WSO2 Identity Server SAML Error encrypting XMLObject at Example Travelocity - wso2

When setting in the sample app: Travelocity.properties
#Specify if SAM LAssertion element is encrypted
SAML.EnableAssertionEncryption=true
And also tick the Identity server configuration option:
Enable Assertion Encryption [ticked]
Certificate Alias: wso2carbon
I receive the following error at the server log:
Error at Log: 2015-05-05 15:56:10,282 Error encrypting XMLObject
Without the encryption feature enabled, the SAML authentication flow with the Travelocity sample code starts working.
Hints are welcome how to fix this issue.
Regards,
Claude

It seems like you are working on the installed java runtime for the first time. I am using ubuntu 14. The same problem came to me. For me it worked in the following way.
1. Download the respective files according to your runtime from here.
http://www.oracle.com/technetwork/java/javase/downloads/jce-7-download-432124.html
http://www.oracle.com/technetwork/java/javase/downloads/jce-6-download-429243.html
http://www.oracle.com/technetwork/java/javase/downloads/jce8-download-2133166.html
2. Extract the folder you downloaded. There will be two .jar files.
3. For ubuntu you can run echo $JAVA_HOME to find the java home. Copy above jar files into {JAVA_HOME}/jre/lib/security. You may need sudo access depending on you JAVA_HOME location. If so run the following from the location you extracted the zip file.
cp local_policy.jar /{JAVA_HOME}/jre/lib/security
cp US_export_policy.jar /{JAVA_HOME}/jre/lib/security
There should be only one slash (/) at /{JAVA_HOME}.
4. Restart wso2 identity server again and retry the procedure to login to travelocity.com
Hope this will fix your issue.

Related

Filebeat and AWS Elasticsearch - Not Working

I have good experience in working with Elasticsearch, I have worked with version 2.4 and now trying to learn new Elasticsearch.
I am trying to implement Filebeat to send my apache and system logs to my Elasticsearch endpoint. To save my time I preferred to launch a t2.medium single node instance over AWS Elasticsearch Service under the public domain and I have attached the access policy to allow everyone to access the cluster.
The AWS Elasticsearch instance is up and running healthy.
I launched a Ubuntu(18.04) server, downloaded the filebeat tar and made the following configuration in filebeat.yml:
#-------------------------- Elasticsearch output ------------------------------
output.elasticsearch:
# Array of hosts to connect to.
hosts: ["https://my-public-test-domain.ap-southeast-1.es.amazonaws.com:443"]
18.04- # Optional protocol and basic auth credentials.
#protocol: "https"
#username: "elastic"
#password: "changeme"
I enabled the required modules :
filebeat modules enable system apache
Then as per the filebeat documentation I changed the ownership of the filebeat file and started the filebeat with the following commands :
sudo chown root filebeat.yml
sudo ./filebeat -e
When I started the filebeat I faced the following permission and ownership issues :
Error loading config from file '/home/ubuntu/beats/filebeat-7.2.0-linux-x86_64/modules.d/system.yml', error invalid config: config file ("/home/ubuntu/beats/filebeat-7.2.0-linux-x86_64/modules.d/system.yml") must be owned by the user identifier (uid=0) or root
To resolve this I changed the ownership for the files which were throwing errors.
When I restarted the filebeat service , I started facing the following issue :
Connection marked as failed because the onConnect callback failed: cannot retrieve the elasticsearch license: unauthorized access, could not connect to the xpack endpoint, verify your credentials
Going through this link , I found that to work with AWS Elasticsearch I will need Beats OSS versions.
So I again downloaded the OSS version for beat from this link and followed the same procedure as above, but still no luck. Now I am facing the following errors :
Error 1:
Attempting to reconnect to backoff(elasticsearch(https://my-public-test-domain.ap-southeast-1.es.amazonaws.com:443)) with 12 reconnect attempt(s)
Error 2:
Failed to connect to backoff(elasticsearch(https://my-public-test-domain.ap-southeast-1.es.amazonaws.com:443)): Connection marked as failed because the onConnect callback failed: 1 error: Error loading pipeline for fileset system/auth: This module requires an Elasticsearch plugin that provides the geoip processor. Please visit the Elasticsearch documentation for instructions on how to install this plugin. Response body: {"error":{"root_cause":[{"type":"parse_exception","reason":"No processor type exists with name [geoip]","header":{"processor_type":"geoip"}}],"type":"parse_exception","reason":"No processor type exists with name [geoip]","header":{"processor_type":"geoip"}},"status":400}
From the second error I can understand that the geoip plugin is not available because of which I facing this error.
What else needs to be done to get this working?
Has anyone been to successfully connect Beats to AWS Elasticsearch?
What other steps I could to take to mitigate the above issue?
Envrionment Details:
AWS Elasticsearch Version : 6.7
File Beat : 7.2.0
First, you need to use OSS version of filebeat with AWS ES https://www.elastic.co/downloads/beats/filebeat-oss
Second, AWS ElasticSearch does not provide GeoIP module, so you will need to edit pipelines for any of the default modules you want to use, and make sure GeoIP is removed/commented out.
For example in /usr/share/filebeat/module/system/auth/ingest/pipeline.json (that's the path when installed from deb package - your path will be different of course) comment out:
{
"geoip": {
"field": "source.ip",
"target_field": "source.geo",
"ignore_failure": true
}
},
Repeat the same for apache module.
I've spent hours trying to make filebeat iis module works with AWS elasticsearch. I kept getting ingest-geoip error, Below fixed the issue.
For windows iis logs, AWS elasticsearch remove geoip from filebeat module configuration:
C:\Program Files (x86)\filebeat\module\iis\access\ingest\default.json
C:\Program Files (x86)\filebeat\module\iis\access\manifest.yml
C:\Program Files (x86)\filebeat\module\iis\error\ingest\default.json
C:\Program Files (x86)\filebeat\module\iis\error\manifest.yml

