We Keep Coding

WSO2 esb duplicate SOAP envelope tag - wso2

I created Proxy Service in WSO2 ESB, with xst transformation and when i to send request from esb i watch in logs next response from service:
"<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/[\r][\n]" {org.apache.synapse.transport.http.wire}
"[0x9]<soap:Header/>" {org.apache.synapse.transport.http.wire}
{org.apache.synapse.transport.http.wire} - >> "[0x9]<soap:Body> <m:putResponse xmlns:m="http://www.lmsoftmdm.ru">[\r][\n]" {org.apache.synapse.transport.http.wire}
{org.apache.synapse.transport.http.wire} - >> "[0x9]<m:return xmlns:xs="http://www.w3.org/2001/XMLSchema"[\r][\n]" {org.apache.synapse.transport.http.wire}
{org.apache.synapse.transport.http.wire} - >> "[0x9][0x9][0x9]xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">[\r][\n]" {org.apache.synapse.transport.http.wire}
{org.apache.synapse.transport.http.wire} - >> "[0x9][0x9]<m:isError>true</m:isError>[\r][\n]" {org.apache.synapse.transport.http.wire}
{org.apache.synapse.transport.http.wire} - >> "[0x9]</m:return>[\r][\n]" {org.apache.synapse.transport.http.wire}
{org.apache.synapse.transport.http.wire} - >> "</m:putResponse></soap:Body>[\r][\n]" {org.apache.synapse.transport.http.wire}
{org.apache.synapse.transport.http.wire} - >> "</soap:Envelope>'
But ESB change it before sending:
"<?xml version="1.0" encoding="utf-8"?><soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"><soapenv:Body><soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">[\n]" {org.apache.synapse.transport.http.wire}
TID: [0] [ESB] [2015-03-05 18:45:24,018] DEBUG {org.apache.synapse.transport.http.wire} - << "[0x9]<soap:Header></soap:Header>[\n]" {org.apache.synapse.transport.http.wire}
TID: [0] [ESB] [2015-03-05 18:45:24,018] DEBUG {org.apache.synapse.transport.http.wire} - << "[0x9]<soap:Body> <m:putResponse xmlns:m="http://www.lmsoftmdm.ru">[\n]" {org.apache.synapse.transport.http.wire}
TID: [0] [ESB] [2015-03-05 18:45:24,018] DEBUG {org.apache.synapse.transport.http.wire} - << "[0x9]<m:return xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">[\n]" {org.apache.synapse.transport.http.wire}
TID: [0] [ESB] [2015-03-05 18:45:24,018] DEBUG {org.apache.synapse.transport.http.wire} - << "[0x9][0x9]<m:isError>true</m:isError>[\n]" {org.apache.synapse.transport.http.wire}
TID: [0] [ESB] [2015-03-05 18:45:24,018] DEBUG {org.apache.synapse.transport.http.wire} - << "[0x9]</m:return>[\n]" {org.apache.synapse.transport.http.wire}
TID: [0] [ESB] [2015-03-05 18:45:24,018] DEBUG {org.apache.synapse.transport.http.wire} - << "</m:putResponse></soap:Body>[\n]" {org.apache.synapse.transport.http.wire}
TID: [0] [ESB] [2015-03-05 18:45:24,018] DEBUG {org.apache.synapse.transport.http.wire} - << "</soap:Envelope></soapenv:Body></soapenv:Envelope>
How can I fix this problem?
thanks in advance!

This because you have used soap envelope with in your xslt style sheet.
what ESB does is , It only pass the body elements to xslt mediator. so you can only manipulate the body elements using xslt mediator not the soap envelope or soap header. so after xslt transformation,transformed content will be added to body of the original soap. so if you have soap envelop in your transformation , that will be considered as body part. so use xslt mediator to only manipulate the body and use enrich mediator to manipulate the soap envelope

Related

Have upgraded wso2 api manager 2.6.0 to 3.2.0
and Identity Server 5.7.0 to 5.10.0, we have integrated wso2 identity server -5.10.0 as a key manager with APIM.
All the APIs which were published in APIM-2.6.0 are migrated to 3.2.0 and they are working fine. However I added new resource path to the existing API and saved it. If I tried to execute the new resource path getting below error response:
<ams:fault xmlns:ams="http://wso2.org/apimanager/security">
<ams:code>900906</ams:code>
<ams:message>No matching resource found in the API for the given request</ams:message>
<ams:description>Access failure for API: /reports/v1.0.0, version: v1.0.0 status: (900906) - No matching resource found in the API for the given request. Check the API documentation and add a proper REST resource path to the invocation URL</ams:description>
</ams:fault>
And below error in WSO2 logs:
WARN {org.wso2.carbon.apimgt.gateway.handlers.security.APIAuthenticationHandler} - API authentication failure due to No matching resource found in the API for the given request
Observing this issue after changing admin password for IS and APIM, have followed below steps to change the password:
Changing admin password for IS-5.10.0: https://is.docs.wso2.com/en/5.10.0/setup/maintaining-logins-and-passwords/#changing-the-super-admin-password
Changing admin password for APIM-3.2.0: https://apim.docs.wso2.com/en/3.2.0/install-and-setup/setup/security/logins-and-passwords/maintaining-logins-and-passwords/#change-the-super-admin-credentials
Attaching the wireLogs for the API:/test1
TID: [-1] [] [2021-10-06 12:21:16,851] DEBUG {org.apache.synapse.transport.http.wire} - HTTP-Listener I/O dispatcher-2 >> "GET /reports/v1.0.0/test1 HTTP/1.1[\r][\n]"
TID: [-1] [] [2021-10-06 12:21:16,852] DEBUG {org.apache.synapse.transport.http.wire} - HTTP-Listener I/O dispatcher-2 >> "Host: 10.75.80.104:8280[\r][\n]"
TID: [-1] [] [2021-10-06 12:21:16,852] DEBUG {org.apache.synapse.transport.http.wire} - HTTP-Listener I/O dispatcher-2 >> "Connection: keep-alive[\r][\n]"
TID: [-1] [] [2021-10-06 12:21:16,852] DEBUG {org.apache.synapse.transport.http.wire} - HTTP-Listener I/O dispatcher-2 >> "AUTH_TOKEN: eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJ1aWNoZWNrQHRhdGFlbHhzaS5jby5pbiIsIkZpcnN0TmFtZSI6InVpY2hlY2siLCJyb2xlcyI6IlJPTEVfQURNSU4iLCJ0b2tlbl9hY2Nlc3MiOiJhY2Nlc3MiLCJMYXN0TmFtZSI6InVpY2hlY2siLCJleHAiOjE2NjUwMzc4NzEsInVzZXJpZCI6MSwiZGV2aWNlIjoiYWRtaW4iLCJpYXQiOjE2MzM1MDE4NzEsImp0aSI6IjdmOTc2ZTg2LTdiMDgtNGIzZi05ZjA2LWYxNTBlNWRhYzdiZCIsInVzZXJuYW1lIjoidWljaGVja0B0YXRhZWx4c2kuY28uaW4ifQ.wzlNwFnd2KsvnuFmhvTWkDCDwNgklIs4660iPu7R6Z0[\r][\n]"
TID: [-1] [] [2021-10-06 12:21:16,853] DEBUG {org.apache.synapse.transport.http.wire} - HTTP-Listener I/O dispatcher-2 >> "Authorization: Bearer 5cee06c5-2195-3d3f-888f-38cf2356fa9f[\r][\n]"
TID: [-1] [] [2021-10-06 12:21:16,853] DEBUG {org.apache.synapse.transport.http.wire} - HTTP-Listener I/O dispatcher-2 >> "Cache-Control: no-cache[\r][\n]"
TID: [-1] [] [2021-10-06 12:21:16,854] DEBUG {org.apache.synapse.transport.http.wire} - HTTP-Listener I/O dispatcher-2 >> "User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36[\r][\n]"
TID: [-1] [] [2021-10-06 12:21:16,854] DEBUG {org.apache.synapse.transport.http.wire} - HTTP-Listener I/O dispatcher-2 >> "Postman-Token: a721233f-49b3-abcc-dd26-651602f59b63[\r][\n]"
TID: [-1] [] [2021-10-06 12:21:16,854] DEBUG {org.apache.synapse.transport.http.wire} - HTTP-Listener I/O dispatcher-2 >> "Accept: */*[\r][\n]"
TID: [-1] [] [2021-10-06 12:21:16,855] DEBUG {org.apache.synapse.transport.http.wire} - HTTP-Listener I/O dispatcher-2 >> "Accept-Encoding: gzip, deflate[\r][\n]"
TID: [-1] [] [2021-10-06 12:21:16,855] DEBUG {org.apache.synapse.transport.http.wire} - HTTP-Listener I/O dispatcher-2 >> "Accept-Language: en-US,en;q=0.9,pt;q=0.8[\r][\n]"
TID: [-1] [] [2021-10-06 12:21:16,855] DEBUG {org.apache.synapse.transport.http.wire} - HTTP-Listener I/O dispatcher-2 >> "Cookie: JSESSIONID=4C0E34D44696583993A06B1B28613614[\r][\n]"
TID: [-1] [] [2021-10-06 12:21:16,856] DEBUG {org.apache.synapse.transport.http.wire} - HTTP-Listener I/O dispatcher-2 >> "[\r][\n]"
TID: [-1234] [] [2021-10-06 12:21:16,857] WARN {org.wso2.carbon.apimgt.gateway.handlers.security.APIAuthenticationHandler} - API authentication failure due to No matching resource found in the API for the given request
TID: [-1] [] [2021-10-06 12:21:16,858] DEBUG {org.apache.synapse.transport.http.wire} - HTTP-Listener I/O dispatcher-2 << "HTTP/1.1 403 Forbidden[\r][\n]"
TID: [-1] [] [2021-10-06 12:21:16,858] DEBUG {org.apache.synapse.transport.http.wire} - HTTP-Listener I/O dispatcher-2 << "Cookie: JSESSIONID=4C0E34D44696583993A06B1B28613614[\r][\n]"
TID: [-1] [] [2021-10-06 12:21:16,858] DEBUG {org.apache.synapse.transport.http.wire} - HTTP-Listener I/O dispatcher-2 << "AUTH_TOKEN: eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJ1aWNoZWNrQHRhdGFlbHhzaS5jby5pbiIsIkZpcnN0TmFtZSI6InVpY2hlY2siLCJyb2xlcyI6IlJPTEVfQURNSU4iLCJ0b2tlbl9hY2Nlc3MiOiJhY2Nlc3MiLCJMYXN0TmFtZSI6InVpY2hlY2siLCJleHAiOjE2NjUwMzc4NzEsInVzZXJpZCI6MSwiZGV2aWNlIjoiYWRtaW4iLCJpYXQiOjE2MzM1MDE4NzEsImp0aSI6IjdmOTc2ZTg2LTdiMDgtNGIzZi05ZjA2LWYxNTBlNWRhYzdiZCIsInVzZXJuYW1lIjoidWljaGVja0B0YXRhZWx4c2kuY28uaW4ifQ.wzlNwFnd2KsvnuFmhvTWkDCDwNgklIs4660iPu7R6Z0[\r][\n
TID: [-1] [] [2021-10-06 12:21:16,859] DEBUG {org.apache.synapse.transport.http.wire} - HTTP-Listener I/O dispatcher-2 << "Access-Control-Expose-Headers: [\r][\n]"
TID: [-1] [] [2021-10-06 12:21:16,859] DEBUG {org.apache.synapse.transport.http.wire} - HTTP-Listener I/O dispatcher-2 << "Accept: */*[\r][\n]"
TID: [-1] [] [2021-10-06 12:21:16,859] DEBUG {org.apache.synapse.transport.http.wire} - HTTP-Listener I/O dispatcher-2 << "Cache-Control: no-cache[\r][\n]"
TID: [-1] [] [2021-10-06 12:21:16,859] DEBUG {org.apache.synapse.transport.http.wire} - HTTP-Listener I/O dispatcher-2 << "Access-Control-Allow-Origin: *[\r][\n]"
TID: [-1] [] [2021-10-06 12:21:16,859] DEBUG {org.apache.synapse.transport.http.wire} - HTTP-Listener I/O dispatcher-2 << "Access-Control-Allow-Methods: GET[\r][\n]"
TID: [-1] [] [2021-10-06 12:21:16,859] DEBUG {org.apache.synapse.transport.http.wire} - HTTP-Listener I/O dispatcher-2 << "Postman-Token: a721233f-49b3-abcc-dd26-651602f59b63[\r][\n]"
TID: [-1] [] [2021-10-06 12:21:16,859] DEBUG {org.apache.synapse.transport.http.wire} - HTTP-Listener I/O dispatcher-2 << "Accept-Encoding: gzip, deflate[\r][\n]"
TID: [-1] [] [2021-10-06 12:21:16,859] DEBUG {org.apache.synapse.transport.http.wire} - HTTP-Listener I/O dispatcher-2 << "Accept-Language: en-US,en;q=0.9,pt;q=0.8[\r][\n]"
TID: [-1] [] [2021-10-06 12:21:16,860] DEBUG {org.apache.synapse.transport.http.wire} - HTTP-Listener I/O dispatcher-2 << "Access-Control-Allow-Headers: authorization,Access-Control-Allow-Origin,Content-Type,SOAPAction,apikey,testKey,CMS_TOKEN,AUTH_TOKEN,responseType,Authorization[\r][\n]"
TID: [-1] [] [2021-10-06 12:21:16,860] DEBUG {org.apache.synapse.transport.http.wire} - HTTP-Listener I/O dispatcher-2 << "Content-Type: application/xml; charset=UTF-8[\r][\n]"
