I have a greg instance with context root established (url access
https://host:9443/greg/carbon/admin/index.jsp
When I try to access the governance dashboard, all the gadgets show the same message.
Unable to retrieve spec for http://host:80/registry/resource/_system/config/repository/dashboards/gadgets/impact-analysis.xml. HTTP error 404
Note the gadget is trying to access to the root context without the /greg/ prefix I have stablished.
Any help to solve this will be very appreciated.
Thank you
Pablo
This issue is appearing when you set both HostName and WebContextRoot in carbon.xml.If you changed only the WebContextRoot this issue is not appearing.This is a known issue found in WSO2 GREG 4.1.1 and it is now fixed in trunk [1].
As a workaround can you keep the <HostName> entry as it is in carbon.xml and only change the web-context root and try.
[1] https://wso2.org/jira/browse/CARBON-11839
Thanks;
/Lalaji
Related
I got one err: Error 405 -Method Not Allowed,
so, I want to enable SSO for IS,
then I modified <IS_HOME>/repository/conf/security/authenticators.xml.
but, after I restarted IS server, authenticators.xml be recovered to original value.
Finally, Error 405 still be showed.
Can you tell me how to enable SSO for IS?
Thanks much!
henry
If you have built the source code of the master branch, then it is 5.12.0-alpha10-SNAPSHOT If you download the zip here https://github.com/wso2/product-is/releases/tag/v5.11.0 it's IS-5.11.0
IS 5.9.0 onwards all configuration changes of XML files are maintained via a central location (deployment.toml). Therefore, in order to make your change navigate to <IS-HOME>/repository/conf/deployment.toml and add the following config. Then restart the server and check the relevant XML file. It should be changed.
[admin_console.authenticator.saml_sso_authenticator]
enable=true
Find more info about deployment.toml configuration model : https://www.youtube.com/watch?v=BRWvtcV1T94
I am trying to set up WSO2 Identity Server behind a reverse proxy for SSL offloading. For example, let's say if WSO2 IS is available at say https://<some-ip>:9443/, I am trying to put it behind reverse proxy with address such as https://<domain name>/is/. Note the context path /is and SSL port 443. I thought that this will be trivial enough but sadly I am unable to find any conclusive documentation for achieving the same.
My applications are using OIDC to connect to WSO2 IS and using Azure Application Gateway as reverse proxy - typically all API calls works well but neither of UI (or flows involving redirections) works due to context. I can also fix redirects by URL rewriting at reverse proxy but that still doesn't solve problems. For example, login page will appear but XHR call from the same will go to /logincontext instead of /is/logincontext. Where can I set up the proxy context path in WSO2 IS? I already tried setting the same in .toml file (equivalent of setting it in carbon.xml) but it seems to be affecting only Management Portal.
WSo2 IS documentation talks about setting it up behind ngnix but that documentation is not using any path context. I could find reverse proxy documentation for other WSO2 product such as WSO2 API Manager but it only involves updating carbon.xml and that doesn't work for WSO2 IS. I am not a java person and hence, finding it difficult to figure out web app organization of WSO2.
Any help/link to documentation/guide to set up with proxy context will be useful.
I know that this answer comes a little bit late but recently I had a similar issue and here it is how I made it work, maybe it could be helpful for someone. I was using WSO2 IS 5.11.0.
Note:
I checked similar questions on stackoverflow and found a few but none was enough by itself for my case.
Maybe the solution I came up with is not the best or the most correct but it is the only one I could make work.
Here's how I did, assuming the context path is is:
Open Carbon Management Console and go to Identity Providers -> Resident. Then, go to Inbound Authentication Configuration -> OAuth2/OpenID Connect Configuration. Here, change the hostname under Identity Provider Entity ID to https://domain_name:443/is/<remaining path>.
Make sure that the port number is present or absent both here and in the client application. If there is a mismatch between the two, for some reason, it won't work (or at least it didn't for me).
Open the file deployment.toml and modify it as follows:
under the [server] section, add your proxy context at the end of the base_path url, e.g. base_path = "https://$ref{server.hostname}:${carbon.management.port}/is";
of course, also add proxy_context_path = "is" (actually, this last line should be enough but for some reason in my case it wasn't, so I had to modify the base path too);
under [transport.https.properties] add proxyPort="443".
For the record, I also turned off compression, by adding:
[transport.http.properties]
compression="off"
[transport.https.properties]
...
compression="off"
and set the token issuer URL equal to the entity id set up in Carbon, with:
[oauth]
use_entityid_as_issuer_in_oidc_discovery = true
but found out that these last two steps (turning off compression and setting the entity id as issuer) weren't needed.
Disable the csrf guard by setting org.owasp.csrfguard.Enabled = false
in the file /repository/resources/conf/templates/repository/conf/security/Owasp.CsrfGuard.Carbon.properties.j2.
This step was necessary for me to avoid the 403 Error after logging in on the Carbon Console (turning off compression didn't work).
Lastly, if you use nginx as reverse proxy (as I did), add these two lines in the location used for wso2:
proxy_redirect https://domain_name/oauth2/ https://domain_name/is/oauth2/;
proxy_redirect https://domain_name/carbon/ https://domain_name/is/carbon/;
These are needed (or at least were for me) because some URLs are not under the context path. In particular, the last one allows you to open the Carbon Console at https://domain_name/is/carbon/.
