Sometimes response of a service is too large that swagger cannot get and beautify response as json.
if we try with "curl" command, we get response very fast. I think this is because of "Syntax highlighting" configuration of swagger.
In this url, we can understand that one way is change this config:
springdoc.swagger-ui.syntaxHighlight.activated=false
Do you have any idea in wso2 apim 4.1.0?
Can we change API Definition for this? or we have to change core configs of wso2?
With advanced UI customization you should be able to get this done. Please refer - https://apim.docs.wso2.com/en/latest/reference/customize-product/customizations/advanced-ui-customization/
You will have to customize the Swagger UI and add the springdoc.swagger-ui.syntaxHighlight.activated property there.
In[1], it is added springdoc.swagger-ui.validatorUrl for the Swagger UI.
[1] -
https://github.com/wso2/apim-apps/blob/main/portals/devportal/src/main/webapp/source/src/app/components/Apis/Details/ApiConsole/SwaggerUI.jsx#L32
I am trying to set up WSO2 Identity Server behind a reverse proxy for SSL offloading. For example, let's say if WSO2 IS is available at say https://<some-ip>:9443/, I am trying to put it behind reverse proxy with address such as https://<domain name>/is/. Note the context path /is and SSL port 443. I thought that this will be trivial enough but sadly I am unable to find any conclusive documentation for achieving the same.
My applications are using OIDC to connect to WSO2 IS and using Azure Application Gateway as reverse proxy - typically all API calls works well but neither of UI (or flows involving redirections) works due to context. I can also fix redirects by URL rewriting at reverse proxy but that still doesn't solve problems. For example, login page will appear but XHR call from the same will go to /logincontext instead of /is/logincontext. Where can I set up the proxy context path in WSO2 IS? I already tried setting the same in .toml file (equivalent of setting it in carbon.xml) but it seems to be affecting only Management Portal.
WSo2 IS documentation talks about setting it up behind ngnix but that documentation is not using any path context. I could find reverse proxy documentation for other WSO2 product such as WSO2 API Manager but it only involves updating carbon.xml and that doesn't work for WSO2 IS. I am not a java person and hence, finding it difficult to figure out web app organization of WSO2.
Any help/link to documentation/guide to set up with proxy context will be useful.
I know that this answer comes a little bit late but recently I had a similar issue and here it is how I made it work, maybe it could be helpful for someone. I was using WSO2 IS 5.11.0.
Note:
I checked similar questions on stackoverflow and found a few but none was enough by itself for my case.
Maybe the solution I came up with is not the best or the most correct but it is the only one I could make work.
Here's how I did, assuming the context path is is:
Open Carbon Management Console and go to Identity Providers -> Resident. Then, go to Inbound Authentication Configuration -> OAuth2/OpenID Connect Configuration. Here, change the hostname under Identity Provider Entity ID to https://domain_name:443/is/<remaining path>.
Make sure that the port number is present or absent both here and in the client application. If there is a mismatch between the two, for some reason, it won't work (or at least it didn't for me).
Open the file deployment.toml and modify it as follows:
under the [server] section, add your proxy context at the end of the base_path url, e.g. base_path = "https://$ref{server.hostname}:${carbon.management.port}/is";
of course, also add proxy_context_path = "is" (actually, this last line should be enough but for some reason in my case it wasn't, so I had to modify the base path too);
under [transport.https.properties] add proxyPort="443".
For the record, I also turned off compression, by adding:
[transport.http.properties]
compression="off"
[transport.https.properties]
...
compression="off"
and set the token issuer URL equal to the entity id set up in Carbon, with:
[oauth]
use_entityid_as_issuer_in_oidc_discovery = true
but found out that these last two steps (turning off compression and setting the entity id as issuer) weren't needed.
Disable the csrf guard by setting org.owasp.csrfguard.Enabled = false
in the file /repository/resources/conf/templates/repository/conf/security/Owasp.CsrfGuard.Carbon.properties.j2.
This step was necessary for me to avoid the 403 Error after logging in on the Carbon Console (turning off compression didn't work).
