Environment details:
wso2am-4.0.0
new keystore with self-signed certificate "my.domain.somewhere.com"
I follow this doc to create newstore.
When test from tryout page in publisher portal , fails response:
{
"code": "900901",
"message": "Invalid Credentials",
"description": "Invalid Credentials. Make sure you have provided the correct security credentials"
}
in devportal , tryout is ok.
the error in console :
TID: [-1] [] [2022-03-16 15:30:11,365] WARN {org.apache.synapse.transport.passthru.SourceHandler} - I/O error: Received fatal alert: certificate_unknown
TID: [-1] [] [2022-03-16 15:31:03,204] WARN {org.apache.synapse.transport.passthru.SourceHandler} - I/O error: Received fatal alert: certificate_unknown
TID: [-1234] [] [2022-03-16 15:31:03,333] ERROR {org.wso2.carbon.apimgt.gateway.handlers.security.authenticator.InternalAPIKeyAuthenticator} - Invalid Internal Key. Signature verification failed.
TID: [-1234] [] [2022-03-16 15:31:03,333] WARN {org.wso2.carbon.apimgt.gateway.handlers.security.APIAuthenticationHandler} - API authentication failure due to Invalid Credentials
For the Publisher tryout key validation, WSO2 uses the gateway_certificate_alias in the client-truststore. So you need to update that also with the public key of your new cert.
Related
I set a subscription with https protocol.
Then, i based on this guide to confirm subscription :
https://docs.aws.amazon.com/code-samples/latest/catalog/php-sns-ConfirmSubscription.php.html
But alway get error :
<ErrorResponse xmlns="http://sns.amazonaws.com/doc/2010-03-31/">
<Error>
<Type>Sender</Type>
<Code>InvalidPara (truncated...)
InvalidParameter (client): Invalid token - <ErrorResponse xmlns="http://sns.amazonaws.com/doc/2010-03-31/">
<Error>
<Type>Sender</Type>
<Code>InvalidParameter</Code>
<Message>Invalid token</Message>
</Error>
<RequestId>f90e5404-35f1-5610-9c9f-0f8586a56ab2</RequestId>
</ErrorResponse>
i don't know why....
I have the following problem with WSO2 API Manager and I suspect that it could be a problem related to certificate of the final HTTPS endpoint that it was registered.
I try to explain my situation in details:
First thing: I changed this section of the repository/conf/axis2/axis2.xml file in order to contact the 443 port instead the default 8243 port to call the registered endpoint over HTTPS (at the moment I can't change the registered end point port and I can't install a reverse proxy, but I have to test if the system works as expected, basically I need to call the final endpoint on the 443 port and I have to obtain the JSON response).
The original section that I changed is:
<transportReceiver name="https" class="org.apache.synapse.transport.passthru.PassThroughHttpSSLListener">
<parameter name="port" locked="false">8243</parameter>
<parameter name="non-blocking" locked="false">true</parameter>
<!--parameter name="bind-address" locked="false">hostname or IP address</parameter-->
<!--parameter name="WSDLEPRPrefix" locked="false">https://apachehost:port/somepath</parameter-->
<parameter name="httpGetProcessor" locked="false">org.wso2.carbon.mediation.transport.handlers.PassThroughNHttpGetProcessor</parameter>
<parameter name="keystore" locked="false">
<KeyStore>
<Location>repository/resources/security/wso2carbon.jks</Location>
<Type>JKS</Type>
<Password>wso2carbon</Password>
<KeyPassword>wso2carbon</KeyPassword>
</KeyStore>
</parameter>
<parameter name="truststore" locked="false">
<TrustStore>
<Location>repository/resources/security/client-truststore.jks</Location>
<Type>JKS</Type>
<Password>wso2carbon</Password>
</TrustStore>
</parameter>
<!--<parameter name="SSLVerifyClient">require</parameter>
supports optional|require or defaults to none -->
</transportReceiver>
I changed it in this way:
<transportReceiver name="https" class="org.apache.synapse.transport.passthru.PassThroughHttpSSLListener">
<parameter name="port" locked="false">443</parameter>
<parameter name="non-blocking" locked="false">true</parameter>
<!--parameter name="bind-address" locked="false">hostname or IP address</parameter-->
<!--parameter name="WSDLEPRPrefix" locked="false">https://apachehost:port/somepath</parameter-->
<parameter name="httpGetProcessor" locked="false">org.wso2.carbon.mediation.transport.handlers.PassThroughNHttpGetProcessor</parameter>
<parameter name="keystore" locked="false">
<KeyStore>
<Location>repository/resources/security/wso2carbon.jks</Location>
<Type>JKS</Type>
<Password>wso2carbon</Password>
<KeyPassword>wso2carbon</KeyPassword>
</KeyStore>
</parameter>
<parameter name="truststore" locked="false">
<TrustStore>
<Location>repository/resources/security/client-truststore.jks</Location>
<Type>JKS</Type>
<Password>wso2carbon</Password>
</TrustStore>
</parameter>
<!--<parameter name="SSLVerifyClient">require</parameter>
supports optional|require or defaults to none -->
</transportReceiver>
Basically I only changed the 8243 default port with 443 standard HTTPS port used to expose the final endpoint.
