WSO2 API Manager oAuth2 secret_token validation service problems - wso2

We have installed WSO2 Api Manager without standalone Identity Server (identity is embedded
). When i try to check oAuth2 user access_token with OAuth2TokenValidationService with curl command:
curl --user apivalidatekey:apivalidatekey --header "Content-Type: text/xml" -k -d #soap.xml https://localhost:8243/services/OAuth2TokenValidationService/
where soap.xml is:
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:xsd="http://org.apache.axis2/xsd"
xmlns:xsd1="http://dto.oauth2.identity.carbon.wso2.org/xsd">
<soapenv:Header/>
<soapenv:Body>
<xsd:validate>
<!--Optional:-->
<xsd:validationReqDTO>
<!--Optional:-->
<xsd1:accessToken>691e72a68e2f0e0c07a4236c14c485</xsd1:accessToken>
<!--Optional:-->
<xsd1:tokenType>bearer</xsd1:tokenType>
</xsd:validationReqDTO>
</xsd:validate>
</soapenv:Body>
</soapenv:Envelope>
I`v got an error on API Manager host in wso2carbon.log:
TID: [0] [AM] [2014-02-05 14:19:03,945] ERROR {java.lang.Class} - System failure.null {java.lang.Class}
java.lang.NullPointerException
at org.wso2.carbon.server.admin.module.handler.AuthorizationHandler.doAuthorization(AuthorizationHandler.java:105)
at org.wso2.carbon.server.admin.module.handler.AuthorizationHandler.invoke(AuthorizationHandler.java:88)
at org.apache.axis2.engine.Phase.invokeHandler(Phase.java:340)
at org.apache.axis2.engine.Phase.invoke(Phase.java:313)
at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:261)
at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:167)
at org.apache.synapse.transport.passthru.ServerWorker.processEntityEnclosingRequest(ServerWorker.java:404)
at org.apache.synapse.transport.passthru.ServerWorker.run(ServerWorker.java:184)
at org.apache.axis2.transport.base.threads.NativeWorkerPool$1.run(NativeWorkerPool.java:172)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at java.lang.Thread.run(Thread.java:744)
What is the problem, does embedded IS supports such a web service, because i can get a wsdl for it:
wget --no-check-certificate https://localhost:9443/services/OAuth2TokenValidationService?wsdl

"OAuth2TokenValidationService" is an admin service that is secured. Therefore to invoke this service, you must send the privileged users credentials in Basic authentication header. But It seems to be that you are sending the api key and secret which is not valid. Could you please try to send default admin users credentials (which is "admin" "admin")in basic auth header and see.
curl --user admin:admin --header "Content-Type: text/xml" --header "SOAPAction: validate" -k -d #soap.xml https://localhost:9443/services/OAuth2TokenValidationService/

Related

Import a standard http request in postman?

I have a simple HTTP request :
POST /a/b/c HTTP/1.1
Host: localhost:17814
Content-Type: application/json
jwt: x.x.x
{
"requestId": "E1EC8B9E-A78E-443A-B2A9-8D6F7692B63C"
}
I don't have another format. It's a basic HTTP standard request structure.
I want to invoke it in Postman.
But it seems that when I try to "Import" it in postman it says :
Question:
Is there any way to import standard HTTP requests in postman? there must be. it's the standard syntax
The Import feature only supports certain formats.
Import a Postman Collection, Environment, data dump, curl command, or
a RAML / WADL / Open API (1.0/2.0/3.0) / GraphQL Schema / Runscope
file
I guess that would be something this in curl:
curl -X POST 'localhost:17814/a/b/c' \
-H 'jwt: x.x.x' \
-H 'Content-Type: application/json' \
-d '{
"requestId": "E1EC8B9E-A78E-443A-B2A9-8D6F7692B63C"
}'
You can import that format into the app and it should create the request.

Token Introspect API not working after changing the regex restriction for username in WSO2 IS 5.9.0?

