I have a configuration as follows:
1 server with seperate Publisher (9446) and Store (port 9447). Both are configured with shared gov/config registry (note that the publisher is the same except localhost:9446/registry for the remote instance url:
<dbConfig name="govregistry">
<dataSource>jdbc/WSO2SHAREDCONREG_DB</dataSource>
</dbConfig>
<remoteInstance url="https://localhost:9447/registry">
<id>gov</id>
<dbConfig>govregistry</dbConfig>
<readOnly>false</readOnly>
<enableCache>true</enableCache>
<registryRoot>/</registryRoot>
</remoteInstance>
<mount path="/_system/governance" overwrite="true">
<instanceId>gov</instanceId>
<targetPath>/_system/governance</targetPath>
</mount>
<mount path="/_system/config" overwrite="true">
<instanceId>gov</instanceId>
<targetPath>/_system/nodes</targetPath>
</mount>
I have a Gateway and Key Manager on a different server. These are both deployed to different directories and the WSO2 documentation did not say to do anything additional for the registry.xml file so they look like:
<currentDBConfig>wso2registry</currentDBConfig>
<dbConfig name="wso2registry">
<dataSource>jdbc/WSO2CarbonDB</dataSource>
</dbConfig>
When the API is published and then I attempt to use the 'try it' functionality I get the following error (regardless of if the API is set to require a token or not)...
This error is on the gateway server:
[2014-01-23 21:54:31,111] ERROR - APIAuthenticationHandler API authentication failure
org.wso2.carbon.apimgt.gateway.handlers.security.APISecurityException: Access failure for API: /newphoneverify, version: 1.0.0 with key: null
Do I need to do something additional like setting up governance and config registry sharing on the keymanager and gateway as well?
This happens if the OPTIONS verb of the API is not enabled with 'None' auth type. Check [1].
[1]https://wso2.org/jira/browse/APIMANAGER-1819
I have the same problem:
Swagger UI does not works and return the same screenshots above, but if I use chrome/postman the API return the correct value so is just the swagger UI that has problems, I have an Apache in front of the API manager and the external name of the store is different from the internal name and apache proxypass the request.
I have configured the api-manager.xml and the API does not have authorization (all set to none) have really no idea on how to fix it.
Related
I'm following a tutorial from mulesoft (DataWeave Tutorial) witch implements a Web Service Consumer that calls an external public web service (WSDL). I had no problem to setup the project as described, but when I launch my server I have the following error: "Caused by: java.net.ConnectException: Connection refused: connect".
First thought was that the webservice was unavailable. But I tested it in SoapUI and it workded just fine.
I suppose the error is because the call to the web service is not using the proxy configurations that I have set up in Anypoint Studio. So, in my Web Service Consumer I have set up a HTTP Request Configuration where I added a Proxy Configuration. But it also did not work. Those were my steps:
Web Service Consumer
https://i.stack.imgur.com/hN584.png
References tab
https://i.stack.imgur.com/NIV84.png
HTTP Request Configuration
https://i.stack.imgur.com/Ubpwa.png
Proxy tab
https://i.stack.imgur.com/bBYx1.png
Proxy Configuration
https://i.stack.imgur.com/JDQdf.png
One thing that is immediately noticeable is the the TLS error on the HTTP Request Configuration. This error appears as soon as I choose to use a proxy and when I go to the TLS/SSL tab I have no option to remove the TLS configuration as you can see in the following image:
TLS/SSL tab
https://i.stack.imgur.com/xFqEW.png
Here's the XML of my flow:
<flow name="dataweave_tutorialFlow">
<http:listener config-ref="HTTP_Listener_Configuration" path="ex1" doc:name="HTTP" metadata:id="b34a6c34-653f-4b68-8aa3-8292e41a20cf"/>
<dw:transform-message doc:name="Transform Message">
<dw:input-payload doc:sample="C:\temp\dw_example1.json"/>
<dw:set-payload><![CDATA[%dw 1.0
%output application/xml
%namespace ns0 http://mulesoft.org/tshirt-service
---
{
ns0#OrderTshirt: {
size: "M" unless payload.buyer.state == "TX" otherwise "XXL",
email: payload.buyer.email,
name: payload.buyer.name,
address1: payload.buyer.address,
address2: null,
city: payload.buyer.city,
stateOrProvince: payload.buyer.state,
postalCode: payload.buyer.postCode,
country: payload.buyer.nationality
}
}]]></dw:set-payload>
</dw:transform-message>
<ws:consumer config-ref="Web_Service_Tshirt" operation="OrderTshirt" doc:name="Web Service Consumer"/>
</flow>
I'm using Anypoint Studio 6.2.5 with Mule ESB Server 3.8.2.
