in new wso2 apim versions (4.0/4.1) the default token endpoint has changed . It used to be the Gateway : https://gw.wso2.com/oauth2/token and the the call is redirected to the key manager node . Now with the news versions , we do not need to go trough that process as we can directly call the key-manager for token operations .
is there a way to preseve the same behavior of the old versions in the new version 4.1 ?
For now, I tried adding the TokenAPI.xml api in the synapse-configs to see if i can produce the same experience , but the api is automatically destroyed in startup.
Any ideas ?
Thank you in advance .
Best regards,
Yes, the gateway removes those files.
To keep custom runtime artifacts deployed in the Gateway, add the following configuration in the /repository/conf/deployment.toml file.
[apim.sync_runtime_artifacts.gateway.skip_list]
apis = ["token_api_file_name.xml"]
Refer - https://apim.docs.wso2.com/en/latest/install-and-setup/setup/distributed-deployment/deploying-wso2-api-m-in-a-distributed-setup/#configure-the-gateway-nodes
Related
Below issue was posted by me on https://github.com/XiaoFaye/WooCommerce.NET/issues/414 but since this may not be related at all to WooCommerce.Net but on a lowerlevel to Apache/Word/WooCommerc itself I am posting the same question here
I am really stuck with the famous error:
WebException: {"code":"woocommerce_rest_authentication_error","message":"Invalid signature - provided signature does not match.","data":{"status":401}}
FYI:
I have two wordpress instance running. One on my local machine and one on a remote server. The remote server is, as my local machine, in our company's LAN
I am running WAMP on both machines to run Apache and host Wordpress on port 80
The error ONLY occurs when trying to call the Rest api on the remote server. Connecting to the local rest api, the Rest Api/WooCommerceNet is working like a charm :-)
From my local browser I can login to the remote WooCommerce instance without any problem
On the remote server I have defined WP_SITEURL as 'http://[ip address]/webshop/ and WP_HOME as 'http://[ip address]/webshopin wp-config.php
Calling the api url (http://[ip address]/webshop/wp-json/wc/v3/) from my local browser works OK. I get the normal JSON response
Authentication is done through the WooCommerce.Net wrapper which only requires a consumer key, consumer secret and the api url. I am sure I am using the right consumer key and secret and the proper api url http://[ip address]/webshop/wp-json/wc/v3/ (see previous bullet)
I already played around with the authorizedHeader variable (true/false) when instantiating a WooCommerce RestApi but this has no effect
Is there anybody that can point me into the direction of a solution?
Your help will be much appreciated!
In my case, the problem was in my url adress. The URL Adress had two // begin wp-json
Url Before the solution: http://localhost:8080/wordpress//wp-json/wc/v3/
URL Now, and works ok: http://localhost:8080/wordpress/wp-json/wc/v3/
I use with this sentence.
RestAPI rest = new RestAPI(cUrlApi, Funciones.CK, Funciones.CS,false);
WCObject wc = new WCObject(rest);
var lstWooCategorias = await wc.Category.GetAll();
I hope my answer helps you.
Had the same issue. My fault was to define my url incorrect: http:// instead of https://.
I have my wso2 servers up and running..now customer came up with a rewuirement that they need a separate webpage [ofcourse authenitucated] where they can see the status [up/down] and they would like to stop and start wso2 from that page rather than going to wso2 admin console.
Is there any API for getting the status as well as stopping/starting of wso2 ?
My product is wso2 EI
I guess I can invoke the wso2server.bat from Java and achieve is..is this ideal to do that or are there other approaches?
You can use WSO2 admin services to check the server(each node) status, do server restart or put into maintenance mode as well.
This internal admin service is called ServerAdmin and it's running on the servlet port(9443 - https://localhost:9443/services/ServerAdmin ). Below are the few operations available on that service
isAlive
restartGracefully
startMaintenance
endMaintenance
If you want to check the WSDL of this service, you need to change the visibility of admin WSDLs using <HideAdminServiceWSDLs>false</HideAdminServiceWSDLs> configuration in the carbon.xml file.