TID: [-1] [] [2021-10-06 12:21:16,860] DEBUG {org.apache.synapse.transport.http.wire} - HTTP-Listener I/O dispatcher-2 << "Date: Wed, 06 Oct 2021 06:51:16 GMT[\r][\n]"
TID: [-1] [] [2021-10-06 12:21:16,860] DEBUG {org.apache.synapse.transport.http.wire} - HTTP-Listener I/O dispatcher-2 << "Transfer-Encoding: chunked[\r][\n]"
TID: [-1] [] [2021-10-06 12:21:16,860] DEBUG {org.apache.synapse.transport.http.wire} - HTTP-Listener I/O dispatcher-2 << "Connection: keep-alive[\r][\n]"
TID: [-1] [] [2021-10-06 12:21:16,860] DEBUG {org.apache.synapse.transport.http.wire} - HTTP-Listener I/O dispatcher-2 << "[\r][\n]"
TID: [-1] [] [2021-10-06 12:21:16,860] DEBUG {org.apache.synapse.transport.http.wire} - HTTP-Listener I/O dispatcher-2 << "1b9[\r][\n]"
TID: [-1] [] [2021-10-06 12:21:16,860] DEBUG {org.apache.synapse.transport.http.wire} - HTTP-Listener I/O dispatcher-2 << "<ams:fault xmlns:ams="http://wso2.org/apimanager/security"><ams:code>900906</ams:code><ams:message>No matching resource found in the API for the given request</ams:message><ams:description>Access failure for API: /reports/v1.0.0, version: v1.0.0 status: (900906) - No matching resource found in the API for the given request. Check the API documentation and add a proper REST resource path to the invocation URL</ams:description></ams:fault>[\r][\n]"
TID: [-1] [] [2021-10-06 12:21:16,861] DEBUG {org.apache.synapse.transport.http.wire} - HTTP-Listener I/O dispatcher-2 << "0[\r][\n]"
TID: [-1] [] [2021-10-06 12:21:16,861] DEBUG {org.apache.synapse.transport.http.wire} - HTTP-Listener I/O dispatcher-2 << "[\r][\n]"
Attaching the errors got while adding new resourcePath and publishing the API:
TID: [-1234] [AuthenticationAdmin] [2021-10-20 16:00:21,559] INFO {org.wso2.carbon.core.services.util.CarbonAuthenticationUtil} - 'admin#carbon.super [-1234]' logged in at [2021-10-20 16:00:21,559+0530]
TID: [-1234] [] [2021-10-20 16:00:22,164] INFO {org.wso2.carbon.databridge.core.DataBridge} - user admin connected
TID: [-1] [] [2021-10-20 16:00:22,196] ERROR {org.wso2.andes.client.AMQConnection} - Throwable Received but no listener set. org.wso2.andes.AMQDisconnectedException: Server closed connection and reconnection not permitted.
at org.wso2.andes.client.protocol.AMQProtocolHandler.closed(AMQProtocolHandler.java:274)
at org.wso2.andes.client.protocol.AMQProtocolHandler.closeConnection(AMQProtocolHandler.java:755)
at org.wso2.andes.client.protocol.AMQProtocolSession.closeProtocolSession(AMQProtocolSession.java:379)
at org.wso2.andes.client.handler.ConnectionCloseMethodHandler.methodReceived(ConnectionCloseMethodHandler.java:104)
at org.wso2.andes.client.handler.ClientMethodDispatcherImpl.dispatchConnectionClose(ClientMethodDispatcherImpl.java:192)
at org.wso2.andes.framing.amqp_0_91.ConnectionCloseBodyImpl.execute(ConnectionCloseBodyImpl.java:140)
at org.wso2.andes.client.state.AMQStateManager.methodReceived(AMQStateManager.java:111)
at org.wso2.andes.client.protocol.AMQProtocolHandler.methodBodyReceived(AMQProtocolHandler.java:554)
at org.wso2.andes.client.protocol.AMQProtocolSession.methodFrameReceived(AMQProtocolSession.java:467)
at org.wso2.andes.framing.AMQMethodBodyImpl.handle(AMQMethodBodyImpl.java:92)
at org.wso2.andes.client.protocol.AMQProtocolHandler$2.run(AMQProtocolHandler.java:487)
at org.wso2.andes.pool.Job.processAll(Job.java:111)
at org.wso2.andes.pool.Job.run(Job.java:158)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:748)
TID: [-1] [] [2021-10-20 16:00:22,196] ERROR {org.wso2.carbon.event.output.adapter.jms.internal.util.JMSConnectionFactory} - Error acquiring a Connection from the JMS CF : notificationJMSPublisher using properties : {transport.jms.ConcurrentPublishers=allow, java.naming.provider.url=repository/conf/jndi.properties, java.naming.factory.initial=org.wso2.andes.jndi.PropertiesFileInitialContextFactory, transport.jms.DestinationType=topic, transport.jms.ConnectionFactoryJNDIName=TopicConnectionFactory, transport.jms.Destination=notification} javax.jms.JMSException: Error creating connection: not allowed
at org.wso2.andes.client.AMQConnectionFactory.createConnection(AMQConnectionFactory.java:346)
at org.wso2.andes.client.AMQConnectionFactory.createConnection(AMQConnectionFactory.java:53)
at org.wso2.carbon.event.output.adapter.jms.internal.util.JMSUtils.createConnection(JMSUtils.java:387)
at org.wso2.carbon.event.output.adapter.jms.internal.util.JMSConnectionFactory.createConnection(JMSConnectionFactory.java:268)
at org.wso2.carbon.event.output.adapter.jms.internal.util.JMSConnectionFactory$PoolableJMSConnectionFactory.makeObject(JMSConnectionFactory.java:356)
at org.apache.commons.pool.impl.GenericObjectPool.borrowObject(GenericObjectPool.java:1181)
at org.wso2.carbon.event.output.adapter.jms.internal.util.JMSConnectionFactory.getConnectionFromPool(JMSConnectionFactory.java:286)
at org.wso2.carbon.event.output.adapter.jms.internal.util.JMSMessageSender.send(JMSMessageSender.java:86)
at org.wso2.carbon.event.output.adapter.jms.JMSEventAdapter$JMSSender.run(JMSEventAdapter.java:284)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:748)
Caused by: org.wso2.andes.AMQConnectionFailureException: not allowed [error code 530: not allowed]
at org.wso2.andes.client.AMQConnection.<init>(AMQConnection.java:496)
at org.wso2.andes.client.AMQConnectionFactory.createConnection(AMQConnectionFactory.java:328)
... 13 more
Caused by: org.wso2.andes.client.AMQAuthenticationException: not allowed [error code 530: not allowed]
at org.wso2.andes.client.handler.ConnectionCloseMethodHandler.methodReceived(ConnectionCloseMethodHandler.java:79)
at org.wso2.andes.client.handler.ClientMethodDispatcherImpl.dispatchConnectionClose(ClientMethodDispatcherImpl.java:192)
at org.wso2.andes.framing.amqp_0_91.ConnectionCloseBodyImpl.execute(ConnectionCloseBodyImpl.java:140)
at org.wso2.andes.client.state.AMQStateManager.methodReceived(AMQStateManager.java:111)
at org.wso2.andes.client.protocol.AMQProtocolHandler.methodBodyReceived(AMQProtocolHandler.java:554)
at org.wso2.andes.client.protocol.AMQProtocolSession.methodFrameReceived(AMQProtocolSession.java:467)
at org.wso2.andes.framing.AMQMethodBodyImpl.handle(AMQMethodBodyImpl.java:92)
at org.wso2.andes.client.protocol.AMQProtocolHandler$2.run(AMQProtocolHandler.java:487)
at org.wso2.andes.pool.Job.processAll(Job.java:111)
at org.wso2.andes.pool.Job.run(Job.java:158)
... 3 more
Followed below link for encrypting password and connectionUrl using cipher tool:
[17:58] Amulya M
https://docs.wso2.com/display/Carbon440/Encrypting+Passwords+with+Cipher+Tool
Encoded admin password and updated 'deployment.toml' file as shown below:
[apim.throttling.jms]
username = "admin"
password = "encodedPassword"
Encoded 'connectionfactory.TopicConnectionFactory' URL in jndi2.properties
connectionfactory.TopicConnectionFactory = amqp://admin:adminpwd#clientid/carbon?brokerlist='tcp://${carbon.local.ip}:${jms.port}'
However getting below error after restarting APIM:
ERROR {org.wso2.carbon.apimgt.gateway.handlers.security.APIKeyValidator} - Did not found valid API Validation Information cache configuration. Use default configurationjava.lang.NullPointerException
TID: [-1234] [] [2021-11-15 17:31:52,650] ERROR {org.wso2.carbon.apimgt.gateway.handlers.security.APIKeyValidator} - Did not found valid API Resource Validation Information cache configuration. Use default configurationjava.lang.NullPointerException
TID: [-1234] [] [2021-11-15 17:31:52,666] ERROR {org.wso2.carbon.apimgt.gateway.utils.GatewayUtils} - Did not found valid API Validation Information cache configuration. Use default configuration. java.lang.NullPointerException
at org.wso2.carbon.apimgt.gateway.internal.ServiceReferenceHolder.getAPIManagerConfiguration_aroundBody12(ServiceReferenceHolder.java:100)
at org.wso2.carbon.apimgt.gateway.internal.ServiceReferenceHolder.getAPIManagerConfiguration(ServiceReferenceHolder.java:99)
at org.wso2.carbon.apimgt.gateway.utils.GatewayUtils.isGatewayTokenCacheEnabled_aroundBody56(GatewayUtils.java:868)
at org.wso2.carbon.apimgt.gateway.utils.GatewayUtils.isGatewayTokenCacheEnabled(GatewayUtils.java:865)
at org.wso2.carbon.apimgt.gateway.handlers.security.jwt.JWTValidator.(JWTValidator.java:76)
at org.wso2.carbon.apimgt.gateway.handlers.security.oauth.OAuthAuthenticator.init_aroundBody0(OAuthAuthenticator.java:103)
at org.wso2.carbon.apimgt.gateway.handlers.security.oauth.OAuthAuthenticator.init(OAuthAuthenticator.java:101)
at org.wso2.carbon.apimgt.gateway.handlers.security.APIAuthenticationHandler.initializeAuthenticators_aroundBody34(APIAuthenticationHandler.java:300)
at org.wso2.carbon.apimgt.gateway.handlers.security.APIAuthenticationHandler.initializeAuthenticators(APIAuthenticationHandler.java:239)
at org.wso2.carbon.apimgt.gateway.handlers.security.APIAuthenticationHandler.handleRequest_aroundBody36(APIAuthenticationHandler.java:352)
at org.wso2.carbon.apimgt.gateway.handlers.security.APIAuthenticationHandler.handleRequest(APIAuthenticationHandler.java:325)
at org.apache.synapse.rest.API.process(API.java:373)
at org.apache.synapse.rest.RESTRequestHandler.apiProcessNonDefaultStrategy(RESTRequestHandler.java:144)
at org.apache.synapse.rest.RESTRequestHandler.identifyAPI(RESTRequestHandler.java:164)
at org.apache.synapse.rest.RESTRequestHandler.dispatchToAPI(RESTRequestHandler.java:95)
at org.apache.synapse.rest.RESTRequestHandler.process(RESTRequestHandler.java:73)
at org.apache.synapse.core.axis2.Axis2SynapseEnvironment.injectMessage(Axis2SynapseEnvironment.java:331)
at org.apache.synapse.core.axis2.SynapseMessageReceiver.receive(SynapseMessageReceiver.java:99)
at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:180)
at org.apache.synapse.transport.passthru.ServerWorker.processNonEntityEnclosingRESTHandler(ServerWorker.java:367)
at org.apache.synapse.transport.passthru.ServerWorker.processEntityEnclosingRequest(ServerWorker.java:426)
at org.apache.synapse.transport.passthru.ServerWorker.run(ServerWorker.java:181)
at org.apache.axis2.transport.base.threads.NativeWorkerPool$1.run(NativeWorkerPool.java:172)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:748)

When you are saving the changes please make sure that the relevant gateway has been selected under the publisher's Environment UI. Also, please redeploy the API via the Lifecycle UI. Then try to check the flow again.

