I'm using WSO2 API Manager 1.6 & WSO2 BAM 2.4.1. I was able to successfully configure API Manager with BAM. It worked fine and I was able to get the analytics. But due to security reasons I had to change default the admin password of the API Manager which was admin/admin. Since I changed the password in AM I get the following error while running the API Manager with BAM. I think now the BAM is not reachable.
[2015-11-03 10:15:59,731] WARN - SourceHandler Connection time out after request is read: http-incoming-2701
[2015-11-03 10:16:47,556] WARN - SourceHandler Connection time out after request is read: http-incoming-2702
Is there a place to change the password in BAM as well respective to the API Manager so that password changes on AM will reflect on BAM as well? How can I fix this?
Is there a place to change the password in BAM as well? How can I fix
this?
You can do it through UI
Configure > Users and Roles > Change Password
Related
I'm unable login into Wso2 APIM and showing invalid login details but yesterday it was working fine and able to login.
Apim version: 3.2.0.
Identity server wso2 is-km: 5.10.0
I have not changed any of the configuration.
My Wso2 APIM is integrated with wso2 Is.
Below error:
2022-03-07 13:58:07,464] INFO - TimeoutHandler This engine will expire all callbacks after GLOBAL_TIMEOUT: 120 seconds, irrespective of the timeout action, after the specified or optional timeout
[2022-03-07 13:58:07,749] ERROR - OAuth2Service Error while finding application state for application with client_id: oYDtSc**************
After that tried logging into Wso2 Identify server with admin as usually but not data it showing like list of users and list of identity providers but previously I saw list of providers etc.
Please help me in this situation.
I have installed WSO2 IOT Server and I am trying to understand it...
My principal objective is to make some IOT Device send data through MQTT.
But I can't even connect to MQTT with Mqtt.fx... I am using tcp://localhost:1886 as the broker URL address even though in the broker.xml config file it's said that the port is 1883 - It doesn't work either. I uses admin as the login and password, but I get an error:
[2017-03-31 10:40:07,861] [IoT-Broker] INFO {org.dna.mqtt.moquette.messaging.sp
i.impl.ProtocolProcessor} - Lost connection with client 5354d06fb5694b5cb65f07c
f3c62fa23
[2017-03-31 10:40:07,863] [IoT-Broker] WARN {org.dna.mqtt.moquette.messaging.sp
i.impl.ProtocolProcessor} - MQTTAuthorizationSubject for client ID 5354d06fb569
4b5cb65f07cf3c62fa23 is not removed since the entry does not exist
What am I doing wrong ?
Second issues, I can't access to WSO2 Message Broker management... I get an Error 403 Forbidden when I use https://localhost:9446/carbon. And I don't know how to access the WSO2 Message Broker when I am on the WSO2 IOT Server management page. (https://localhost:9443/carbon which works)
MQTT broker in wso2 IoT Server has a pluggable authentication and authorization, by default it comes with an OAuth based authentication, where it uses an empty password and uses an OAuth token for the username. You can generate a token by following the docs in https://docs.wso2.com/display/AM200/Password+Grant.
Implementation of this extension is explained in [1] and [2].
[1] https://medium.com/#ayyoobhamza/authentication-and-authorization-extension-for-mqtt-wso2-message-broker-2495fb2fa56e
[2] https://medium.com/#ayyoobhamza/oauth-authentication-and-authorization-with-mqtt-for-iot-devices-a42019187a05
I just downloaded and installed WSO2 API Manager to a Linux server. As per the installation guide, I have not made any changes.
The only wrinkle I had was that the wso2server.sh script did not have execute permission so I set that manually. I did not check or modify any other permissions.
After startup, I am able to access each of the Admin, Publisher and Store apps.
In the Admin app, the first screen shows the message: "No tasks assigned to the login user or no connectivity with BPS engine."
When I dig into the logs, I see this entry in wso2carbon.log
TID: [-1234] [] [2017-03-02 10:26:12,049] WARN {JAGGERY.site.blocks.user.login.ajax.login:jag} - Not Retrieving Pending Tasks. Check BPS Connectivity. java.lang.IllegalArgumentException: Illegal character in authority at index 8: https://<BPSHost>:<BPSPort>/services/AuthenticationAdmin {JAGGERY.site.blocks.user.login.ajax.login:jag}
the wso2-apigw-errors.log has a largely identical error
2017-03-02 10:26:12,049 [-] [http-nio-9443-exec-17] WARN login:jag Not Retrieving Pending Tasks. Check BPS Connectivity. java.lang.IllegalArgumentException: Illegal character in authority at index 8: https://<BPSHost>:<BPSPort>/services/AuthenticationAdmin
This may or may not be relevant, I am also seeing warnings about being unable to flush and lock system prefs, even though its successfully creating the directory earlier.
