I've gotten WSO2 working on the server. I can login through the management console and EMM, publisher, and store are all working. I can create a new user through the EMM dashboard, and the email is sent correctly. So everything is fine while using the website.
I'm using the sample APK that comes with WSO2 to do some development, but every time I try to register the app pops up "Authentication Failed - Cannot proceed the authentication. Please contact an administrator." And there is no output in the console when this happens.
If I put in the incorrect credentials I get a separate error, "Authentication Failed - Incorrect login information. Please try again." So I know my credentials are correct.
What does this mean? Is there another place to find more detailed logs?
Have you tried debugging the Android-agent ? If so you might be able to provide more information regarding this issue by looking at agent debug logs.
BTW did you tried enrolling as the admin user?
Related
I've changed the wso2carbon.jks keystore to my own store and my CA signed cert is working fine via a remote browser for https. However when I try to change the admin password via the carbon management console UI and restart the API manager I get problems with:
AMQConnection Unable to connect to broker at tcp://10.16.0.5:5673
org.wso2.andes.AMQException: Error occurred while establishing a connection
I'm running 2.0.0 of API manager on Ubuntu 14.04
I don't have enough points to comment on a similar issue:
WSO2 API Manager - Error changing admin password
but happy to experiment and isolate this bug. I could try to change the admin password for all references in xml files under conf if needed.
Please advise on the best way to change the admin password for API manager. I'm happy to do a clean install and see if I can just change the admin password. Please advise if I should use the UI or change in repository/conf files.
Search all xml files with "admin" references. What I can recall is, api-manager.xml, user-mgt.xml, identity.xml, etc.. You may also check out the related wso2 doc.
I've just worked through this issue with WSO2 support. In my case it had to do with the content of the password. I used the same admin password for v2 as I did for v1.10 but apparently the different frameworks in v2 has a problem with special characters in the password. More specifically, a '#' character. The link below was provided as a reference. Upon changing the admin password, both in the console and in the user-mgt.xml file, and restarting the product, I am no longer experiencing the exception.
https://wso2.org/jira/browse/APIMANAGER-4991
When I try to log into the Store with the Admin account, it displays the following message:
No Privileges to login
You do not have permission to login to this application. Please contact your administrator and request permission.
I have checked and made sure the Admin account does indeed have the permissions it needs to log into the Store. I even created a new account and gave it all permissions, and it won't allow that account to log in either.
I even went as far as to dig into the database itself through MySQL, and best I can tell the proper permissions are there.
The last time this happened to me, I ended up unzipping a fresh copy of the EMM product and creating a brand new database for it because I couldn't figure out a solution. I tried unzipping a fresh copy of the EMM product, but running on the same database, it had no change in behavior. I have a database full of data I don't want to lose now, so I'd much rather find a fix than have to wipe it all out again!
WSo2 EMM 2.0.0
Windows Server 2012 R2
MySQL 5.5
EDIT: relevant logs:
TID: [-1234] [] [2016-03-25 05:21:19,862] WARN {org.wso2.carbon.core.services.util.CarbonAuthenticationUtil} - Failed Administrator login attempt 'admin[-1234]' at [2016-03-25 05:21:19,862-0500]
TID: [-1234] [] [2016-03-25 05:21:19,862] WARN {org.wso2.carbon.server.admin.module.handler.AuthenticationHandler} - Illegal access attempt at [2016-03-25 05:21:19,0862] from IP address 10.200.201.108 while trying to authenticate access to service RemoteAuthorizationManagerService
TID: [-1234] [] [2016-03-25 05:21:19,909] WARN {JAGGERY.controllers.acs:jag} - User admin#carbon.super does not have permission to access the store application. Make sure the user has the store role.
I figured it out!
The issue is specifically triggered by changing the password on the admin account to anything but "admin". Changing it back appears to rectify the issue.
Obviously this is a bug, as the admin account should be able to have its password changed and still be able to log into the Store. To be clear, there was never any issue logging into the Publisher; just the Store. Additionally, if the admin password was changed, no accounts could log into the Store at all, regardless of their permissions level.
I tested this with a fresh EMM pack, version 2.0.0 and 2.0.1, using the H2 and MySQL 5.5. In all cases the issue occurred.
