
After we implemented some adjustments in order to resolve some of the issues, we have progress, but this still we do not have a complete solution:
https://slack-files.com/T0DDMMC9Y-F2S5LKT6V-560a2854ea
Could this be related to some issues while migrating from 5.0.0 to 5.2.0, or this is some sort of configuration issue with Tomcat server?
Or this is related to the grant type itself? We followed all the instructions as we did with IS 5.0.0 but we are not able to make it run on IS 5.2.0.
Thanks in advance.
The root cause for this is,
Caused by: java.lang.ClassNotFoundException: org.apache.amber.oauth2.common.validators.AbstractValidator
Amber library is no longer used by WSO2 IS. Therefore amber library is not available in the IS 5.2.0 runtime causing the class not found error.
Instead, we are using Apache Oltu instead in 5.2.0
You can simply fix this by copying the amber amber_0.22.1358727.wso2v4.jar found in IS_HOME/repository/components/plugins of IS 5.0.0 to IS_HOME/repository/components/dropins.
Update :
Another reason why this extension was not working was the use of a class that was not exported by the OAuth osgi bundle at runtime.
Having linked an instance of ESB v4.6.0 to a G-Reg v4.5.3 as per
http://docs.wso2.org/wiki/display/ESB460/Remote+Registry+Instance+Configuration#RemoteRegistryInstanceConfiguration-Atom-BasedRemoteInstanceConfiguration
When the ESB starts it throws several errors like:
[Framework Event Dispatcher] ERROR AbstractTransportService Error while checking the transport availability
java.lang.NullPointerException
Despite that, I can browse the Registry in both ends but when I create a BAM Profile in ESB while it's successfully saved in the Registry, the ESB starts to fail with:
[http-nio-9443-exec-37] ERROR RPCMessageReceiver Exception occurred while trying to invoke service method getResourceString
java.lang.reflect.InvocationTargetException
and the BAM Profile can't be read in the ESB end neither through the Registry Browser (empty resource) nor the BAM Profile management page (Exceptions). But can be read in the Governance Registry browser.
I set the permissions wide open when I create the shared collection, and the artifacts can be read, write, etc. by everyone.
I can't find information about what can be wrong with the connection, to allow to browse and write, but prevents ESB to read.
Any help would be much appreciated.
I'll respond my own question, to help out somebody else facing the same issue.
Atom-based registry sharing is deprecated "de-facto" in newer versions of WSO2.
Use JDBC-based registry sharing from now on.
Regards
i don't think its deprecated, im pretty sure its a bug, present in 4.5.1/2/3
wso2esb wso2 governance registry
I want to use a external JDBC store as default store instead of the default LDAP store. Followed the documentation in this link.
http://docs.wso2.org/wiki/display/IS400/Configuring+an+External+JDBC+User+Store
Getting the following exception Appreciate any help.
An unknown exception occurred while starting LDAP server.java.lang.NullPointerException: Name is null
You can configure WSO2 IS 4.0.0 with an external JDBC users store.The problem is due to an issue with the instructions in the documentation(1) as some configuration steps are missing there.I have created the jira [DOCUMENTATION-17] to track this doc issue.
Please follow below steps to connect IS 4.0.0 with external jdbc users-store.
1) Change the UserStoreManager class to JDBCUserStoreManager from user-mgt.xml [IS_Home/repository/conf] and add the related database connection property to it as mentioned in (1)
2) Add 'passwordHashMethod' propert within JDBCUserStoreManager and set the value to 'SHA' or 'PLAIN_TEXT' in {IS_HOME}/repository/conf/user-mgt.xml.
Eg: <Property name="passwordHashMethod">SHA</Property>
3) Set value of the 'MultiTenantRealmConfigBuilder' property to 'org.wso2.carbon.user.core.config.multitenancy.SimpleRealmConfigBuilder' in {IS_HOME}/repository/conf/user-mgt.xml.
Eg: <Property name="MultiTenantRealmConfigBuilder">org.wso2.carbon.user.core.config.multitenancy.SimpleRealmConfigBuilder</Property>
4) Enable JDBCTenantManager in tenant-mgt.xml and comment out the config section for CommonHybridLDAPTenantManager.
Once you did above configurations,you'll able to configure WSO2 Identity Server to an external jdbc user store successfully.
(1) http://docs.wso2.org/wiki/display/IS400/Configuring+an+External+JDBC+User+Store
I was able to resolve this.
Start with a clean install of WSO2 IS 4.0.0 if possible.
Apart from following the directions given in the documentation to setup a JDBC datastore; you need to do the following :
Enable JDBCTenantManager in tenant-mgt.xml and comment out CommonHybridLDAPTenantManager2
Set the enable property to false for EmbeddedLDAP in embedded-ldap.xml