I am getting an error from the following method call in WSO2 identity server STS client call,
the call :
responseToken = stsClient.requestSecurityToken(servicePolicy,
STS_EPR, stsPolicy, RELYING_PARTY_SERVICE_EPR);
returns the following error.
Exception in thread "main" java.lang.NoSuchMethodError: org.apache.xml.security.transforms.Transform.init()V
at org.apache.ws.security.WSSConfig.staticInit(WSSConfig.java:311)
at org.apache.ws.security.WSSConfig.<init>(WSSConfig.java:327)
at org.apache.ws.security.WSSConfig.getNewInstance(WSSConfig.java:336)
at org.apache.ws.security.WSSConfig.getDefaultWSConfig(WSSConfig.java:345)
at org.apache.rampart.RampartMessageData.<init>(RampartMessageData.java:363)
at org.apache.rampart.MessageBuilder.build(MessageBuilder.java:61)
at org.apache.rampart.handler.RampartSender.invoke(RampartSender.java:65)
at org.apache.axis2.engine.Phase.invokeHandler(Phase.java:340)
at org.apache.axis2.engine.Phase.invoke(Phase.java:313)
at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:261)
at org.apache.axis2.engine.AxisEngine.send(AxisEngine.java:426)
at org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:398)
at org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:224)
at org.apache.axis2.client.OperationClient.execute(OperationClient.java:149)
at org.apache.axis2.client.ServiceClient.sendReceive(ServiceClient.java:554)
at org.apache.rahas.client.STSClient.requestSecurityToken(STSClient.java:164)
at org.apache.rahas.client.STSClient.requestSecurityToken(STSClient.java:181)
This is obviously a wrong jar being included in the classpath. I am running this against WSO2 identity server 4.1.0 and offending wss4j .jar version is wss4j_1.5.11.wso2v5.jar which comes with 4.1.0 IS. Which version of .jar should I used to get rid of this issue?
Side Note: I looked for source .jar files in the public Maven Repository of WSO2, but only binary .jar files are available there, why source .jar files are missing in the WSO2 public repository as WSO2 believes in open source software?
Here I am referring specifically to http://maven.wso2.org/nexus/content/groups/wso2-public/org/apache/ws/security/wss4j/1.5.11-wso2v5/
Go to identity servers bin folder [wso2is-4.1.0/bin] and issue the command "ant" to get the required libraries, (make sure you have installed Apache Ant)
wso2is-4.1.0/bin$ ant
and then after building the ant script, go to the location wso2is-4.1.0/repository/lib and see the required libraries.
rampart-policy_1.6.1-wso2v8.jar
rampart-core_1.6.1-wso2v8.jar
rampart-trust_1.6.1-wso2v8.jar
wss4j_1.5.11-wso2v5.jar
axis2_1.6.1-wso2v8.jar
axiom_1.2.11-wso2v3.jar
make sure you use above versions in your class path of the client.
Related
I have a fat jar called producer which produces messages.I want to use it to produce messages to a MSK serverless cluster. The jar takes the following arguments-
-topic --num-records --record-size --throughput --producer.config /configLocation/
As my MSK serverless cluster uses IAM based authentication, i have provided the following settings in my producer.config-
bootstrap.servers=boot-url
security.protocol=SASL_SSL
sasl.mechanism=AWS_MSK_IAM
sasl.jaas.config=software.amazon.msk.auth.iam.IAMLoginModule required;
sasl.client.callback.handler.class=software.amazon.msk.auth.iam.IAMClientCallbackHandler
The way this jar usually works is by providing a username and password with the sasl.jaas.config property.
However, with MSK serverless we have to use the IAM role attached to our EC2 instance.
When my executing the current jar by using
java - jar producer.jar -topic --num-records --record-size --throughput --producer.config /configLocation/
I get the exception
Exception in thread "main" org.apache.kafka.common.config.ConfigException: Invalid value software.amazon.msk.auth.iam.IAMClientCallbackHandler for configuration sasl.client.callback.handler.class: Class software.amazon.msk.auth.iam.IAMClientCallbackHandler could not be found.
