I added an external LDAP to WSO2 API Manager v1.9. When I log in to the API Store with a user from the external LDAP (internal LDAP that comes with WSO2 works fine) I get an error when I try to generate an OAuth2.0 Key from the My Subscriptions page. The error is a pop-up window that says "Error occurred while executing the action generateApplicationKey".
Is there something else I need to set for using an external LDAP?
ERROR {org.wso2.carbon.apimgt.hostobjecgts.APIStoreHostObject} - Error while obtaining the application access token for the application:itest {org.wso2.carbon.apimgt.hostobjecgts.APIStoreHostObject} org.wso2.carbon.apimgt.api.APIManagementException: Error occurred while Creating Keys.
at org.wso2.carbon.apimgt.impl.utils.APIUtil.handleException(APIUtil.java:1117)
....
Related
I was configuring wso2 to user mysql db as primary source in deployment.toml file. service are running without any error. when i try to access carbon console i'm getting error in logs.
Error:-
ERROR {org.wso2.carbon.core.services.authentication.AuthenticationAdmin} - System error while Authenticating/Authorizing User : Operation is not supported
Please help me resolving
Thanks,
prudhvi
We are using WSO2 Identity Server 5.10.0.
when creating users through Identity Server Management console, If user is already exists we are getting below error in logs and User is not getting added:
ERROR {org.wso2.carbon.user.mgt.ui.UserAdminClient} - UserAlreadyExisting:Username already exists in the system. Please pick another username. org.wso2.carbon.user.mgt.stub.UserAdminUserAdminException: UserAdminUserAdminException
However error message is not shown in IS management console
What is the WUM version of the WSO2IS-5.10 you are using? To find the WUM version of your WSO2IS use the WUM (WSO2 Update Manager)
[https://www.chakray.com/how-install-wso2-update-manager-wum-tool-apply-wso2-patches/]
I tried adding two same users named users in WSO2IS-5.10 but it seems to give me the error message in the admin console. check this image,
To check that there are any other issues is happening and blocking the display of error messages, can enable the debug mode in Log4J.properties file in < IS-HOME >/repository/conf folder. And check the link below to see how to set up Log4j.properties file.
[https://medium.com/identity-beyond-borders/enable-logging-in-wso2-identity-server-with-log4j2-4b2ef1374656]
I am extending a userstore manager ActiveDirectoryUserStoreManager for WSO2AM 2.1.0 overriding the protected String[] doGetExternalRoleListOfUser method to add roles from an external authorization service (roles are used for scope authorization).
All looks working locally, but in other environments (deployed on kubernetes) when requesting a token (code grant) I got following exception: Error occurred while accessing Java Security Manager Privilege Block
(other grant types are working with no issue)
Error occurred while issuing the access token for Client ID : ddSiloINsMx5fwp08FqqF62hcaaa, User ID null, Scope : [] and Grant Type : authorization_code More
ERROR {org.wso2.carbon.identity.oauth2.OAuth2Service} - Error occurred while issuing the access token for Client ID : ddSiloINsMx5fwp08FqqF62hcaaa, User ID null, Scope : [] and Grant Type : authorization_code
java.util.AbstractCollection.addAll(AbstractCollection.java:343)
org.wso2.carbon.apimgt.keymgt.ScopesIssuer.setScopes(ScopesIssuer.java:110)
org.wso2.carbon.apimgt.keymgt.handlers.ExtendedAuthorizationCodeGrantHandler.validateScope(ExtendedAuthorizationCodeGrantHandler.java:48)
org.wso2.carbon.identity.oauth2.token.AccessTokenIssuer.issue(AccessTokenIssuer.java:242)
...
ERROR {org.wso2.carbon.apimgt.keymgt.issuers.RoleBasedScopesIssuer} - Error when getting the tenant's UserStoreManager or when getting roles of user
org.wso2.carbon.user.core.common.AbstractUserStoreManager.callSecure(AbstractUserStoreManager.java:177)
org.wso2.carbon.user.core.common.AbstractUserStoreManager.getRoleListOfUser(AbstractUserStoreManager.java:2586)
org.wso2.carbon.apimgt.keymgt.issuers.RoleBasedScopesIssuer.getScopes(RoleBasedScopesIssuer.java:118)
org.wso2.carbon.apimgt.keymgt.ScopesIssuer.setScopes(ScopesIssuer.java:109)
...
ERROR {org.wso2.carbon.user.core.common.AbstractUserStoreManager} - Error occurred while accessing Java Security Manager Privilege Block
Checking the source code I see there are secure calls made (callSecure), which I don't see immediate reason (though I assume there must be a security reason if someone made so much effort).
The same issue pops up whe nvalidating the token (invoking an API requiring a scope)
As it is working locally, atm I am unable to provide a working testable (repeatable) case, as soon I have one I will update the question.
Using default AD userstore manager there's no issue whatsoever, just we don't have the external roles available for authorization
There was another log entry in the wso2carbon.log (though not in the console - logs available through the carbon console)
Caused by: java.lang.NullPointerException
at org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager.getLDAPRoleListOfUser(ReadOnlyLDAPUserStoreManager.java:1928)
at org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager.doGetExternalRoleListOfUser(ReadOnlyLDAPUserStoreManager.java:2041)
at com.rd.poa.auth.roleuserstore.ExtRoleUserstore.doGetExternalRoleListOfUser(ExtRoleUserstore.java:162)
at org.wso2.carbon.user.core.common.AbstractUserStoreManager.doGetRoleListOfUser(AbstractUserStoreManager.java:3730)
at org.wso2.carbon.user.core.common.AbstractUserStoreManager.getRoleListOfUser(AbstractUserStoreManager.java:2615)
seems users were members of groups outside the "GroupSearch" filter. Making the group search base containing all LDAP group seems to help (so far)
another needed action was stripping the FEDERATED realm from the username WSO2AM2.1.0-update12 scope roles for federated users
I logged in as admin in the carbon/admin of the api management but I keep seeing this error when I access the statistics tab.
Authentication failed:Error processing data: java.io.IOException: Error looking up user javax.security.auth.login.AccountNotFoundException: Invalid User : guest {org.wso2.andes.server.handler.ConnectionStartOkMethodHandler}
Hi I am using django allauth I am getting this error every things in fine in code and api settings
An error occurred while attempting to login via your social network account.