For a service chaining purpose, I have to call SCIM2 Me endpoint from API manager mediation sequence.
POST method to ADD user works fine, but GET/PUT/DELETE methods are not working.
I have provided a code snippet of Get method I'm using in the sequence.
<property name="uri.var.tenantDomain" expression="get-property('tenantDomain')" scope="default" type="STRING"/>
<property name="NO_ENTITY_BODY" scope="axis2" action="remove"/>
<property name="HTTP_METHOD" value="GET" scope="axis2" type="STRING"/>
<property name="REST_URL_POSTFIX" scope="axis2" action="remove"/>
<property name="messageType" value="application/scim+json" scope="axis2" type="STRING"/>
<property name="ContentType" value="application/scim+json" scope="axis2" type="STRING"/>
<property name="Authorization" expression="get-property('Credentials')" scope="transport" type="STRING"/>
<call blocking="true">
<endpoint>
<http method="GET" uri-template="https://10.201.8.13:5004/t/{uri.var.tenantDomain}/scim2/Me"/>
</endpoint>
</call>
On calling the endpoint, I'm getting the below error.
{
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:Error"
],
"detail": "Error from getting the authenticated user",
"status": "500"
}
The same code works fine when I deploy the sequence in EI 6.6.0 for all HTTP Methods.
WIRE Log from ESB
TID: [-1] [] [2020-09-21 10:48:35,898] DEBUG {org.apache.synapse.transport.http.wire} - HTTP-Listener I/O dispatcher-5 >> "GET /test/getUser/me?domain=carbon.super HTTP/1.1[\r][\n]"
TID: [-1] [] [2020-09-21 10:48:35,898] DEBUG {org.apache.synapse.transport.http.wire} - HTTP-Listener I/O dispatcher-5 >> "GET /test/getUser/me?domain=carbon.super HTTP/1.1[\r][\n]"
TID: [-1] [] [2020-09-21 10:48:35,899] DEBUG {org.apache.synapse.transport.http.wire} - HTTP-Listener I/O dispatcher-5 >> "Credentials: Basic YWRtaW46YWRtaW4=[\r][\n]"
TID: [-1] [] [2020-09-21 10:48:35,899] DEBUG {org.apache.synapse.transport.http.wire} - HTTP-Listener I/O dispatcher-5 >> "Credentials: Basic YWRtaW46YWRtaW4=[\r][\n]"
TID: [-1] [] [2020-09-21 10:48:35,899] DEBUG {org.apache.synapse.transport.http.wire} - HTTP-Listener I/O dispatcher-5 >> "Content-Type: application/json[\r][\n]"
TID: [-1] [] [2020-09-21 10:48:35,899] DEBUG {org.apache.synapse.transport.http.wire} - HTTP-Listener I/O dispatcher-5 >> "Content-Type: application/json[\r][\n]"
TID: [-1] [] [2020-09-21 10:48:35,900] DEBUG {org.apache.synapse.transport.http.wire} - HTTP-Listener I/O dispatcher-5 >> "User-Agent: PostmanRuntime/7.26.5[\r][\n]"
TID: [-1] [] [2020-09-21 10:48:35,900] DEBUG {org.apache.synapse.transport.http.wire} - HTTP-Listener I/O dispatcher-5 >> "User-Agent: PostmanRuntime/7.26.5[\r][\n]"
TID: [-1] [] [2020-09-21 10:48:35,901] DEBUG {org.apache.synapse.transport.http.wire} - HTTP-Listener I/O dispatcher-5 >> "Accept: */*[\r][\n]"
TID: [-1] [] [2020-09-21 10:48:35,901] DEBUG {org.apache.synapse.transport.http.wire} - HTTP-Listener I/O dispatcher-5 >> "Accept: */*[\r][\n]"
TID: [-1] [] [2020-09-21 10:48:35,901] DEBUG {org.apache.synapse.transport.http.wire} - HTTP-Listener I/O dispatcher-5 >> "Postman-Token: fb161eca-313f-4dd6-80b6-ffb98c2e5ffd[\r][\n]"
TID: [-1] [] [2020-09-21 10:48:35,901] DEBUG {org.apache.synapse.transport.http.wire} - HTTP-Listener I/O dispatcher-5 >> "Postman-Token: fb161eca-313f-4dd6-80b6-ffb98c2e5ffd[\r][\n]"
TID: [-1] [] [2020-09-21 10:48:35,902] DEBUG {org.apache.synapse.transport.http.wire} - HTTP-Listener I/O dispatcher-5 >> "Host: 10.201.8.13:5008[\r][\n]"
TID: [-1] [] [2020-09-21 10:48:35,902] DEBUG {org.apache.synapse.transport.http.wire} - HTTP-Listener I/O dispatcher-5 >> "Host: 10.201.8.13:5008[\r][\n]"
TID: [-1] [] [2020-09-21 10:48:35,902] DEBUG {org.apache.synapse.transport.http.wire} - HTTP-Listener I/O dispatcher-5 >> "Accept-Encoding: gzip, deflate, br[\r][\n]"
TID: [-1] [] [2020-09-21 10:48:35,902] DEBUG {org.apache.synapse.transport.http.wire} - HTTP-Listener I/O dispatcher-5 >> "Accept-Encoding: gzip, deflate, br[\r][\n]"
TID: [-1] [] [2020-09-21 10:48:35,903] DEBUG {org.apache.synapse.transport.http.wire} - HTTP-Listener I/O dispatcher-5 >> "Connection: keep-alive[\r][\n]"
TID: [-1] [] [2020-09-21 10:48:35,903] DEBUG {org.apache.synapse.transport.http.wire} - HTTP-Listener I/O dispatcher-5 >> "Connection: keep-alive[\r][\n]"
TID: [-1] [] [2020-09-21 10:48:35,903] DEBUG {org.apache.synapse.transport.http.wire} - HTTP-Listener I/O dispatcher-5 >> "Cookie: sails.sid=s%3AKOx3WtbZXUQDOyAeVXwqhLeH17Nltb7v.OG8P3N29zzWPUzQMb1rv%2BGEF%2BXs84%2B2ctxI3OSUFa%2FU[\r][\n]"
TID: [-1] [] [2020-09-21 10:48:35,903] DEBUG {org.apache.synapse.transport.http.wire} - HTTP-Listener I/O dispatcher-5 >> "Cookie: sails.sid=s%3AKOx3WtbZXUQDOyAeVXwqhLeH17Nltb7v.OG8P3N29zzWPUzQMb1rv%2BGEF%2BXs84%2B2ctxI3OSUFa%2FU[\r][\n]"
TID: [-1] [] [2020-09-21 10:48:35,904] DEBUG {org.apache.synapse.transport.http.wire} - HTTP-Listener I/O dispatcher-5 >> "[\r][\n]"
TID: [-1] [] [2020-09-21 10:48:35,904] DEBUG {org.apache.synapse.transport.http.wire} - HTTP-Listener I/O dispatcher-5 >> "[\r][\n]"
TID: [-1234] [] [2020-09-21 10:48:35,907] INFO {org.apache.synapse.mediators.builtin.LogMediator} - To: /test/getUser/me?domain=carbon.super, MessageID: urn:uuid:04f6da34-36bc-4fd5-9036-a31eb8ec8a73, Direction: request, :: URI :: = /test/getUser/me?domain=carbon.super
TID: [-1234] [] [2020-09-21 10:48:35,908] INFO {org.apache.synapse.mediators.builtin.LogMediator} - To: /test/getUser/me?domain=carbon.super, MessageID: urn:uuid:04f6da34-36bc-4fd5-9036-a31eb8ec8a73, Direction: request, :: ResourceName :: = getUser/me?domain=carbon.super
TID: [-1234] [] [2020-09-21 10:48:35,909] INFO {org.apache.synapse.mediators.builtin.LogMediator} - To: /test/getUser/me?domain=carbon.super, MessageID: urn:uuid:04f6da34-36bc-4fd5-9036-a31eb8ec8a73, Direction: request, :: Credentials :: = Basic YWRtaW46YWRtaW4=, :: tenantDomain :: = carbon.super
TID: [-1234] [] [2020-09-21 10:48:35,910] INFO {org.apache.synapse.mediators.builtin.LogMediator} - To: /test/getUser/me?domain=carbon.super, MessageID: urn:uuid:04f6da34-36bc-4fd5-9036-a31eb8ec8a73, Direction: request, :: Inside :: = getUser/me?domain=carbon.super
TID: [-1234] [] [2020-09-21 10:48:35,911] INFO {org.apache.synapse.mediators.builtin.LogMediator} - To: /test/getUser/me?domain=carbon.super, MessageID: urn:uuid:04f6da34-36bc-4fd5-9036-a31eb8ec8a73, Direction: request, Envelope: <?xml version='1.0' encoding='utf-8'?><soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"><soapenv:Body/></soapenv:Envelope>
TID: [-1234] [] [2020-09-21 10:48:35,921] DEBUG {httpclient.wire.header} - >> "GET /t/carbon.super/scim2/Me HTTP/1.1[\r][\n]"
TID: [-1234] [] [2020-09-21 10:48:35,921] DEBUG {httpclient.wire.header} - >> "Content-Type: application/scim+json; charset=UTF-8[\r][\n]"
TID: [-1234] [] [2020-09-21 10:48:35,922] DEBUG {httpclient.wire.header} - >> "Authorization: Basic YWRtaW46YWRtaW4=[\r][\n]"
TID: [-1234] [] [2020-09-21 10:48:35,922] DEBUG {httpclient.wire.header} - >> "User-Agent: Axis2[\r][\n]"
TID: [-1234] [] [2020-09-21 10:48:35,922] DEBUG {httpclient.wire.header} - >> "Host: 10.201.8.13:5004[\r][\n]"
TID: [-1234] [] [2020-09-21 10:48:35,923] DEBUG {httpclient.wire.header} - >> "[\r][\n]"
TID: [-1234] [] [2020-09-21 10:48:35,981] DEBUG {httpclient.wire.header} - << "HTTP/1.1 200 [\r][\n]"
TID: [-1234] [] [2020-09-21 10:48:35,981] DEBUG {httpclient.wire.header} - << "HTTP/1.1 200 [\r][\n]"
TID: [-1234] [] [2020-09-21 10:48:35,981] DEBUG {httpclient.wire.header} - << "Location: https://10.201.8.13:5004/scim2/Users/83d21ce2-304d-482c-ab2e-84c14628c1a0[\r][\n]"
TID: [-1234] [] [2020-09-21 10:48:35,982] DEBUG {httpclient.wire.header} - << "Date: Mon, 21 Sep 2020 05:18:35 GMT[\r][\n]"
TID: [-1234] [] [2020-09-21 10:48:35,982] DEBUG {httpclient.wire.header} - << "Content-Type: application/scim+json[\r][\n]"
TID: [-1234] [] [2020-09-21 10:48:35,982] DEBUG {httpclient.wire.header} - << "Content-Length: 2885[\r][\n]"
TID: [-1234] [] [2020-09-21 10:48:35,983] DEBUG {httpclient.wire.header} - << "Server: WSO2 Carbon Server[\r][\n]"