Error Wso2 "Problem accessing: /. Reason: Not Found" when I try to log in Api Manager after configure Api Analytics

I've installed Wso2 Api Manager a few days ago follow this intructions:
1. I've downloaded https://wso2.com/api-management/install.
2. I've installed using the wizard in C:\Program Files\WSO2\API Manager directory.
3. I've initialize Api Manger console, then created some apis from https://localhost:9443/publisher .
Now, I want to see some statistics (https://192.168.138.117:9443/publisher/site/pages/all-statistics.jag?page=api-usage-user&stat=all-stat). I've read that API Analytics has to be configured, so I carried out the following steps (https://docs.wso2.com/display/AM260/Configuring+APIM+Analytics#ConfiguringAPIMAnalytics-Step1-DownloadandinstallWSO2API-M).
I download it (https://wso2.com/api-management/install/analytics).
Unzip file in C:\WSO2\wso2am-analytics-2.6.0.
I've created and Environment Variables called JAVA_HOME. In value field, I typed the installation path of the Java Development Kit, C:\Program Files\Java\jdk1.8.0_191.
I edited the tag true in the file "C:\Program Files\WSO2\API Manager\2.6.0\repository\conf\api-manager.xml".
I exec this command in cmd windows: "C:\WSO2\wso2am-analytics-2.6.0>worker.bat -run". It excecuted some process and aparentely everything was ok.
Finally, I run another windows console and exec: "C:\Program Files\WSO2\API Manager\2.6.0\bin>wso2server.bat -run".
Now, when I try to log in https://localhost:9443/publisher, /store o /carbon, I'm getting this error:
Problem accessing: /. Reason: Not Found
If I only lunch the Api Manager, it works perfectly but I can't get the statistics.
Did you follow Quick setup?
To access Analytics you need to carry out Standard Setup which includes:
Creating Analytics DB with the "am_usage_uploaded_files" table in addition
Configuring /conf/dashboard/deployment.yaml --> APIM_ANALYTICS_DB
Configuring /conf/worker/deployment.yaml --> APIM_ANALYTICS_DB
Configure /conf/worker/deployment.yaml --> WSO2AM_MGW_ANALYTICS_DB
And then starting the worker which creates the rest tables for analytics.