I have no more ideas for what to change to make this work. Hope anyone has some good suggestion about this. Thanks in advance!
You dont require to mention http in proxy url host can set the proxy using following example:-
<http:request-config name="HTTP_Request_Configuration" host="www.webservicex.com" port="80" doc:name="HTTP Request Configuration">
<http:proxy host="my.example.proxy.com" port="8080"/>
</http:request-config>
You may need to provide your proxy username and password based on your proxy.
A best example is if you follow step by step written here :-
http://www.corralict.nl/wsc-connector-proxy/
and
https://docs.mulesoft.com/mule-user-guide/v/3.8/web-service-consumer
Regarding tls, don't touch the tls part and make sure your HTTP request protocol is set to HTTP and not HTTPS. The error you are seeing is a bug in studio and will not affect if you configure rightly.
For one JDBC-based configuration , is the URL useful? According Remote Instance and Mount Configuration Details, The URL of the remote instance can be deduced as follows:
Let the URL of the destination server be https://localhost:9443/services. Then the URL of the remote instance will be https://localhost:9443/registry. Let the URL of the destination server be https://10.20.30.40:9445/webcontext/services. Then the URL of the remote instance will be https://10.20.30.40:9445/webcontext/registry.
But in the APIM 2.0 deployment, the publisher's configuration is as below:
<remoteInstance url="https://publisher.apim-wso2.com">
<id>gov</id>
<cacheId>user#jdbc:mysql://regdb.mysql-wso2.com:3306/regdb</cacheId>
<dbConfig>govregistry</dbConfig>
<readOnly>false</readOnly>
<enableCache>true</enableCache>
<registryRoot>/</registryRoot>
</remoteInstance>
Modify the /etc/hosts entries to map the relevant IP addresses to the remoteInstance URLs.
127.0.0.1 publisher.apim-wso2.com
Why does it use "https://publisher.apim-wso2.com" , but not "https://localhost:9445" ?
BTW, Is cacheId useful in JDBC-based configuration? if yes, what's the cacheId name rule? JDBC URL?
remoteInstance url is not used in JDBC case.
cacheId is required. See this.
WSO2 API Manager - Setting 'CacheId' when clustering with SQL Server
I'm using the WSO2 API Manager and I've added an API to it that was created in the WSO2 ESB and when trying to use the TryIt feature I get the following error in the console log.
