Authentication and Autherization using ESB and IS - wso2

I am trying to follow up with the samples as mentioned in:
http://blog.facilelogin.com/2012/05/authentication-and-authorization-with.html
After following up with everystep, when I try to test it using TryIt, the Identity Server throws the following error:
Access Denied. Please Login First.
The Servers are running at their default configuration, except for the ports - ESB on 9443 and IS on 9445.
ESB version: 4.5.1
IS version: 3.2.3
Kindly let me know what configuration is missing.
Thanks,
Praveen

refer this to understand more on Authentication and Autherization using ESB and IS Patterns.
furthermore, this slide set has interesting Security patterns with ESB

Related

WSS Support in WSO2 API Manager

I am verifying the Websocket support in WSO2 API manager for one of my requirement. By default, WSO2 API Manager provides the options for configuring "WS" protocol and able to access it. But I couldn't find any configuration for "WSS" protocol support.
Is there any limitation in WSO2 API manager or is there any documentation available?
Thanks,
Sow
WebSocket support is available by default in WSO2 API Manager. Related transport configurations should be available inside the axis2.xml configuration file. You can find related documentation in the WSO2 API Manager documentation.
https://docs.wso2.com/display/AM260/Create+a+WebSocket+API
When using wss endpoint, we were able to observe some errors and we were able to get rid of the errors with the following approach.
Please include the following parameter in the SecureWebSocketInboundEndpoint.xml file which resides in the <APIM_HOME>/repository/deployment/server/synapse-configs/default/inbound-endpoints directory.
TLSv1.1,TLSv1.2
Also, please remove the following parameters from the same SecureWebSocketInboundEndpoint.xml file if the following parameters(wss.ssl.trust.store.file and wss.ssl.trust.store.pass) exist in the file.
repository/resources/security/client-truststore.jks
wso2carbon
Please use the following sample web socket client to try out and run the WSS client. Please change the variable carbonKeyStoreLocation to point to <API-M_HOME>/repository/resources/security/wso2carbon.jks. Note that port for the WSS API is 8099.
You can download the WSS client in the following WSO2 official documentation under the WSS Support section. (In the second step.)[1] Further please change the access token, web socket endpoint and the carbonKeyStoreLocation with your one to try out the scenario.
[1] https://docs.wso2.com/display/AM260/Create+a+WebSocket+API

WSO2 ESB (4.9.0) throw out SOAPProcessingException when connecting Salesforce through proxy server

I try to use WSO2 ESB at workplace where Proxy Server is available.
Set Proxy Server settings in axis2.xml,
Install certificate.
Initialize Salesforce connector(Salesforce certificate has been installed).
Test the API, run into an exception - SOAPProcessingException,
Really appreciate if someone can give ideas of solution.
First of all I have tried this type of a scenario using WSO2 ESB 4.9.0 and which was perfectly working fine. By looking at your error messages I can see that there was an Authentication failure, hence Sales Force end point returns some HTML error message. The ESB tries to build this HTML error message using the SOAP builder leading to this situation.
This could be due to some missing configuration in your setting. You may follow [1] to enable HTTP Proxy to Sales Force. Then to setup Sales Force [2] will be helpful.
Couple of thing I need to highlight here. Did you import the Salesforce certificate into the ESBs client trust store using the keytool import command. If not please go ahead and do so. Also is there a particular reason for you to use NHTTP transport here. Ideally we would use Passthrough transport to add the proxy host as given in [1].
If you still get the error after following the above steps please enable the wirelogs and post it here to investigate further. Follow these steps to enable wirelogs.
Open log4j.properties file from a text editor.
log4j.properties file is located in $ESB_HOME/repository/conf directory.
Un-comment the following entry.
log4j.logger.org.apache.synapse.transport.http.wire=DEBUG
Hope this helps you.
[1] https://docs.wso2.com/display/ESB470/Enabling+SSL+Tunneling+through+a+Proxy+Server
[2]https://docs.wso2.com/display/ESBCONNECTORS/Working+with+Salesforce+Connector+Operations

WSO2 BPS - BPMN API not working

I'm trying to use the REST API for BPMN following the documentation, but even the most basic requests such as
https://localhost:9443/bpmn/repository/deployments
or
https://localhost:9443/bpmn/repository/process-definitions
return the following error
{"statusCode":400,"errorMessage":"javax.ws.rs.InternalServerErrorException.validate(Ljavax/ws/rs/core/Response;Ljavax/ws/rs/core/Response$Status;)Ljavax/ws/rs/core/Response;"}
I'm using BPS server 3.5.1 with Oracle JDK 1.8.0_77, as it was downloaded, with the only addition of a BPMN process to test its dashboard. The service is run as root (via sudo)
What can be done to fix this?
Thanks
I tried it on postman and it works perfectly. Please choose the correct request type (GET, POST, PUT or DELETE), if not the following error will be thrown on the server side:
javax.ws.rs.ClientErrorException.validate(Ljavax/ws/rs/core/Response;Ljavax/ws/rs/core/Response$Status$Family;)Ljavax/ws/rs/core/Response;