Lastly, if you use nginx as reverse proxy (as I did), add these two lines in the location used for wso2:
proxy_redirect https://domain_name/oauth2/ https://domain_name/is/oauth2/;
proxy_redirect https://domain_name/carbon/ https://domain_name/is/carbon/;
These are needed (or at least were for me) because some URLs are not under the context path. In particular, the last one allows you to open the Carbon Console at https://domain_name/is/carbon/.
References:
wso2 api manger carbon page gives 403 Forbidden
WSO2 Identity Server login returns a 403
WSO2 Identity Server port configuration
To understand the template-based configuration model adopted from version 5.9.0 onwards, see:
https://apim.docs.wso2.com/en/latest/reference/understanding-the-new-configuration-model/
https://mcvidanagama.medium.com/understand-wso2-api-managers-new-configuration-model-6425a2710faa
Here are some useful configuration mappings from the old xml to the new toml based model:
https://github.com/ayshsandu/samples/tree/master/config-mapping
I am trying to create a Google sign-in and getting the error:
Permission denied to generate login hint for target domain
Before you mark this a duplicate, this is not the same as the question asked at Google sign in website Error : Permission denied to generate login hint for target domain because in that case the questioner was on localhost, whereas I am getting this error on the server.
Specifically, I have included the url of the server in the Authorized Javascript Origins, as in the following image:
and when I get the error, the request shows that the same url was sent, as in the following image:
Is there something else I should be putting in my Restrictions page? Is there any way to figure out what is going on here? Is there a log at the developer console that can tell me what is happening?
Okay, I figured this out. I was using an IP address (as in "http://175.132.64.120") for the redirect uri, as this was a test site on the live server, and Google only accepts actual urls (as in "http://mycompany.com" or "http://localhost") as redirect uris.
Which, you know, THEY COULD HAVE SAID SOMEWHERE IN THE DOCUMENTATION, but whatever.
I know this is an old question, but it's the first result when you look for the problem via Google, so I'll share my solution with you guys.
When deploying Google OAuth service in a private network, namely some IP that can't be accessed via the Internet, you should use a magic DNS service, like xip.io that will give you an URL that your browser will resolve to your internal IP. You see, Google needs to be able to reach your authorized origin via your browser, that's why setting localhost works if you're serving it on your computer, but it won't work when you're deploying outside the Internet, as in a VPN, intranet, or with a tunnel.
So, the steps:
get your IP address, the one you're deploying at and it's not a public domain, let's say it's 10.0.0.1 as an example.
add http://10.0.0.1.xip.io to your Authorized Javascript Origins on the Google Developer Console.
open your site by visiting http://10.0.0.1.xip.io
clear your cache for the site, if necessary.
Log in with Google, and voilĂ .
I got to this solution using this answer in another question.
If you are using http://127.0.0.1/projects/testplateform, change it into http://localhost/projects/testplateform, it will work just fine.
If you testing in your machine (locally). then dont use the IP address (i.e. http://127.0.0.1:8888) in the Client ID configuration , but use the local host instead and it should work
Example: http://localhost:8888
To allow ip address to be used as valid javascript origin, first add an entry in your /etc/hosts file
10.0.0.1 mydevserver.com
and then add this domain mydeveserver.com in Authorized Javascript Origins. If you are using some nonstandard port, then specify it with your domain in Authorized Javascript Origins.
Note: Remove your cache and it will work.
Just ran across this same issue on an external test server, without a DNS entry yet. If you have permission on your local machine just edit your /etc/hosts file:
175.132.64.120 www.jimboweb.com
And use use http://www.jimboweb.com as an authorized domain.
I have a server in private net, ip 172.16.X.X
The problem was solved with app port ssh-forwarding to my localhost port.
Now I am able to use deployed app with google oauth browsing to localhost.
ssh -N -L8081:localhost:8080 ${user}#${host}
I also add localhost:8081 to "Authorized URI redirect" and "Authorized JavaScript sources" in console.developers.google.com:
google developers console
After battling with it for a few hours, I found out that my config in the Google Cloud console was all correct and similar to the answers provided. Due to caching issues or something, I had to recreate a OAuth Client ID and then it suddenly started working.