I am using WSO2 Identity server and using email as username from following documentation-
https://is.docs.wso2.com/en/5.9.0/learn/using-email-address-as-the-username/
Then while performing a sign-up ie create users using SCIM2 APIs with email more than 30 characters i was getting the following error-
{
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:Error"
],
"scimType": "invalidValue",
"detail": "31301 - Username test1233.admin#motioneducation.com is not valid. User name must be a non null string with following format, ^[\\S]{3,30}$",
"status": "400"
}
Then to fix this i added this regex expression in deployment.toml file in user store-
[user_store]
username_java_script_regex = '^[a-zA-Z0-9.-]+#[a-zA-Z0-9.-]+\.[a-zA-Z]{2,4}$'
username_java_regex='^[a-zA-Z0-9.-]+#[a-zA-Z0-9.-]+\.[a-zA-Z]{2,4}'
This change fixed my sign-up problem but the token generated by performing login using wso2 /oauth2/token API is giving 401 unauthorized in /oauth2/introspect API?
Please Help........?
Since you have enabled email as username, then you need to use the email username in the authorization header also. A sample curl command is given below.
curl --location --request POST
'https://{host_name}:{port}/oauth2/introspect'
--header 'Content-Type: application/x-www-form-urlencoded'
--header 'Authorization: Basic {base64encode(emailusername:password)}'
--data-urlencode 'token={access_token}'
Sample request
curl --location --request POST
'https://localhost:9443/oauth2/introspect'
--header 'Content-Type: application/x-www-form-urlencoded'
--header 'Authorization: Basic YWRtaW5Ad3NvMi5jb206YWRtaW4='
--data-urlencode 'token=47f65812-c5fb-3f90-b5c0-3bbc3603578f'
401 unauthorized error comes only if you are sending invalid credentials. So please check whether you are sending valid emailusername and valid password in authorization header

GCP - Unable to authenticate myself to invoke Google Cloud function

I have a cloud function named rad_format_text_v0. I (andy#onehot.io) have permission to invoke it, shown here:
$ gcloud beta functions get-iam-policy rad_format_text_v0
bindings:
- members:
- allAuthenticatedUsers
- user:andy#onehot.io
role: roles/cloudfunctions.invoker
etag: BwWOSfjYxp0=
version: 1
I can invoke it using gcloud functions call...
$ gcloud auth list
Credentialed Accounts
ACTIVE ACCOUNT
* andy#onehot.io
$ gcloud functions call rad_format_text_v0 --data "$(< test.json)"
executionId: 2wm7nrgc0vjo
result: |
["REDACTED successful result"]
However, when I try another HTTP client like curl, it fails even though I'm passing an auth token...
$ curl -i -X POST "https://us-central1-onehot-autocoder.cloudfunctions.net/rad_format_text_v0" -H "Content-Type:application/json" -H "Authorization: bearer $(gcloud auth application-default print-access-token)" --data #test.json
HTTP/1.1 401 Unauthorized
WWW-Authenticate: Bearer error="invalid_token" error_description="The access token could not be verified"
Date: Mon, 22 Jul 2019 19:46:59 GMT
Content-Type: text/html; charset=UTF-8
Server: Google Frontend
Content-Length: 312
Alt-Svc: quic=":443"; ma=2592000; v="46,43,39"
<html><head>
<meta http-equiv="content-type" content="text/html;charset=utf-8">
<title>401 Unauthorized</title>
</head>
<body text=#000000 bgcolor=#ffffff>
<h1>Error: Unauthorized</h1>
<h2>Your client does not have permission to the requested URL <code>/rad_format_text_v0</code>.</h2>
<h2></h2>
</body></html>
I did exactly as explained in the documentation. I have no idea why my token is not working.
You are using the gcloud auth application-default print-access-token to get the token and the documentation you shared specify that you should use the gcloud auth print-identity-token command instead.
I tested it and I found that I was not able to use the print-identity-token for my user account. Instead I had to create a new service account and activate it. Then in the curl command, I specified the service account like in the example below:
curl -i https://[REGION]-[PROJECT_ID].cloudfunctions.net/[FUNCTION_NAME] -H "Authorization: bearer $(gcloud auth print-identity-token [SERVICE_ACCOUNT] )"
Apparently the Google Cloud SDK has an issue with the gcloud auth print-identity-token command on version 254, you could also try to downgrade it with the following command:
gcloud components update --version 249.0.0