Getting error when running WSO2 API Manager with WSO2 BAM Server

I got the following error when runnning WSO2 API Manager 1.3.1 to use the WSO2 BAM Server 2.0.1.
TID: [0] [AM] [2013-05-02 18:58:40,609] ERROR
{org.wso2.carbon.apimgt.usage.publisher.APIMgtUsageDataBridgeDataPublisher}
- Error initializing APIMgtUsageDataBridgeDataPublisher {org.wso2.carbon.apimgt.usage.publisher.APIMgtUsageDataBridgeDataPublisher}
org.wso2.carbon.databridge.agent.thrift.exception.AgentException:
Error when finding event stream definition for :
org.wso2.apimgt.statistics.request 1.0.0
Both API Manager and BAM are running on the same machine and I changed offset to 1 in /home/jtao/api/wso2bam-2.0.1/repository/conf/carbon.xml based on Monetization of API Usage.
I also checked that BAM_HOME/repository/conf/etc/cassandra-component.xml doesn't exist in BAM 2.0.1. as someone suggested in the answer of another question "Configuring WSO2 API Manager to use the WSO2 BAM Server"
Any ideas?
I ran the same scenario described in guide and it works without any error. May be your have missed a part in the configuration guide? Make sure BAM_HOME is set correctly and BAM server is started before the AM server.
The following guide too can be used to integrate AM 1.3.1 with BAM 2.0.1
http://docs.wso2.org/wiki/display/AM131/Monitoring+and+Statistics
Ishara

WSO2 API Key Manager

I am configuring our API Manager, but running into troubles authenticating via OAuth, seems to be an issue with the API Key Manager. I haven't dug into it yet, but does this come with the API Manager (as I have assumed) or is this a separate installation?
I had the same issue when using the wso2 api manager on a Amazon hosted machine, turn out that Thrift was not working correctly because some problem with multicasting and broadcasting.
What I did to get it working was to switch from ThriftClient to WSClient. If you have a huge amount of requests coming in then Thrift is the recommended solution from wso2 but in any "normal" case you will not have any differences between thrift and WS.
Here is how you switch:
Shut down the API Manager
Open up <api manager install dir>\repository\conf\api-manager.xml
Find ThriftClient
Change this to
<KeyValidatorClientType>WSClient</KeyValidatorClientType>
Start the API Manager
You may get some Warnings while starting up but, try it before you jump to the conclusion that it doesn't work.
Hope it helps!
you can use APIM manager product in a distributed setup as keymanger,gateway,store,publisher..but all functionality come in a single distribution.. ..
Go through the documentation for further guides
I was facing the same issue. Everything started when I created my own jks in order to use SSL without a self-signed certificate. I successfully created the jks and changed it in the carbon file. When I started the server, everything seemed ok; but when I used SOAPUI to test an API call, I got this (in the logs of the api manager):
APIAuthenticationHandler API authentication failure due to Unclassified Authentication Failure
I started digging what was the problem by enabling Debug level in the log4j.properties file, and then tried again a tested with SOAPUI and I got:
APISecurityException: Could not connect to <my api ip address> on port 10397
Then, I read the comment of OneMuppet and I checked that file and I found that the Thrift config has a host option, so I uncommented it:
<KeyValidatorClientType>ThriftClient</KeyValidatorClientType>
<ThriftClientPort>10397</ThriftClientPort>
<ThriftClientConnectionTimeOut>10000</ThriftClientConnectionTimeOut>
<ThriftServerPort>10397</ThriftServerPort>
This Line --> <ThriftServerHost>localhost</ThriftServerHost>
<EnableThriftServer>true</EnableThriftServer>
Save, restarted the server and everything start working correctly.
I got the same below issue after my installation, when i try to invoke the api service it is throwing below error:
900900 Unclassified Authentication Failure Error while accessing backend services for API key validation
After some random checks i have seen the axis2.xml file in /repository/conf/axis2 there it is refering a differnt ip's instead. I change these ip's to my local ip and restarted. The issue is resolved now.
I was facing the same issue. when I was trying to setup API Manager as an API Gateway in a different machine as per the steps given here,
https://docs.wso2.com/display/AM250/Publish+through+Multiple+API+Gateways
Once the setup is done and when I am trying to use this gateway URL, I was getting the below response,
{"fault":{"code":900900,"message":"Unclassified Authentication Failure","description":"Error while accessing backend services for API key validation"}}
After changing the KeyValidatorClientType value to WSClient from ThriftClient on the <api manager install dir>\repository\conf\api-manager.xml
It started working fine. And I was able to get the expected response.
If you changed the admin password, then you also have to update the repository/conf/api-manager.xml file with the new password. The 2 places I have changed (so far) are:
<AuthManager>
and
<APIKeyManager>
but there are other admin usernames in that file. No doubt, I'll get to them....