TID: [-1234] [] [2020-09-21 10:48:35,983] DEBUG {httpclient.wire.header} - << "[\r][\n]"
TID: [-1] [] [2020-09-21 10:48:35,986] DEBUG {org.apache.synapse.transport.http.wire} - HTTP-Listener I/O dispatcher-5 << "HTTP/1.1 200 OK[\r][\n]"
TID: [-1] [] [2020-09-21 10:48:35,986] DEBUG {org.apache.synapse.transport.http.wire} - HTTP-Listener I/O dispatcher-5 << "HTTP/1.1 200 OK[\r][\n]"
TID: [-1] [] [2020-09-21 10:48:35,986] DEBUG {org.apache.synapse.transport.http.wire} - HTTP-Listener I/O dispatcher-5 << "Authorization: Basic YWRtaW46YWRtaW4=[\r][\n]"
TID: [-1] [] [2020-09-21 10:48:35,986] DEBUG {org.apache.synapse.transport.http.wire} - HTTP-Listener I/O dispatcher-5 << "Authorization: Basic YWRtaW46YWRtaW4=[\r][\n]"
TID: [-1] [] [2020-09-21 10:48:35,986] DEBUG {org.apache.synapse.transport.http.wire} - HTTP-Listener I/O dispatcher-5 << "Access-Control-Allow-Methods: GET[\r][\n]"
TID: [-1] [] [2020-09-21 10:48:35,986] DEBUG {org.apache.synapse.transport.http.wire} - HTTP-Listener I/O dispatcher-5 << "Access-Control-Allow-Methods: GET[\r][\n]"
TID: [-1] [] [2020-09-21 10:48:35,987] DEBUG {org.apache.synapse.transport.http.wire} - HTTP-Listener I/O dispatcher-5 << "Access-Control-Allow-Headers: content-type[\r][\n]"
TID: [-1] [] [2020-09-21 10:48:35,987] DEBUG {org.apache.synapse.transport.http.wire} - HTTP-Listener I/O dispatcher-5 << "Access-Control-Allow-Headers: content-type[\r][\n]"
TID: [-1] [] [2020-09-21 10:48:35,987] DEBUG {org.apache.synapse.transport.http.wire} - HTTP-Listener I/O dispatcher-5 << "Content-Type: application/scim+json; charset=UTF-8[\r][\n]"
TID: [-1] [] [2020-09-21 10:48:35,987] DEBUG {org.apache.synapse.transport.http.wire} - HTTP-Listener I/O dispatcher-5 << "Content-Type: application/scim+json; charset=UTF-8[\r][\n]"
TID: [-1] [] [2020-09-21 10:48:35,987] DEBUG {org.apache.synapse.transport.http.wire} - HTTP-Listener I/O dispatcher-5 << "Date: Mon, 21 Sep 2020 05:18:35 GMT[\r][\n]"
TID: [-1] [] [2020-09-21 10:48:35,987] DEBUG {org.apache.synapse.transport.http.wire} - HTTP-Listener I/O dispatcher-5 << "Date: Mon, 21 Sep 2020 05:18:35 GMT[\r][\n]"
TID: [-1] [] [2020-09-21 10:48:35,987] DEBUG {org.apache.synapse.transport.http.wire} - HTTP-Listener I/O dispatcher-5 << "Transfer-Encoding: chunked[\r][\n]"
TID: [-1] [] [2020-09-21 10:48:35,987] DEBUG {org.apache.synapse.transport.http.wire} - HTTP-Listener I/O dispatcher-5 << "Transfer-Encoding: chunked[\r][\n]"
TID: [-1] [] [2020-09-21 10:48:35,988] DEBUG {org.apache.synapse.transport.http.wire} - HTTP-Listener I/O dispatcher-5 << "Connection: keep-alive[\r][\n]"
TID: [-1] [] [2020-09-21 10:48:35,988] DEBUG {org.apache.synapse.transport.http.wire} - HTTP-Listener I/O dispatcher-5 << "Connection: keep-alive[\r][\n]"
TID: [-1] [] [2020-09-21 10:48:35,988] DEBUG {org.apache.synapse.transport.http.wire} - HTTP-Listener I/O dispatcher-5 << "[\r][\n]"
TID: [-1] [] [2020-09-21 10:48:35,988] DEBUG {org.apache.synapse.transport.http.wire} - HTTP-Listener I/O dispatcher-5 << "[\r][\n]"
TID: [-1] [] [2020-09-21 10:48:35,988] DEBUG {org.apache.synapse.transport.http.wire} - HTTP-Listener I/O dispatcher-5 << "b45[\r][\n]"
TID: [-1] [] [2020-09-21 10:48:35,988] DEBUG {org.apache.synapse.transport.http.wire} - HTTP-Listener I/O dispatcher-5 << "b45[\r][\n]"
TID: [-1] [] [2020-09-21 10:48:35,989] DEBUG {org.apache.synapse.transport.http.wire} - HTTP-Listener I/O dispatcher-5 << "0[\r][\n]"
TID: [-1] [] [2020-09-21 10:48:35,989] DEBUG {org.apache.synapse.transport.http.wire} - HTTP-Listener I/O dispatcher-5 << "0[\r][\n]"
TID: [-1] [] [2020-09-21 10:48:35,989] DEBUG {org.apache.synapse.transport.http.wire} - HTTP-Listener I/O dispatcher-5 << "[\r][\n]"
TID: [-1] [] [2020-09-21 10:48:35,989] DEBUG {org.apache.synapse.transport.http.wire} - HTTP-Listener I/O dispatcher-5 << "[\r][\n]"
WIRE Log from API Manager
[2020-09-21 10:51:00,083] DEBUG - wire HTTPS-Listener I/O dispatcher-2 >> "GET /engageAPI/user/v1/getUser/me?domain=carbon.super HTTP/1.1[\r][\n]"
[2020-09-21 10:51:00,086] DEBUG - wire HTTPS-Listener I/O dispatcher-2 >> "Credentials: Basic YWRtaW46YWRtaW4=[\r][\n]"
[2020-09-21 10:51:00,087] DEBUG - wire HTTPS-Listener I/O dispatcher-2 >> "Content-Type: application/json[\r][\n]"
[2020-09-21 10:51:00,090] DEBUG - wire HTTPS-Listener I/O dispatcher-2 >> "User-Agent: PostmanRuntime/7.26.5[\r][\n]"
[2020-09-21 10:51:00,091] DEBUG - wire HTTPS-Listener I/O dispatcher-2 >> "Accept: */*[\r][\n]"
[2020-09-21 10:51:00,092] DEBUG - wire HTTPS-Listener I/O dispatcher-2 >> "Postman-Token: 5bf19c4e-41c2-4434-9ea0-9bb880efb94e[\r][\n]"
[2020-09-21 10:51:00,092] DEBUG - wire HTTPS-Listener I/O dispatcher-2 >> "Host: localhost:8243[\r][\n]"
[2020-09-21 10:51:00,092] DEBUG - wire HTTPS-Listener I/O dispatcher-2 >> "Accept-Encoding: gzip, deflate, br[\r][\n]"
[2020-09-21 10:51:00,093] DEBUG - wire HTTPS-Listener I/O dispatcher-2 >> "Connection: keep-alive[\r][\n]"
[2020-09-21 10:51:00,094] DEBUG - wire HTTPS-Listener I/O dispatcher-2 >> "[\r][\n]"
[2020-09-21 10:51:00,095] DEBUG - headers http-incoming-2 >> GET /engageAPI/user/v1/getUser/me?domain=carbon.super HTTP/1.1
[2020-09-21 10:51:00,096] DEBUG - headers http-incoming-2 >> Credentials: Basic YWRtaW46YWRtaW4=
[2020-09-21 10:51:00,096] DEBUG - headers http-incoming-2 >> Content-Type: application/json
[2020-09-21 10:51:00,098] DEBUG - headers http-incoming-2 >> User-Agent: PostmanRuntime/7.26.5
[2020-09-21 10:51:00,099] DEBUG - headers http-incoming-2 >> Accept: */*
[2020-09-21 10:51:00,099] DEBUG - headers http-incoming-2 >> Postman-Token: 5bf19c4e-41c2-4434-9ea0-9bb880efb94e
[2020-09-21 10:51:00,100] DEBUG - headers http-incoming-2 >> Host: localhost:8243
[2020-09-21 10:51:00,100] DEBUG - headers http-incoming-2 >> Accept-Encoding: gzip, deflate, br
[2020-09-21 10:51:00,101] DEBUG - headers http-incoming-2 >> Connection: keep-alive
[2020-09-21 10:51:00,663] INFO - LogMediator {api:admin--UserManagement:vv1} To: /engageAPI/user/v1/getUser/me?domain=carbon.super, MessageID: urn:uuid:5231a3ae-ce89-4766-880c-3cd0b2f2f24d, Direction: request, :: URI :: = /engageAPI/user/v1/getUser/me?domain=carbon.super
[2020-09-21 10:51:00,664] INFO - LogMediator {api:admin--UserManagement:vv1} To: /engageAPI/user/v1/getUser/me?domain=carbon.super, MessageID: urn:uuid:5231a3ae-ce89-4766-880c-3cd0b2f2f24d, Direction: request, :: ResourceName :: = getUser/me?domain=carbon.super
[2020-09-21 10:51:00,666] INFO - LogMediator {api:admin--UserManagement:vv1} To: /engageAPI/user/v1/getUser/me?domain=carbon.super, MessageID: urn:uuid:5231a3ae-ce89-4766-880c-3cd0b2f2f24d, Direction: request, :: Credentials :: = Basic YWRtaW46YWRtaW4=, :: tenantDomain :: = carbon.super
[2020-09-21 10:51:00,667] INFO - LogMediator {api:admin--UserManagement:vv1} To: /engageAPI/user/v1/getUser/me?domain=carbon.super, MessageID: urn:uuid:5231a3ae-ce89-4766-880c-3cd0b2f2f24d, Direction: request, :: Inside :: = getUser/me?domain=carbon.super
[2020-09-21 10:51:00,689] INFO - LogMediator {api:admin--UserManagement:vv1} To: /engageAPI/user/v1/getUser/me?domain=carbon.super, MessageID: urn:uuid:5231a3ae-ce89-4766-880c-3cd0b2f2f24d, Direction: request, Envelope: <?xml version='1.0' encoding='utf-8'?><soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"><soapenv:Body/></soapenv:Envelope>
[2020-09-21 10:51:04,090] DEBUG - header >> "GET /t/carbon.super/scim2/Me HTTP/1.1[\r][\n]"
[2020-09-21 10:51:04,097] DEBUG - header >> "Content-Type: application/scim+json; charset=UTF-8[\r][\n]"
[2020-09-21 10:51:04,097] DEBUG - header >> "Authorization: Basic YWRtaW46YWRtaW4=[\r][\n]"
[2020-09-21 10:51:04,098] DEBUG - header >> "User-Agent: Axis2[\r][\n]"
[2020-09-21 10:51:04,099] DEBUG - header >> "Host: 10.201.8.13:5004[\r][\n]"
[2020-09-21 10:51:04,100] DEBUG - header >> "[\r][\n]"
[2020-09-21 10:51:04,141] DEBUG - header << "HTTP/1.1 500 [\r][\n]"
[2020-09-21 10:51:04,143] DEBUG - header << "HTTP/1.1 500 [\r][\n]"
[2020-09-21 10:51:04,145] DEBUG - header << "Date: Mon, 21 Sep 2020 05:22:20 GMT[\r][\n]"
[2020-09-21 10:51:04,146] DEBUG - header << "Content-Type: application/scim+json[\r][\n]"