I don't understand how to make the producer jar find the class present in the external jar aws-msk-iam-auth-1.1.1-all.jar.
Any help would be much appreciated, Thanks.
I found out that it isn't possible to override the classpath specified in MANIFEST.MF in case of a jar by using commandline options like --cp. What worked in my case was to have the jar's pom include the missing dependency.
When you use the -jar command-line option to run your program as an
executable JAR, then the Java CLASSPATH environment variable will be
ignored, and also the -cp and -classpath switches will be ignored and,
In this case, you can set your java classpath in the
META-INF/MANIFEST.MF file by using the Class-Path attribute.
https://javarevisited.blogspot.com/2011/01/how-classpath-work-in-java.html
I want my custom Policy Information Point (PIP) to be able to connect to OpenStack Swift (an Object Storage application) thanks to this connector. The connector is able to retrieve metadata from an object, which would be sent back to the Policy Decision Point (PDP) when the right AttributeId is requested.
In our context, Swift holds information about our resources (objects here).
Below are all the steps I followed to try and use this connector in my custom PIP.
I got the connector to work locally (no integration with WSO2IS yet) following only the first 3 steps and calling the swift_test function in a debug-purposed main class.
I followed this guide to implement a custom PIP, which suggests using a database offering a JDBC driver (such as mariadb). My issue is that Swift does not offer a JDBC driver, hence the use of the openstack4j connector.
I added the needed openstack4j dependency to the maven project linked in the guide (here).
I also added the following imports to the extended class (named KMarketJDBCAttributeFinder in the guide):
package org.xacmlinfo.xacml.pip.jdbc;
import org.openstack4j.api.OSClient.OSClientV3;
import org.openstack4j.model.common.Identifier;
import org.openstack4j.model.storage.object.SwiftAccount;
import org.openstack4j.model.storage.object.SwiftContainer;
import org.openstack4j.model.storage.object.SwiftObject;
import org.openstack4j.model.storage.object.options.ObjectListOptions;
import org.openstack4j.openstack.OSFactory;
import org.wso2.carbon.identity.entitlement.pip.AbstractPIPAttributeFinder;
...
and this function to test and retrieve an object's metadata:
public void swift_test() {
OSClientV3 os = OSFactory.builderV3()
.endpoint(our_keystoneV3_url)
.credentials(our_keystone_username, password, domain_identifier)
.scopeToProject(Identifier.byName(our_tenant), Identifier.byName(our_domain))
.authenticate();
SwiftAccount account = os.objectStorage.account().get();
Map<String, String> md =
os.objectStorage.objects().getMetadata("our_container", "our_object");
System.out.println(md.toString());
}
which I call in the overriden getAttributeValues of the custom PIP class.
I then built the class using mvn package to generate the .jar which I copied in <IS_HOME>/repository/components/lib.
I downloaded all my dependencies using mvn dependency:copy-dependencies, and copied them all to the same <IS_HOME>/repository/components/lib folder.
I start the wso2is server, send a XACML request which involves calling my custom PIP, and see the following error in <IS_HOME>/repository/logs/wso2carbon.log:
ERROR {org.openstack4j.core.transport.internal.HttpExecutor} - No OpenStack4j connector found in classpath
ERROR {org.wso2.carbon.identity.entitlement.pip.CarbonAttributeFinder} - Error while retrieving attribute values from PIP attribute finder: org.openstack4j.api.exceptions.ConnectorNotFoundException: No OpenStack4j connector found in classpath
ERROR {org.wso2.balana.finder.AttributeFinder} - Error while trying to resolve values: Error while retrieving attribute values from PIP attribute finder: No OpenStack4j connector found in classpath
Our wso2is server, version 5.7.0 runs on a CentOS 7.6 VM.
