I created a tenant in WSO2 DAS and I am authenticated with that tenant. I created a stream event, when I go to the dashboard designer and try to create a gadget I get the following error.
[2016-02-11 12:08:15,207] ERROR {org.wso2.carbon.analytics.jsservice.AnalyticsJSServiceConnector} - Failed to get the table schema for table: TT : [-1234:TT] does not exist org.wso2.carbon.analytics.datasource.commons.exception.AnalyticsTableNotAvailableException: [-1234:TT] does not exist
This is the solution that worked for me.
Go to the file:
<DAS_HOME>/repository/deployment/server/jaggeryapps/portal/controllers/apis/analytics.jag
and change line 80 to:
loggedInUser = token[USERNAME]+"#"+token["domain"];
If you created the stream by logging using tenant credentials, you need to log into Analytic Dashboards using same tenant credentials. Streams created for one tenant is not available for other tenants. According to your screenshot you have been logged using admin credentials.
I have the same problem, I am using a tenant credentials to access the dashboard designer and when I try to create a gadget I get the same problem, if I do it with the super tenant I can create the gadget without problem.
Related
We're integrating our asp.net MVC client with WSO2's Identity Server v5.8.0.
Below are the steps we've followed:
1) Created a Service provider for our MVC application & configured Inbound authentication with OAuth/OpenID configuration, also configured Inbound provisioning with primary user store.
2) In our MVC application, we've set up a WSO2 configuration using OWIN's WSO2 NuGet package with the generated client-id & client-secret from the service provider.
3) We've configured MongoDB as our primary user store.
Now we're trying to add a user using SCIM2 API (https://localhost:9443/scim2/Users). Below is the response we're getting:
{"schemas":["urn:ietf:params:scim:api:messages:2.0:Error"],"detail":"Cannot add user through scim to user store . SCIM is not enabled for user store WSO2.COM","status":"500"}
I've even changed below config in user-mgt.xml
<Property name="SCIMEnabled">true</Property>
What else do we need to configure? Is there any other way to add user in WSO2 Identity server apart from using SCIM APIs?
It seems like you are having two user stores the primary user store and a secondary user store named wso2.com. By adding the
<Property name="SCIMEnabled">true</Property>
To the user-mgt.xml you are enabling SCIM2 to the primary user store. Not the secondary user store. But from the API you are adding the user to the secondary user store. Since you havent enabled SCIM in the secondary user store you are getting this error. You have two options.
1) Add the user to PRIMARY user store
By analyzing the error that you are getting the user name of the user that you are trying to add should be some thing like
WSO2.COM/Abhishek
Change this to
Abhishek
2) Enable SCIM2 in the secondary user store
Log in to the management console and click list in User Stores sub menu under identity menu.
The User Store Management page opens. There should be a user store named WSO2.COM
Click on edit. Click on advanced tick the enable scim
Reference: https://docs.wso2.com/display/IS580/Using+the+SCIM+2.0+REST+APIs
I setup IS as Key Manager for API-M. Then I tried to create new tenant
Login IS carbon console with super tenant
Create new tenant with domain and admin user
Login IS carbon console with new tenant's admin successfully
Try to login API-M carbon console with new tenant's admin.
Console of API-M shows: CarbonAuthenticationUtil Failed Administrator login attempt 'newuser[3]'
However, i can login in API Publisher with new user
What additional configuration that i should do ?
It looks like you haven't shared user store and permission DB correctly across APIM and IS. Please check user-mgt.xml in both products. If possible attache user-mgt.xml and master-datasources.xml in both products by removing sensitive information like database, LDAP passwords ...etc.
I recently updated my environment from WSO2 IS 5.0.0 to WSO2 IS 5.2.0. My environment consists of 2 machines that are creating a cluster (using the WKA membership scheme and Load Balancer(AWS ELB) with sticky session enabled). I am using MySQL(not the default H2 database). The machines on which the IS is deployed are Windows Server 2012 R2 (EC2 AWS machines). I am also using the so called WSO2 IS Admin services.
As mentioned in the heading I am consuming the UserProfileMgtService
(https://url:port/services/UserProfileMgtService?wsdl).
In combination with it I am using OAuth2TokenValidationService
(https://url:port/services/OAuth2TokenValidationService?wsdl).
