just started with wso2-am. I published the example PizzaShackAPI: /pizzashack/1.0.0 API and registered a default application against it. I can (re)generate keys for the default application and with this, I can call e.g. the GET/menu item in the API console. This gives me the expected list as long as the access token is valid.
However in the API console the equivalent curl command is also given as :
curl -X GET --header 'Accept: application/json' --header 'Authorization: Bearer 00cb3832-f73f-3536-b287-4330a47ef4bd' 'https://192.168.1.9:8243/pizzashack/1.0.0/menu'
I run this under windows (curl-7.54.0-win64-mingw) but this doesn't work. Tried replacing some quotes with double quotes etc. but all to no avail. Furthermore, I assume that I am using one-way SSL to the service running in wso2-am itself (on port 8243) and I don't need to supply any certificate myself. I also realize that the server side uses a self signed certificate and not sure whether this has any implications in this situation.
Hope someone can help me out on this.
As an addition - just noticed that in the sys$output of the wso2-am server the following is listed:
[2017-05-13 00:38:38,858] ERROR - SourceHandler I/O error: Received fatal alert:
unknown_ca
javax.net.ssl.SSLException: Received fatal alert: unknown_ca
at sun.security.ssl.Alerts.getSSLException(Alerts.java:208)
at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1639)
at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1607)
at sun.security.ssl.SSLEngineImpl.recvAlert(SSLEngineImpl.java:1776)
at sun.security.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:1068)
at sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:890)
at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:764)
at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:624)
at org.apache.http.nio.reactor.ssl.SSLIOSession.doUnwrap(SSLIOSession.ja
va:245)
I think that this is caused by the curl command hitting the API service .
Thanks Peter
You are accessing HTTPS url of the API, You have to either use a keystore or suppress the SSL in cURL with -k option
curl -X GET --header 'Accept: application/json' --header 'Authorization: Bearer 00cb3832-f73f-3536-b287-4330a47ef4bd' 'https://192.168.1.9:8243/pizzashack/1.0.0/menu' -k
You also can use below HTTP URL of the API, note the port difference.
curl -X GET --header 'Accept: application/json' --header 'Authorization: Bearer 00cb3832-f73f-3536-b287-4330a47ef4bd' 'http://192.168.1.9:8280/pizzashack/1.0.0/menu'
Related
As part of WSO2 identity server 6.0.0, SOAP APIs are deprecated and recommended to use REST-based APIs. We are using RemoteUserStoreManagerService.wsdl and UserIdentityManagementAdminService.wsdl SOAP APIs in our project, want to replace the SOAP APIs with recommended REST APIs. Can you help us to find the list of REST APIs to replace RemoteUserStoreManagerService.wsdl and UserIdentityManagementAdminService.wsdl SOAP APIs. The APIs document is not clear.
Under Challenge Questions API https://is.docs.wso2.com/en/6.0.0/apis/restapis/challenge.yaml we are calling /me/challenges and /me/challenge-answers GET APIs and we are getting response as No message body writer has been found for class java.util.ArrayList, ContentType: / , 500 Internal error. Can you please suggest what is going wrong here what is causing this error.
You have to pass 'Accept: application/json' header in the REST API request.
Try the following sample curl commands by changing the Authorization header value
/me/challenges:
curl --location --request GET 'https://localhost:9443/api/users/v1/me/challenges' \
--header 'Accept: application/json' \
--header 'Authorization: Basic <base64 encoded username:password>'
me/challenge-answers:
curl --location --request GET 'https://localhost:9443/api/users/v1/me/challenge-answers' \
--header 'Accept: application/json' \
--header 'Authorization: Basic <base64 encoded username:password>'
Is there SOAP service which returns the SCOPE from WSO2IS 5.5.0 ? I have bearer token generated using Oauth grant_type 'password'. Using this token, i need to retrieve set of scope associated with token.
I tried introespection RESTfull API, but its returning ' Could not resolve host: application' error message .