[2020-09-21 10:51:04,146] DEBUG - header << "Content-Length: 127[\r][\n]"
[2020-09-21 10:51:04,147] DEBUG - header << "Connection: close[\r][\n]"
[2020-09-21 10:51:04,147] DEBUG - header << "Server: WSO2 Carbon Server[\r][\n]"
[2020-09-21 10:51:04,148] DEBUG - header << "[\r][\n]"
[2020-09-21 10:51:04,183] INFO - LogMediator {api:admin--UserManagement:vv1} To: https://localhost:5004/t/carbon.super/scim2/Me, MessageID: urn:uuid:5231a3ae-ce89-4766-880c-3cd0b2f2f24d, Direction: request, Payload: {"schemas":["urn:ietf:params:scim:api:messages:2.0:Error"],"detail":"Error from getting the authenticated user","status":"500"}
[2020-09-21 10:51:04,202] DEBUG - headers http-incoming-2 << HTTP/1.1 500 Internal Server Error
[2020-09-21 10:51:04,204] DEBUG - headers http-incoming-2 << Authorization: Basic YWRtaW46YWRtaW4=
[2020-09-21 10:51:04,205] DEBUG - headers http-incoming-2 << Content-Type: application/scim+json; charset=UTF-8
[2020-09-21 10:51:04,209] DEBUG - headers http-incoming-2 << Date: Mon, 21 Sep 2020 05:21:04 GMT
[2020-09-21 10:51:04,212] DEBUG - headers http-incoming-2 << Transfer-Encoding: chunked
[2020-09-21 10:51:04,213] DEBUG - headers http-incoming-2 << Connection: keep-alive
[2020-09-21 10:51:04,216] DEBUG - wire HTTPS-Listener I/O dispatcher-2 << "HTTP/1.1 500 Internal Server Error[\r][\n]"
[2020-09-21 10:51:04,217] DEBUG - wire HTTPS-Listener I/O dispatcher-2 << "Authorization: Basic YWRtaW46YWRtaW4=[\r][\n]"
[2020-09-21 10:51:04,217] DEBUG - wire HTTPS-Listener I/O dispatcher-2 << "Content-Type: application/scim+json; charset=UTF-8[\r][\n]"
[2020-09-21 10:51:04,223] DEBUG - wire HTTPS-Listener I/O dispatcher-2 << "Date: Mon, 21 Sep 2020 05:21:04 GMT[\r][\n]"
[2020-09-21 10:51:04,225] DEBUG - wire HTTPS-Listener I/O dispatcher-2 << "Transfer-Encoding: chunked[\r][\n]"
[2020-09-21 10:51:04,226] DEBUG - wire HTTPS-Listener I/O dispatcher-2 << "Connection: keep-alive[\r][\n]"
[2020-09-21 10:51:04,227] DEBUG - wire HTTPS-Listener I/O dispatcher-2 << "[\r][\n]"
[2020-09-21 10:51:04,228] DEBUG - wire HTTPS-Listener I/O dispatcher-2 << "7f[\r][\n]"
[2020-09-21 10:51:04,229] DEBUG - wire HTTPS-Listener I/O dispatcher-2 << "{"schemas":["urn:ietf:params:scim:api:messages:2.0:Error"],"detail":"Error from getting the authenticated user","status":"500"}[\r][\n]"
[2020-09-21 10:51:04,230] DEBUG - wire HTTPS-Listener I/O dispatcher-2 << "0[\r][\n]"
[2020-09-21 10:51:04,230] DEBUG - wire HTTPS-Listener I/O dispatcher-2 << "[\r][\n]"
Can someone guide me on this?

This is due to the X509Certificate or certificate-based authentication is enabled in both APIM and IS versions. So APIM sends the certificate attribute name and since IS support X509Certificate based authentication IS gives priority to this. Since EI not support this there is no issue with ESB. In order to fix this, we can disable or reduce the priority of X509Certificate based authentication in IS.
Adding following configuration can reduce the priority and get this working. So add this to <IS_KM>/repository/conf/deployment.toml
[[event_listener]]
id="x509Certificate_auth"
name="org.wso2.carbon.identity.auth.service.handler.impl.ClientCertificateBasedAuthenticationHandler"
order="1000"
type="org.wso2.carbon.identity.core.handler.AbstractIdentityMessageHandler"

I am implementing an API gateway for a backend service which requires QWAC certificate.
I followed the instructions at: https://apim.docs.wso2.com/en/3.1.0/administer/product-security/mutual-ssl-between-api-gateway-and-backend/ and imported the public key to client keystore in WSO APIM.
When I try to reach the endpoint in question I am getting the following error response:
{"errorCode":"bad_request","errorText":"400 - {\"status\":\"INVALID\",\"errorCode\":\"unspecified_error\",\"errorText\":\"Mapping error\"}"}, which seems to be coming from the
backend service.
Here is the output from wso2carbon wire logs:
2 Message direction=IN Server name=localhost Timestamp=1587116916556 Service name=__SynapseService Operation Name=mediate
TID: [-1] [] [2020-04-17 11:48:36,823] DEBUG {org.apache.synapse.transport.http.wire} - HTTPS-Sender I/O dispatcher-2 << "GET /api/slsp/sandbox/v1/psd2-ais/v1/accounts HTTP/1.1[\r][\n]"
TID: [-1] [] [2020-04-17 11:48:36,890] DEBUG {org.apache.synapse.transport.http.wire} - HTTPS-Sender I/O dispatcher-2 << "Authorization: ewogICJ0eXBlIjogInRva2VuIiwKICAibmFtZSI6ICJTTFNQIGNsaWVudDEiLAogICJzZXNzaW9uVVVJRCI6ICIyMzI1YzFkMS01ZTMwLTQ2NGQtOGM0Ni1kYzc5Y2E2NTkzMDAiLAogICJzY29wZXMiOiBbXSwKICAiY29uc2VudCI6IFsKICAgIHsKICAgICAgImlkIjogIjExMTExIiwKICAgICAgImNvbnRlbnQiOiAibm9uZSIKICAgIH0KICBdLAogICJsaW1pdHMiOiB7CiAgICAiYWNjZXNzU2Vjb25kcyI6IDM2MDAsCiAgICAicmVmcmVzaFNlY29uZHMiOiA3Nzc2MDAwCiAgfSwKICAiYWNjZXNzVHlwZSI6ICJudWxsIiwKICAiZXhwaXJhdGlvbiI6ICIyMDIwLTA0LTE3VDA5OjUxOjI2LjQ1MVoiCn0=[\r][\n]"
TID: [-1] [] [2020-04-17 11:48:36,954] DEBUG {org.apache.synapse.transport.http.wire} - HTTPS-Sender I/O dispatcher-2 << "activityID: 490325399145411914682[\r][\n]"
TID: [-1] [] [2020-04-17 11:48:37,017] DEBUG {org.apache.synapse.transport.http.wire} - HTTPS-Sender I/O dispatcher-2 << "web-api-key: b5830b00-772f-4e94-8a4a-be370d4e5481[\r][\n]"
TID: [-1] [] [2020-04-17 11:48:37,082] DEBUG {org.apache.synapse.transport.http.wire} - HTTPS-Sender I/O dispatcher-2 << "accept: application/json[\r][\n]"
TID: [-1] [] [2020-04-17 11:48:37,145] DEBUG {org.apache.synapse.transport.http.wire} - HTTPS-Sender I/O dispatcher-2 << "Host: webapi.developers.erstegroup.com[\r][\n]"
TID: [-1] [] [2020-04-17 11:48:37,208] DEBUG {org.apache.synapse.transport.http.wire} - HTTPS-Sender I/O dispatcher-2 << "Connection: Keep-Alive[\r][\n]"
TID: [-1] [] [2020-04-17 11:48:37,273] DEBUG {org.apache.synapse.transport.http.wire} - HTTPS-Sender I/O dispatcher-2 << "User-Agent: Synapse-PT-HttpComponents-NIO[\r][\n]"
TID: [-1] [] [2020-04-17 11:48:37,336] DEBUG {org.apache.synapse.transport.http.wire} - HTTPS-Sender I/O dispatcher-2 << "[\r][\n]"
TID: [-1] [] [2020-04-17 11:48:37,642] DEBUG {org.apache.synapse.transport.http.wire} - HTTPS-Sender I/O dispatcher-2 >> "HTTP/1.1 400 [\r][\n]"
TID: [-1] [] [2020-04-17 11:48:37,706] DEBUG {org.apache.synapse.transport.http.wire} - HTTPS-Sender I/O dispatcher-2 >> "Date: Fri, 17 Apr 2020 09:48:37 GMT[\r][\n]"
TID: [-1] [] [2020-04-17 11:48:37,771] DEBUG {org.apache.synapse.transport.http.wire} - HTTPS-Sender I/O dispatcher-2 >> "Server: Apache[\r][\n]"
TID: [-1] [] [2020-04-17 11:48:37,835] DEBUG {org.apache.synapse.transport.http.wire} - HTTPS-Sender I/O dispatcher-2 >> "Strict-Transport-Security: max-age=31536000; includeSubDomains[\r][\n]"
TID: [-1] [] [2020-04-17 11:48:37,900] DEBUG {org.apache.synapse.transport.http.wire} - HTTPS-Sender I/O dispatcher-2 >> "cz-transactionId: 197173439577254[\r][\n]"
TID: [-1] [] [2020-04-17 11:48:37,966] DEBUG {org.apache.synapse.transport.http.wire} - HTTPS-Sender I/O dispatcher-2 >> "Content-Type: application/json;charset=utf-8[\r][\n]"
TID: [-1] [] [2020-04-17 11:48:38,031] DEBUG {org.apache.synapse.transport.http.wire} - HTTPS-Sender I/O dispatcher-2 >> "Content-Length: 140[\r][\n]"
TID: [-1] [] [2020-04-17 11:48:38,095] DEBUG {org.apache.synapse.transport.http.wire} - HTTPS-Sender I/O dispatcher-2 >> "Set-Cookie: 48f65e4d401373b3b03cb2a02b953e21=425c12b91ee874d67b6799357c467562; path=/; HttpOnly; Secure[\r][\n]"
TID: [-1] [] [2020-04-17 11:48:38,158] DEBUG {org.apache.synapse.transport.http.wire} - HTTPS-Sender I/O dispatcher-2 >> "Connection: close[\r][\n]"
TID: [-1] [] [2020-04-17 11:48:38,221] DEBUG {org.apache.synapse.transport.http.wire} - HTTPS-Sender I/O dispatcher-2 >> "[\r][\n]"
TID: [-1] [] [2020-04-17 11:48:38,286] DEBUG {org.apache.synapse.transport.http.wire} - HTTPS-Sender I/O dispatcher-2 >> "{"errorCode":"bad_request","errorText":"400 - {\"status\":\"INVALID\",\"errorCode\":\"unspecified_error\",\"errorText\":\"Mapping error\"}"}"
I have tried to reach the same service with Postman, after I imported the client certificate in postman , the service was responding without errors.