WSO2 APIM Authentication

I have a requirement to authenticate a user who wants to access an API with his credentials (un/pwd) with basic authentication or digest auth
Also pass the required credentials(un/pwd) in the request to authenticate the access to backend service
My synapse extracted config looks like this:
<filter source="$ctx:AM_KEY_TYPE" regex="PRODUCTION">
<then>
<property name="api.ut.backendRequestTime"
expression="get-property('SYSTEM_TIME')"/>
<property name="password"
expression="wso2:vault-lookup('PayAdmin-- ZenoAPI51.0')"/>
<property name="unpw"
expression="fn:concat('user',':',get-property('password'))"/>
<property name="Authorization"
expression="fn:concat('Basic ', base64Encode(get-property('unpw')))"
scope="transport"/>
<send>
<endpoint name="PayAdmin--ZenoAPI5_APIproductionEndpoint_0">
<http uri-template="http://localhost:8080/payment/{uri.var.name}"/>
</endpoint>
</send>
</then>
What i want to know is:
curl -X POST --header "Content-Type: application/json" --header "Accept: application/json" --header "Authorization: Bearer 2e13c9b3c8717f43d093cfc7c63994bb" -d "{}" http://<IP address of APIM Server>:8280/Zeno1/1.0.0/payment/name
This curl can only take bearer token but how to pass user/pwd for API and user/pwd for backend in the curl
Regarding your second question:
For Basic Authentication towards the backend you can configure a general Password in the Publisher in step Implement -> Show More Options -> Endpoint Security Scheme: set to Secured and provide Credentials
(see: https://docs.wso2.com/display/AM1100/Basic+Auth)
If user specific credentials have to be provided the user should set the "Authentication: Basic base64(username:password)" in the HTTP header, the header will get passed to the backend.
curl -X POST --header "Content-Type: application/json" --header "Accept: application/json" --header "Authorization: **Basic** **[base64encode(username:password)]**" -d "{}" http://<IP address of APIM Server>:8280/Zeno1/1.0.0/payment/name
[base64encode(username:password)] replace this with base64 encode string of
"username:password"