References:
wso2 api manger carbon page gives 403 Forbidden
WSO2 Identity Server login returns a 403
WSO2 Identity Server port configuration
To understand the template-based configuration model adopted from version 5.9.0 onwards, see:
https://apim.docs.wso2.com/en/latest/reference/understanding-the-new-configuration-model/
https://mcvidanagama.medium.com/understand-wso2-api-managers-new-configuration-model-6425a2710faa
Here are some useful configuration mappings from the old xml to the new toml based model:
https://github.com/ayshsandu/samples/tree/master/config-mapping
I have added AppTransportSecurity key in info.plist , and
added a Subkey called AllowsArbitraryLoads as boolean and set its value to YES as like following image.
But still showing this error:
{Error Domain=kCFErrorDomainCFNetwork Code=-1022 "(null)"},
NSErrorFailingURLKey=http://dtcws.azurewebsites.net/ShowImg.aspx?params=dtc_376_0_True_False_22,
NSLocalizedDescription=The resource could not be loaded because the
App Transport Security policy requires the use of a secure
connection.})
Can anybody help?
Can you add "Exception Domains" under App Transport Security and specify the domains.
The best solution is to use a secure connection (https instead of http) as Apple will begin to reject apps that do not support this in the future, if they haven't begun already. WWDC 2015 session 703, “Privacy and Your App” is a great session to watch if you haven't already.
The good news is that the website you are requesting natively supports https so all you have to do is add an s to the link.
I installed CKAN and I am having difficulty with adding the DataStore extension using as a guide Setting Up the DataStore from the latest CKAN docs. When I get to the line
curl -X GET "http://127.0.0.1:5000/api/3/action/datastore_search?resource_id=_table_metadata", I get this reponse: curl: (7) Failed to connect to 127.0.0.1 port 5000: Connection refused.
When I look at a dataset I created through the CKAN instance through my browser, the data preview on my JSON file shows an error:
Dataset Error Screenshot
and trying to click the upper link to download the file directly also gives me a browser error when it goes to the URL:
Browser Data Download Error
I'm not sure what my next steps should be to figure out what's wrong but I think the FileStore is working since I was able to upload a picture and load it for an Organization listing.
The installation is fresh and has all the default settings from the installation guide so I haven't done any special modifications. Thanks for your help in advance.
Because k-nut's suggestion was the answer but it's in a comment to my question, I thought I'd post an official answer in case anyone else has the same problem. The ckan.site_url needs to be set to the specific URL that CKAN is running under which may not necessarily be a generic one, even if everything else is default configured. In my case, I have a specific internal URL for my VM that I needed to set.
For me ckan.site_url was set to http://demo.ckan.org and http://localhost
took me to the CKAN page as specified in the installation tutorial, then I figured the port used was 8080 and not 5000 by going to http://localhost:8080.
So, I ended up using curl -X GET "http://127.0.0.1:8080/api/3/action/datastore_search?resource_id=_table_metadata" url instead.
I'm evaluating WSO2 Identity Server 5.0.0 but I'm getting a strange issue using the dashboard.
I installed it on a server of mine (so it is not on localhost) and configured the following configuration files so that WSO2 knows where to point
File wso2is-5.0.0/repository/conf/carbon.xml
<HostName>SERVER_IP</HostName>
<MgtHostName>SERVER_IP</MgtHostName>
File wso2is-5.0.0/repository/conf/security/saml2.federation.properties
WSO2=https://SERVER_IP:9445/samlsso
File wso2is-5.0.0/repository/conf/security/sso-idp-config.xml
<SSOIdentityProviderConfig>
<ServiceProviders>
<ServiceProvider>
<Issuer>wso2.my.dashboard</Issuer>
<AssertionConsumerService>https://SERVER_IP:9443/dashboard/acs</AssertionConsumerService>
...
As stated in the official documentation I should see some blocks and after clicking the "View details" buttons I should be able to do the operations of the dashboard related to each block.
However, when I login in the Dashboard I can see the blocks, but when I click "View details" I get a blank-content page a you can see in the following screenshot of the "My Profiles" page
The same thing happens for the other blocks.
What can I do? Maybe I didn't configure something?
Thank you in advance
Giulio
If you have installed the identity server other than localhost, You would see some issues with dashboard. I also experienced same type of issues. But you can resolve them by configuring the host name and port properly. Unfortunately there are few places that you need to edit. Please find them below. I have already to report a jira to improve them to configure from one config file.
repository/conf/carbon.xml
repository/conf/security/sso-idp-config.xml
repository/deployment/server/jaggeryapps/dashboard/apis/gadget.json
repository/deployment/server/jaggeryapps/portal/gadgets/account-recovery/gadget.xml
repository/deployment/server/jaggeryapps/portal/gadgets/identity_management/gadget.xml
repository/deployment/server/jaggeryapps/portal/gadgets/pwd_change/gadget.xml
repository/deployment/server/jaggeryapps/portal/gadgets/user_auth_apps/gadget.xml
repository/deployment/server/jaggeryapps/portal/gadgets/user_profile/gadget.xml
modify the url of the user_profile (i.e. http://{IP}:{port}/portal/gadgets/user_profile/gadget.xml ) in "repository/deployment/server/jaggeryapps/dashboard/apis/gadget.json" file in to HTTP and Port in to 9763.