AWSDeploy to re-deploy ASP.NET WebAPI ELB application isn't working

I am using the Visual Studio AWS add-on/plugin to deploy my application, but want to move to a CI/CD server and scripted deployment.
I've installed the AWS SDK for Windows and thus want to use the awsdeploy.exe command line to accomplish this.
I've used msbuild and a publish profile to create the .zip deployable of my application (ASP.NET WebApi project)
I've put together the following command line command:
awsdeploy.exe -r -w -v -l "C:\<path_to>\deploylog.txt" "-DDeploymentPackage=C:\<path_to>\my_app.zip" "-DAWSAccessKey=<my_access_key>" "-DAWSSecretKey=<my_secret_key>" "C:\<path_do>\AWSDeployConfiguration.txt"
The "AWSDeployConfiguration.txt" file is what was generated by VisualStudio when I did the first deployment.
RESULT:
The console output and the text written to the log is:
INFO - Scanning configuration.
INFO - ...inspecting application '<my_app_name>' for environment '<my_environment_name>' and version 'v20180918223701'
Nothing happens with the ELB application.
What am I missing and/or how do I get more information to figure this out?
I posted this question on the AWS forums and got the following answer that also worked for me.
Hi! I have this same what You when I trying run this from cmd. But it You will try check what application is returning You will see that value is 3. Generally everything !=0 is error.
What I did?
1. I checked with Process Monitor if application is doing any network request to AWS - no it even not trying. https://learn.microsoft.com/en-us/sysinternals/downloads/procmon
I decided to recompile awasdeploy.exe and I found out that in the main procedure is a try... catch.. without any logs and just return(3). I added some logs and get a detailed error - look at attached image.
After few attempts I get a list of missing dll files:
AWSSDK.MobileAnalytics.dll
AWSSDK.CognitoIdentity.dll
All these files I found in: C:\Program Files (x86)\AWS SDK for .NET\bin and just simply copied to: C:\Program Files (x86)\AWS Tools\Deployment Tool (next to awsdeploy.exe)
Now deploy is working again.

wso2 ​WSO2 Microservices Framework for Java petstore sample cannot run on ubuntu

I try to follow https://docs.wso2.com/display/MSS100/Running+as+an+MSA+Application to run petstore sample on ubuntu which is hosted on AWS.
I met several issues:
document is incorrect, it requires to download WSO2 Identity Server.
Unpack the .zip file and place the directory in the <MSS_HOME>/samples/petstore/deployment/packs directory. In fact, the
petstore.sh requires DAS 3.0. Just put wso2das-3.0.0.zip into<MSS_HOME>/samples/petstore/deployment/packs. The script will unzip
it.
kubectl. This script is not put into path, and cause it cannot be
executed when script changes to another folder.
cannot create docker, seems Creating Kube-System Namespace, Kube-DNS, Kube-UI
error: couldn't read version from server: Get http://localhost:8080/api: EOF
error: couldn't read version from server: Get http://localhost:8080/api: EOF
error: couldn't read version from server: Get http://localhost:8080/api: EOF
error: couldn't read version from server: Get http://localhost:8080/api: EOF
error: couldn't read version from server: Get http://localhost:8080/api: EOF
Hope you have done following
export KUBERNETES_MASTER=http://172.17.8.101:8080
Sometimes, if you previously tried out k8s, it will keep previous kubectl configuration under ~/.kube folder. Try removing that folder.
If you have installed some version of kubectl, remove it, otherwise kubectl client and server will not match. run.sh will download compatible kubectl version and install into /usr/local/bin/kubectl
Thanks for pointing out the documentation bug. We will fix it. Also please check out the instruction in https://github.com/wso2/msf4j/tree/v1.0.0/samples/petstore/deployment and ensure that all the prerequisites are met.
The docs are at https://docs.wso2.com/display/MSF4J100/Running+as+an+MSA+Application

Error when using AWS-SDK-GO (NoCredentialProviders: no valid providers in chain)

I've recently started using the aws-sdk-go package.
Walking through the instructions, my folder structure is as follows:
bin/ , pkg/ (as always)
src/
app/main.go (code taken from the docs)
github.com/aws
Now when I run go install, and then execute the app.exe (using windows here), I'm getting the following error:
panic: NoCredentialProviders: no valid providers in chain
Any ideas?
You need to provide an AWS access key and secret key to authenticate and use AWS services.
See the README here https://github.com/aws/aws-sdk-go#configuring-credentials
If anyone runs into the same issue I had with this:
I read a doc that said to put the file at %USERPROFILE%.awscredentials on a Windows, but they just forgot the slash. It should be %USERPROFILE%.aws/credentials.
Double check the format of your ~/.aws/credential file.
In my case, the credentials used the following format :
[profile]
AWS_ACCESS_KEY_ID=xxxx
AWS_SECRET_ACCESS_KEY=yyyy
changing it to the following fixed the issue :
[profile]
aws_access_key_id = xxxx
aws_secret_access_key = yyyy