Any suggestion please ?
curl: (6) Could not resolve host: application
{"error": "Invalid input"}
thansk a lot
EDIT : I missed the tailing 't' of the end point. Added that.
You are missing the protocol here.
curl -k -u admin:admin -H 'Content-Type: application/x-www-form-urlencoded' -X POST --data 'token=a6998b8b-5fff-390d-abd6-b0c9170f3147' https://localhost:9443/oauth2/introspect -v
You don't need to use the SOAP call therefore. In case you need it, here is the documentation.
After a series of longs hours working with AWS transcription, I now have a new error using Postman:
<AccessDeniedException>
<Message>Unable to determine service/operation name to be authorized</Message>
</AccessDeniedException>
However, I don't know what the issue is. I tried to Google it but the error seems to happen also in AWS Lambda. But I'm working with AWS Transcription. Can anyone check what seems to be the problem?
My sample sample GET request is:
https://transcribestreaming.us-east-1.amazonaws.com/medical-stream-transcription-websocket?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=MYACCESSKEYID%2F20200404%2Fus-east-1%2Ftranscribe%2Faws4_request&X-Amz-Date=20200404T171802Z&X-Amz-Expires=300&X-Amz-SignedHeaders=host&language-code=en-US&media-encoding=pcm&sample-rate=16000&specialty=PRIMARYCARE&type=DICTATION&X-Amz-Signature=5f5f0a5d336e524b335245b6e83945d3057ec3905a9ae2d2ca709b77cce5478f
I intentionally replace the X-Amz-Credential with MYACCESSKEYID for security purpose.
There maybe two errors:
1) "https://" request connects to default port of 443. This cause error of "Unable to determine service/operation name to be authorized". Please explicitly use port :8443.
2) Your client does not handle websocket upgrade correctly. In the first request to open connection, your client need initiate websocket upgrade by including several headers, as specified in "Including WebSocket Request Headers" section of https://docs.aws.amazon.com/transcribe/latest/dg/websocket-med.html#websocket-response-med
Example in curl:
curl --include --no-buffer \
--header "Connection: Upgrade" \
--header "Upgrade: websocket" \
--header "Host: transcribestreaming.us-east-1.amazonaws.com:8443" \
--header "Origin: http://localhost:3000" \
--header "Sec-WebSocket-Key: tEfHvBSx8jqQyZgCNrhI3w" \
--header "Sec-WebSocket-Version: 13" \
"https://transcribestreaming.us-east-1.amazonaws.com:8443/medical-stream-transcription-websocket?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=MYCREDENTIAL&X-Amz-Date=20200406T211542Z&X-Amz-Expires=60&X-Amz-Signature=MYSIGNATURE&X-Amz-SignedHeaders=host&language-code=en-US&media-encoding=pcm&sample-rate=16000&specialty=PRIMARYCARE&type=DICTATION"
On a successful request, client receive "101 Switching Protocols". The connection is established, and then you can continue send audio frames as documented in https://docs.aws.amazon.com/transcribe/latest/dg/websocket-med.html#websocket-streaming-request-med
It seems you are trying to connect to Amazon Transcribe Medical’s websocket endpoint. Upon reviewing your GET request, it appears you are missing port number 8443, due to which your request is not being routed to websocket endpoint.
https://docs.aws.amazon.com/transcribe/latest/dg/websocket-med.html#websocket-streaming-request-med describes an example of creating a bi-directional request to transcribe medical’s streaming endpoint.
I am setting up WSO2-AM and uploading an API's servicedefinition swagger.json but upon trying the service in WSO2-AM, I get the response in FireFox "TypeError: NetworkError when attempting to fetch resource.". In Chrome its response is "TypeError: Unable to fetch".
The server is informationproxy.com and has SSL configured. Looks fine having a green lock in the urlbar with trusted certificate-chain. It does not certify for using the ip-number "https://209.182.203.81:9443/store/"
Question is: what makes WSO2 respond (in FireFox) with "TypeError: NetworkError when attempting to fetch resource."