[2014-09-16 13:59:26,614] ERROR - APIAuthenticationHandler API authentication failure
org.wso2.carbon.apimgt.gateway.handlers.security.APISecurityException: Access failure for API: /Sub, version: v1.0.0 with key: null
at org.wso2.carbon.apimgt.gateway.handlers.security.oauth.OAuthAuthenticator.authenticate(OAuthAuthenticator.java:157)
at org.wso2.carbon.apimgt.gateway.handlers.security.APIAuthenticationHandler.handleRequest(APIAuthenticationHandler.java:92)
at org.apache.synapse.rest.API.process(API.java:285)
at org.apache.synapse.rest.RESTRequestHandler.dispatchToAPI(RESTRequestHandler.java:83)
at org.apache.synapse.rest.RESTRequestHandler.process(RESTRequestHandler.java:64)
at org.apache.synapse.core.axis2.Axis2SynapseEnvironment.injectMessage(Axis2SynapseEnvironment.java:220)
at org.apache.synapse.core.axis2.SynapseMessageReceiver.receive(SynapseMessageReceiver.java:83)
at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:180)
at org.apache.synapse.transport.passthru.ServerWorker.processNonEntityEnclosingRESTHandler(ServerWorker.java:344)
at org.apache.synapse.transport.passthru.ServerWorker.run(ServerWorker.java:168)
at org.apache.axis2.transport.base.threads.NativeWorkerPool$1.run(NativeWorkerPool.java:172)
at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
I'm trying to send a GET request and there are no parameters for this API and in the Authorization field I have entered
Bearer XXXACCESS+TOKEN+GOES+HEREXXXX
When testing this from Advanced REST client or the REST Client in the store it works. I've changed the port numbers in the various files (authorize, login, token, revoke) to match my port offset, I've also configured my API Store addresses in api-manager.xml.
When you add that particular resource to your API, please select "OPTIONS" verb as well. Otherwise this error would be given.
Also, check whether your /etc/hosts entries direct 'localhost' to '127.0.0.1' instead of the IP address of your machine. In that case, please open
{API-M installation DIR}/repository/conf/api-manager.xml
And, modify the section relevant to the Swagger appropriately by adding your IP address (or host-name)
from this,
<!--Configuration to enable/disable sending CORS headers from the Gateway-->
<Enabled>true</Enabled>
<!--The value of the Access-Control-Allow-Origin header. Default values are
API Store addresses, which is needed for swagger to function.-->
<Access-Control-Allow-Origin>https://localhost:9443,http://localhost:9763</Access-Control-Allow-Origin>
<!--Configure Access-Control-Allow-Headers-->
<Access-Control-Allow-Headers>authorization,Access-Control-Allow-Origin,Content-Type</Access-Control-Allow-Headers>
</CORSConfiguration>
to this (add your own server IP instead),
<!--Configuration to enable/disable sending CORS headers from the Gateway-->
<Enabled>true</Enabled>
<!--The value of the Access-Control-Allow-Origin header. Default values are
API Store addresses, which is needed for swagger to function.-->
<Access-Control-Allow-Origin>https://192.168.56.101:9443,http://192.168.56.101:9763</Access-Control-Allow-Origin>
<!--Configure Access-Control-Allow-Headers-->
<Access-Control-Allow-Headers>authorization,Access-Control-Allow-Origin,Content-Type</Access-Control-Allow-Headers>
</CORSConfiguration>
The above answer assumes that you didn't add any port offset to the API Manager. If you did, you should also change the port value(simply add that value to the existing port value) in the above configuration accordingly.
Thank you.
-Chathura
What would be the URL for the newly set up SAML SSO's metadata URL, or how could I download this in XML format from WSO2 Identity Server (version 4.6.0) acting as IdP?
Thanks,
Tamas
WSO2 Identity server now hosts IDPSSODesriptor metadata file on this URL.
https://localhost:9443/identity/metadata/saml2
This feature is available from Identity Server version 5.3 onward.
AFAIK there is no option to auto-generate metadata files for IS. You have to manually write the metadata file. An example is as follows, taken from this blog post.
