Wso2 ESB Integration with SFDC - wso2

I am integrating WSO2 ESB 4.8.1 with SFDC.
Using SFDC connector 1.0
In WSO2 i have written the code <salesforce.logout/>, according to WSO2 Documentation they say that it closes the current connection.
<salesforce.logout/> produces below soap message which i identified in WSO2 ESB log
TID: [0] [ESB] [2016-08-30 07:55:39,442] DEBUG {org.apache.synapse.transport.http.wire} -  << "<?xml version="1.0" encoding="UTF-8"?><soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:urn="urn:partner.soap.sforce.com"><soapenv:Header><urn:SessionHeader><urn:sessionId>00D17000000BPGr!AQcAQDIggW.ikXtsb0Ckm8c8pKKDlF_8QN42jL31WUa6hDLOdEeNIjrYsevKW0FeZLDzlrjcDLwMni_7gYaZgNfdN4zv9Cgj</urn:sessionId></urn:SessionHeader></soapenv:Header><soapenv:Body><urn:logout></urn:logout></soapenv:Body></soapenv:Envelope>[\r][\n]" {org.apache.synapse.transport.http.wire}
But few times i am getting below error (INVALID_SESSION_ID: Invalid Session ID found in SessionHeader: Illegal Session. Session not found, missing session hash:) when <salesforce.logout/> is executed
TID: [0] [ESB] [2016-08-30 07:55:39,529] DEBUG {org.apache.synapse.transport.http.wire} -  >> "<?xml version="1.0" encoding="UTF-8"?><soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:sf="urn:fault.partner.soap.sforce.com" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"><soapenv:Body><soapenv:Fault><faultcode>sf:INVALID_SESSION_ID</faultcode><faultstring>INVALID_SESSION_ID: Invalid Session ID found in SessionHeader: Illegal Session. Session not found, missing session hash: je59etMAEPM+m9VdYJb0AW==[\n]" {org.apache.synapse.transport.http.wire}
TID: [0] [ESB] [2016-08-30 07:55:39,529] DEBUG {org.apache.synapse.transport.http.wire} -  >> "This is expected, it can happen if the session has expired and swept away, or if the user logs out, or if its just someone trying to hack in. </faultstring><detail><sf:UnexpectedErrorFault xsi:type="sf:UnexpectedErrorFault"><sf:exceptionCode>INVALID_SESSION_ID</sf:exceptionCode><sf:exceptionMessage>Invalid Session ID found in SessionHeader: Illegal Session. Session not found, missing session hash: je59etMAEPM+m9VdYJb0AW==[\n]" {org.apache.synapse.transport.http.wire}
TID: [0] [ESB] [2016-08-30 07:55:39,529] DEBUG {org.apache.synapse.transport.http.wire} -  >> "This is expected, it can happen if the session has expired and swept away, or if the user logs out, or if its just someone trying to hack in. </sf:exceptionMessage></sf:UnexpectedErrorFault></detail></soapenv:Fault></soapenv:Body></soapenv:Envelope>[\r][\n]" {org.apache.synapse.transport.http.wire}
Is it SFDC issue/WSO2 SFDC connector issue/WSO2 ESB configuration issue.?
For upsert operation we are using configkey attribute in entire project, below is the code
<salesforce.upsert configKey="sfdc_connection_dtls">
          <allOrNone>0</allOrNone>
          <allowFieldTruncate>0</allowFieldTruncate>
          <sobjects xmlns:sfdc="sfdc">{//sfdc:sObjects}</sobjects>
        </salesforce.upsert>
So when i use <salesforce.logout/> in the respective sequence, does it closes only the current connection which is available in sequence.? or it closes all connection which are existing.?
Where ever i am using salesforce.upsert(below is the skeleton code) can i use <salesforce.logout/> after salesforce.upsert call.?
<salesforce.upsert configKey="sfdc_connection_dtls">
<!-- sobject goes here -->
</salesforce.upsert>
Looking forward for your help
Thanks,
Tejas

In WSO2 SFDC connector, there's a single SF connection created per flow per init configuration. Therefore, if you issue a logout, your subsequent requests will fail. It is not necessary to issue logout since the connection is anyway terminated at the end of the flow.