If I pass valid access token to the OAuth2TokenValidationService I am able to fill in with data OAuth2TokenValidationResponseDTO object by using the Validate method of the OAuth2TokenValidationService. As result I am able to extract the authorizedUser and pass it to the getUserProfile method of the UserProfileMgtService. I am using the standard carbon.super domain and I am using the email as username. For example I am passing the following two parameters to the getUserProfile:
"admin#admin.com#carbon.super" as username
"default" as profileName
And as result I receive the following message:
UserNotFound: User admin#admin.com#carbon.superdoes not exist in: PRIMARY
If I remove the "#carbon.super" from the authorizedUser, everything is fine and I am able to get the user profile information. This is quite important for me since I am using multitenancy of the IS and there is a case that I might have the following users:
admin#admin.com#test.net
admin#admin.com#test2.net
I noticed that this service was not working this way in WSO2 IS 5.0.0. I started experiencing this issue after the upgrade.
Is this a desired behavior and is introduced because of the change in the API in IS 5.2.0? If so is there another way to be able to get the user profile using the "username"+"tenant-domain"(that is retrieved by the OAuth2TokenValidationService as authorized user when passing valid access token).
Is it possible that this is caused because of misconfiguration? If so which is the file that needs to updated and what exactly should be modified in it?
Is there a place where more information could be retrieved for the WSO2 IS 5.2.0 Admin Services?
Thanks in advance.
UserProfileMgtService in Identity Server is an Admin Service. In WSO2 Admin Services, the tenant domain is identified by authenticated user and it should not pass with username.
username should be tenant free username.
So, you can remove carbon.super portion from the username and then it will work.
In tenant setup, you need to authenticate with a tenant user (Ex admin#admin.com#test.net) in order to access these API. So, like in the super tenant, you can use tenant free username and then it will work.
For example, if you want to get user profile of user : testuser#admin.com in tenant domain test.net, your request should be like bellow image.
Thanks
Isura.
I'm trying to create a self-signup client application which is using WSO2 API Manager and Identity Server.
When I tried to call a web service provided by Identity Server, I've observed that some of the java classes are trying to get a tenant admin credential from a registry file called self-signup.xml.
Due to this I am forced to change the tenant's admin credential manually in self-signup.xml whenever I change the admin's credential through carbon UI.
My questions are:
Is there any specific reason that WSO2 Identity Sever gets a tenant admin credential from that registry file rather than retrieving it from a database?
Is there any way to automatically update the tenant admin's credential written on that registry file when the credential is updated in the database (e.g. changed through carbon UI)
Thanks in advance.
What is the web service you are using for self sign up here?
If you are using UserRegistrationAdminService you should not require any admin credential for self sign up.
You should not require to read admin credentials from a file in your client. Usually if you want to call a web service which require authentication from your client, you need an user logged in to your client and you need to use the cookie retrieved by that user.
I use WSO2 5.0.0 as IdP and the user store is an Active Directory (AD). User and Roles are listed in WSO2 Management console and I'am also being able to login in WSO2 with User/PW stored in AD.
Therefore everything works fine.
The only problem I have is that if I request roles of users (e.g. over RemoteUserStoreManagement- WebService with method getUserClaimValues) than I get the WSO2 roles and not the Active Directory Roles assigned to the users in the AD. Also only the WSO2- Roles are mapped to users in WSO2.
Actually I have only basic knowledge in AD (I haven't adjust the current connection between WSO2 and AD) - therefore I have no idea where I should have a look at in order to resolve this problem.
Has anybody a hint concerning this issue (user-mgt.xml or WSO2 console or ...)
Thanks a lot for help!
So, you need to retrieve the roles of the user? According what you have mentioned, Please do following to resolve this issue.
Please add following attributes under user store manager configuration in user-mgt.xml file, if there are not with the configuration.
<Property name="BackLinksEnabled">true</Property>
<Property name="MemberOfAttribute">memberOf</Property>
Please restart the server and verify.
Please enable the debug logs in the user kernel and verify where is the issue has been generated.
To enable logs,
Locate log4j.properties file which can be found at /repository/conf directory.
Add following entry in to the file
log4j.logger.org.wso2.carbon.identity.sso.saml=DEBUG
Restart the server and try to invoke the server. You would see LDAP related logs where it would help to identify the issue.