WSO2 Token regeneration issue in store - wso2

I am using wso2 standalone on Linux machine, I have changed configuration for SSL to use own certificate. I followed this guide,
https://docs.wso2.com/display/ADMIN44x/Creating+New+Keystores
Now I am having some issue, when I am regenerating the tokens in store > applications > sandboxkeys or productionkeys then it is giving an error,
Token revoke failed : HTTP error code : 500
in logs,
[2017-09-20 06:58:56,114] WARN - EndpointContext Endpoint : AnonymousEndpoint with address https://{uri.var.hostname}:{uri.var.portnum}/oauth2/revoke will be marked SUSPENDED as it failed
[2017-09-20 06:58:56,114] WARN - EndpointContext Suspending endpoint : AnonymousEndpoint with address https://{uri.var.hostname}:{uri.var.portnum}/oauth2/revoke - last suspend duration was : 30000ms and current suspend duration is : 30000ms - Next retry after : Wed Sep 20 06:59:26 UTC 2017
[2017-09-20 06:58:56,114] INFO - LogMediator STATUS = Executing token 'fault' sequence, ERROR_CODE = 101500, ERROR_MESSAGE = Error in Sender
[2017-09-20 06:58:56,115] INFO - HandlerUtils Massage Info: Transaction id=5857679204959341105735016 Message direction=OUT Server name=gitcapp.com Timestamp=1505890736115 Service name=__SynapseService Operation Name=mediate
[2017-09-20 06:58:56,146] ERROR - subscription-add:jag java.lang.RuntimeException: Token revoke failed : HTTP error code : 500
However rest is working fine, endpoints are working fine for HTTPS.
Can anyone please help me out here?
Thanks in advance.

Make sure you have configured <APIKeyValidator> section in api-manager.xml properly, like this.
<APIKeyValidator>
<!-- Server URL of the API key manager -->
<ServerURL>https://your.new hostname.com:9443/services/</ServerURL>

Related

WSO2 API-Manager HTTP Requests terminate after 5mins with Error 101508

We deployed a long running HTTP service on WSO2 APIM 3.2.0 that needs approx. 6-15minutes to reply to a request. To support long running HTTP calls we configured the API endpoint timeouts to 15mins and also the APIM in the deployment.toml:
[synapse_properties]
'synapse.global_timeout_interval' = 900000
[passthru_http]
'http.socket.timeout' = 1000000
However, always after exactly 5 minutes we get the following error:
<am:fault xmlns:am=“http://wso2.org/apimanager”><am:code>101508</am:code><am:type>Status report</am:type><am:message>Runtime Error</am:message><am:description>Error in Sender</am:description></am:fault>
This indicates that our backend service is terminating the connection. However, if we call the service directly, i.e. without APIM Gateway it replies after 6-15min. Do we miss any timeout settings in APIM that it completes after 5mins ?
Thanks a lot for your help!
Cheers,
Sebastian
101508, this will happen because the backend endpoint is getting timed out. You could see the occurrences of the endpoint time out and in the same way, the entire HTTP socket also gets timeout in the wso2carbon.log.
Sample endpoint timeout log
TID: [-1234] [] [2022-02-22 21:30:43,187] WARN {org.apache.synapse.endpoints.EndpointContext} - Endpoint : <ENDPOINT> will be marked SUSPENDED as it failed {org.apache.synapse.endpoints.EndpointContext}
Sample socket timeout
TID: [-1] [] [2022-02-22 21:30:43,186] WARN {org.apache.synapse.transport.passthru.TargetHandler} - Connection closed by target host before receiving the response {org.apache.synapse.transport.passthru.TargetHandler
Please check the endpoint and htp.socket.timeout values as mentioned in the WSO2 documentation[1].
You should increase the above values that should be more than 6-15 minutes. You can configure it in milliseconds.
[1] https://apim.docs.wso2.com/en/3.2.0/learn/design-api/endpoints/resiliency/endpoint-timeouts/
Note: The socket timeout value should be greater than both the Synapse global timeout and any endpoint timeouts given for your API.