Now, executing the API from the Store portal I obtain a cURL command that works on the expected 443 port:
curl -k -X POST "https://ENDPOINT_IP_ADDRESS:443/puntualitest/v1.0.0/puntuali" -H "accept: application/json" -H "Content-Type: application/json" -H "Authorization: Bearer XXXXX-YYYY-ZZZZ-KKKK-WWWW" -d "{ \"header\": { \"msgUid\": \"a36bea3f-6dc6-49d7-9376-f31692930ba9\", \"timestamp\": 1567060509108, \"metadata\": { \"TRACKER_BIZID_REV_CODICE\": \"7175\", \"TRACKER_BIZID_REV_NUMERO\": \"545/2019\" }, \"codApplication\": null, \"codEnte\": null, \"invocationContext\": null, \"caller\": \"SRW\", \"user\": null, \"service\": \"crediti.invioPosizioneCreditoria\" }, \"body\": { \"#dto\": \"binary\", \"content\": \"PD94bWwgdmVyc2..............................+\" }}"
This seems correct, trying to perform the previous cURL command from the bash shell of the machine on which WSO2 API Manager is installed I obtain a JSON response from the API, this:
{"timestamp":"2020-02-29T12:13:54.630+0000","status":404,"error":"Not Found","message":"No message available","path":"/puntualitest/v1.0.0/puntuali"}
It contains an error message but I think that it is cause by a "wrong" payload, anyway it seems that the final registered API endpoint received my request, elaboreted it and return me a JSON message (is it this reasoning correct)?
The problem is that trying to perform the request directly from the inside of the Store portal of WSO2 API Manager I am obtaining the following error message:
<am:fault xmlns:am="http://wso2.org/apimanager">
<am:code>101500</am:code>
<am:type>Status report</am:type>
<am:message>Runtime Error</am:message>
<am:description>Error in Sender</am:description>
</am:fault>
Reading on the documantation it seems to me that the error having code 101500 could be related to a certificate problem:
WSO2 ESB 4.9.0: what means error 101500
The previous link referer to ESB product and not API Manager but I suspect that the problem could be the same. I suspect it also because into my log file (/usr/lib/wso2/wso2am/2.6.0/repository/logs/wso2carbon.log) when I perform the previous request from the Store portal I obtain the following error message:
TID: [-1] [] [2020-02-29 13:34:58,686] ERROR {org.apache.synapse.transport.passthru.SourceHandler} - I/O error: Received fatal alert: certificate_unknown {org.apache.synapse.transport.passthru.SourceHandler}
javax.net.ssl.SSLException: Received fatal alert: certificate_unknown
at sun.security.ssl.Alerts.getSSLException(Alerts.java:208)
at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1647)
at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1615)
at sun.security.ssl.SSLEngineImpl.recvAlert(SSLEngineImpl.java:1781)
at sun.security.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:1070)
at sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:896)
at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:766)
at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:624)
at org.apache.http.nio.reactor.ssl.SSLIOSession.doUnwrap(SSLIOSession.java:245)
at org.apache.http.nio.reactor.ssl.SSLIOSession.doHandshake(SSLIOSession.java:280)
at org.apache.http.nio.reactor.ssl.SSLIOSession.isAppInputReady(SSLIOSession.java:410)
at org.apache.http.impl.nio.reactor.AbstractIODispatch.inputReady(AbstractIODispatch.java:119)
at org.apache.http.impl.nio.reactor.BaseIOReactor.readable(BaseIOReactor.java:159)
at org.apache.http.impl.nio.reactor.AbstractIOReactor.processEvent(AbstractIOReactor.java:338)
at org.apache.http.impl.nio.reactor.AbstractIOReactor.processEvents(AbstractIOReactor.java:316)