ERROR in ESB 4.5.0: User name not provided for the Entitlement mediator

I´m working with a backend service in AS 5.0.1, that it´s exposed to the outside using ESB 4.5.0 with a UT security policy. this proxy service use an entitlement mediator to validated the user authorization to access to this service, so I use the IS 4.0.0.
This scenario work fine with previous wso2 product versions.
I implemented this scenario in my laptop with IS 3.2.3 and it work fine. now when I uploaded the configuration to the production servers I saw this error:
NOTE: in the production servers I used two tenant for AS and ESB.
The error:
TID: [] [WSO2 Enterprise Service Bus] [2012-11-14 00:14:43,787] ERROR {org.wso2.carbon.identity.entitlement.mediator.EntitlementMediator} - org.apache.synapse.SynapseException: User name not provided for the Entitlement mediator - can't proceed {org.wso2.carbon.identity.entitlement.mediator.EntitlementMediator}
TID: [] [WSO2 Enterprise Service Bus] [2012-11-14 00:14:43,791] WARN {org.apache.synapse.FaultHandler} - ERROR_CODE : 0 {org.apache.synapse.FaultHandler}
TID: [] [WSO2 Enterprise Service Bus] [2012-11-14 00:14:43,791] WARN {org.apache.synapse.FaultHandler} - ERROR_MESSAGE : User name not provided for the Entitlement mediator - can't proceed {org.apache.synapse.FaultHandler}
TID: [] [WSO2 Enterprise Service Bus] [2012-11-14 00:14:43,791] WARN {org.apache.synapse.FaultHandler} - ERROR_DETAIL : org.apache.synapse.SynapseException: User name not provided for the Entitlement mediator - can't proceed
at org.wso2.carbon.identity.entitlement.mediator.EntitlementMediator.mediate(EntitlementMediator.java:135)
at org.apache.synapse.mediators.AbstractListMediator.mediate(AbstractListMediator.java:60)
at org.apache.synapse.mediators.base.SequenceMediator.mediate(SequenceMediator.java:114)
at org.apache.synapse.core.axis2.ProxyServiceMessageReceiver.receive(ProxyServiceMessageReceiver.java:144)
at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:181)
at org.wso2.carbon.core.multitenancy.MultitenantMessageReceiver.doSOAP(MultitenantMessageReceiver.java:233)
at org.wso2.carbon.core.multitenancy.MultitenantMessageReceiver.processRequest(MultitenantMessageReceiver.java:181)
at org.wso2.carbon.core.multitenancy.MultitenantMessageReceiver.receive(MultitenantMessageReceiver.java:77)
at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:181)
at org.apache.axis2.transport.http.HTTPTransportUtils.processHTTPPostRequest(HTTPTransportUtils.java:172)
at org.apache.synapse.transport.nhttp.ServerWorker.processEntityEnclosingMethod(ServerWorker.java:409)
at org.apache.synapse.transport.nhttp.ServerWorker.run(ServerWorker.java:261)
at org.apache.axis2.transport.base.threads.NativeWorkerPool$1.run(NativeWorkerPool.java:172)
at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
{org.apache.synapse.FaultHandler}
TID: [] [WSO2 Enterprise Service Bus] [2012-11-14 00:14:43,792] WARN {org.apache.synapse.FaultHandler} - ERROR_EXCEPTION : org.apache.synapse.SynapseException: User name not provided for the Entitlement mediator - can't proceed {org.apache.synapse.FaultHandler}
TID: [] [WSO2 Enterprise Service Bus] [2012-11-14 00:14:43,793] WARN {org.apache.synapse.FaultHandler} - FaultHandler : org.apache.synapse.mediators.MediatorFaultHandler#563ac83c {org.apache.synapse.FaultHandler}
TID: [] [WSO2 Enterprise Service Bus] [2012-11-14 00:14:43,793] WARN {org.apache.synapse.mediators.MediatorFaultHandler} - Executing fault handler mediator : fault {org.apache.synapse.mediators.MediatorFaultHandler}
TID: [] [WSO2 Enterprise Service Bus] [2012-11-14 00:14:43,794] INFO {org.apache.synapse.mediators.builtin.LogMediator} - To: local://axis2services/Profesor_Proxy.Profesor_ProxyHttpsSoap11Endpoint, WSAction: http://cdae.uci.cu/servicios/Servicio_Profesor/obtenerDatosProfesor, SOAPAction: http://cdae.uci.cu/servicios/Servicio_Profesor/obtenerDatosProfesor, MessageID: urn:uuid:D4E74AEA911A3C697B1352870083848, Direction: request, Envelope: <?xml version='1.0' encoding='utf-8'?><soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:prof="http://cdae.uci.cu/schemas/Profesor"><soapenv:Header xmlns:wsa="http://www.w3.org/2005/08/addressing"><wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"><wsse:UsernameToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="UsernameToken-20"><wsse:Username>admin</wsse:Username><wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">*****</wsse:Password><wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">Rs/AfaxxkrPr6FbTKaKUUg==</wsse:Nonce><wsu:Created>2012-11-14T05:14:46.624Z</wsu:Created></wsse:UsernameToken><wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Timestamp-19"><wsu:Created>2012-11-14T05:14:46.623Z</wsu:Created><wsu:Expires>2012-11-14T05:48:06.623Z</wsu:Expires></wsu:Timestamp></wsse:Security><wsa:Action>http://cdae.uci.cu/servicios/Servicio_Profesor/obtenerDatosProfesor</wsa:Action><wsa:MessageID>uuid:20a1b0e1-43f6-49ab-b523-8da4b36043ad</wsa:MessageID><wsa:To>https://server:8243/services/t/ptesisesb.cdae.uci.cu/Profesor_Proxy.Profesor_ProxyHttpsSoap11Endpoint</wsa:To></soapenv:Header><soapenv:Body>