WSO2 APIM update ballerina certificate

I configured APIM with build-in Identety Server inside kubernetes cluster. Everything was working fine but recently we got an error related to expired certificate:
2021-07-29 14:30:35,308 INFO [wso2/gateway/src/gateway/utils] - [APIGatewayListener] [-] HTTP listener is active on port 9090
[ballerina/http] started HTTPS/WSS listener 0.0.0.0:9095
2021-07-29 14:30:35,310 INFO [wso2/gateway/src/gateway/utils] - [APIGatewayListener] [-] HTTPS listener is active on port 9095
2021-07-29 14:31:31,816 INFO [wso2/gateway/src/gateway/utils] - [NotificationEventListener] [-] Recieved event with type : SUBSCRIPTIONS_CREATE
2021-07-29 14:31:59,940 ERROR [ballerina/jwt] - Public key certificate validity period has passed.
2021-07-29 14:31:59,943 ERROR [ballerina/jwt] - JWT validation failed. : error {ballerina/jwt}Error message=Public key certificate validity period has passed.
2021-07-29 14:31:59,945 ERROR [wso2/gateway/src/gateway/utils] - Failed to authenticate with jwt auth provider. : error {ballerina/auth}Error message=JWT validation failed. cause=error {ballerina/jwt}Error message=Public key certificate validity period has passed.
Configmap to deploy certificate
After that I got another error related signature validation failed:
2021-07-29 19:16:42,517 ERROR [ballerina/jwt] - JWT signature validation has failed.
2021-07-29 19:16:42,517 ERROR [ballerina/jwt] - JWT validation failed. : error {ballerina/jwt}Error message=JWT signature validation has failed.
2021-07-29 19:16:42,518 ERROR [wso2/gateway/src/gateway/utils] - Failed to authenticate with jwt auth provider. : error {ballerina/auth}Error message=JWT validation failed. cause=error {ballerina/jwt}Error message=JWT signature validation has failed.
I guess I need to add this new cert to some part to APIM or probably need to add it to keystore. Can you help here please?

WSO2 3.2.0 - Publish an API - ERROR - APIGatewayManager Error

I have a docker environment running openldap, mysql, wso2is and wso2am. I'm trying to publish an API using API Manager Publisher and I'm facing the following error:
docker log:
[2021-03-18 21:40:32,764] INFO - CarbonAuthenticationUtil 'admin#wso2.com#carbon.super [-1234]' logged in at [2021-03-18 21:40:32,764+0000]
[2021-03-18 21:40:32,899] ERROR - APIGatewayManager Error occurred when publish to gateway Production and Sandbox
org.apache.axis2.AxisFault: Error while Deploying API
at org.wso2.carbon.apimgt.impl.utils.APIGatewayAdminClient.deployAPI_aroundBody14(APIGatewayAdminClient.java:215) ~[org.wso2.carbon.apimgt.impl_6.7.206.jar:?]
Caused by:
at java.lang.Thread.run(Thread.java:834) [?:?]
Caused by: org.apache.axis2.AxisFault: Error while obtaining API information from gateway. null
at org.apache.axis2.util.Utils.getInboundFaultFromMessageContext(Utils.java:531) ~[axis2_1.6.1.wso2v41.jar:?]
More info:
[2021-03-18 21:40:33,178] INFO - DataBridge user admin#wso2.com connected
[2021-03-18 21:40:33,187] ERROR - DataEndpointConnectionWorker Error while trying to connect to the endpoint. Cannot borrow client for ssl://172.29.0.5:9712.
org.wso2.carbon.databridge.agent.exception.DataEndpointLoginException: Cannot borrow client for ssl://172.29.0.5:9712.
[2021-03-18 21:40:33,234] INFO - CarbonAuthenticationUtil 'admin#wso2.com#carbon.super [-1234]' logged in at [2021-03-18 21:40:33,233+0000]
[2021-03-18 21:40:33,264] ERROR - APIGatewayManager Error occurred when check api is published on gatewayProduction and Sandbox
Where is defined port 9712 for ssl? Because I don't have this port available on docker:
wso2am:3.2.0-alpine "/home/wso2carbon/wa…" 7 days ago Up 12 minutes (healthy) 0.0.0.0:8243->8243/tcp, 5672/tcp, 9099/tcp, 0.0.0.0:8280->8280/tcp, 9443/tcp, 9611/tcp, 9711/tcp, 9763/tcp, 9999/tcp, 11111/tcp, 0.0.0.0:9444->9444/tcp
I'm using WSO2 IS as key manager and the integration is working. Now my problem is only when I try to publish an API.
wso2is:5.10.0-alpine
wso2am:3.2.0-alpine
PS: I have disabled network from docker-compose to not have host problems.
Issue 01:
Caused by: org.apache.axis2.AxisFault: Error while obtaining API information from gateway. null
The above error can be seen most probably due to a connection issue between the Publisher and the Gateway server/s.
To resolve this, you may need to validate the Gateway configuration in the Publisher node. To do that, open the <PUBLISHER_HOME>/repository/conf/deployment.toml file and
check whether the following configuration is correct.
[[apim.gateway.environment]]
service_url = "https://<hostname_of_the_GW>:9443/services/"
Issue 02:
ERROR - DataEndpointConnectionWorker Error while trying to connect to the endpoint. Cannot borrow client for ssl://172.29.0.5:9712.
org.wso2.carbon.databridge.agent.exception.DataEndpointLoginException: Cannot borrow client for ssl://172.29.0.5:9712.
The above error indicates that the 9712 port is not accessible. This 9712 is the default port which is started by BinaryDataReceiver for Binary SSL Transport and it will be used to authenticate data published to the Traffic Manager. Therefore, you need to make this port available.