<md:entitydescriptor entityid="https://localhost:9443/samlsso" validuntil="2023-09-23T06:57:15.396Z" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">
<md:idpssodescriptor protocolsupportenumeration="urn:oasis:names:tc:SAML:2.0:protocol">
<md:keydescriptor use="signing">
<ds:keyinfo>
<ds:x509data>
<ds:x509certificate>MIICNTCCAZ6gAwIBAgIES343gjANBgkqhkiG9w0BAQUFADBVMQswCQYDVQQGEwJVUzELMAkGA1UE
CAwCQ0ExFjAUBgNVBAcMDU1vdW50YWluIFZpZXcxDTALBgNVBAoMBFdTTzIxEjAQBgNVBAMMCWxv
Y2FsaG9zdDAeFw0xMDAyMTkwNzAyMjZaFw0zNTAyMTMwNzAyMjZaMFUxCzAJBgNVBAYTAlVTMQsw
CQYDVQQIDAJDQTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzENMAsGA1UECgwEV1NPMjESMBAGA1UE
AwwJbG9jYWxob3N0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCUp/oV1vWc8/TkQSiAvTou
sMzOM4asB2iltr2QKozni5aVFu818MpOLZIr8LMnTzWllJvvaA5RAAdpbECb+48FjbBe0hseUdN5
HpwvnH/DW8ZccGvk53I6Orq7hLCv1ZHtuOCokghz/ATrhyPq+QktMfXnRS4HrKGJTzxaCcU7OQID
AQABoxIwEDAOBgNVHQ8BAf8EBAMCBPAwDQYJKoZIhvcNAQEFBQADgYEAW5wPR7cr1LAdq+IrR44i
QlRG5ITCZXY9hI0PygLP2rHANh+PYfTmxbuOnykNGyhM6FjFLbW2uZHQTY1jMrPprjOrmyK5sjJR
O4d1DeGHT/YnIjs9JogRKv4XHECwLtIVdAbIdWHEtVZJyMSktcyysFcvuhPQK8Qc/E/Wq8uHSCo=</ds:x509certificate>
</ds:x509data>
</ds:keyinfo>
</md:keydescriptor>
<md:singlelogoutservice binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" location="https://localhost:9443/samlsso" responselocation="https://localhost:9443/samlsso">
<md:singlesignonservice binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" location="https://localhost:9443/samlsso">
<md:singlesignonservice binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" location="https://localhost:9443/samlsso">
</md:singlesignonservice></md:singlesignonservice></md:singlelogoutservice></md:idpssodescriptor>
</md:entitydescriptor>
Yes.. Identity Server does not support to generate a IDP information as metadata file. You may need to create it manually. But I guess it would be available with a future release. There is an open public jira for this. You can find a generated SAML2 metadata file from here. However you may need to configure it according to your configurations. If you have changed your keystore, you need to change the X509 certificate data. And also urls of the samlsso endpoint. By default saml sso end point is located at https://localhost:9443/samlsso. In your service provider config, you need to configure this url as IDP url (both login and logout). You must provide the wso2carbon certificate in to service provider for validating the signature.
I have the current installations of WSO2 ESB and WSO2 Registry (both 4.5.0).
Registry sharing is made exactly by the step by step instruction
Then the usecase is the following:
1) add a zip containing WSDL/Schemas to the Governance Registry. Added them I case see in the registry bowser:
_system/governance/trunk
/endpoints
/schemas
/services
/wsdls
With all WSDL/Schemas/Endpoints/Services relevand to the just added WSDL package.
2) start WSO2 ESB ithe the following registry configuration:
<dbConfig name="wso2registry_mounted">
<dataSource>jdbc/WSO2CarbonDB_GREG</dataSource>
</dbConfig>
<remoteInstance url="https:localhost:9445/registry">
<id>wso2_registry_mounted</id>
<dbConfig>wso2registry_mounted</dbConfig>
<readOnly>false</readOnly>
<enableCache>true</enableCache>
<registryRoot>/</registryRoot>
</remoteInstance>
<mount overwrite="true" path="/_system/config">
<instanceId>wso2_registry_mounted</instanceId>
<targetPath>/_system/nodes</targetPath>
</mount>
<mount overwrite="true" path="/_system/governance">
<instanceId>wso2_registry_mounted</instanceId>
<targetPath>/_system/governance</targetPath>
</mount>
3) Check registry browser both on ESB and Governance Registry. At least schemas folder content is gone overwritten by ESB.
Could anyone advise on how can I force ESB not to overwrite initial Registry entries. Marking mounted registry as readOnly=true - doesn't help.
Thanks,
Vladimir.
Please use <mount overwrite="false" not to be overwritten the content
Refer this document for more details