My question is then: can we use this kind of connector in a custom PIP with wso2is? If so, how would I go about resolving the classpath issues between my dependencies?
P.S. : I previously added another custom PIP, connecting this time to a MariaDB database which is working well. The .jar I create when using mvn package contains both custom PIPs, and they are both recognized in the section "PDP > Extension" in the wso2is web interface.
Here is the list of dependencies obtained with the mvn command:
activation-1.1.1.jar
btf-1.2.jar
classworlds-1.1-alpha-2.jar
commons-codec-1.9.jar
commons-io-2.3.jar
commons-lang-2.6.jar
commons-logging-1.2.jar
guava-20.0.jar
httpclient-4.5.3.jar
httpcore-4.4.6.jar
jackson-annotations-2.7.0.jar
jackson-core-2.7.3.jar
jackson-core-asl-1.9.7.jar
jackson-coreutils-1.6.jar
jackson-databind-2.7.3.jar
jackson-dataformat-yaml-2.7.3.jar
jackson-jaxrs-base-2.7.3.jar
jackson-jaxrs-json-provider-2.7.3.jar
jackson-mapper-asl-1.9.7.jar
jackson-module-jaxb-annotations-2.7.3.jar
jboss-annotations-api_1.2_spec-1.0.0.Final.jar
jboss-jaxrs-api_2.0_spec-1.0.1.Beta1.jar
jboss-logging-3.3.0.Final.jar
jcip-annotations-1.0.jar
jcl-over-slf4j-1.7.2.jar
jdom2-2.0.6.jar
joss-0.10.2.jar
json-patch-1.9.jar
jsr305-2.0.0.jar
junit-3.8.1.jar
maven-artifact-2.0.jar
maven-compiler-plugin-2.0.jar
maven-plugin-api-2.0.jar
msg-simple-1.1.jar
openstack4j-3.1.0.jar
openstack4j-core-3.1.0.jar
openstack4j-resteasy-3.1.0.jar
org.wso2.carbon.identity.entitlement-4.2.0.jar
plexus-compiler-api-1.5.1.jar
plexus-compiler-javac-1.5.1.jar
plexus-compiler-manager-1.5.1.jar
plexus-container-default-1.0-alpha-8.jar
plexus-utils-1.0.4.jar
resteasy-client-3.1.4.Final.jar
resteasy-jaxrs-3.1.4.Final.jar
resteasy-jaxrs-services-3.1.4.Final.jar
slf4j-api-1.7.2.jar
snakeyaml-1.15.jar
I've installed Wso2 Api Manager a few days ago follow this intructions:
1. I've downloaded https://wso2.com/api-management/install.
2. I've installed using the wizard in C:\Program Files\WSO2\API Manager directory.
3. I've initialize Api Manger console, then created some apis from https://localhost:9443/publisher .
Now, I want to see some statistics (https://192.168.138.117:9443/publisher/site/pages/all-statistics.jag?page=api-usage-user&stat=all-stat). I've read that API Analytics has to be configured, so I carried out the following steps (https://docs.wso2.com/display/AM260/Configuring+APIM+Analytics#ConfiguringAPIMAnalytics-Step1-DownloadandinstallWSO2API-M).
I download it (https://wso2.com/api-management/install/analytics).
Unzip file in C:\WSO2\wso2am-analytics-2.6.0.
I've created and Environment Variables called JAVA_HOME. In value field, I typed the installation path of the Java Development Kit, C:\Program Files\Java\jdk1.8.0_191.
I edited the tag true in the file "C:\Program Files\WSO2\API Manager\2.6.0\repository\conf\api-manager.xml".
I exec this command in cmd windows: "C:\WSO2\wso2am-analytics-2.6.0>worker.bat -run". It excecuted some process and aparentely everything was ok.
Finally, I run another windows console and exec: "C:\Program Files\WSO2\API Manager\2.6.0\bin>wso2server.bat -run".
