We Keep Coding

WSO2 EI: WSDL Not opening in the management console

WSDL 1.1 & WSDL 2.0 are not opening in the management console when I open the WSDL in the management console it shows This site can’t be reached error I don't know why this happening. So please help me to sort this out.
Note: No error throws in both carbon and wire logs
Thanks!

you have misconfiguration problem i think. becouse you have wso2 in AWS and this ip-10-50-11-169... is not a hostname or your ip adress.
Can you check your /etc/hosts on server? maybe you must change fqdn in aws account
or you can check wso2 hostname/ip adress configuration in axis2.xml <parameter name="WSDLEPRPrefix"..

You need to add the following property to your axis2.xml to pick the correct FQDN/Hostname when generating WSDL URLs. So add the Hostname you are using to access the services here or if you are using the same hostname used for management console add the hostname with the correct service port.(8280 or 8343)
<parameter name="WSDLEPRPrefix" locked="false">http://ei.wso2.com:80</parameter>
Refer to instructions here.
Also, make sure the FQDN is resolvable and your security groups are allowing access to relevant ports.

WSO2 Publisher/Store not working after installed EEM

After I installed WSO2 EEM (Enterprise Mobility Manger), I could add device to device management. But I couldn't open the Publisher/Store, all the page will jump to the https://localhost:9443/publisher/acs or https://localhost:9443/samlsso. Should I to install the WSO2 Identity Server or config the SSO for it?

You don't need to install any identity components or configure sso explicitely. They are already there in vanilla EMM. When you go to https://localhost:9443/publisher, it should be redirected to login page.
https://localhost:9443/authenticationendpoint/login.do
Then when you enter credentials it should redirect you in below urls.
1) https://localhost:9443/publisher/acs
2) https://localhost:9443/publisher
If this doesn't work for you, there should be exceptions in log file. Please check that.

There was a missing part in EMM documentation in the SSO configuration section[1]. Hope you are trying out this VM. Please follow the steps which are given in here in order to get publisher and store working properly.
The reason which you encountered becuase of app-manager.xml file that is in the /repository/conf directory didn't properly configure.
<SSOConfiguration>
<!-- URL of the IDP use for SSO -->
<IdentityProviderUrl>https://<EMM_HOST>:<EMM_HTTPS_PORT>/samlsso</IdentityProviderUrl>
<Configurators>
<Configurator>
<name>wso2is</name>
<version>5.0.0</version>
<providerClass>org.wso2.carbon.appmgt.impl.idp.sso.configurator.IS500SAMLSSOConfigurator</providerClass>
<parameters>
<providerURL>https://<EMM_HOST>:<EMM_HTTPS_PORT></providerURL>
<username>admin</username>
<password>admin</password>
</parameters>
</Configurator>
</Configurators>
</SSOConfiguration>
1.https://docs.wso2.com/display/EMM201/General+Server+Configurations

WSO2 Identity Server - Log Error: Server is Not Picking up the Client Certificate

When testing the WSO2 identity server rel. 5.1 using the Travelocity tool, I see a number of error messages recorded in the log file, telling:
"Server is not picking up the client certificate. Mutual SSL authentication is notdone"
The message repeats every 3 minutes.
Where is the missing certificate stored that needs to be updated to connect the Travelocity to the WSO2 IdP without writing error logs? In the travelocity.jks store at the client side, I currently see an alias entry for localhost and another entry for the IDP.
I've raised the debug level at the log4j.properties to the values:
log4j.logger.org.wso2.carbon.user=DEBUG
log4j.logger.org.wso2.carbon.identity=DEBUG
log4j.logger.org.wso2.carbon.idp.mgt=DEBUG