A bug report has been filed on WSo2's JIRA board here.
Is there are any configuration changes in your side.I got EMM 2.0.0 fresh pack and configure mysql 5.5.I tried to login emm store but It is working properly.
This issue is raised in once we are trying change the password from the EMM console. But We can change the admin password from the /repository/conf/user-mgt.xml
<AdminUser>
<UserName>admin</UserName>
<Password>admin</Password>
</AdminUser>
and /repository/conf/app-manager.xml admin credintials.
Im trying to setup WSO2MDM on Nexus 07 tablet.
I have configured web based backend and its up and running.
I followed the guide lines in documentation to set up Client mobile app on the tablet. (Already set the configuration according to steps on documentation and compiled it.)
But When I try to register using tablet it gives me an error saying "Authentication failed due to a connection failure do you want to try again?";
Please advise me how to sort this out.
What's the authentication parameters you tried? In a fresh pack, you may not have configured tenants. So your basic login parameters can be "admin", "admin" as the user name and password. That's basically the super admin's credentials.
First check whether you can enroll the device to that user. Then try with the new user you have created. Always keep the Domain field empty if you do not have a tenant set up. And if you are trying this setup in your local machine, make sure your device and server are in the same network. Android WIFI tethering may help you in that case.
Use this guide[1] when you are enrolling.
[1] - http://wso2.com/library/articles/2014/03/how-wso2-emm-addresses-the-android-challenge/
Thanks
I have attached my Active Directory as a secondary user store and can see the list of users when i select "Users" however when accessing an APP through tomcat that is linked to SAML SSO i cannot login using an AD Account
can anyone suggest what i am missing?
the error in the system logs is
TID[-1234] [IS] [2014-02-13 13:49:02,321] DEBUG {org.wso2.carbon.identity.application.authenticator.basicauth.BasicAuthenticator} - user authentication failed due to invalid credentials.
however my login credentials are correct...
Because i was using email address as a login that was causing the issue!
the steps i took are as follows:
IS_HOME/repository/conf/carbon.xml file.
Open carbon.xml
Locate EnableEmailUserName element and uncomment it.
Finally, it should be similar to the following
true
Now, restart IS
You should be able to login using your user name
Could you check whether you can login to WSO2 management console using above credentials. If you can not, please go to Management Console -> Configure -> Users and Roles -> Roles and you can see the internal\everyone role. And configure "login" permission for everyone role. Then please try to login...
Also, if you enable the debug logs in org.wso2.carbon.user.core, you can see more debug logs about authentication failure.
I think your configuration is not ok.same login issue already solved here.cannot login to wso2 Identity server with the ldap credentials.
Make sure UserDNPattern property is correct
I have a situation where I need to setup a standalone version of wso2 Identity Server and have that act as the SSO provider into all of the products in Stratos.
Currently I have Stratos Identity Server configured so that I can login via the standalone Identity Server, using admin.
However, if I use another user I either
get a "Authorization Failure"
or cannot login.
First Question
1) I have the same user created in both Identity Server (that is not admin). Why would I get the "Authorization Failure" ?
Second Question
2) Why is it I can not even get to the "Authorization Failure" problem if I have a user created with username in format of user#domain.com ?
UPDATE:
I figured out that if I remove the property tags in user-mgt.xml that reference the usernames with regular expressions I am able to create usernames in the format of name#domain.com. But I am still unable to use that username to login, the error log says that the account has not been activated.
I also created two instances of wso2 identity server and configured them in such a way to test being able to use one to login to the other. I was able to do this by making sure that the same username and password was in both servers list of users. This way I do not get the "Authorization Failure"
The answers I came up with.
1. I need to have the same username and password in each Identity Server.
2. I cannot have format name#domain.com unless I have Multi-tenancy configured. Otherwise wso2 will try to find the ACTIVATE field in the Tenant table and not find it.
UPDATE: I got this installed and configured and it turned out that I now get another error about
Issuer details are not valid. Issuer details should be registered in advance
So my answer turned out not to to be valid.
I wonder why I get this new login failure?
UPDATE RESOLVED!!:
I resolved this problem by downloading just the wso2 stratos IS 1.5.2 package. I installed it. Configured with same configuration I was using before. Now I can login without problems across domains.