Disabling WSO2 Certificate Validation - wso2

I'm new to WSO2.
I'm using the ESB Console, and I'm trying to add a WSDL-Based Proxy
After entering the WSDL URL if I then try to Test URI, I receive the following error:
Invalid WSDL URI (Unable to establish a connection)
I'm not certain was the issue is, but I'm guessing that there is a problem with the issuer of the certificate. I would like to disable certificate validation to test that theory. So far, the only setting I can find is the following in the wso2esb-4.8.1/repository/conf/axis2/axis2.xml file:
<transportSender name="https class="org.apache.synapse.transport.passthru.PassThroughHttpSSLSender">
...
<parameter name="HostnameVerifier">AllowAll</parameter>
</transportSender>
However, this setting doesn't help. (And it really shouldn't help since the actual host name matches the certificate CN)
Any ideas on what I can look for to fix this?
Thanks!

Can you see the WSDL using your internet Browser (with the same URI) ?
Don't you have a corporate proxy ?
In this case, configure it in WSO2 adding thoses properties in your transportSender conf :
<parameter name="http.proxyHost" locked="false">localhost</parameter>
<parameter name="http.proxyPort" locked="false">8080</parameter>
(update hostname and port...)
Have a look at wso2carbon.log
If you can access this URI and wonder if AllowAll works, you can try to configure WSO2 to trust this certificate :
download it from your internet browser and
install it in ESB_HOME/repository/resources/security/client-truststore.jks with keytool

Related

WSO2 EI: WSDL Not opening in the management console

WSDL 1.1 & WSDL 2.0 are not opening in the management console when I open the WSDL in the management console it shows This site can’t be reached error I don't know why this happening. So please help me to sort this out.
Note: No error throws in both carbon and wire logs
Thanks!
you have misconfiguration problem i think. becouse you have wso2 in AWS and this ip-10-50-11-169... is not a hostname or your ip adress.
Can you check your /etc/hosts on server? maybe you must change fqdn in aws account
or you can check wso2 hostname/ip adress configuration in axis2.xml <parameter name="WSDLEPRPrefix"..
You need to add the following property to your axis2.xml to pick the correct FQDN/Hostname when generating WSDL URLs. So add the Hostname you are using to access the services here or if you are using the same hostname used for management console add the hostname with the correct service port.(8280 or 8343)
<parameter name="WSDLEPRPrefix" locked="false">http://ei.wso2.com:80</parameter>
Refer to instructions here.
Also, make sure the FQDN is resolvable and your security groups are allowing access to relevant ports.

Validation error with WSO2 ESB generated WSDL

I created a proxy service with WSO2 ESB 4.8.1 using a complex WSDL using a WSDL import and a lot of schema imports. I can import the original WSDL to SoapUI but not the one generated from the proxy service. WSDL validation gives error
ERROR - RPCMessageReceiver WSDLException (at
/wsdl:definitions/wsdl:message1/wsdl:part):
faultCode=UNBOUND_PREFIX: Unable to determine namespace of
'null:UpdateConsumerByDMS_v1'.
I found similar problem from https://wso2.org/jira/browse/CARBON-12030. How to solve the problem? Any help appreciated.
Best regards,
Teemu
I think I could get over this by using the original WSDL with proxy parameters
<parameter name="useOriginalwsdl">true</parameter>
<parameter name="modifyUserWSDLPortAddress">true</parameter>
WSO2 ESB alters the wsdl
Keep the original wsdl file in registry, lets say in conf/myresources folder and then use the below after target.
<publishWSDL key="conf:myresources/<wsdl_file>.wsdl"/>
<parameter name="useOriginalwsdl">true</parameter>
<parameter name="modifyUserWSDLPortAddress">true</parameter>
<parameter name="serviceType">proxy</parameter>
Thanks.
I've got the same problem. I solved it by doing two things:
1) Add all schema in the registry like: /_system/governance/services and add your wsdl there too.
2) In your proxy service, use pick from registry and add in Reference Key something like
gov:/services/xxx.wsdl
In the resources, under WSDL resource, add all your schema like
schema1.xsd gov:/services/schema1.xsd
It will probably works.