The service does not seem to be the problem, since it works fine in editor.swagger.io.
The service also works fine directly called from curl to the external serviceprovider, returning a valid JSON with the data I expect:
curl -k -X GET "https://tieka.nl/webservices/address/luxembourg/v1/?postcode=8080&number=1" -H "accept: application/json"
Also: all other api-services that I have tried to implement fail with the same error message.
There is a side-effect. The response to this curl is an encrypted payload:
curl -k -X GET "https://209.182.203.81:8243/webservices/address/luxembourg/v1/?postcode=8080&number=1" -H "accept: application/json" -H "Authorization: Bearer a1111111-1aa1-1111-aaaa-1111aaaa1111"
<ns:binary xmlns:ns="http://ws.apache.org/commons/ns/payload">PCFET0NUWVBFIEhUTUwgUFVCTElDICItLy9JRVRGLy9EVEQgSFRNTCAyLjAvL0VOIj4KPGh0bWw+PGhlYWQ+Cjx0aXRsZT4zMDEgTW92ZWQgUGVybWFuZW50bHk8L3RpdGxlPgo8L2hlYWQ+PGJvZHk+CjxoMT5Nb3ZlZCBQZXJtYW5lbnRseTwvaDE+CjxwPlRoZSBkb2N1bWVudCBoYXMgbW92ZWQgPGEgaHJlZj0iaHR0cHM6Ly93d3cudGlla2Eubmw6ODAvd2Vic2VydmljZXMvYWRkcmVzcy9sdXhlbWJvdXJnL3YxLz9wb3N0Y29kZT04MDgwJmFtcDtudW1iZXI9MSI+aGVyZTwvYT4uPC9wPgo8aHI+CjxhZGRyZXNzPkFwYWNoZSBTZXJ2ZXIgYXQgd3d3LnRpZWthLm5sIFBvcnQgODA8L2FkZHJlc3M+CjwvYm9keT48L2h0bWw+Cg==</ns:binary>
I'm trying to post a request using curl to my es cluster in AWS using my accessKey and secretKey. I have successfully done this through postman (details here) where you can specify AWS credentials but I would like to make this work with curl. Postman can auto-generate your curl request for you but all I get are errors.
This is the generated curl request along with the response
curl -X GET \
https://search-00000000000001.eu-west-1.es.amazonaws.com/_cat/indices \
-H 'Authorization: AWS4-HMAC-SHA256 Credential=11111111111111111111/20181119/eu-west-1/es/aws4_request, SignedHeaders=cache-control;content-type;host;postman-token;x-amz-date, Signature=11111111116401882398f46011f14fdb9d55e012a4fb912706d67c1111111111' \
-H 'Content-Type: application/x-www-form-urlencoded' \
-H 'Host: search-00000000000001.eu-west-1.es.amazonaws.com' \
-H 'Postman-Token: 00000000-0000-4001-8006-9291e208a000' \
-H 'X-Amz-Date: 20181119T220000Z' \
-H 'cache-control: no-cache'
{"message":"The request signature we calculated does not match the signature you provided. Check your AWS Secret Access Key and signing method. Consult the service documentation for details."}%
IDs have been changed to protect the innocent.
I have checked all my keys and region, and like i said this works through postman. Is it possible to access this AWS service using my keys through curl?
This is quite a long rabbit hole. Thanks to Adam for the comment that sent me in the correct direction. The link https://docs.aws.amazon.com/apigateway/api-reference/signing-requests/ really helps you understand what you need to do.
I've since found a script that follows the signing requests method outlined above. It runs in bash and whilst it is not written for use with elasticsearch requests it can be used for them.
https://github.com/riboseinc/aws-authenticating-secgroup-scripts many thanks to https://www.ribose.com for putting this on github.
If your host contains ':443' remove it and try again.
This worked for me.
"My initial problem: If I access it with Postman using the same url, I get the same error, but removing the ‘:443/’, it works fine, so it’s nothing wrong with the key and secret I’m using."