<prof:obtenerDatosProfesor>
<prof:solapin>****</prof:solapin>
</prof:obtenerDatosProfesor>
</soapenv:Body></soapenv:Envelope> {org.apache.synapse.mediators.builtin.LogMediator}
my soap message:
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:prof="http://cdae.uci.cu/schemas/Profesor">
<soapenv:Header xmlns:wsa="http://www.w3.org/2005/08/addressing">
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<wsse:UsernameToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="UsernameToken-20">
<wsse:Username>admin</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">****</wsse:Password>
<wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">Rs/AfaxxkrPr6FbTKaKUUg==</wsse:Nonce>
<wsu:Created>2012-11-14T05:14:46.624Z</wsu:Created>
</wsse:UsernameToken>
<wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Timestamp-19">
<wsu:Created>2012-11-14T05:14:46.623Z</wsu:Created>
<wsu:Expires>2012-11-14T05:48:06.623Z</wsu:Expires>
</wsu:Timestamp>
</wsse:Security>
<wsa:Action>http://cdae.uci.cu/servicios/Servicio_Profesor/obtenerDatosProfesor</wsa:Action>
<wsa:MessageID>uuid:20a1b0e1-43f6-49ab-b523-8da4b36043ad</wsa:MessageID>
<wsa:To>https://server:8243/services/t/ptesisesb.cdae.uci.cu/Profesor_Proxy.Profesor_ProxyHttpsSoap11Endpoint</wsa:To>
</soapenv:Header>
<soapenv:Body>
<prof:obtenerDatosProfesor>
<prof:solapin>*****</prof:solapin>
</prof:obtenerDatosProfesor>
</soapenv:Body>
</soapenv:Envelope>
my proxy service:
<proxy xmlns="http://ws.apache.org/ns/synapse" name="Profesor_Proxy" transports="https" statistics="enable" trace="enable" startOnLoad="true">
<target inSequence="conf:/secuenciasutiles/log_seguridad_mejorado" outSequence="conf:/gestion_tesis/servicioProfesor/secuencias/centralAssetsOUT" faultSequence="fault"/>
<publishWSDL key="conf:/gestion_tesis/servicioProfesor/wsdl/Servicio_Profesor1.wsdl"/>
<parameter name="addressingRequirementParameter">required</parameter>
<description></description>
</proxy>
and the sequence with the entitlement mediator inside:
<sequence xmlns="http://ws.apache.org/ns/synapse" onError="conf:/secuenciasutiles/falla_de_conexion">
<entitlementService remoteServiceUrl="https://server:9448/services/" remoteServiceUserName="admin" remoteServicePassword="*****" onReject="conf:/secuenciasutiles/log_cuando_no_pasa" onAccept="conf:/secuenciasutiles/log_cuando_pasa" advice=""/>
</sequence>
In this sequence I also see that the onAccept sequence disappear time to time.
What could be the problem? I use the UT policy and I see the username in the incoming message to the ESB.
I can fix this error but now I´m facing another one. I have the same configuration in different servers in one it work, in the another one not.
in this particular case i see the request/response in the IS 4.0.0 with the Permit value so the entitlement work.
the error:
TID: [] [WSO2 Enterprise Service Bus] [2012-11-15 20:10:49,359] ERROR {org.apache.synapse.core.axis2.Axis2Sender} - Unexpected error during sending message out {org.apache.synapse.core.axis2.Axis2Sender}
org.apache.axis2.AxisFault: No user value in the rampart configuration policy
at org.apache.rampart.handler.RampartSender.invoke(RampartSender.java:117)
at org.apache.axis2.engine.Phase.invokeHandler(Phase.java:340)
at org.apache.axis2.engine.Phase.invoke(Phase.java:313)
at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:262)
at org.apache.axis2.engine.AxisEngine.send(AxisEngine.java:427)
at org.apache.synapse.core.axis2.DynamicAxisOperation$DynamicOperationClient.send(DynamicAxisOperation.java:193)
at org.apache.synapse.core.axis2.DynamicAxisOperation$DynamicOperationClient.executeImpl(DynamicAxisOperation.java:175)
at org.apache.axis2.client.OperationClient.execute(OperationClient.java:165)
at org.apache.synapse.core.axis2.Axis2FlexibleMEPClient.send(Axis2FlexibleMEPClient.java:445)
at org.apache.synapse.core.axis2.Axis2Sender.sendOn(Axis2Sender.java:57)
at org.apache.synapse.core.axis2.Axis2SynapseEnvironment.send(Axis2SynapseEnvironment.java:281)
at org.apache.synapse.endpoints.AbstractEndpoint.send(AbstractEndpoint.java:297)
at org.apache.synapse.endpoints.AddressEndpoint.send(AddressEndpoint.java:59)
at org.apache.synapse.core.axis2.ProxyServiceMessageReceiver.receive(ProxyServiceMessageReceiver.java:165)
at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:181)
at org.apache.axis2.transport.http.HTTPTransportUtils.processHTTPPostRequest(HTTPTransportUtils.java:172)
at org.apache.synapse.transport.nhttp.ServerWorker.processEntityEnclosingMethod(ServerWorker.java:409)
at org.apache.synapse.transport.nhttp.ServerWorker.run(ServerWorker.java:261)
at org.apache.axis2.transport.base.threads.NativeWorkerPool$1.run(NativeWorkerPool.java:172)