WSO2 SSO always redirects to localhost:9443/samlsso

I'm using WSO2 identity server (on port 9443) and enterprise service bus (ESB, on port 9444). I configured ESB to use IS SSO. But everytime I try to login into ESB it redirects me to IS and there it redirects me to URL localhost:9443/samlsso.
I already tried changing this URL in identities.xml and carbon.xml without access.
Where can I configure the redirection address?
In carbon.xml I specified the hostname as "HostName" and "MgtHostName". But IS still uses localhost.
Thanks!
WSO2 has a script located at:
<IOTS_HOME>/scripts
run
./change-ip.sh
Tip: The script will find and replace the IP address given in argument1 (localhost) with the IP address given as argument2 (10.10.10.14), in the necessary configuration files.
Check Docs to configure Hostname
SSO configuration should in /repository/conf/security/authenticators.xml as follows to change the hostname of redirection url of Identity Server,
<Authenticator name="SAML2SSOAuthenticator" disabled="false">
<Priority>1</Priority>
<Config>
<Parameter name="LoginPage">/carbon/admin/login.jsp</Parameter>
<Parameter name="ServiceProviderID">carbonServer</Parameter>
<Parameter name="IdentityProviderSSOServiceURL">https://<HostNameOfIdentitiyServer>:9443/samlsso</Parameter>
<Parameter name="NameIDPolicyFormat">urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</Parameter>
<Parameter name="AssertionConsumerServiceURL">https://<HostNameOfIdentitiyServer>:9443/acs</Parameter>
</Config>
Ok, I found a solution.
I did a search+replace over all XML documents inside the IS and ESB package and replaced all "localhost" by my hostname.
In the identity.xml there's a SSOService/IdentityProviderURL tag, that one seems important for SAML authentication.
carbon.xml file under /repository/conf folder.
Change <HostName>localhost</HostName> to your IP.
<HostName>x.x.x.x</HostName>
Add the URL of your VM in system32/drivers/etc/hosts and map it to localhost.
Change the hosts file and map localhost to Ip-address of your VM where WSO2 is running.

ColdFusion 10 CFC web service fails with javax.servlet.ServletException: https is forbidden

This question is similar to the link below, which is focused on Java:
Web service authentication using https giving error
However, this problem is specific to ColdFusion 10 and the answer from the question above just hinted at the solution in ColdFusion 10.
The problem:
You have a web service CFC and it works perfectly over http (port 80). When you attempt to run the same web service over https (port 443) the web service fails. The errors are not very helpful from IIS or ColdFusion. If you look through the exception logs, you'll find an error message like this:
javax.servlet.ServletException: https is forbidden
The cause of the problem is that the "transportReceiver" is set up to only work with http by default with ColdFusion 10.
For Windows:
Open the file {cfusionhome}\cfusion\wwwroot\WEB-INF\axis2.xml
Search for the following line:
<transportReceiver name="http"
class="coldfusion.xml.rpc.CFAxisServletListener"/>
Replace that line with:
<!-- <transportReceiver name="http"
class="coldfusion.xml.rpc.CFAxisServletListener"/> -->
<transportReceiver name="http" class="coldfusion.xml.rpc.CFAxisServletListener">
<parameter name="port">80</parameter>
</transportReceiver>
<transportReceiver name="https" class="coldfusion.xml.rpc.CFAxisServletListener">
<parameter name="port">443</parameter>
</transportReceiver>
Then restart the "ColdFusion 10 Application Server" service.

Invoking DataService from wso2 ESB with secure port

I just want to invoke a secure DataService endpoint from wso2 ESB and I couldn't find the right and straight forward solution.
I have seen this and this but no success!
I define my endpoint in ESB as folows:
WSDL Endpoint:
WSDL URI: http://[myIP]:7763/services/PostPaidProviders?wsdl
Service: PostPaidProviders
Port: SecureSOAP11Endpoint
FYI, if I change my Port to 'SOAP11Endpoint' my proxy service on ESB works properly.
Thanks
I've imported my WSO2-DSS's certificate to my ESB keystore from configuration->KeyStores but it still does not work. It seems that it can not validate the host name!
The error was this: "error: Host name verification failed for [MyHostName]"
I added following parameter to the <transportSender name="https part of /repository/conf/axis2/axis2.xml file, restarted the server and it worked :)
<parameter name="HostnameVerifier">AllowAll</parameter>