WSO2 API Manager Proxy Configuration

I have configured Open Weather API in API Manager (Version 1.6.0). Steps:
Add API
Name: weather
Context: /weather
Version: v1
Tier Availability: All
Transports: HTTP & HTTPS
Endpoint Type: HTTP endpoint
Production Endpoint: http://api.openweathermap.org/data/2.5/weather
==> At this point, if I click "Test", I get "Invalid" error.
I still go ahead and save and publish the API.
In Store, subscribe to the API and try to run in REST Client:
http://localhost:8280/weather/v1
Authorization: xxxx
Error response is seen after a while:
<am:fault
xmlns:am="http://wso2.org/apimanager">
<am:code>101503</am:code>
<am:type>Status report</am:type>
<am:message>Runtime Error</am:message>
<am:description>Error connecting to the back end</am:description>
</am:fault>
Error seen on the console:
[2014-05-22 14:11:39,067] WARN - ConnectCallback Connection refused
or failed f or : api.openweathermap.org/162.243.44.32:80 [2014-05-22
14:11:39,093] INFO - LogMediator STATUS = Executing default 'fault'
sequence, ERROR_CODE = 101503, ERROR_MESSAGE = Error connecting to the
back end
I am running the AM behind a proxy. I assume AM needs to be told to go through proxy when connecting to external URLs.
I have tried below option:
When starting the server use the command:
wso2server.bat -Dhttp.proxyHost= -Dhttp.proxyPort=8085 start
With this, I am unable to login to publisher or store. When clicked on the Login prompt, nothing happens.
How to configure the proxy server in AM, so that that AM uses the proxy server to connect to external URLs?
You can set the proxyhost and prort number in de axis2.xml file:
$WSO2APU_HOME/repository/conf/axis2/axis2.xml
Note: you must set http.proxyHost=your.internet.proxy.com, do not leave it empty

How to handle Error code 50000 in wso2esb

I am using wso2esb4.7.0 and wso2dss3.0.0.
i am getting this error some times not every time
if i tried with multiple user then its successful for 1 or 2 user other returning 50000 error code.
i mentioned this property in every sequence
<property name="FORCE_ERROR_ON_SOAP_FAULT" value="true"/>
so my user are unable to process there data continue sly why it is getting like this
what is the error behind this?
error is coming like this
[2014-03-06 18:10:01,473] WARN - EndpointContext Endpoint : endpoint_5c5f8a43ba64941b19b81abcebf92924c90a25e29775053c will be marked SUSPENDED as it failed
[2014-03-06 18:10:01,473] WARN - EndpointContext Suspending endpoint : endpoint_5c5f8a43ba64941b19b81abcebf92924c90a25e29775053c - current suspend duration is : 30000ms - Next retry after : Thu Mar 06 18:10:31 IST 2014
[2014-03-06 18:10:01,475] INFO - LogMediator To: http://www.w3.org/2005/08/addressing/anonymous, WSAction: , SOAPAction: , MessageID: urn:uuid:60fea14f-daa6-413e-82b8-8dbb640492c6, Direction: response, MESSAGE = Executing default 'fault' sequence, ERROR_CODE = 500000, ERROR_MESSAGE = null
You are getting error code 500000 as you used following property.
<property name="FORCE_ERROR_ON_SOAP_FAULT" value="true"/>
See ESB Error Handling docs.
I think you should investigate why your endpoint is failing.
ESB is suspending your endpoint due to the failure and it will help to make sure ESB is running smoothly.
You can configure suspend on failure related values. Check ESB doc on Endpoint Error Handling.
There is a good article on error handling as well.
I hope this helps