I have a little problem regarding the use of HTTP Basic Authentication on a WSO2 Proxy, All my service consumers are sending their credentials through HTTP Basic Authentication , & i need to authenticate them on WSO2 Standard user store.
I chose to follow this tutorial , which uses a custom mediator : http://wso2.com/library/knowledge-base/convert-http-basic-authentication-ws-security-username-token/
The problem is when i run a test, i have the following error on WSO2 , apparently the returned user realm is null :
ERROR {org.wso2.carbon.esb.mediator.basicauth.internal.BasicAuthMediatorServiceComponent} - Before activating Carbon Core bundle, an instance of UserRealm service should be in existance {org.wso2.carbon.esb.mediator.basicauth.internal.BasicAuthMediatorServiceComponent}
TID: [0] [ESB] [2015-04-16 16:34:13,684] ERROR {org.wso2.carbon.esb.mediator.basicauth.BasicAuthWSSecMediator} - Could not authenticate user :: WSO2_Portail. Error is Before activating Carbon Core bundle, an instance of UserRealm service should be in existance {org.wso2.carbon.esb.mediator.basicauth.BasicAuthWSSecMediator}
java.lang.Exception: Before activating Carbon Core bundle, an instance of UserRealm service should be in existance
at org.wso2.carbon.esb.mediator.basicauth.internal.BasicAuthMediatorServiceComponent.getUserRealm(BasicAuthMediatorServiceComponent.java:41)
at org.wso2.carbon.esb.mediator.basicauth.BasicAuthWSSecMediator.isAuthenticated(BasicAuthWSSecMediator.java:186)
at org.wso2.carbon.esb.mediator.basicauth.BasicAuthWSSecMediator.mediate(BasicAuthWSSecMediator.java:102)
at org.apache.synapse.mediators.ext.ClassMediator.mediate(ClassMediator.java:78)
at org.apache.synapse.mediators.AbstractListMediator.mediate(AbstractListMediator.java:77)
at org.apache.synapse.mediators.AbstractListMediator.mediate(AbstractListMediator.java:47)
at org.apache.synapse.mediators.base.SequenceMediator.mediate(SequenceMediator.java:131)
at org.apache.synapse.core.axis2.ProxyServiceMessageReceiver.receive(ProxyServiceMessageReceiver.java:166)
at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:180)
at org.apache.synapse.transport.passthru.ServerWorker.processEntityEnclosingRequest(ServerWorker.java:411)
at org.apache.synapse.transport.passthru.ServerWorker.run(ServerWorker.java:183)
at org.apache.axis2.transport.base.threads.NativeWorkerPool$1.run(NativeWorkerPool.java:172)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at java.lang.Thread.run(Thread.java:744)
Related
I'm using WSO2 API Manager 4.1.0, ad I configurated a Key Manager of type WSO2 Identity Server.
When I go to my application, to generate the token, I have the following exception:
https://pastebin.com/rjfxLiAA
Error occurred while executing SubscriberKeyMgtClient. org.wso2.carbon.apimgt.api.APIManagementException: Key Manager IS not configured
The IS is not beeing contacted, I have the same error stopping it, so it's only an apim error.
With the same APIM versione I can contact keycloak for example.
I'm running in server mode, openjdk 11
With API Manager 4.1.0, it is recommended to use WSO2 IS 5.11.0 - https://apim.docs.wso2.com/en/latest/install-and-setup/setup/reference/product-compatibility/#tested-wso2-products
Now I used the correct IS version, and I Have this exception:
https://pastebin.com/uRLDJPqx
TID: [-1234] [api/am/devportal] [2022-11-17 14:05:46,592] ERROR {org.wso2.carbon.apimgt.impl.AbstractKeyManager} - Can not create OAuth application : admin_151a9ace-ce5d-4d7b-9455-d82f909dbce4_PRODUCTION for application: 222 and key type: PRODUCTION org.wso2.carbon.apimgt.impl.kmclient.KeyManagerClientException: Received status code: 403 Reason:
I have a simple setup of WSO2 APIM with MYSQL and have published APIs using the admin user.
On changing the default admin password for API manager I am able to login using the new password on Publisher/Store but not use the published apis.