Now, when I try to log in https://localhost:9443/publisher, /store o /carbon, I'm getting this error:
Problem accessing: /. Reason: Not Found
If I only lunch the Api Manager, it works perfectly but I can't get the statistics.
Did you follow Quick setup?
To access Analytics you need to carry out Standard Setup which includes:
Creating Analytics DB with the "am_usage_uploaded_files" table in addition
Configuring /conf/dashboard/deployment.yaml --> APIM_ANALYTICS_DB
Configuring /conf/worker/deployment.yaml --> APIM_ANALYTICS_DB
Configure /conf/worker/deployment.yaml --> WSO2AM_MGW_ANALYTICS_DB
And then starting the worker which creates the rest tables for analytics.
I am using wso2/soap package from ballerina central to create a simple soap connector.
import wso2/soap;
import ballerina/io;
endpoint soap:Client soapClient {
clientConfig:{
url: "http://localhost:9000"
}
};
function main (string... args) {
xml body = xml `<m0:getQuote xmlns:m0="http://services.samples">
<m0:request>
<m0:symbol>WSO2</m0:symbol>
</m0:request>
</m0:getQuote>`;
soap:SoapRequest soapRequest = {
soapAction: "urn:getQuote",
payload: body
};
var details = soapClient->
sendReceive("/services/SimpleStockQuoteService",soapRequest);
match details {
soap:SoapResponse soapResponse => io:println(soapResponse);
soap:SoapError soapError => io:println(soapError);
}
}
This code was initially building and running successfully with ballerina-0.975.0 version. Recently I have installed ballerina-0.980.0. After this I get the following error when trying to build the code.
Compiling source
package:0.0.0
ballerina: format error: ballerina: unsupported program file version 18
This occurs as I am trying to build using 0.980.0 and old the wso2/soap package is used from the home repository. Normal logic is, we check for the package in the home folder and if not found then we fetch from the ballerina central repository. This logic fails in this scenario as we are using a newer ballerina version. Newer ballerina version tries to use the existing soap package downloaded in the home folder and throws an error. Instead we should fetch the newer version of soap package from the ballerina central.
The issue will be fixed in future releases. For the time being, you can pull the latest version of the connector (which is compatible with Ballerina 0.980.0) using the following command and resolve the issue.
ballerina pull wso2/soap
When setting in the sample app: Travelocity.properties
#Specify if SAM LAssertion element is encrypted
SAML.EnableAssertionEncryption=true
And also tick the Identity server configuration option:
Enable Assertion Encryption [ticked]
Certificate Alias: wso2carbon
I receive the following error at the server log:
Error at Log: 2015-05-05 15:56:10,282 Error encrypting XMLObject
Without the encryption feature enabled, the SAML authentication flow with the Travelocity sample code starts working.
Hints are welcome how to fix this issue.
Regards,
Claude
It seems like you are working on the installed java runtime for the first time. I am using ubuntu 14. The same problem came to me. For me it worked in the following way.
1. Download the respective files according to your runtime from here.
http://www.oracle.com/technetwork/java/javase/downloads/jce-7-download-432124.html
http://www.oracle.com/technetwork/java/javase/downloads/jce-6-download-429243.html
http://www.oracle.com/technetwork/java/javase/downloads/jce8-download-2133166.html
2. Extract the folder you downloaded. There will be two .jar files.
3. For ubuntu you can run echo $JAVA_HOME to find the java home. Copy above jar files into {JAVA_HOME}/jre/lib/security. You may need sudo access depending on you JAVA_HOME location. If so run the following from the location you extracted the zip file.
cp local_policy.jar /{JAVA_HOME}/jre/lib/security
cp US_export_policy.jar /{JAVA_HOME}/jre/lib/security
There should be only one slash (/) at /{JAVA_HOME}.
4. Restart wso2 identity server again and retry the procedure to login to travelocity.com
Hope this will fix your issue.