We are using the bing translater api in one of our projects for performing translations. The end point we use to call the api is:
http://api.microsofttranslator.com/v2/Http.svc/Translate?text=
To be able to call the API one has to authorize using the https://datamarket.accesscontrol.windows.net/v2/OAuth2-13.
Sometime in the last few days this datamarket.accesscontrol.windows.net url has become unavailable because the domain name resolution fails.
Exception: System.Net.WebException
Message: The remote name could not be resolved: 'datamarket.accesscontrol.windows.net'
Is anyone else affected by this and know what is going on?
The datamarket domain, and the ability to sign up via the Azure datamarket has been replaced by a regular Azure service.
Visit https://portal.azure.com and sign up for the Microsoft Translator Text API to get an API key. More detailed instructions at http://aka.ms/translatorgettingstarted.
OpenAM version -12 , Agent version 3.5 and 3.3 , tomcat version 7
I have tried to follow the link https://forums.alfresco.com/forum/installation-upgrades-configuration-integration/authentication-ldap-sso/sso-openam-06052012 to set up my J2EE Agent. Let me paste the steps after asking the question(see at the end)
but I am getting the error as asked below
Not able to configure J2ee agent on adding my customized data store for users
I have tried to use 3.5 version installed and uninstalled multiple times and tried previous version.
There is a nice discussion on this topic at http://database.developer-works.com/article/16009911/%22Cannot+obtain+Application+SSO+token%22+error
but it did not help me much.
I am using LDAP so I have used LDAP realm and subjects are showing up ok. Also I am observing that the policy tab has changed quite a bit from how it is described in the Blogs.
Now with the roadblock I am not sure how to proceed as the error is not giving me any clue what to do. I even added the file named AMConfig.properties in the classpath with username and password of the agent and tried the username and password of the OpenAM admin too as suggested in the discussion mentioned. but that too did not help.
The issue is the Tomcat now is not starting and giving error that AMConfig.properties properties are needed
I know the OpenAM Realm setup is good as I am able to login via this realm to another application (Liferay) where I just have to give the URL for use OpenAM integration. but after uninstallation of the agent the tomcat starts without any error and i am able to login to the application
-------------------Step copied from 1st link(modified)--------------------------
1. Configure your OpenAM agent (tried both 3.5 and 3.3 version on tomcat 7)
a. Log into OpenAM as the admin user and navigate to "Access Control -> (Your Realm) - where in my case LDAP Realm (other application using it without issue)
b. Select Policies -> New Policy
c. Enter Share as the policy name and then create 2 new URL Policy agent rules
d. 1st Resource Name = http://:/share/*
e. 2nd Resource Name = http://alfresco.domain.com:8080/share/*?*
f. Add a subjects - already part of LDAP Realm
g. Now select Agents -> J2EE - > (your J2EE agent)
h. Select the Application tab
i. Login Processing -> Login Form URI - add /share/page/dologin
j. Logout Processing -> Application Logout URL - add Map Key = share - Corresponding Map Value = /share/page/dologout
k. Not Enforced URI Processing - Add 2 entries - /share and /share/
l. Profile Attributes Processing - Select HTTP_HEADER and add Map Key = uid - Corresponding Map Value = SsoUserHeader (This is what I called my header in the alfresco-global.properties file - see below)
Auth chain
authentication.chain=external1:external,alfrescoNtlm1:alfrescoNtlm
alfresco.authentication.allowGuestLogin=true
SSO settings
external.authentication.enabled=true
external.authentication.defaultAdministratorUserNames=admin
external.authentication.proxyUserName=
external.authentication.proxyHeader=SsoUserHeader
NOTE- It does not seem possible to configure SSO where the Guest login has been disabled. There are webscripts used on the Alfresco repository that need guest login.