Related

WSO2 APIM Application Registration urn:approve action not found

UPDATE: We have reproduced the same problem connecting to EI 6.1.1 business process module
We are trying to implement a application registration (generation of key) for API manager (version 2.1.0), using BPS (version 3.6.0).
For this, we are following the instructions in
https://docs.wso2.com/display/AM210/Adding+an+Application+Registration+Workflow
We have also corrected a typo in the content of the package, as provide by the
https://github.com/wso2/product-apim/pull/2730/files#diff-737be153055f194110665b96252dcebe
The previous workflow (ApplicationCreation) works fine, but this, when we click in "GenerateKeys" in store, fails with error in BPS, saying that the action urn:approve is invalid
TID: [-1234] [] [2018-06-20 21:11:32,909] DEBUG {org.wso2.carbon.bpel.messagetrace} - Message received: ApplicationRegistrationWorkFlowProcess.{http://workflow.application.apimgt.carbon.wso2.org}initiate {org.wso2.carbon.bpel.messagetrace}
TID: [-1234] [] [2018-06-20 21:11:33,824] WARN {org.apache.axis2.addressing.AddressingFaultsHelper} - triggerActionNotSupportedFault: messageContext: [MessageContext: logID=11ff1a7f886692cdddf6394b6d5e88da06b8bac0e1095ec3] problemAction: urn:approve {org.apache.axis2.addressing.AddressingFaultsHelper}
TID: [-1234] [] [2018-06-20 21:11:33,830] ERROR {org.apache.axis2.engine.AxisEngine} - The [action] cannot be processed at the receiver. {org.apache.axis2.engine.AxisEngine}
org.apache.axis2.AxisFault: The [action] cannot be processed at the receiver.
We have checked, in BPS carbon console, that the service ApplicationRegistrationWorkFlowProcess is deployed, and the WSDL 1.1 endpoint is deployed with soapAction=urn:approve.
The endpoint in API Manager (store), the workflow-extensions in registry /_system/governance/apimgt/applicationdata/workflow-extensions.xml are modified as described to
<SandboxApplicationRegistration executor="org.wso2.carbon.apimgt.impl.workflow.ApplicationRegistrationWSWorkflowExecutor">
<Property name="serviceEndpoint">http://apibps.example.com:9765/services/ApplicationRegistrationWorkFlowProcess/</Property>
<Property name="username">admin</Property>
<Property name="password">admin</Property>
<Property name="callbackURL">https://apimanager.example.com:8243/services/WorkflowCallbackService</Property>
</SandboxApplicationRegistration>
I tested the same with APIM 2.2.0 and BPS 3.6.0 and EI 6.2.0. It worked fine. Can you change the port in callbackURL of SandboxApplicationRegistration in workflow-extensions.xml to 8248 and retry?

Callback requests at random ports in WSO2 EI 6.0

I have a proxy to an external web services being called by a schedule task in WSO2 EI 6.0. I can see the request being sent out of the ESB as an instance gets logged in ESB Analytics but it's not clear to me what is happening with the response payload.
These log messages show up in wso2carbon.log file:
TID: [-1] [] [2017-05-08 18:22:27,875] WARN {org.apache.synapse.transport.passthru.SourceHandler} - Connection time out after request is read: http-incoming-85 Socket Timeout : 180000 Remote Address : /XX.XX.XX.XX:35380 {org.apache.synapse.transport.passthru.SourceHandler}
TID: [-1] [] [2017-05-08 18:17:27,896] WARN {org.apache.synapse.transport.passthru.SourceHandler} - Connection time out after request is read: http-incoming-84 Socket Timeout : 180000 Remote Address : /XX.XX.XX.XX:57507 {org.apache.synapse.transport.passthru.SourceHandler}
TID: [-1] [] [2017-05-08 18:12:28,364] WARN {org.apache.synapse.transport.passthru.SourceHandler} - Connection time out after request is read: http-incoming-83 Socket Timeout : 180000 Remote Address : /XX.XX.XX.XX:50387 {org.apache.synapse.transport.passthru.SourceHandler}
XX.XX.XX.XX is the remote address where the webserices are hosted. I can understand from this the the response is getting lost because these ports are not open in the firewall hosting this WSO2 instance, but for security reasons I cannot open all ports so these random ports would always work.
I need to understand why WSO2 is expecting the response at these ports and not on the same port where the request connection was made (443 in my case), and even why a separate connection need to be established since this is a synchronous web service.
Please let me know any resource available containing more details on how the transport pass trough is affecting this.
If this is some functionality from WSO2 or Synapse is there a way to disable it?
If I end up having to open all ports in the firewall to support this, is there a way to limit the random port numbers to an specific range?
Thanks in advance.

