I'm trying to configure a fresh install of the WSO2 IDS on my local machine for development purposes.
When I try to log onto the management console at https://localhost:9443/ with the default admin credentials the website displays an error:
"Login failed! Please recheck the username and password and try again."
When I look at the audit.log I see:
INFO {AUDIT_LOG}- 'admin#carbon.super [-1234]' logged in at [2017-10-06 17:20:13,537-0500]
When I look at the http_access.log I am seeing:
"POST /carbon/admin/js/csrfPrevention.js HTTP/1.1" 200 63 "https://localhost:9443/carbon/admin/login.jsp?loginStatus=false"
I've checked to make sure csrf is turned off during debugging this in the following locations. I don't see any reference to CSRF in these files:
- /repository/conf/carbon.xml
- /repository/conf/tomcat/catalina-server.xml
- /repository/conf/tomcat/carbon/WEB-INF/web.xml
- /WEB-INF/web.xml
The install is a fresh download of wso2-5.3. The only configuration change from the default download I have made is to /repository/conf/tomcat/carbon/WEB-INF/web.xml where I disabled the captcha filter (it wouldn't start with captcha enabled).
I'm not sure what the problem is, but would appreciate any help
edit:
I found the answer in the WSO2 Jira (sorry not enough rep to link)
The guides tell you to start the server with the following command:
sh bin/wso2server.sh -DworkerNode
If you remove -DworkerNode it works.
See the first tip in this document:
https://docs.wso2.com/display/CLUSTER44x/Clustering+Identity+Server+5.1.0%2C+5.2.0+and+5.3.0
Related
I got one err: Error 405 -Method Not Allowed,
so, I want to enable SSO for IS,
then I modified <IS_HOME>/repository/conf/security/authenticators.xml.
but, after I restarted IS server, authenticators.xml be recovered to original value.
Finally, Error 405 still be showed.
Can you tell me how to enable SSO for IS?
Thanks much!
henry
If you have built the source code of the master branch, then it is 5.12.0-alpha10-SNAPSHOT If you download the zip here https://github.com/wso2/product-is/releases/tag/v5.11.0 it's IS-5.11.0
IS 5.9.0 onwards all configuration changes of XML files are maintained via a central location (deployment.toml). Therefore, in order to make your change navigate to <IS-HOME>/repository/conf/deployment.toml and add the following config. Then restart the server and check the relevant XML file. It should be changed.
[admin_console.authenticator.saml_sso_authenticator]
enable=true
Find more info about deployment.toml configuration model : https://www.youtube.com/watch?v=BRWvtcV1T94
i was trying to integrate zoho email with my opencart website,as my hostgator team suggested,to point to the domain first,so it was already did,so i deleted an old one and point again to zoho,and after that pointing thing,my payumoneys stop working.
i am really sure,that i didnt delete anyfile from anywhere,but still got internal server error,i dont get it why is this happening,this is my first time to integrate payment gateway with opencart,somebody please give me some,solution for this.enter image description here
It sounds like you've switched your mail settings in OpenCart from "mail" to "SMTP" and tried to configure Zoho?
If the SMTP settings are wrong it could throw an error at the checkout and if your server is not configured to display errors these will appear in the error log only - not on the page.
You should try switching back to "mail" to see if that solves the issue and that would then confirm the above diagnosis.
I am trying to log into my WSO2 management console. It is containerized and hosted in an AWS EC2 instance. I can navigate to the console login page, but when I try to login I get a 403 Forbidden message.
Navigation to login page is okay
Forbidden error
I know that the cause of this issue is that my login page is not posting the X-CSRF-Token.
Example of the form data posted in my "bad" request:
The console of my WSO2 instance prints an error like this:
WARN {org.owasp.csrfguard.log.JavaLogger} - potential cross-site request forgery (CSRF) attack thwarted (user:<anonymous>, ip:IP_ADDRESS, method:POST, uri:/carbon/admin/login_action.jsp, error:required token is missing from the request)
Example of the form data posted in a "good" request in a local WSO2 instance:
What I have tried:
I have tried turning compression "off" as suggested by this post: wso2 api manger carbon page gives 403 Forbidden
I am not using JDK 1.8.0_151 which is labeled as a version with a bug.
I am able to circumvent the issue if I disable the csrfguard in Owasp.CsrfGuard.Carbon.properties but this is a security risk.
I have sticky sessions enabled
Any ideas on why the posting to the login_action.jsp page would return a 403?