Its a pretty old issue, but I encountered it and there wasn't any helpful resource, as such I am posting my solution.
For me the issue was when I hosted my web-app locally, a using google-auth for logging in.
The URL I was trying to hit was :- http://127.0.0.1:8000/master
I just changed from IP to http://localhost:8000/master/
And it worked. I was able to log in to the website using Google Auth.
Hope this helps someone someday.
install xampp and run apache server,
put your files (index and co) in a folder in the xampp dir (c:\xampp\htdocs\yourfolder).
Type this in your browser url - http://localhost/yourfolder/index.html
I'm evaluating WSO2 Identity Server 5.0.0 but I'm getting a strange issue using the dashboard.
I installed it on a server of mine (so it is not on localhost) and configured the following configuration files so that WSO2 knows where to point
File wso2is-5.0.0/repository/conf/carbon.xml
<HostName>SERVER_IP</HostName>
<MgtHostName>SERVER_IP</MgtHostName>
File wso2is-5.0.0/repository/conf/security/saml2.federation.properties
WSO2=https://SERVER_IP:9445/samlsso
File wso2is-5.0.0/repository/conf/security/sso-idp-config.xml
<SSOIdentityProviderConfig>
<ServiceProviders>
<ServiceProvider>
<Issuer>wso2.my.dashboard</Issuer>
<AssertionConsumerService>https://SERVER_IP:9443/dashboard/acs</AssertionConsumerService>
...
As stated in the official documentation I should see some blocks and after clicking the "View details" buttons I should be able to do the operations of the dashboard related to each block.
However, when I login in the Dashboard I can see the blocks, but when I click "View details" I get a blank-content page a you can see in the following screenshot of the "My Profiles" page
The same thing happens for the other blocks.
What can I do? Maybe I didn't configure something?
Thank you in advance
Giulio
If you have installed the identity server other than localhost, You would see some issues with dashboard. I also experienced same type of issues. But you can resolve them by configuring the host name and port properly. Unfortunately there are few places that you need to edit. Please find them below. I have already to report a jira to improve them to configure from one config file.
repository/conf/carbon.xml
repository/conf/security/sso-idp-config.xml
repository/deployment/server/jaggeryapps/dashboard/apis/gadget.json
repository/deployment/server/jaggeryapps/portal/gadgets/account-recovery/gadget.xml
repository/deployment/server/jaggeryapps/portal/gadgets/identity_management/gadget.xml
repository/deployment/server/jaggeryapps/portal/gadgets/pwd_change/gadget.xml
repository/deployment/server/jaggeryapps/portal/gadgets/user_auth_apps/gadget.xml
repository/deployment/server/jaggeryapps/portal/gadgets/user_profile/gadget.xml
modify the url of the user_profile (i.e. http://{IP}:{port}/portal/gadgets/user_profile/gadget.xml ) in "repository/deployment/server/jaggeryapps/dashboard/apis/gadget.json" file in to HTTP and Port in to 9763.
We needed to provide a tool where our customers (people) could search for published services. We're trying to use the Governance Registry but do not know the correct way to do so.
The easiest way to do this is by using the java API provided by WSO2. With this API you can browse and search through the registry.
Resource governanceFolder = registry.get("/_system/governance");
System.out.println("Folder description: " +
governanceFolder.getDescription());
// get the WSDL folder resource (use the url we browsed to)
String wsdlUrl = "/_system/governance/trunk/wsdls/_0/service_1" +
"/account/wsdl/trafficavoidance/accountService.wsdl";
Resource wsdlResource = registry.get(wsdlUrl);
// output the content of the wsdl
System.out.println(new String((byte[])wsdlResource
.getContent()));
List<Resource> paths = getServicePath(registry, "/_system/governance/trunk/services");
Configuring and setting up the client is a bit difficult. I've written a blog post on this a couple of weeks ago. So if you need more info you could look there: http://www.smartjava.org/content/access-wso2-registry-programatically
Following links might help you
-[1]https://docs.wso2.com/display/Governance460/CRUD+operation+support+for+Configurable+Governance+Artifacts
-[2]https://docs.wso2.com/display/Governance460/Configurable+Governance+Artifacts+with+API