So it looks like the isssue is not with the certificate itself, as the SSL connection was established with the backend server, but what could have gone wrong? (When the OAuth2.0 token expires I get the following error "OAUTH2 failed to TOKEN_INFO with response: {\\"active\\":false}", which is the same as what I get with Postman.)
Here is the swagger spec from WSO2 APIM:
paths:
/accounts:
get:
parameters:
-
name: "withBalance"
in: "query"
required: false
style: "form"
explode: true
schema:
type: "string"
-
name: "web-api-key"
in: "query"
required: true
style: "form"
explode: true
schema:
type: "string"
-
name: "access_token"
in: "query"
required: true
style: "form"
explode: true
schema:
type: "string"
responses:
200:
description: "ok"
security:
-
default: []
x-auth-type: "None"
x-throttling-tier: "Unlimited"
components:
securitySchemes:
default:
type: "oauth2"
flows:
implicit:
authorizationUrl: "https://test.com"
scopes: {}
x-wso2-auth-header: "Authorization"
x-throttling-tier: "Unlimited"
x-wso2-cors:
corsConfigurationEnabled: false
accessControlAllowOrigins:
- "*"
accessControlAllowCredentials: false
accessControlAllowHeaders:
- "authorization"
- "Access-Control-Allow-Origin"
- "Content-Type"
- "SOAPAction"
accessControlAllowMethods:
- "GET"
- "PUT"
- "POST"
- "DELETE"
- "PATCH"
- "OPTIONS"
x-wso2-sandbox-endpoints:
urls:
- "https://webapi.developers.erstegroup.com/api/slsp/sandbox/v1/psd2-ais/v1"
type: "http"
x-wso2-basePath: "/slsp_ais/1.0"
x-wso2-transports:
- "http"
I tried to pass the 2 mandatory parameters in HTTP headers as well, but I get the same results:
curl -X GET "http://localhost:8280/slsp_ais/1.0/accounts" -H "accept: application/json" -H "web-api-key: b5830b00-772f-4e94-8a4a-be370d4e5481" -H "Authorization: Bearer ewogICJ0eXBlIjogInRva2VuIiwKICAibmFtZSI6ICJTTFNQIGNsaWVudDEiLAogICJzZXNzaW9uVVVJRCI6ICIyMzI1YzFkMS01ZTMwLTQ2NGQtOGM0Ni1kYzc5Y2E2NTkzMDAiLAogICJzY29wZXMiOiBbXSwKICAiY29uc2VudCI6IFsKICAgIHsKICAgICAgImlkIjogIjExMTExIiwKICAgICAgImNvbnRlbnQiOiAibm9uZSIKICAgIH0KICBdLAogICJsaW1pdHMiOiB7CiAgICAiYWNjZXNzU2Vjb25kcyI6IDM2MDAsCiAgICAicmVmcmVzaFNlY29uZHMiOiA3Nzc2MDAwCiAgfSwKICAiYWNjZXNzVHlwZSI6ICJudWxsIiwKICAiZXhwaXJhdGlvbiI6ICIyMDIwLTA0LTE3VDA5OjUxOjI2LjQ1MVoiCn0=" -H "apikey: eyJ4NXQiOiJaalJtWVRNd05USmpPV1U1TW1Jek1qZ3pOREkzWTJJeU1tSXlZMkV6TWpkaFpqVmlNamMwWmc9PSIsImtpZCI6ImdhdGV3YXlfY2VydGlmaWNhdGVfYWxpYXMiLCJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJzdWIiOiJhZG1pbiIsImFwcGxpY2F0aW9uIjp7Im93bmVyIjoiYWRtaW4iLCJ0aWVyIjoiVW5saW1pdGVkIiwibmFtZSI6IlRlc3RfYXBwIiwiaWQiOjIsInV1aWQiOiIyNDUxZWMyNy02ZDllLTRjN2YtODcwYi0xOWIxZGNiMDI2MzQifSwidGllckluZm8iOnsiVW5saW1pdGVkIjp7InN0b3BPblF1b3RhUmVhY2giOnRydWUsInNwaWtlQXJyZXN0TGltaXQiOjAsInNwaWtlQXJyZXN0VW5pdCI6bnVsbH19LCJrZXl0eXBlIjoiU0FOREJPWCIsInN1YnNjcmliZWRBUElzIjpbeyJzdWJzY3JpYmVyVGVuYW50RG9tYWluIjoiY2FyYm9uLnN1cGVyIiwibmFtZSI6IkFQSU9CIiwiY29udGV4dCI6Ilwvb3Blbi1iYW5raW5nXC92My4xXC9haXNwXC92My4xLjUiLCJwdWJsaXNoZXIiOiJhZG1pbiIsInZlcnNpb24iOiJ2My4xLjUiLCJzdWJzY3JpcHRpb25UaWVyIjoiVW5saW1pdGVkIn0seyJzdWJzY3JpYmVyVGVuYW50RG9tYWluIjoiY2FyYm9uLnN1cGVyIiwibmFtZSI6Ik1vY2tUYXJnZXRBUEkiLCJjb250ZXh0IjoiXC9BcGlnZWVfTW9ja19UYXJnZXRcLzEuMC4wIiwicHVibGlzaGVyIjoiYWRtaW4iLCJ2ZXJzaW9uIjoiMS4wLjAiLCJzdWJzY3JpcHRpb25UaWVyIjoiVW5saW1pdGVkIn0seyJzdWJzY3JpYmVyVGVuYW50RG9tYWluIjoiY2FyYm9uLnN1cGVyIiwibmFtZSI6IlNMU1BfUFNEMl9BSVMiLCJjb250ZXh0IjoiXC9zbHNwX2Fpc1wvMS4wIiwicHVibGlzaGVyIjoiYWRtaW4iLCJ2ZXJzaW9uIjoiMS4wIiwic3Vic2NyaXB0aW9uVGllciI6IlVubGltaXRlZCJ9XSwiaWF0IjoxNTg3MTEzMTgzLCJqdGkiOiI0ZmFhYTQ4Ny0yODNjLTQ3ZjMtYTdlNi05OGQ1YmI2NjFmN2YifQ==.QJ8-ODdRueTtDKDfWYVFeI3I6YJGfCtRGIg64nGdewQP9jW8KzyFLmkt14i7OGXkKpA4e2Yowa9lidxN0qrdRmUjJLKpZmBOn6TjN5auE8TcvxyeSlOigK0N-J-eLB6DuHnqg6Rf918d2oJS2bJBmqbzqs0BPMuEj5Y9ImS7F1CdMcRaDTOYt6G-GxmwpScU4dlxOrxZGu8uD5Nnz2SHikXSqGcrF-KLmNUFJuFKTitEMEaHz8N9M-MYsTDlOnvu0BeEFiW60NRCPumzCOzs5wL7dMTcCXOGd40-OKcUkS2KpH-YEh7cl0ALz9wi0vgFRqN0V2CAndbCUwppmkzo9w=="
{"errorCode":"bad_request","errorText":"400 - {\"status\":\"INVALID\",\"errorCode\":\"unspecified_error\",\"errorText\":\"Mapping error\"}"}
I also intercepted the working Postman request via Burp:
GET /api/slsp/sandbox/v1/psd2-ais/v1/accounts?web-api-key=b5830b00-772f-4e94-8a4a-be370d4e5481&access_token=ewogICJ0eXBlIjogInRva2VuIiwKICAibmFtZSI6ICJTTFNQIGNsaWVudDEiLAogICJzZXNzaW9uVVVJRCI6ICIyMzI1YzFkMS01ZTMwLTQ2NGQtOGM0Ni1kYzc5Y2E2NTkzMDAiLAogICJzY29wZXMiOiBbXSwKICAiY29uc2VudCI6IFsKICAgIHsKICAgICAgImlkIjogIjExMTExIiwKICAgICAgImNvbnRlbnQiOiAibm9uZSIKICAgIH0KICBdLAogICJsaW1pdHMiOiB7CiAgICAiYWNjZXNzU2Vjb25kcyI6IDM2MDAsCiAgICAicmVmcmVzaFNlY29uZHMiOiA3Nzc2MDAwCiAgfSwKICAiYWNjZXNzVHlwZSI6ICJudWxsIiwKICAiZXhwaXJhdGlvbiI6ICIyMDIwLTA0LTE3VDA5OjUxOjI2LjQ1MVoiCn0= HTTP/1.1
User-Agent: PostmanRuntime/7.24.1
Accept: */*
Cache-Control: no-cache
Postman-Token: b925ae09-0b5b-440f-a1e9-98bc5f79b043
Host: webapi.developers.erstegroup.com:443
Accept-Encoding: gzip, deflate
Connection: close
Here is the whole thing via Postman console:
GET /api/slsp/sandbox/v1/psd2-ais/v1/accounts?web-api-key=b5830b00-772f-4e94-8a4a-be370d4e5481&access_token=ewogICJ0eXBlIjogInRva2VuIiwKICAibmFtZSI6ICJTTFNQIGNsaWVudDEiLAogICJzZXNzaW9uVVVJRCI6ICI4MWJlZDMwMS1lMGFkLTQwMzAtODMxMC0wNThmZDViYWIyMDkiLAogICJzY29wZXMiOiBbXSwKICAiY29uc2VudCI6IFsKICAgIHsKICAgICAgImlkIjogIjExMTExIiwKICAgICAgImNvbnRlbnQiOiAibm9uZSIKICAgIH0KICBdLAogICJsaW1pdHMiOiB7CiAgICAiYWNjZXNzU2Vjb25kcyI6IDM2MDAsCiAgICAicmVmcmVzaFNlY29uZHMiOiA3Nzc2MDAwCiAgfSwKICAiYWNjZXNzVHlwZSI6ICJudWxsIiwKICAiZXhwaXJhdGlvbiI6ICIyMDIwLTA0LTE3VDExOjU0OjQ5LjA4OFoiCn0%3D HTTP/1.1
User-Agent: PostmanRuntime/7.24.1
Accept: */*
Cache-Control: no-cache
Postman-Token: fc30b165-7571-4efe-96fe-e23b1cf1c20e
Host: webapi.developers.erstegroup.com:443
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
HTTP/1.1 200 OK
Date: Fri, 17 Apr 2020 10:55:37 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000; includeSubDomains
accept: */*
Access-Control-Allow-Origin: *
correlation-id: 6b27116c-15e6-4410-8ff7-87afd9bbd92b
forwarded: for=10.198.136.200;host=webapi.prod.eapihub.microp.cs.eb.lan.at;proto=https;proto-version=
ip-address: 178.41.84.88
origin-transaction-id: 185078296373260
postman-token: fc30b165-7571-4efe-96fe-e23b1cf1c20e