API Manager Gateway 1.8 Incoming Connections Timing out

I am running API Manager Gateway version 1.8. Server is running CentOS 8 with Java(TM) SE Runtime Environment (build 1.7.0_67-b01). I am testing on a test and production server. To rule out differences between the servers the production server was cloned from the test server and updated to point to a separate DB, Key Manager & LDAP server. In addition it was synched with Gateway Management node.
I start up both of the Gateway servers. There are several dozen APIs deployed on each server. For testing I deployed an identical API on test and prod that point to the same backend service. The API does not require authentication so there is no token call. I execute a wget for the API directly to the Gateway worker in prod and test.
The call executes successfully in test returning a response in about 1 second.
However call to production hangs for a minute, then wget retries. Eventually after several retries the call succeeds.
I have made hundreds of calls to the service directly from command prompt on the production Gateway node and they are successful every time.
I am skipping the load balancer so all traffic in my test is via http to the Gateway server and to my backend service.
In production I see the following in the logs. The request for /csmjk followed by a 1 minute delay before the http-incoming-1 times out.
TID: [0] [AM] [2017-04-16 07:38:31,472] DEBUG {org.apache.synapse.transport.passthru.SourceHandler} - http-incoming-1: GET /csmjk/1.0/iscontentavailable/publisher/ISE.json?publisherdocumentid=10.1504/WRSTSD.2013.050791 HTTP/1.0 {org.apache.synapse.transport.passthru.SourceHandler}
TID: [0] [AM] [2017-04-16 07:38:31,479] DEBUG {org.apache.synapse.transport.nhttp.access} - - 10.40.1.161 - - [16/Apr/2017:07:38:31 -0500] "GET /csmjk/1.0/iscontentavailable/publisher/ISE.json?publisherdocumentid=10.1504/WRSTSD.2013.050791 HTTP/1.0" - - "-" "Wget/1.12 (linux-gnu)" {org.apache.synapse.transport.nhttp.access}
TID: [0] [AM] [2017-04-16 07:38:31,481] DEBUG {org.apache.synapse.transport.passthru.ServerWorker} - Starting a new Server Worker instance {org.apache.synapse.transport.passthru.ServerWorker}
TID: [0] [AM] [2017-04-16 07:39:31,547] DEBUG {org.apache.synapse.transport.passthru.SourceHandler} - http-incoming-1: Timeout {org.apache.synapse.transport.passthru.SourceHandler}
TID: [0] [AM] [2017-04-16 07:39:31,547] WARN {org.apache.synapse.transport.passthru.SourceHandler} - Connection time out after request is read: http-incoming-1 {org.apache.synapse.transport.passthru.SourceHandler}
In test I see the request followed immediately by a call to our backend service:
TID: [0] [AM] [2017-04-16 07:42:08,281] DEBUG {org.apache.synapse.transport.passthru.SourceHandler} - http-incoming-10: GET /csmjk/1.0/iscontentavailable/publisher/ISE.json?publisherdocumentid=10.1504/WRSTSD.2013.050791 HTTP/1.0 {org.apache.synapse.transport.passthru.SourceHandler}
TID: [0] [AM] [2017-04-16 07:42:08,286] DEBUG {org.apache.synapse.transport.nhttp.access} - - 10.40.1.161 - - [16/Apr/2017:07:42:08 -0500] "GET /csmjk/1.0/iscontentavailable/publisher/ISE.json?publisherdocumentid=10.1504/WRSTSD.2013.050791 HTTP/1.0" - - "-" "Wget/1.12 (linux-gnu)" {org.apache.synapse.transport.nhttp.access}
TID: [0] [AM] [2017-04-16 07:42:08,304] DEBUG {org.apache.synapse.transport.passthru.ServerWorker} - Starting a new Server Worker instance {org.apache.synapse.transport.passthru.ServerWorker}
TID: [0] [AM] [2017-04-16 07:42:08,394] INFO {org.wso2.carbon.databridge.agent.thrift.AsyncDataPublisher} - Flushing the events from the queue 1 {org.wso2.carbon.databridge.agent.thrift.AsyncDataPublisher}
TID: [0] [AM] [2017-04-16 07:42:08,426] INFO {org.wso2.carbon.apimgt.gateway.handlers.security.CCCAPIAuthenticationHandler} - Headers : {Accept=*/*, Connection=Keep-Alive, Host=TEST:8281, User-Agent=Wget/1.12 (linux-gnu), X-JWT-Assertion=null} {org.wso2.carbon.apimgt.gateway.handlers.security.CCCAPIAuthenticationHandler}
TID: [0] [AM] [2017-04-16 07:42:08,426] INFO {org.wso2.carbon.apimgt.gateway.handlers.security.CCCAPIAuthenticationHandler} - Message context:[MessageContext: logID=57478a056938f45377e3a24e79fae0781cbfcc13f4af60aa] {org.wso2.carbon.apimgt.gateway.handlers.security.CCCAPIAuthenticationHandler}
TID: [0] [AM] [2017-04-16 07:42:08,585] INFO {org.wso2.carbon.apimgt.gateway.handlers.security.CCCAPIAuthenticationHandler} - End user: null, API user: null {org.wso2.carbon.apimgt.gateway.handlers.security.CCCAPIAuthenticationHandler}
TID: [0] [AM] [2017-04-16 07:42:08,601] INFO {org.apache.synapse.core.axis2.TimeoutHandler} - This engine will expire all callbacks after : 120 seconds, irrespective of the timeout action, after the specified or optional timeout {org.apache.synapse.core.axis2.TimeoutHandler}
TID: [0] [AM] [2017-04-16 07:42:08,617] DEBUG {org.apache.synapse.transport.passthru.connections.TargetConnections} - Trying to get a connection {}->http://SERVICE:1111 {org.apache.synapse.transport.passthru.connections.TargetConnections}
This has been working fine in production for many months and suddenly stopped working reliably two days ago.
Any help would be greatly appreciated.
Thanks
I have been working on this for 3 days straight now. After enabling additional debugging I determined that the last thing done prior to the timeout was a call to Google Analytics. I disabled Google Analytics Tracking and everything is back to normal now. This is also configured in my test instance. More debugging to come but at least I am back to responding to requests.
Thanks

