I just downloaded and installed WSO2 API Manager to a Linux server. As per the installation guide, I have not made any changes.
The only wrinkle I had was that the wso2server.sh script did not have execute permission so I set that manually. I did not check or modify any other permissions.
After startup, I am able to access each of the Admin, Publisher and Store apps.
In the Admin app, the first screen shows the message: "No tasks assigned to the login user or no connectivity with BPS engine."
When I dig into the logs, I see this entry in wso2carbon.log
TID: [-1234] [] [2017-03-02 10:26:12,049] WARN {JAGGERY.site.blocks.user.login.ajax.login:jag} - Not Retrieving Pending Tasks. Check BPS Connectivity. java.lang.IllegalArgumentException: Illegal character in authority at index 8: https://<BPSHost>:<BPSPort>/services/AuthenticationAdmin {JAGGERY.site.blocks.user.login.ajax.login:jag}
the wso2-apigw-errors.log has a largely identical error
2017-03-02 10:26:12,049 [-] [http-nio-9443-exec-17] WARN login:jag Not Retrieving Pending Tasks. Check BPS Connectivity. java.lang.IllegalArgumentException: Illegal character in authority at index 8: https://<BPSHost>:<BPSPort>/services/AuthenticationAdmin
This may or may not be relevant, I am also seeing warnings about being unable to flush and lock system prefs, even though its successfully creating the directory earlier.
TID: [-1234] [] [2017-03-02 09:28:30,285] INFO {java.util.prefs.FileSystemPreferences$1} - Created user preferences directory. {java.util.prefs.FileSystemPreferences$1}
TID: [-1] [] [2017-03-02 11:11:19,058] WARN {java.util.prefs.FileSystemPreferences} - Could not lock System prefs. Unix error code 32645. {java.util.prefs.FileSystemPreferences}
TID: [-1] [] [2017-03-02 11:11:19,058] WARN {java.util.prefs.FileSystemPreferences} - Couldn't flush system prefs: java.util.prefs.BackingStoreException: Couldn't get file lock. {java.util.prefs.FileSystemPreferences}
I am assuming I need to configure or download something else to get this work. Please advise!
I am not sure what your use case is. You can integrate a BPS engine with WSO2 API Manager for the following tasks.
User Signup Workflow
Application Creation Workflow
Application Registration Workflow
API Subscription Workflow
This blog explains how you can integrate WSO2 Business Process Server with WSO2 API Manager. You can check the official documentation which explains the avaiable workflow extensions.
You are getting this warning message when you are logging to admin portal as it checks if there are any pending approval tasks. You can ignore this warning if you are not using any BPS integrations. Based on your use case you can add a BPS engine for workflows.
Related
I'm unable login into Wso2 APIM and showing invalid login details but yesterday it was working fine and able to login.
Apim version: 3.2.0.
Identity server wso2 is-km: 5.10.0
I have not changed any of the configuration.
My Wso2 APIM is integrated with wso2 Is.
Below error:
2022-03-07 13:58:07,464] INFO - TimeoutHandler This engine will expire all callbacks after GLOBAL_TIMEOUT: 120 seconds, irrespective of the timeout action, after the specified or optional timeout
[2022-03-07 13:58:07,749] ERROR - OAuth2Service Error while finding application state for application with client_id: oYDtSc**************
After that tried logging into Wso2 Identify server with admin as usually but not data it showing like list of users and list of identity providers but previously I saw list of providers etc.
Please help me in this situation.
I have using wso2 IS with another configured identity provider like: google,yahoo.
when i logged form IDP and redirect back to callback URL my application
call /outh2/token API to fetch id_token base on authorization_code but the problem is not getting remote claim (IDP custom claim attribute) which i have configured in service provider mapping.I have facing this issues randomly not for all user.
Success claims Log:TID: [-1234] [] [2018-04-24 07:25:03,300] DEBUG {org.wso2.carbon.identity.application.authentication.framework.handler.claims.impl.DefaultClaimHandler} - Returning claims from claim handler = [middle_name:M,given_name:abc,family_name:xyz,email:abc.xyz#domain.com,]
Failure claims Log: 07:32:19,062] DEBUG {org.wso2.carbon.identity.application.authentication.framework.handler.claims.impl.DefaultClaimHandler} - Returning claims from claim handler = []
Seems like you are facing the issue mentioned in [1]. This issue is fixed in master branch and also the fix is available as wum update for IS-5.4.0 and IS-5.5.0. You can either try the latest milestone of WSO2 Identity Server or get a wum updated pack of IS 5.4.0 or IS 5.5.0.
[1] https://github.com/wso2/carbon-identity-framework/issues/1494
When I try to log into the Store with the Admin account, it displays the following message:
No Privileges to login
You do not have permission to login to this application. Please contact your administrator and request permission.
I have checked and made sure the Admin account does indeed have the permissions it needs to log into the Store. I even created a new account and gave it all permissions, and it won't allow that account to log in either.
I even went as far as to dig into the database itself through MySQL, and best I can tell the proper permissions are there.