Have followed the WSO2 documentation on changing the password. Restarted the WSO2 APIM
On calling the published API, I see the following response:
{"fault":{"code":900900,"message":"Unclassified Authentication Failure","description":"Error while accessing backend services for API key validation"}}
Below is the stacktrace of the error observed in wso2-apigw-errors.log:
org.wso2.carbon.databridge.agent.exception.DataEndpointLoginException: Cannot borrow client for ssl://10.93.16.127:9711.
at org.wso2.carbon.databridge.agent.endpoint.DataEndpointConnectionWorker.connect(DataEndpointConnectionWorker.java:134)
at org.wso2.carbon.databridge.agent.endpoint.DataEndpointConnectionWorker.run(DataEndpointConnectionWorker.java:59)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:748)
Caused by: org.wso2.carbon.databridge.agent.exception.DataEndpointLoginException: Error while trying to login to data receiver :/10.93.16.127:9711
at org.wso2.carbon.databridge.agent.endpoint.binary.BinaryDataEndpoint.login(BinaryDataEndpoint.java:50)
at org.wso2.carbon.databridge.agent.endpoint.DataEndpointConnectionWorker.connect(DataEndpointConnectionWorker.java:128)
... 6 more
Caused by: org.wso2.carbon.databridge.commons.exception.AuthenticationException: wrong userName or password
at sun.reflect.GeneratedConstructorAccessor194.newInstance(Unknown Source)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
at java.lang.reflect.Constructor.newInstance(Constructor.java:423)
at org.wso2.carbon.databridge.agent.endpoint.binary.BinaryEventSender.processResponse(BinaryEventSender.java:163)
at org.wso2.carbon.databridge.agent.endpoint.binary.BinaryDataEndpoint.login(BinaryDataEndpoint.java:44)
... 7 more
This error goes away as soon as I change the password back to the default "admin".
Please check if you have correct password here.
<ThrottlingConfigurations>
<EnableAdvanceThrottling>true</EnableAdvanceThrottling>
<TrafficManager>
<Type>Binary</Type>
<ReceiverUrlGroup>tcp://${carbon.local.ip}:${receiver.url.port}</ReceiverUrlGroup>
<AuthUrlGroup>ssl://${carbon.local.ip}:${auth.url.port}</AuthUrlGroup>
<Username>admin</Username>
<Password>admin</Password>
</TrafficManager>
I am using WSO2 API Manager 2.6.0 and configured Pre packaged Identity Server 5.7.0 as Key Manager. When I create an Application in API Store and generate keys I can see that Service Providers are getting created in Identity Server. Also I am able to obtain token using the generated consumer id and secret.
However when I pass that token to my APIs I am getting unclassified authentication error. Below is the exception that I can see in the logs,
ERROR - APIAuthenticationHandler API authentication failure due to Unclassified Authentication Failure
org.wso2.carbon.apimgt.gateway.handlers.security.APISecurityException: Error while accessing backend services for API key validation
at org.wso2.carbon.apimgt.gateway.handlers.security.keys.WSAPIKeyDataStore.getAllURITemplates(WSAPIKeyDataStore.java:77)
at org.wso2.carbon.apimgt.gateway.handlers.security.APIKeyValidator.getAllURITemplates(APIKeyValidator.java:791)
at org.wso2.carbon.apimgt.gateway.handlers.security.APIKeyValidator.doGetAPIInfo(APIKeyValidator.java:639)
at org.wso2.carbon.apimgt.gateway.handlers.security.APIKeyValidator.findMatchingVerb(APIKeyValidator.java:573)
at org.wso2.carbon.apimgt.gateway.handlers.security.APIKeyValidator.getResourceAuthenticationScheme(APIKeyValidator.java:357)
at org.wso2.carbon.apimgt.gateway.handlers.security.oauth.OAuthAuthenticator.authenticate(OAuthAuthenticator.java:127)
at org.wso2.carbon.apimgt.gateway.handlers.security.APIAuthenticationHandler.isAuthenticate(APIAuthenticationHandler.java:210)
at org.wso2.carbon.apimgt.gateway.handlers.security.APIAuthenticationHandler.handleRequest(APIAuthenticationHandler.java:158)
at org.apache.synapse.rest.API.process(API.java:325)
at org.apache.synapse.rest.RESTRequestHandler.apiProcessNonDefaultStrategy(RESTRequestHandler.java:149)
at org.apache.synapse.rest.RESTRequestHandler.dispatchToAPI(RESTRequestHandler.java:95)
at org.apache.synapse.rest.RESTRequestHandler.process(RESTRequestHandler.java:71)
at org.apache.synapse.core.axis2.Axis2SynapseEnvironment.injectMessage(Axis2SynapseEnvironment.java:303)
at org.apache.synapse.core.axis2.SynapseMessageReceiver.receive(SynapseMessageReceiver.java:92)
