I've changed the wso2carbon.jks keystore to my own store and my CA signed cert is working fine via a remote browser for https. However when I try to change the admin password via the carbon management console UI and restart the API manager I get problems with:
AMQConnection Unable to connect to broker at tcp://10.16.0.5:5673
org.wso2.andes.AMQException: Error occurred while establishing a connection
I'm running 2.0.0 of API manager on Ubuntu 14.04
I don't have enough points to comment on a similar issue:
WSO2 API Manager - Error changing admin password
but happy to experiment and isolate this bug. I could try to change the admin password for all references in xml files under conf if needed.
Please advise on the best way to change the admin password for API manager. I'm happy to do a clean install and see if I can just change the admin password. Please advise if I should use the UI or change in repository/conf files.
Search all xml files with "admin" references. What I can recall is, api-manager.xml, user-mgt.xml, identity.xml, etc.. You may also check out the related wso2 doc.
I've just worked through this issue with WSO2 support. In my case it had to do with the content of the password. I used the same admin password for v2 as I did for v1.10 but apparently the different frameworks in v2 has a problem with special characters in the password. More specifically, a '#' character. The link below was provided as a reference. Upon changing the admin password, both in the console and in the user-mgt.xml file, and restarting the product, I am no longer experiencing the exception.
https://wso2.org/jira/browse/APIMANAGER-4991
Related
I'm having a server with power-bi reporting service installed and configured on it, and from my front-end that hosts the application, i've got angular 7 with proper power-bi components installed.
Since the report is on the server and it needs authentication to login, i get a user and password fill-in prompt in my website whenever i try to access this report, and after logging in, i can see the data of my report.
I'm wondering how to use Kerberos authentication so that i can set-up that username and password to login automatically without asking the user to enter them every time.
What i've done so far :
I've made and set a few SPN in my active directory, made a user in Active Directory Users and Computer and in it's Delegation tab, i've set it to Use any authentication protocol and added MSOLAPDisco and MSOLAPSvc.3 to it. i've added the user account credentials that i've made to service account and execution account in power bi Report server then i modified the rsreportserver config file to use the RSNegotiate before NTLM.
After trying to solve the issue with the mentioned above methods, i still get a NTLM method in network monitor which is installed in the Active Directory.
Any suggestions how to solve this issue? Thanks in advance.
I was wondering if there is an option for users who want to use the store but have forgotten their password
Currently the WSO2 sign-in page looks like this:
I have set the following in < APIM_HOME >/repository/conf/identity/identity-mgt.properties:
Identity.Listener.Enable=true
Notification.Sending.Enable=true
Notification.Expire.Time=3
Notification.Sending.Internally.Managed=true
UserAccount.Recovery.Enable=true
Captcha.Verification.Internally.Managed=true
I'm assuming the email settings for the same are in < APIM_HOME >/repository/conf/email/email-admin-config.xml
Anyhow, after applying the above settings and restarting the server, the sign-in page remained the same.
Is there some configuration to enable an option on the sign-in page (eg. Forgot password/Reset password)?
Also, are there any additional settings that need to be configured for it to work as expected?
API Manager Store/Publisher UIs do not support this out-of-the-box. But you can achieve this with WSO2 Identity server. (You can use the same identity server, as key manager node of the APIM setup)
Please refer to IS docs. A sample webapp also available here.
Im trying to setup WSO2MDM on Nexus 07 tablet.
I have configured web based backend and its up and running.
I followed the guide lines in documentation to set up Client mobile app on the tablet. (Already set the configuration according to steps on documentation and compiled it.)
But When I try to register using tablet it gives me an error saying "Authentication failed due to a connection failure do you want to try again?";
Please advise me how to sort this out.
What's the authentication parameters you tried? In a fresh pack, you may not have configured tenants. So your basic login parameters can be "admin", "admin" as the user name and password. That's basically the super admin's credentials.
First check whether you can enroll the device to that user. Then try with the new user you have created. Always keep the Domain field empty if you do not have a tenant set up. And if you are trying this setup in your local machine, make sure your device and server are in the same network. Android WIFI tethering may help you in that case.
Use this guide[1] when you are enrolling.
[1] - http://wso2.com/library/articles/2014/03/how-wso2-emm-addresses-the-android-challenge/
Thanks
We have an issue with WSO2 Identity Server Version 4.5.0 where we have swapped out the default embedded Apache DS and replaced it with OID (Oracle Internet Directory).
We have updated the user-mgt.xml and other configuration files the way we think they should be.
However, we cannot write users/roles back to LDAP from WSO2.
We can write create users/roles directly in LDAP when logged in through Directory Studio.
We can view users/roles in WSO2.
We can also delete a user in WSO2.
We have gone through the user docs on configuring the user store: https://docs.wso2.org/display/IS450/Configuring+Primary+User+Stores#ConfiguringPrimaryUserStores(Carbon4.2.0v2)-ConfiguringanexternalLDAPorActiveDirectoryuserstore
It is only the writing to LDAP through WSO2 that is not working so it must be a WSO2 configuration issue. I have the UserStoreManager configured to ReadWriteLDAPUserStoreManager
Again - reading, and deleting works fine through WSO2.
Does anyone have any ideas/suggestions on where to look to solve this problem?
We discovered the problem. We switched out the default LDAP for an external LDAP but the schema definitions were off a bit and we had SCIM enabled in user-mgt.xml.
There's a good explanation here:
http://sureshatt.blogspot.com/2013/06/scim-user-provisioning-with-wso2.html
I have a situation where I need to setup a standalone version of wso2 Identity Server and have that act as the SSO provider into all of the products in Stratos.
Currently I have Stratos Identity Server configured so that I can login via the standalone Identity Server, using admin.
However, if I use another user I either
get a "Authorization Failure"
or cannot login.
First Question
1) I have the same user created in both Identity Server (that is not admin). Why would I get the "Authorization Failure" ?
Second Question
2) Why is it I can not even get to the "Authorization Failure" problem if I have a user created with username in format of user#domain.com ?
UPDATE:
I figured out that if I remove the property tags in user-mgt.xml that reference the usernames with regular expressions I am able to create usernames in the format of name#domain.com. But I am still unable to use that username to login, the error log says that the account has not been activated.
I also created two instances of wso2 identity server and configured them in such a way to test being able to use one to login to the other. I was able to do this by making sure that the same username and password was in both servers list of users. This way I do not get the "Authorization Failure"
The answers I came up with.
1. I need to have the same username and password in each Identity Server.
2. I cannot have format name#domain.com unless I have Multi-tenancy configured. Otherwise wso2 will try to find the ACTIVATE field in the Tenant table and not find it.
UPDATE: I got this installed and configured and it turned out that I now get another error about
Issuer details are not valid. Issuer details should be registered in advance
So my answer turned out not to to be valid.
I wonder why I get this new login failure?
UPDATE RESOLVED!!:
I resolved this problem by downloading just the wso2 stratos IS 1.5.2 package. I installed it. Configured with same configuration I was using before. Now I can login without problems across domains.