TID: [-1234] [] [2017-03-02 09:28:30,285] INFO {java.util.prefs.FileSystemPreferences$1} - Created user preferences directory. {java.util.prefs.FileSystemPreferences$1}
TID: [-1] [] [2017-03-02 11:11:19,058] WARN {java.util.prefs.FileSystemPreferences} - Could not lock System prefs. Unix error code 32645. {java.util.prefs.FileSystemPreferences}
TID: [-1] [] [2017-03-02 11:11:19,058] WARN {java.util.prefs.FileSystemPreferences} - Couldn't flush system prefs: java.util.prefs.BackingStoreException: Couldn't get file lock. {java.util.prefs.FileSystemPreferences}
I am assuming I need to configure or download something else to get this work. Please advise!
I am not sure what your use case is. You can integrate a BPS engine with WSO2 API Manager for the following tasks.
User Signup Workflow
Application Creation Workflow
Application Registration Workflow
API Subscription Workflow
This blog explains how you can integrate WSO2 Business Process Server with WSO2 API Manager. You can check the official documentation which explains the avaiable workflow extensions.
You are getting this warning message when you are logging to admin portal as it checks if there are any pending approval tasks. You can ignore this warning if you are not using any BPS integrations. Based on your use case you can add a BPS engine for workflows.
I installed the APIM and started the APIM and created a new API. The ApI which i created comprises of a URL which points at our company production server. I gave the URL in the api creation mode to the production endpoint and sandbox Endpoint boxes. Then i set the required parameters under the GET method. Then i try it out at the store but the request does not hit the production server. I want to see the URL output from your api manager which passes to our production server. Because i want to see what is whether there is an error on that as it it doesnot hit our production server.
Can you help me with the issue?
Thanks in advance.
You can enable wire log to see the what are the requests which came to APIM and what are the requests APIM made for backend. Follow the steps in How to get wire logs from WSO2 ESB blog post to enable wire log. Those instructions are given for ESB, but they are valid for APIM as well.
I am unable to implement Multifactor Authentication .
The error i am getting is
TID: [0] [WSO2 Identity Server] [2012-10-30 10:31:38,620] ERROR {org.wso2.carbon.identity.provider.xmpp.MPAuthenticationProvider} - login failed. Trying again.. {org.wso2.carbon.identity.provider.xmpp.MPAuthenticationProvider}
SASL authentication failed:
at org.jivesoftware.smack.SASLAuthentication.authenticate (SASLAuthentication.java:209)
at org.jivesoftware.smack.XMPPConnection.login(XMPPConnection.java:341)
at org.jivesoftware.smack.XMPPConnection.login(XMPPConnection.java:301)
This is for wso2 Identity Server 3.2.3 . Straight out of the box. No additional configuration performed to run this instance of Identity Server.
It appears that signing in as admin , the ldap authentication is completed and then authentication with gtalk is attempted when the error occurs.
Should I be setting my own configuration in the identity.xml where gtalk is being set?
<MultifactorAuthentication>
<XMPPSettings>
<XMPPConfig>
<XMPPProvider>gtalk</XMPPProvider>
<XMPPServer>talk.google.com</XMPPServer>
<XMPPPort>5222</XMPPPort>
<XMPPExt>gmail.com</XMPPExt>
<XMPPUserName>multifactor1#gmail.com</XMPPUserName>
<XMPPPassword>wso2carbon</XMPPPassword>
</XMPPConfig>
</XMPPSettings>
</MultifactorAuthentication>
I found out that I do need to set up a Google talk account.
I added the new settings to the MultifactorAuthentication configuration.
I restarted the server.
I edited the user account with another new Google talk account.
I logged out.
Logged back in via relyingparty URL with openid,
received communication over gtalk requesting pin.
I entered the pin and got logged in.
It would have been nice if wso2 had I their documentation the need to setup the settings for this configuration to get multifactor authentication to work out of the box.