at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:180)
at org.apache.synapse.transport.passthru.ServerWorker.processNonEntityEnclosingRESTHandler(ServerWorker.java:337)
at org.apache.synapse.transport.passthru.ServerWorker.processEntityEnclosingRequest(ServerWorker.java:383)
at org.apache.synapse.transport.passthru.ServerWorker.run(ServerWorker.java:151)
at org.apache.axis2.transport.base.threads.NativeWorkerPool$1.run(NativeWorkerPool.java:172)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:748)
Caused by: org.wso2.carbon.apimgt.gateway.handlers.security.APISecurityException: Error while accessing backend services for API key validation
at org.wso2.carbon.apimgt.gateway.handlers.security.keys.APIKeyValidatorClient.getAllURITemplates(APIKeyValidatorClient.java:189)
at org.wso2.carbon.apimgt.gateway.handlers.security.keys.WSAPIKeyDataStore.getAllURITemplates(WSAPIKeyDataStore.java:75)
... 21 more
Caused by: java.lang.NullPointerException
at org.wso2.carbon.apimgt.gateway.handlers.security.keys.APIKeyValidatorClient.getAllURITemplates(APIKeyValidatorClient.java:183)
... 22 more
Any help would be much appreciated.
Please cross check with this issue [1]
[1] https://github.com/wso2/product-apim/issues/3768
I have WSO2 API Manager 1.10.0 configured for IdP initiated SSO with PingFederate. When I try to access publisher URL, it logs in fine and I got the right SAML response.
But the UI threw the error:
Error 500 : The page cannot be displayed.
The server encountered an internal error or misconfiguration and was unable to complete your request.
The server side has:
Caused by: javax.script.ScriptException: **Invalid argument. Relay state value is missing.**
at org.wso2.carbon.hostobjects.sso.SAMLSSORelyingPartyObject.jsFunction_getRelayStateProperty(SAMLSSORelyingPartyObject.java:868)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at org.mozilla.javascript.MemberBox.invoke(MemberBox.java:126)
... 50 more
Does WSO2 API Manager 1.10.0 support IdP initiated SSO only at all?
***UPDATE: Per reply below, the best option is to upgrade to >2.1.0.
APIM 1.10.0 does not have the support for IDP intitiated SSO. However, it is supported in APIM 2.1.0. Refer this.
I am a beginner to WSO2. I am facing some challenges in integrating WSO2 identity server with ESB. I followed the "http://wso2.org/library/articles/2010/10/using-xacml-fine-grained-authorization-wso2-platform/" blog. I am getting some errors related to authenticating the user when using entitlement component in ESB.
Following is the error i get in console:-
[2012-07-06 19:23:42,312] ERROR - EntitlementMediator User name not
provided for the Entitlement mediator - can't proceed [2012-07-06
19:23:42,312] ERROR - EntitlementMediator Error occured while
evaluating the policy org.apache.synapse.SynapseException: User name
not provided for the Entitlement mediator - can't proceed at
org.wso2.carbon.identity.entitlement.mediator.EntitlementMediator.mediate(EntitlementMediator.java:149)
at
org.apache.synapse.mediators.AbstractListMediator.mediate(AbstractListMediator.java:60)
at
org.apache.synapse.mediators.base.SequenceMediator.mediate(SequenceMediator.java:114)
at
org.apache.synapse.core.axis2.ProxyServiceMessageReceiver.receive(ProxyServiceMessageReceiver.java:154)
at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:181)
at
org.apache.axis2.transport.http.HTTPTransportUtils.processHTTPPostRequest(HTTPTransportUtils.java:172)
at
org.apache.synapse.transport.nhttp.ServerWorker.processEntityEnclosingMethod(ServerWorker.java:409)
at
org.apache.synapse.transport.nhttp.ServerWorker.run(ServerWorker.java:261)
at
org.apache.axis2.transport.base.threads.NativeWorkerPool$1.run(NativeWorkerPool.java:173)
at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
Can any one please help me understanding it.
Thanks in advance.
Charan
Have a look at this article[1] as to see how you can secure.
[1] http://wso2.org/library/articles/2011/06/securing-web-service-integration
This is because the service request to the ESB proxy service is not secured using a username token based policy. Please make sure that proxy is secured with Username token based security scenario as per the article and your client is sending the username token credentials in the WS Security header of the request to the proxy service.