That concludes the setup for Alfresco and OpenAM
For Share you need to have the following section uncommented in your share-config-custom.xml
alfresco/web-extension/alfresco-system.p12
pkcs12
alfresco-system
alfrescoCookie
Alfresco Connector
Connects to an Alfresco instance using cookie-based authentication
org.alfresco.web.site.servlet.SlingshotAlfrescoConnector
alfrescoHeader
Alfresco Connector
Connects to an Alfresco instance using header and cookie-based authentication
org.alfresco.web.site.servlet.SlingshotAlfrescoConnector
SsoUserHeader
alfresco
Alfresco - user access
Access to Alfresco Repository WebScripts that require user authentication
alfrescoHeader
http://alfreso.domain.com:8080/alfresco/wcs
user
true
Notice I am not using the SSL cert and in my alfrescoHeader connector I have used SsoUserHeader (as setup in OpenAM) and the endpoint uses the alfrescoHeader connector
Now you need to add the OpenAM filter to the Share web.xml file
Add the following filter just before the Share SSO authentication support filter
Agent
com.sun.identity.agents.filter.AmAgentFilter
Add the following filter mapping to the filter-mapping section
Agent
REQUEST
INCLUDE
FORWARD
ERROR
----- End ----------
The error message is a bit misleading: the Cannot obtain application SSO token in general means that the agent was unable to authenticate itself. When you install the agent, the agent asks for a profile name and a password file, those values need to correspond to the agent profile configured within OpenAM.
To test if you can authenticate as the user, you could simply try to authenticate as the agent by making the following request:
curl -d "username=profilename&password=password&uri=realm=/%26module=Application" http://aldaris.sch.bme.hu:8080/openam/identity/authenticate
In the above command the realm value needs to be the same as the value for the "com.sun.identity.agents.config.organization.name" property defined in OpenSSOAgentBootstrap.properties (under the agent's install directory).
Having bad username/password combination is only one of the possible root causes for this exception though. It is also possible that during startup the agent was unable to connect to OpenAM to authenticate itself. In those cases the problem could be:
network error, firewall issues preventing the agent from contacting OpenAM
SSL trust issues: agent's JVM does not trust the certificate of OpenAM's container (only problem if you've installed the agent by providing OpenAM's HTTPS URL and the certificate is self-signed or just simply not trusted by the JVM)
I have a nexus oss instance running on my laptop. What I want to do is , I will send a userlogintoken in a request sent to this nexus oss and get the userlogintoken from the nexus oss plugin and then authenticate it against teamforge(my application name) which runs in a different box.
In nexus oss they use shiro . So I too will use shiro in my nexus plugin that will do authentication against teamforge . I don't know where to start . Can I have some examples that can run standalone , which can do the task as mentioned above , so that I can start moving from there.
so requirement is basically that I need to give the server url and the userlogintoken to shiro and have to authenticate against the server url provided using that logintoken provided.
I refered a number of places searching for this kind of shiro example as I am extremely new to shiro , but I did not find examples that can do authentication given a remote server url (in my case the teamforge url).there are examples for authentication from usernames , passwords stored in ini files , or in database , but did not find examples for my use case .
Can somebody please guide me ?
Try to implement your own org.apache.shiro.realm.AuthorizingRealm you can make it configurable via Shiro.ini quite easily. You have to create public getter/setter with same name as property in ini file.
You need to implement protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) and protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) methods. They are called during currentUser.login(token).
Shiro.ini
customRealm= me.harish.shiro.realm.CustomRealm
customRealm.url = http://teamforge.com/?loginme
customRealm.apiKey = ABCD
customRealm.apiSecret = magic1
securityManager.realms= $customRealm
Some helpful links:
https://www.google.sk/webhp?sourceid=chrome-instant&ion=1&ie=UTF-8#fp=5cd33cfa2e98ac64&q=custom%20realm%20shiro
http://shiro.apache.org/realm.html