I'm using the WSO2 ESB version 4.0.3, with some features installed like: Identity Provider, Identity SAML2.0 Single Sign-on, Identity XACML, also BPEL, Data Services Hosting etc.
Following the instructions from here, I set up SSO Authentication for the ESB Management Console. The sign-in works just fine, but not the sign-out. In the log I can see the following information:
TID: [] [WSO2 ESB] [2012-06-08 18:12:59,592]
INFO {org.wso2.carbon.identity.authenticator.saml2.sso.SAML2SSOAuthenticator} -
'admin' logged out at [2012-06-08 18:12:59,0592]
{org.wso2.carbon.identity.authenticator.saml2.sso.SAML2SSOAuthenticator}
after what I get errors. Furthermore, in the browser shows like I'm still logged in.
Here are the errors I'm getting:
TID: [] [WSO2 ESB] [2012-06-08 18:13:03,581]
WARN {org.wso2.carbon.server.admin.module.handler.AuthenticationHandler} -
Illegal access attempt at [2012-06-08 18:13:03,0581] from IP address :
Service is RegistryAdminService {org.wso2.carbon.server.admin.module.handler.AuthenticationHandler}
TID: [] [WSO2 ESB] [2012-06-08 18:13:03,584]
ERROR {org.apache.axis2.engine.AxisEngine} -
Access Denied. Please login first. {org.apache.axis2.engine.AxisEngine}
...
TID: [] [WSO2 ESB] [2012-06-08 18:13:03,599]
ERROR {org.wso2.carbon.ui.clients.RegistryAdminServiceClient} -
Error occurred while checking registry mode {org.wso2.carbon.ui.clients.RegistryAdminServiceClient}
org.apache.axis2.AxisFault: Access Denied. Please login first.
...
TID: [] [WSO2 ESB] [2012-06-08 18:13:03,879]
ERROR {org.wso2.carbon.server.admin.ui.ServerAdminClient} -
Cannot get server data. Backend service may be unavailable {org.wso2.carbon.server.admin.ui.ServerAdminClient}
org.apache.axis2.AxisFault: Access Denied. Please login first.
Am I missing something in the configuration? If not, can someone please explain what is happening?
Note: The errors are repeating.
These repetitive errors means you are logged out from the back end, and it tries to refresh a page like Carbon home page or statistics page by invoking the corresponding BE services.
Is WSO2 IS running as a separate node or the necessary IdP features are installed in ESB?
Thilina
Related
While trying to configure Mutual SSL for an API, below error is thrown:
TID: [-1234] [] [2020-01-14 11:43:09,542] ERROR {org.wso2.carbon.apimgt.gateway.handlers.security.authenticator.MutualSSLAuthenticator} - Mutual SSL authentication failure
TID: [-1234] [] [2020-01-14 11:43:09,544] WARN {org.wso2.carbon.apimgt.gateway.handlers.security.APIAuthenticationHandler} - API authentication failure due to Invalid Credentials
<ams:fault xmlns:ams="http://wso2.org/apimanager/security"><ams:code>900901</ams:code><ams:message>Invalid Credentials</ams:message><ams:description>Invalid Credentials. Make sure you have provided the correct security credentials</ams:description></ams:fault>
For this API, only "Transport Level Security" is kept mandatory whereas "Application Level Security" is kept as optional. Please advise on how to achieve mutual SSL working on the wso2 API Manager 3.0.0
If you are watched this video, you will figure out how to achieve mutual SSL working on the WSO2 API Manager 3.0.0. It has clearly explained how mutual SSL working with WSO2 API manager
Im getting the following error while login to the management console of Identity server,
TID: [-1234] [] [2018-05-15 02:39:04,415] ERROR {org.wso2.carbon.user.core.common.AbstractUserStoreManager} - Error occurred while accessing Java Security Manager Privilege Block
TID: [-1234] [] [2018-05-15 02:39:04,415] ERROR {org.wso2.carbon.core.services.authentication.AuthenticationAdmin} - System error while Authenticating/Authorizing User : Error when handling event : PRE_AUTHENTICATION
I have configured the jdbc user store for the user management. What is issue ?