at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
Caused by: org.apache.rampart.RampartException: No user value in the rampart configuration policy
at org.apache.rampart.builder.BindingBuilder.addUsernameToken(BindingBuilder.java:210)
at org.apache.rampart.builder.TransportBindingBuilder.build(TransportBindingBuilder.java:95)
at org.apache.rampart.MessageBuilder.build(MessageBuilder.java:140)
at org.apache.rampart.handler.RampartSender.invoke(RampartSender.java:106)
... 21 more
TID: [] [WSO2 Enterprise Service Bus] [2012-11-15 20:10:49,366] WARN {org.apache.synapse.FaultHandler} - ERROR_CODE : 0 {org.apache.synapse.FaultHandler}
TID: [] [WSO2 Enterprise Service Bus] [2012-11-15 20:10:49,367] WARN {org.apache.synapse.FaultHandler} - ERROR_MESSAGE : Unexpected error during sending message out {org.apache.synapse.FaultHandler}
TID: [] [WSO2 Enterprise Service Bus] [2012-11-15 20:10:49,367] WARN {org.apache.synapse.FaultHandler} - ERROR_DETAIL : org.apache.synapse.SynapseException: Unexpected error during sending message out
at org.apache.synapse.core.axis2.Axis2Sender.handleException(Axis2Sender.java:170)
at org.apache.synapse.core.axis2.Axis2Sender.sendOn(Axis2Sender.java:69)
at org.apache.synapse.core.axis2.Axis2SynapseEnvironment.send(Axis2SynapseEnvironment.java:281)
at org.apache.synapse.endpoints.AbstractEndpoint.send(AbstractEndpoint.java:297)
at org.apache.synapse.endpoints.AddressEndpoint.send(AddressEndpoint.java:59)
at org.apache.synapse.core.axis2.ProxyServiceMessageReceiver.receive(ProxyServiceMessageReceiver.java:165)
at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:181)
at org.apache.axis2.transport.http.HTTPTransportUtils.processHTTPPostRequest(HTTPTransportUtils.java:172)
at org.apache.synapse.transport.nhttp.ServerWorker.processEntityEnclosingMethod(ServerWorker.java:409)
at org.apache.synapse.transport.nhttp.ServerWorker.run(ServerWorker.java:261)
at org.apache.axis2.transport.base.threads.NativeWorkerPool$1.run(NativeWorkerPool.java:172)
at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
Caused by: org.apache.axis2.AxisFault: No user value in the rampart configuration policy
at org.apache.rampart.handler.RampartSender.invoke(RampartSender.java:117)
at org.apache.axis2.engine.Phase.invokeHandler(Phase.java:340)
at org.apache.axis2.engine.Phase.invoke(Phase.java:313)
at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:262)
at org.apache.axis2.engine.AxisEngine.send(AxisEngine.java:427)
at org.apache.synapse.core.axis2.DynamicAxisOperation$DynamicOperationClient.send(DynamicAxisOperation.java:193)
at org.apache.synapse.core.axis2.DynamicAxisOperation$DynamicOperationClient.executeImpl(DynamicAxisOperation.java:175)
at org.apache.axis2.client.OperationClient.execute(OperationClient.java:165)
at org.apache.synapse.core.axis2.Axis2FlexibleMEPClient.send(Axis2FlexibleMEPClient.java:445)
at org.apache.synapse.core.axis2.Axis2Sender.sendOn(Axis2Sender.java:57)
... 12 more
Caused by: org.apache.rampart.RampartException: No user value in the rampart configuration policy
at org.apache.rampart.builder.BindingBuilder.addUsernameToken(BindingBuilder.java:210)
at org.apache.rampart.builder.TransportBindingBuilder.build(TransportBindingBuilder.java:95)
at org.apache.rampart.MessageBuilder.build(MessageBuilder.java:140)
at org.apache.rampart.handler.RampartSender.invoke(RampartSender.java:106)
... 21 more
{org.apache.synapse.FaultHandler}
TID: [] [WSO2 Enterprise Service Bus] [2012-11-15 20:10:49,368] WARN {org.apache.synapse.FaultHandler} - ERROR_EXCEPTION : org.apache.synapse.SynapseException: Unexpected error during sending message out {org.apache.synapse.FaultHandler}
TID: [] [WSO2 Enterprise Service Bus] [2012-11-15 20:10:49,368] WARN {org.apache.synapse.FaultHandler} - FaultHandler : Endpoint [conf/HelloServiceAS] {org.apache.synapse.FaultHandler}
Jorge,
The error usually comes when the entitlement mediator is unable to extract the username of the user who's trying to access the target resource. Retrieving the username of a particular user is done by an appropriate entitlement callback handler implementation (by processing headers, etc).
However, try explicitly setting entitlement callback handler parameter to "org.wso2.carbon.identity.entitlement.mediator.callback.UTEntitlementCallbackHandler" which corresponds to retrieving the username of the user when UT is applied to a particular service. (AFAIR, value of the parameter entitlement callback handler used to have the default value to be the one mentioned above). Anyway, try setting it in the entitlement service mediator configuration as follows.
<entitlementService remoteServiceUrl="https://localhost:9443/services/" remoteServiceUserName="admin" remoteServicePassword="admin" callbackClass="org.wso2.carbon.identity.entitlement.callback.UTEntitlementCallbackHandler"/>
Cheers,
Prabath