This is actually not an error log. This is a debug log. If you removed the following debug level entry from the log4j.properties file you will not see this.
log4j.logger.org.wso2.carbon.identity=DEBUG
MutualSSLAuthenticator is a carbon authenticator which is shipped by default with WSO2 IS 5.1.0. This authenticator is by default enabled from the authenticators.xml file located at
IS_HOME/repository/conf/security/ directory. This is actually not getting invoked by the SAML authentication flow, or OpenID flow which you might be trying with the Travelocity sample application. But, the log gets printed as the framework checks if the authenticator is capable of handling the authentication.
This authenticator is used with the OOTB supported Workflow Management Feature [1], for server to server authentication.
You can also disable this authenticator by commenting out the below configuration at authenticators.xml file, and yet, authentication with Travelocity sample application will work successfully.
<Authenticator name="MutualSSLAuthenticator">
<Priority>5</Priority>
<Config>
<Parameter name="UsernameHeader">UserName</Parameter>
<Parameter name="WhiteListEnabled">false</Parameter>
<Parameter name="WhiteList">
</Config>
</Authenticator>
[1]https://docs.wso2.com/display/IS510/Workflow+Management

WSO2 SSO always redirects to localhost:9443/samlsso

I'm using WSO2 identity server (on port 9443) and enterprise service bus (ESB, on port 9444). I configured ESB to use IS SSO. But everytime I try to login into ESB it redirects me to IS and there it redirects me to URL localhost:9443/samlsso.
I already tried changing this URL in identities.xml and carbon.xml without access.
Where can I configure the redirection address?
In carbon.xml I specified the hostname as "HostName" and "MgtHostName". But IS still uses localhost.
Thanks!

WSO2 has a script located at:
<IOTS_HOME>/scripts
run
./change-ip.sh
Tip: The script will find and replace the IP address given in argument1 (localhost) with the IP address given as argument2 (10.10.10.14), in the necessary configuration files.
Check Docs to configure Hostname

SSO configuration should in /repository/conf/security/authenticators.xml as follows to change the hostname of redirection url of Identity Server,
<Authenticator name="SAML2SSOAuthenticator" disabled="false">
<Priority>1</Priority>
<Config>
<Parameter name="LoginPage">/carbon/admin/login.jsp</Parameter>
<Parameter name="ServiceProviderID">carbonServer</Parameter>
<Parameter name="IdentityProviderSSOServiceURL">https://<HostNameOfIdentitiyServer>:9443/samlsso</Parameter>
<Parameter name="NameIDPolicyFormat">urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</Parameter>
<Parameter name="AssertionConsumerServiceURL">https://<HostNameOfIdentitiyServer>:9443/acs</Parameter>
</Config>

Ok, I found a solution.
I did a search+replace over all XML documents inside the IS and ESB package and replaced all "localhost" by my hostname.

In the identity.xml there's a SSOService/IdentityProviderURL tag, that one seems important for SAML authentication.

carbon.xml file under /repository/conf folder.
Change <HostName>localhost</HostName> to your IP.
<HostName>x.x.x.x</HostName>

Add the URL of your VM in system32/drivers/etc/hosts and map it to localhost.
Change the hosts file and map localhost to Ip-address of your VM where WSO2 is running.

Disabling WSO2 Certificate Validation

I'm new to WSO2.
I'm using the ESB Console, and I'm trying to add a WSDL-Based Proxy
After entering the WSDL URL if I then try to Test URI, I receive the following error:
Invalid WSDL URI (Unable to establish a connection)
I'm not certain was the issue is, but I'm guessing that there is a problem with the issuer of the certificate. I would like to disable certificate validation to test that theory. So far, the only setting I can find is the following in the wso2esb-4.8.1/repository/conf/axis2/axis2.xml file:
<transportSender name="https class="org.apache.synapse.transport.passthru.PassThroughHttpSSLSender">
...
<parameter name="HostnameVerifier">AllowAll</parameter>
</transportSender>
However, this setting doesn't help. (And it really shouldn't help since the actual host name matches the certificate CN)
Any ideas on what I can look for to fix this?
Thanks!

Can you see the WSDL using your internet Browser (with the same URI) ?
Don't you have a corporate proxy ?
In this case, configure it in WSO2 adding thoses properties in your transportSender conf :
<parameter name="http.proxyHost" locked="false">localhost</parameter>
<parameter name="http.proxyPort" locked="false">8080</parameter>
(update hostname and port...)
Have a look at wso2carbon.log
If you can access this URI and wonder if AllowAll works, you can try to configure WSO2 to trust this certificate :
download it from your internet browser and
install it in ESB_HOME/repository/resources/security/client-truststore.jks with keytool