EDIT
I failed to mention in the post that I am using TLS termination with an AWS load balancer. I am almost certain that my issue has something to do with that. This line from my console output details what my error is:
Referer domain https:LOAD_BALANCER_URL/carbon/admin/login.jsp does not match request domain: http://LOAD_BALANCER_URL/carbon/admin/js/csrfPrevention.js
You can see that the referer is using https but the request is using http. I believe that I want the request domain to be https, but I'm not sure how to do that. I think that the first page is making a call to login.jsp with https and the login.jsp page is making a call to the csrfPrevention.js page but changing the protocol to http.
Please refer the OS and JDK incompatibilities matrix and make sure you are not using one of these OS JDK pairs.
Do you have a load balancer fronting your Identity Server? If so, please verify that you have enabled sticky sessions in your LB. You can find sample NGINX the configurations in the guide - docs.wso2.com/display/CLUSTER44x/Configuring+NGINX
Lower the version of java JDK to 1.8.0_144.If it's not worked go to this location
wso2Servers/wso2is-5.5.0/repository/conf/security .
There is a file name Owasp.CsrfGuard.Carbon.properties.
In that file, there is a line
org.owasp.csrfguard.JavascriptServlet.refererMatchDomain = true
set this to
org.owasp.csrfguard.JavascriptServlet.refererMatchDomain = false
This worked for me.
Blackfire gives me "Are you authorized to profile this page? Probe not found or invalid signature." on my WAMP install!
I followed all the steps correctly and installed everything in the right places.
Things to keep in mind while setting up Blackfire on WAMP:
Make sure Xdebug and other debugging extensions are disabled in the php.ini file.
Client ID and Client Key are different from Server ID and Server Key - see that you are not pasting them in the wrong places.
Set up a log directory to make sure you get to know about errors. Example: blackfire.log_file = /path/to/logs/blackfire.log
Make sure the blackfire-agent.exe is running while you try to profile the site running on your localhost - this is what I was missing. You can run it with the command blackfire-agent in the command prompt.
Hope it helps! Happy coding!
I'm evaluating WSO2 Identity Server 5.0.0 but I'm getting a strange issue using the dashboard.
I installed it on a server of mine (so it is not on localhost) and configured the following configuration files so that WSO2 knows where to point
File wso2is-5.0.0/repository/conf/carbon.xml
<HostName>SERVER_IP</HostName>
<MgtHostName>SERVER_IP</MgtHostName>
File wso2is-5.0.0/repository/conf/security/saml2.federation.properties
WSO2=https://SERVER_IP:9445/samlsso
File wso2is-5.0.0/repository/conf/security/sso-idp-config.xml
<SSOIdentityProviderConfig>
<ServiceProviders>
<ServiceProvider>
<Issuer>wso2.my.dashboard</Issuer>
<AssertionConsumerService>https://SERVER_IP:9443/dashboard/acs</AssertionConsumerService>
...
As stated in the official documentation I should see some blocks and after clicking the "View details" buttons I should be able to do the operations of the dashboard related to each block.
However, when I login in the Dashboard I can see the blocks, but when I click "View details" I get a blank-content page a you can see in the following screenshot of the "My Profiles" page
The same thing happens for the other blocks.
What can I do? Maybe I didn't configure something?
Thank you in advance
Giulio
If you have installed the identity server other than localhost, You would see some issues with dashboard. I also experienced same type of issues. But you can resolve them by configuring the host name and port properly. Unfortunately there are few places that you need to edit. Please find them below. I have already to report a jira to improve them to configure from one config file.
repository/conf/carbon.xml
repository/conf/security/sso-idp-config.xml
repository/deployment/server/jaggeryapps/dashboard/apis/gadget.json
repository/deployment/server/jaggeryapps/portal/gadgets/account-recovery/gadget.xml
repository/deployment/server/jaggeryapps/portal/gadgets/identity_management/gadget.xml
repository/deployment/server/jaggeryapps/portal/gadgets/pwd_change/gadget.xml
repository/deployment/server/jaggeryapps/portal/gadgets/user_auth_apps/gadget.xml
repository/deployment/server/jaggeryapps/portal/gadgets/user_profile/gadget.xml
modify the url of the user_profile (i.e. http://{IP}:{port}/portal/gadgets/user_profile/gadget.xml ) in "repository/deployment/server/jaggeryapps/dashboard/apis/gadget.json" file in to HTTP and Port in to 9763.