TPP-QWAC-Body: MIIFSTCCAzGgAwIBAgIEAQIDBDANBgkqhkiG9w0BAQsFADCBgDELMAkGA1UEBhMCQ1oxDjAMBgNVBAcTBUN6ZWNoMRMwEQYDVQQKEwpFcnN0ZUdyb3VwMRUwEwYDVQQLEwxFcnN0ZUh1YlRlYW0xETAPBgNVBAMTCEVyc3RlSHViMSIwIAYJKoZIhvcNAQkBFhNpbmZvQGVyc3RlZ3JvdXAuY29tMB4XDTE5MDkxNzA4NTA1MFoXDTIyMTIxNzA4NTA1MFowUjEaMBgGA1UEYRMRUFNEQ1otQ05CLTEyMzQ1NjcxCzAJBgNVBAYTAkNaMRYwFAYDVQQDEw1UUFAgVGVzdCBRV0FDMQ8wDQYDVQQKEwZNeSBUUFAwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDJZunh6Nj5aBtbhJJ9eaSDjDiiERBOZfVrmEwz9Ea5ldLAf8NUy+t71etzGeHtCKyTuSlhj1Clhla+iG/r1uz25H3T6wUQbmw1+pFsaSovkamQaKy+2GJSPCx66li6z2JBv0I66DtoGl6QXcy5JO2sBjZaO4m11bcFFVkvo9lh2QCC2x68w8bHeBuPUMnU6rupVQfgPPWMH+WqqaPgxoQr5KmQ03ItY2/TBqoX6xTTbL6+B8OMbX41Lxah+g+5XPOlDoC64HiBO2T+FL62W+51ehUCORuuUt6/AYzXcCHSu1FXsk25KeObe9Na2AfobGNL83I68Bl0K2WtjbEtHs1FAgMBAAGjgfcwgfQwCwYDVR0PBAQDAgHGMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjCBrwYIKwYBBQUHAQMEgaIwgZ8wCAYGBACORgEBMAsGBgQAjkYBAwIBFDAIBgYEAI5GAQQwEwYGBACORgEGMAkGBwQAjkYBBgMwZwYGBACBmCcCMF0wTDARBgcEAIGYJwEBDAZQU1BfQVMwEQYHBACBmCcBAgwGUFNQX1BJMBEGBwQAgZgnAQMMBlBTUF9BSTARBgcEAIGYJwEEDAZQU1BfSUMMBUVyc3RlDAZBVC1FUlMwFAYDVR0RBA0wC4IJbXl0cHAuY29tMA0GCSqGSIb3DQEBCwUAA4ICAQCRs+caFpc9s1v1bK1kTQI0aA7lbyuzcd+zMkDOVvyN1h6d6BCv41XksB25tgzn8WeUl+2p08rxQJzobjm+e210fgqDC8KVjbnzzbsut11aFjIZN8qgs5ZBQrujABXGCSOyo4R+AxTpSBmM++gdrR+Kp4H+BV3bpFjtGfrzyN2pfPXj5M6t/CAMk6mAmHzZT7MXSRMltM+xbEkMniUW856lLo1YxPBF8zEIg8bicTyV2fJkDCGxnaJpJ2+vSt9s8WDB4qw5/hRKDcpT/TyZ6136SldlsbsMNYAC0Vd//2CSeT5yPG3970skf797zTtLNWtWjZUZtXaHHCfJDkVCMjFSEw/+LKDhmorQmv+4ZYgKVUDMCcjjaAOPF1Gwq2U57Jg96E3gBY0h/jMhzQPCDQfR7jBvYRYtpaykNBNXsITCvrXYn88FKEJK9qqLmAifFB/QF+EkXN2PUgl+VXC4ly2eHj6JTI7Xy0MbiF/m861mRQ1i6YOsB+GG3X1gPCMxbyXMYwDB9/22JftRjo2d9h/sNjpXdowJokFNLXAzq4shmasUvaIE+BpGScVuO0/3gnMW06MbSB2kSR1+m7r4pFs/ND8/WcckteSrKXD94b8feClzA5H83t+uI0EOXzO7qpbZOkAHPfioA1F4P4JewDJ9HpKu96VO5uZUN6M0DK4dnQ==
transaction-id: 185078296373260
web-api-correlation-id: 6b27116c-15e6-4410-8ff7-87afd9bbd92b
web-api-transaction-id: 185078296373260
x-forwarded-for: 178.41.84.88, 178.41.84.88
x-forwarded-host: webapi.prod.eapihub.microp.cs.eb.lan.at
x-forwarded-port: 443
x-forwarded-proto: https
x-forwarded-server: webapi.developers.erstegroup.com
X-Traits: TPP_ONLY;PSD2_QWAC;DELEGATE_QSEAL_VALIDATION
x-webapi-client-ip: 178.41.84.88
x-webapi-message-id: 185078296373260
Content-Type: application/json;charset=utf-8
Vary: Accept-Encoding
Content-Encoding: br
Content-Length: 276
Keep-Alive: timeout=60, max=99
Connection: Keep-Alive
{"accounts":[{"resourceId":"CCA4F9863D686D04","iban":"SK5409000000005037706253","currency":"EUR","name":"Mag. A. M. Tester","cashAccountType":"CACC","status":"enabled","bic":"GIBASKBX","_links":{"detail":{"href":"/v1/accounts/CCA4F9863D686D04"},"balances":{"href":"/v1/accounts/CCA4F9863D686D04/balances"},"transactions":{"href":"/v1/psd2-ais/v1/transactions"}}},{"resourceId":"AF500F1000071A0A0","iban":"SK0209000000005037645497","currency":"USD","name":"Adam Tester","cashAccountType":"CACC","status":"enabled","bic":"GIBASKBX","_links":{"balances":{"href":"/v1/accounts/AF500F1000071A0A0/balances"},"transactions":{"href":"/v1/accounts/AF500F1000071A0A0/transactions"}}}]}
I would appreciate any feedback. Thank you for your help.

In the keystore in WSO2-AM side you need to import the private key, not just the certifiate
Refer to the sample at https://apim.docs.wso2.com/en/3.1.0/administer/product-security/mutual-ssl-between-api-gateway-and-backend/
<!-- For Mutual SSL Handshake configure both trust store and key store-->
<profile>
<servers>10.100.5.130:9444</servers>
<TrustStore>
<Location>repository/resources/security/client-truststore.jks
</Location>
<Type>JKS</Type>
<Password>wso2carbon</Password>
</TrustStore>
<KeyStore>
<Location>repository/resources/security/wso2carbon.jks</Location>
<Type>JKS</Type>
<Password>xxxxxx</Password>
<KeyPassword>xxxxxx</KeyPassword>
</KeyStore>
</profile>
</parameter>
In the keystore file repository/resources/security/wso2carbon.jks you need to have private key of your client certificate.

I have a requirement to call rest service, which accept "Content-Type: application/json" in header but when I try to call it from ESB. WSO2 adds "charset=utf-8" automatically. I am not sure how to remove it.
I have also used ContentType property but no luck.
<property name="HTTP_METHOD" scope="axis2" type="STRING" value="PUT"/>
<property name="ContentType" scope="axis2" type="STRING" value="application/json"/>
<header expression="fn:concat('Basic ', get-property('ENCODED_URL'))" name="Authorization" scope="transport" xmlns:ns="http://org.apache.synapse/xsd"/>
<payloadFactory media-type="json">
<format>{
"name": "XXX_Token",
"type": "XXXX-cf04186e2156_sessionID",
"version": "1.0.1",
"Attribute-N": $1
}
</format>
<args>
<arg expression="$ctx:XXXTokenValue" literal="false" />
</args>
</payloadFactory>
<property name="REST_URL_POSTFIX" scope="axis2" value=""/>
<call>
<endpoint>
<address trace="disable" uri="https://XXXXX:9493/governance/restservices/52b1caba-b507-4f6a-95bc-2ea7b2418e67"/>
</endpoint>
</call>
Logs:
- End : Call mediator - Non Blocking Call
TID: [-1] [ESB] [2017-09-21 14:30:37,785] DEBUG {org.apache.synapse.transport.http.wire} - << "PUT /governance/restservices/5XXXXX2ea7b2418e67 HTTP/1.1[\r][\n]"
TID: [-1] [ESB] [2017-09-21 14:30:37,785] DEBUG {org.apache.synapse.transport.http.wire} - << "X-AspNet-Version: 4.0.30319[\r][\n]"
TID: [-1] [ESB] [2017-09-21 14:30:37,785] DEBUG {org.apache.synapse.transport.http.wire} - << "Authorization: Basic YWRtaW46YWRtaW4=[\r][\n]"
TID: [-1] [ESB] [2017-09-21 14:30:37,785] DEBUG {org.apache.synapse.transport.http.wire} - << "Content-Type: application/json; charset=utf-8[\r][\n]"
TID: [-1] [ESB] [2017-09-21 14:30:37,785] DEBUG {org.apache.synapse.transport.http.wire} - << "X-Powered-By: ASP.NET[\r][\n]"
TID: [-1] [ESB] [2017-09-21 14:30:37,785] DEBUG {org.apache.synapse.transport.http.wire} - << "Cache-Control: private, max-age=0[\r][\n]"
TID: [-1] [ESB] [2017-09-21 14:30:37,785] DEBUG {org.apache.synapse.transport.http.wire} - << "Transfer-Encoding: chunked[\r][\n]"
TID: [-1] [ESB] [2017-09-21 14:30:37,785] DEBUG {org.apache.synapse.transport.http.wire} - << "Host: XXXXXXz:9493[\r][\n]"
TID: [-1] [ESB] [2017-09-21 14:30:37,785] DEBUG {org.apache.synapse.transport.http.wire} - << "Connection: K

This was a bug in ESB 4.9.0 [1]. This might have fixed in later versions.