The service cannot be found for the endpoint reference while User Store Configuration Deployer initialization

from time to time our api throws 500 Http codes. I tried to track down the problem and found this kind of errors in the wso2carbon.log:
TID: [0] [AM] [2017-03-05 20:06:11,687] INFO {org.wso2.carbon.core.multitenancy.TenantAxisConfigurator} - Creating tenant AxisConfiguration for tenant: aTenant[2] {org.wso2.carbon.core.multitenancy.TenantAxisConfigurator}
TID: [0] [AM] [2017-03-05 20:06:11,726] INFO {org.wso2.carbon.identity.user.store.configuration.deployer.UserStoreConfigurationDeployer} - User Store Configuration Deployer initiated. {org.wso2.carbon.identity.user.store.configuration.deployer.UserStoreConfigurationDeployer}
TID: [0] [AM] [2017-03-05 20:06:11,730] ERROR {org.apache.axis2.engine.AxisEngine} - The service cannot be found for the endpoint reference (EPR) local://axis2services/some/api/path {org.apache.axis2.engine.AxisEngine}
org.apache.axis2.AxisFault: The service cannot be found for the endpoint reference (EPR) local://axis2services/some/api/path
at org.apache.axis2.engine.DispatchPhase.checkPostConditions(DispatchPhase.java:78)
at org.apache.axis2.engine.Phase.invoke(Phase.java:329)
at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:261)
at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:167)
at org.wso2.carbon.core.multitenancy.MultitenantMessageReceiver.processRESTRequest(MultitenantMessageReceiver.java:594)
at org.wso2.carbon.core.multitenancy.MultitenantMessageReceiver.doNhttpREST(MultitenantMessageReceiver.java:534)
at org.wso2.carbon.core.multitenancy.MultitenantMessageReceiver.doREST(MultitenantMessageReceiver.java:353)
at org.wso2.carbon.core.multitenancy.MultitenantMessageReceiver.processRequest(MultitenantMessageReceiver.java:212)
at org.wso2.carbon.core.multitenancy.MultitenantMessageReceiver.receive(MultitenantMessageReceiver.java:79)
at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:180)
at org.apache.synapse.transport.passthru.ServerWorker.processNonEntityEnclosingRESTHandler(ServerWorker.java:344)
at org.apache.synapse.transport.passthru.ServerWorker.run(ServerWorker.java:168)
at org.apache.axis2.transport.base.threads.NativeWorkerPool$1.run(NativeWorkerPool.java:172)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at java.lang.Thread.run(Thread.java:744)
TID: [0] [AM] [2017-03-05 20:06:11,803] INFO {org.wso2.carbon.core.deployment.DeploymentInterceptor} - Deploying Axis2 service: wso2carbon-sts {aTenant[2]} {org.wso2.carbon.core.deployment.DeploymentInterceptor}
TID: [0] [AM] [2017-03-05 20:06:11,856] INFO {org.apache.axis2.deployment.DeploymentEngine} - Deploying Web service: org.wso2.carbon.sts - {org.apache.axis2.deployment.DeploymentEngine}
TID: [0] [AM] [2017-03-05 20:06:11,860] INFO {org.wso2.carbon.core.deployment.DeploymentInterceptor} - Deploying Axis2 service: wso2carbon-sts {aTenant[2]} {org.wso2.carbon.core.deployment.DeploymentInterceptor}
TID: [0] [AM] [2017-03-05 20:06:11,926] INFO {org.wso2.carbon.mediation.initializer.multitenancy.TenantServiceBusInitializer} - Intializing the ESB Configuration for the tenant domain : aTenant {org.wso2.carbon.mediation.initializer.multitenancy.TenantServiceBusInitializer}
After Deploying Axis2 service:... everything runs fine.
So it seems that api calls can not be processed while the UserStoreConfigurationDeployer is running. But this happens between 10 and 20 times a day, causing several errors.
The javadoc says:
/**
* This is to deploy a new User Store Management Configuration file dropped or created at repository/deployment/server/userstores
* or repository/tenant/<>tenantId</>/userstores. Whenever a new file with .xml extension is added/deleted or a modification is done to
* an existing file, deployer will automatically update the existing realm configuration org.wso2.carbon.identity.user.store.configuration
* according to the new file.
*/
But these files are never touched.
I'm not an expert for wso2, so can someone point me where to search? Can the UserStoreConfigurationDeployer be configured to run only at start or only once a day (at 2:00 am or something)?
We are currently using wso2am-1.8.0, the upgrade to 2.something is planned.

WSO2 API Manager service API call failure while loading throttling policy

Currently we are trying to expose our Axis2 web services via WSO2 API manager. However in some cases service do not return result and looking at logs on WSO2 API manager we see the following
ERROR {org.wso2.carbon.apimgt.gateway.handlers.throttling.APIThrottleHandler} - Unable to load throttling policy using key: gov:/apimgt/applicationdata/tiers.xml {org.wso2.carbon.apimgt.gateway.handlers.throttling.APIThrottleHandler} TID: [0] [AM] [2013-01-07 16:42:22,951]
INFO {org.apache.synapse.mediators.builtin.LogMediator} - To: /TestService/1.0.0, WSAction: urn:testOperation, SOAPAction: urn:testOperation, MessageID: urn:uuid:a8f94f58-5e2d-4d51-afc7-83182b51d173, Direction: request, STATUS = Executing default 'fault' sequence, ERROR_CODE = 0, ERROR_MESSAGE = Unable to load throttling policy using key: gov:/apimgt/applicationdata/tiers.xml, Envelope: <?xml version='1.0' encoding='utf-8'?><soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"><soapenv:Body><p:testOperation xmlns:p="http://example.com"><param>d1</param></p:testOperation></soapenv:Body></soapenv:Envelope> {org.apache.synapse.mediators.builtin.LogMediator}
For configuration i use the default h2 database as registry and mysql database for user and api manager database.
This issue is a known issue [1],which will be fixed in the next AM release. We also encountered this issue at a instance,when we are trying invoking two different APIs at same time or within short time period.
Thanks;
[1] https://wso2.org/jira/browse/APIMANAGER-835