The last time this happened to me, I ended up unzipping a fresh copy of the EMM product and creating a brand new database for it because I couldn't figure out a solution. I tried unzipping a fresh copy of the EMM product, but running on the same database, it had no change in behavior. I have a database full of data I don't want to lose now, so I'd much rather find a fix than have to wipe it all out again!
WSo2 EMM 2.0.0
Windows Server 2012 R2
MySQL 5.5
EDIT: relevant logs:
TID: [-1234] [] [2016-03-25 05:21:19,862] WARN {org.wso2.carbon.core.services.util.CarbonAuthenticationUtil} - Failed Administrator login attempt 'admin[-1234]' at [2016-03-25 05:21:19,862-0500]
TID: [-1234] [] [2016-03-25 05:21:19,862] WARN {org.wso2.carbon.server.admin.module.handler.AuthenticationHandler} - Illegal access attempt at [2016-03-25 05:21:19,0862] from IP address 10.200.201.108 while trying to authenticate access to service RemoteAuthorizationManagerService
TID: [-1234] [] [2016-03-25 05:21:19,909] WARN {JAGGERY.controllers.acs:jag} - User admin#carbon.super does not have permission to access the store application. Make sure the user has the store role.
I figured it out!
The issue is specifically triggered by changing the password on the admin account to anything but "admin". Changing it back appears to rectify the issue.
Obviously this is a bug, as the admin account should be able to have its password changed and still be able to log into the Store. To be clear, there was never any issue logging into the Publisher; just the Store. Additionally, if the admin password was changed, no accounts could log into the Store at all, regardless of their permissions level.
I tested this with a fresh EMM pack, version 2.0.0 and 2.0.1, using the H2 and MySQL 5.5. In all cases the issue occurred.
A bug report has been filed on WSo2's JIRA board here.
Is there are any configuration changes in your side.I got EMM 2.0.0 fresh pack and configure mysql 5.5.I tried to login emm store but It is working properly.
This issue is raised in once we are trying change the password from the EMM console. But We can change the admin password from the /repository/conf/user-mgt.xml
<AdminUser>
<UserName>admin</UserName>
<Password>admin</Password>
</AdminUser>
and /repository/conf/app-manager.xml admin credintials.
I'm using WSO2 API Manager 1.6 & WSO2 BAM 2.4.1. I was able to successfully configure API Manager with BAM. It worked fine and I was able to get the analytics. But due to security reasons I had to change default the admin password of the API Manager which was admin/admin. Since I changed the password in AM I get the following error while running the API Manager with BAM. I think now the BAM is not reachable.
[2015-11-03 10:15:59,731] WARN - SourceHandler Connection time out after request is read: http-incoming-2701
[2015-11-03 10:16:47,556] WARN - SourceHandler Connection time out after request is read: http-incoming-2702
Is there a place to change the password in BAM as well respective to the API Manager so that password changes on AM will reflect on BAM as well? How can I fix this?
Is there a place to change the password in BAM as well? How can I fix
this?
You can do it through UI
Configure > Users and Roles > Change Password
I am unable to implement Multifactor Authentication .
The error i am getting is
TID: [0] [WSO2 Identity Server] [2012-10-30 10:31:38,620] ERROR {org.wso2.carbon.identity.provider.xmpp.MPAuthenticationProvider} - login failed. Trying again.. {org.wso2.carbon.identity.provider.xmpp.MPAuthenticationProvider}
SASL authentication failed:
at org.jivesoftware.smack.SASLAuthentication.authenticate (SASLAuthentication.java:209)
at org.jivesoftware.smack.XMPPConnection.login(XMPPConnection.java:341)
at org.jivesoftware.smack.XMPPConnection.login(XMPPConnection.java:301)
This is for wso2 Identity Server 3.2.3 . Straight out of the box. No additional configuration performed to run this instance of Identity Server.
It appears that signing in as admin , the ldap authentication is completed and then authentication with gtalk is attempted when the error occurs.
Should I be setting my own configuration in the identity.xml where gtalk is being set?
<MultifactorAuthentication>
<XMPPSettings>
<XMPPConfig>
<XMPPProvider>gtalk</XMPPProvider>
<XMPPServer>talk.google.com</XMPPServer>
<XMPPPort>5222</XMPPPort>
<XMPPExt>gmail.com</XMPPExt>
<XMPPUserName>multifactor1#gmail.com</XMPPUserName>
<XMPPPassword>wso2carbon</XMPPPassword>
</XMPPConfig>
</XMPPSettings>
</MultifactorAuthentication>
I found out that I do need to set up a Google talk account.
I added the new settings to the MultifactorAuthentication configuration.
I restarted the server.
I edited the user account with another new Google talk account.
I logged out.
Logged back in via relyingparty URL with openid,
received communication over gtalk requesting pin.
I entered the pin and got logged in.
It would have been nice if wso2 had I their documentation the need to setup the settings for this configuration to get multifactor authentication to work out of the box.