Please check whether below property is available in "/repository/conf/passthru-http.properties"
http.headers.preserve=Content-Type
(Note that you can add multiple header values as comma separated list)
Btw use the property "messageType" to set the Content type. Please refer the document on messageType and ContentType from [2]
[1] https://wso2.org/jira/browse/ESBJAVA-4620
[2] https://docs.wso2.com/display/ESB500/Generic+Properties#GenericProperties-messageType

I don't know why my EndPoint was marked like SUSPENDED and my application does not receive return from Service.
This was shown on log:
TID: [0] [ESB] [2014-09-01 11:00:32,269] INFO {org.apache.synapse.mediators.builtin.LogMediator} - To: /services/MonitoramentoServico.MonitoramentoServicoHttpSoap11Endpoint, WSAction: urn:BuscarCaminhoTask, SOAPAction: urn:BuscarCaminhoTask, MessageID: urn:uuid:78e22483-c74e-4673-8286-8a18294135b3, Direction: request {org.apache.synapse.mediators.builtin.LogMediator}
TID: [0] [ESB] [2014-09-01 11:00:33,259] WARN {org.apache.synapse.transport.passthru.TargetHandler} - http-outgoing-15546: Connection time out while in state: REQUEST_DONE {org.apache.synapse.transport.passthru.TargetHandler}
TID: [0] [ESB] [2014-09-01 11:00:33,260] WARN {org.apache.synapse.endpoints.EndpointContext} - Endpoint : MonitoramentoEndPoint will be marked SUSPENDED as it failed {org.apache.synapse.endpoints.EndpointContext}
TID: [0] [ESB] [2014-09-01 11:00:33,260] WARN {org.apache.synapse.endpoints.EndpointContext} - Suspending endpoint : MonitoramentoEndPoint - last suspend duration was : 30000ms and current suspend duration is : 30000ms - Next retry after : Mon Sep 01 11:01:03 BRT 2014 {org.apache.synapse.endpoints.EndpointContext}
TID: [0] [ESB] [2014-09-01 11:01:01,196] INFO {org.apache.synapse.mediators.builtin.LogMediator} - To: /services/MonitoramentoServico.MonitoramentoServicoHttpSoap11Endpoint, WSAction: urn:BuscaServicosMonitorar, SOAPAction: urn:BuscaServicosMonitorar, MessageID: urn:uuid:e5ce0a3c-e5d1-4364-a7aa-897363392c4d, Direction: request {org.apache.synapse.mediators.builtin.LogMediator}
TID: [0] [ESB] [2014-09-01 11:01:01,203] INFO {org.apache.synapse.mediators.builtin.LogMediator} - To: /services/MonitoramentoServico.MonitoramentoServicoHttpSoap11Endpoint, WSAction: urn:BuscaHardwaresMonitorar, SOAPAction: urn:BuscaHardwaresMonitorar, MessageID: urn:uuid:e74ab088-1eb0-47cc-8447-7b9e016edcec, Direction: request {org.apache.synapse.mediators.builtin.LogMediator}
TID: [0] [ESB] [2014-09-01 11:01:01,208] INFO {org.apache.synapse.mediators.builtin.LogMediator} - To: /services/MonitoramentoServico.MonitoramentoServicoHttpSoap11Endpoint, WSAction: urn:BuscarCaminhoTask, SOAPAction: urn:BuscarCaminhoTask, MessageID: urn:uuid:18dad64b-292e-4c79-908e-6d9b638e1d8a, Direction: request {org.apache.synapse.mediators.builtin.LogMediator}
TID: [0] [ESB] [2014-09-01 11:01:01,291] WARN {org.apache.synapse.transport.passthru.TargetHandler} - http-outgoing-15544: Connection time out while in state: REQUEST_DONE {org.apache.synapse.transport.passthru.TargetHandler}
TID: [0] [ESB] [2014-09-01 11:01:01,292] WARN {org.apache.synapse.endpoints.EndpointContext} - Endpoint : MonitoramentoEndPoint will be marked SUSPENDED as it failed {org.apache.synapse.endpoints.EndpointContext}
TID: [0] [ESB] [2014-09-01 11:01:01,292] WARN {org.apache.synapse.endpoints.EndpointContext} - Suspending endpoint : MonitoramentoEndPoint - last suspend duration was : 30000ms and current suspend duration is : 30000ms - Next retry after : Mon Sep 01 11:01:31 BRT 2014 {org.apache.synapse.endpoints.EndpointContext}
TID: [0] [ESB] [2014-09-01 11:01:02,210] WARN {org.apache.synapse.transport.passthru.SourceHandler} - Connection time out after request is read: http-incoming-388 {org.apache.synapse.transport.passthru.SourceHandler}
The EndPoint come back automatically after some seconds, but how can I know whats wrong?
This is the error after receive my request:
TID: [0] [ESB] [2014-09-01 15:27:42,746] DEBUG {org.apache.synapse.transport.http.wire} - << "POST /services/MonitoramentoDS HTTP/1.1[\r][\n]" {org.apache.synapse.transport.http.wire}
TID: [0] [ESB] [2014-09-01 15:27:42,746] DEBUG {org.apache.synapse.transport.http.wire} - << "Expect: 100-continue[\r][\n]" {org.apache.synapse.transport.http.wire}
TID: [0] [ESB] [2014-09-01 15:27:42,746] DEBUG {org.apache.synapse.transport.http.wire} - << "Content-Type: text/xml; charset=utf-8[\r][\n]" {org.apache.synapse.transport.http.wire}
TID: [0] [ESB] [2014-09-01 15:27:42,746] DEBUG {org.apache.synapse.transport.http.wire} - << "SOAPAction: "urn:UpdateServidor"[\r][\n]" {org.apache.synapse.transport.http.wire}
TID: [0] [ESB] [2014-09-01 15:27:42,746] DEBUG {org.apache.synapse.transport.http.wire} - << "Transfer-Encoding: chunked[\r][\n]" {org.apache.synapse.transport.http.wire}
TID: [0] [ESB] [2014-09-01 15:27:42,746] DEBUG {org.apache.synapse.transport.http.wire} - << "Host: localhost:9763[\r][\n]" {org.apache.synapse.transport.http.wire}
TID: [0] [ESB] [2014-09-01 15:27:42,746] DEBUG {org.apache.synapse.transport.http.wire} - << "Connection: Keep-Alive[\r][\n]" {org.apache.synapse.transport.http.wire}
TID: [0] [ESB] [2014-09-01 15:27:42,746] DEBUG {org.apache.synapse.transport.http.wire} - << "User-Agent: Synapse-PT-HttpComponents-NIO[\r][\n]" {org.apache.synapse.transport.http.wire}
TID: [0] [ESB] [2014-09-01 15:27:42,746] DEBUG {org.apache.synapse.transport.http.wire} - << "[\r][\n]" {org.apache.synapse.transport.http.wire}
TID: [0] [ESB] [2014-09-01 15:27:42,746] DEBUG {org.apache.synapse.transport.http.wire} - >> "HTTP/1.1 100 Continue[\r][\n]" {org.apache.synapse.transport.http.wire}
TID: [0] [ESB] [2014-09-01 15:27:42,747] DEBUG {org.apache.synapse.transport.http.wire} - >> "[\r][\n]" {org.apache.synapse.transport.http.wire}
TID: [0] [ESB] [2014-09-01 15:27:42,750] DEBUG {org.apache.synapse.transport.http.wire} - << "19a[\r][\n]" {org.apache.synapse.transport.http.wire}
TID: [0] [ESB] [2014-09-01 15:27:42,750] DEBUG {org.apache.synapse.transport.http.wire} - << "<?xml version='1.0' encoding='utf-8'?><soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"><soap:Body><UpdateServidor xmlns="http://ws.wso2.org/dataservice"><situacao>0</situacao><id>2</id><sithard>1</sithard><sitserv>1</sitserv><sittask>0</sittask></UpdateServidor></soap:Body></soap:Envelope>[\r][\n]" {org.apache.synapse.transport.http.wire}
TID: [0] [ESB] [2014-09-01 15:27:42,750] DEBUG {org.apache.synapse.transport.http.wire} - << "0[\r][\n]" {org.apache.synapse.transport.http.wire}
TID: [0] [ESB] [2014-09-01 15:27:42,750] DEBUG {org.apache.synapse.transport.http.wire} - << "[\r][\n]" {org.apache.synapse.transport.http.wire}
TID: [0] [ESB] [2014-09-01 15:27:42,750] DEBUG {org.apache.synapse.transport.http.wire} - >> "HTTP/1.1 202 Accepted[\r][\n]" {org.apache.synapse.transport.http.wire}
TID: [0] [ESB] [2014-09-01 15:27:42,750] DEBUG {org.apache.synapse.transport.http.wire} - >> "Content-Type: text/xml;charset=utf-8[\r][\n]" {org.apache.synapse.transport.http.wire}
TID: [0] [ESB] [2014-09-01 15:27:42,750] DEBUG {org.apache.synapse.transport.http.wire} - >> "Transfer-Encoding: chunked[\r][\n]" {org.apache.synapse.transport.http.wire}
TID: [0] [ESB] [2014-09-01 15:27:42,750] DEBUG {org.apache.synapse.transport.http.wire} - >> "Date: Mon, 01 Sep 2014 18:27:42 GMT[\r][\n]" {org.apache.synapse.transport.http.wire}
TID: [0] [ESB] [2014-09-01 15:27:42,750] DEBUG {org.apache.synapse.transport.http.wire} - >> "Server: WSO2 Carbon Server[\r][\n]" {org.apache.synapse.transport.http.wire}
TID: [0] [ESB] [2014-09-01 15:27:42,750] DEBUG {org.apache.synapse.transport.http.wire} - >> "[\r][\n]" {org.apache.synapse.transport.http.wire}
TID: [0] [ESB] [2014-09-01 15:27:42,750] DEBUG {org.apache.synapse.transport.http.wire} - >> "0[\r][\n]" {org.apache.synapse.transport.http.wire}
TID: [0] [ESB] [2014-09-01 15:27:42,750] DEBUG {org.apache.synapse.transport.http.wire} - >> "[\r][\n]" {org.apache.synapse.transport.http.wire}
TID: [0] [ESB] [2014-09-01 15:27:42,753] ERROR {org.apache.axis2.transport.base.threads.NativeWorkerPool} - Uncaught exception {org.apache.axis2.transport.base.threads.NativeWorkerPool}
java.lang.UnsupportedOperationException: An access occurred that is not valid.
at org.apache.axis2.description.InOnlyAxisOperation.getMessage(InOnlyAxisOperation.java:117)
at org.apache.synapse.core.axis2.SynapseCallbackReceiver.handleMessage(SynapseCallbackReceiver.java:283)
at org.apache.synapse.core.axis2.SynapseCallbackReceiver.receive(SynapseCallbackReceiver.java:166)
at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:180)
at org.apache.synapse.transport.passthru.ClientWorker.run(ClientWorker.java:222)
at org.apache.axis2.transport.base.threads.NativeWorkerPool$1.run(NativeWorkerPool.java:172)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1146)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at java.lang.Thread.run(Thread.java:701)

Endpoint is getting suspended, when ESB could not send out message through that particular endpoint. You can find endpoint suspension parameters in your endpoint configuration.
Here if you see http-outgoing-15544: Connection time out while in state: REQUEST_DONE occurs because, connection between ESB and the backend server times out. Default socket
timeout is 60 seconds. You can increase it to 120 seconds and check. To do that edit the
passthru-http.properties file as;
http.socket.timeout=120000
And enable ESB wirelogs so you can find more info.
# log4j properties file, add following line and restart the server.
log4j.logger.org.apache.synapse.transport.http.wire=DEBUG