When i have a single adfs configured as a identity server on wso2, authentication from wso2 fails with the below error.
ator returned: INCOMPLETE TID: [-1234] [] [2017-02-24 06:50:04,580]
DEBUG
{org.wso2.carbon.identity.application.authentication.framework.handler.step.impl.DefaultStepHandler}
- SAMLSSOAuthenticator is redirecting TID: [-1234] [] [2017-02-24 06:50:04,580] DEBUG
{org.wso2.carbon.identity.application.authentication.framework.handler.sequence.impl.DefaultStepBasedSequenceHandler}
- Step is not complete yet. Redirechttp://stackoverflow.com/questionsting to outside. TID: [-1234]
[] [2017-02-24 06:50:09,958] DEBUG
{org.wso2.carbon.identity.application.authentication.framework.util.FrameworkUtils}
- Authentication Context is null TID: [-1234] [] [2017-02-24 06:50:09,959] DEBUG
{org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultRequestCoordinator}
- Session data key is null in the request TID: [-1234] [] [2017-02-24 06:50:09,959] ERROR
{org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultRequestCoordinator}
- Context does not exist. Probably due to invalidated cache
At the same time if there are more than one federated authentication say 2 adfs servers configured on wso2 as identity server and using the advanced configuration option on wso2-sp , authentication from travelocity is happening fine.
please guide what am i missing here.
This is supported out-of-the-box with Identity Server 5.1.0 M3 onwards. If you are to use this with Identity Server 5.0.0 (with SP 1) you’ll need to some modifications to the source. The details can be found at [1] & [2].
Follow Document[3] for more details for Setting ADFS 3.0 as a Federated Authenticator in WSO2 Identity Server
[1] - https://wso2.org/jira/browse/IDENTITY-3181
[2] - https://wso2.org/jira/browse/IDENTITY-3349
[3] - https://omindu.wordpress.com/2015/06/19/setting-ad-fs-3-0-as-federated-authenticator-in-wso2-identity-server/
I have setup WSO2 Identity server 5.0.0 on Windows 2012 R2 server.
I changed the primary user store to Active Directory following the instructions from WSO2 Documentation.
https://docs.wso2.com/display/IS500/Configuring+an+Active+Directory+User+Store
Since then i am not able to login into the Identity server Management Console.
I tried to login with the AD admin user as well as the WSO2 admin user, none of them work. Below are the errors from the log.
**TID: [0] [IS] [2016-01-05 10:17:22,965] WARN {org.wso2.carbon.core.services.util.CarbonAuthenticationUtil} - Failed Administrator login attempt 'wso2\test1[-1234]' at [2016-01-05 10:17:22,965+0000] {org.wso2.carbon.core.services.util.CarbonAuthenticationUtil}
TID: [0] [IS] [2016-01-05 10:17:35,420] WARN {org.wso2.carbon.core.services.util.CarbonAuthenticationUtil} - Failed Administrator login attempt 'test1[-1234]' at [2016-01-05 10:17:35,418+0000] {org.wso2.carbon.core.services.util.CarbonAuthenticationUtil}
TID: [0] [IS] [2016-01-05 10:17:46,485] WARN {org.wso2.carbon.core.services.util.CarbonAuthenticationUtil} - Failed Administrator login attempt 'admin[-1234]' at [2016-01-05 10:17:46,485+0000] {org.wso2.carbon.core.services.util.CarbonAuthenticationUtil}**
Below is the user-mgt xml file.
http://pastebin.com/zTJ2SJmN
Any help is greatly appreciated ..!!!
Thanks you
Kbasa
I have a WSO2 Identity Server installed (SP1 included) and I was doing some integration tests with Liferay. I was able to do saml sso login without any problem (with included attributes), but then I installed the critical patch 1256 and it doesn't let me to sign on anymore.
Here's what the log says:
TID: [0] [IS] [2015-05-28 12:16:22,774] ERROR {org.wso2.carbon.identity.sso.saml.builders.assertion.DefaultSAMLAssertionBuilder} - Error when reading claim values for generating SAML Response {org.wso2.carbon.identity.sso.saml.builders.assertion.DefaultSAMLAssertionBuilder}
TID: [0] [IS] [2015-05-28 12:16:22,775] ERROR {org.wso2.carbon.identity.sso.saml.processors.SPInitSSOAuthnRequestProcessor} - Error processing the authentication request {org.wso2.carbon.identity.sso.saml.processors.SPInitSSOAuthnRequestProcessor}org.wso2.carbon.identity.base.IdentityException: Error while building the saml assertion
I was trying to figure out what could change between patches. When I delete all requested claims or deactivate the option " Include Attributes in the Response Always" it has no problem at all, but it doesn't work for me that way.
Thanks in advance
Did you change the Subject Claim URI? By default it is not select... If this can be an bug in WSO2IS with above patch. I also see this error when i selecte the email address as the Subject Claim URI. There is public jira as well.