at org.apache.http.impl.nio.reactor.AbstractIOReactor.execute(AbstractIOReactor.java:277)
at org.apache.http.impl.nio.reactor.BaseIOReactor.execute(BaseIOReactor.java:105)
at org.apache.http.impl.nio.reactor.AbstractMultiworkerIOReactor$Worker.run(AbstractMultiworkerIOReactor.java:586)
at java.lang.Thread.run(Thread.java:748)
TID: [-1234] [] [2020-02-29 13:34:58,827] WARN {org.wso2.carbon.apimgt.keymgt.service.thrift.APIKeyValidationServiceImpl} - Invalid session id for thrift authenticator. {org.wso2.carbon.apimgt.keymgt.service.thrift.APIKeyValidationServiceImpl}
TID: [-1234] [] [2020-02-29 13:34:58,829] ERROR {org.wso2.carbon.apimgt.keymgt.service.thrift.APIKeyValidationServiceImpl} - Error in invoking validate key via thrift.. {org.wso2.carbon.apimgt.keymgt.service.thrift.APIKeyValidationServiceImpl}
TID: [-1234] [] [2020-02-29 13:34:58,830] WARN {org.wso2.carbon.apimgt.gateway.handlers.security.thrift.ThriftKeyValidatorClient} - Login failed.. Authenticating again.. {org.wso2.carbon.apimgt.gateway.handlers.security.thrift.ThriftKeyValidatorClient}
TID: [-1234] [] [2020-02-29 13:34:58,846] INFO {org.wso2.carbon.core.services.util.CarbonAuthenticationUtil} - 'admin#carbon.super [-1234]' logged in at [2020-02-29 13:34:58,845+0100] from IP address {org.wso2.carbon.core.services.util.CarbonAuthenticationUtil}
TID: [-1] [] [2020-02-29 13:34:58,941] ERROR {org.apache.synapse.transport.passthru.TargetHandler} - I/O error: General SSLEngine problem {org.apache.synapse.transport.passthru.TargetHandler}
javax.net.ssl.SSLHandshakeException: General SSLEngine problem
at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1521)
at sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:528)
at sun.security.ssl.SSLEngineImpl.writeAppRecord(SSLEngineImpl.java:1197)
at sun.security.ssl.SSLEngineImpl.wrap(SSLEngineImpl.java:1165)
at javax.net.ssl.SSLEngine.wrap(SSLEngine.java:469)
at org.apache.http.nio.reactor.ssl.SSLIOSession.doWrap(SSLIOSession.java:237)
at org.apache.http.nio.reactor.ssl.SSLIOSession.doHandshake(SSLIOSession.java:271)
at org.apache.http.nio.reactor.ssl.SSLIOSession.isAppInputReady(SSLIOSession.java:410)
at org.apache.http.impl.nio.reactor.AbstractIODispatch.inputReady(AbstractIODispatch.java:119)
at org.apache.http.impl.nio.reactor.BaseIOReactor.readable(BaseIOReactor.java:159)
at org.apache.http.impl.nio.reactor.AbstractIOReactor.processEvent(AbstractIOReactor.java:338)
at org.apache.http.impl.nio.reactor.AbstractIOReactor.processEvents(AbstractIOReactor.java:316)
at org.apache.http.impl.nio.reactor.AbstractIOReactor.execute(AbstractIOReactor.java:277)
at org.apache.http.impl.nio.reactor.BaseIOReactor.execute(BaseIOReactor.java:105)
at org.apache.http.impl.nio.reactor.AbstractMultiworkerIOReactor$Worker.run(AbstractMultiworkerIOReactor.java:586)
at java.lang.Thread.run(Thread.java:748)
Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1709)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:318)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:310)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1639)
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:223)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1037)
at sun.security.ssl.Handshaker$1.run(Handshaker.java:970)
at sun.security.ssl.Handshaker$1.run(Handshaker.java:967)
at java.security.AccessController.doPrivileged(Native Method)
at sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1459)
at org.apache.http.nio.reactor.ssl.SSLIOSession.doRunTask(SSLIOSession.java:255)
at org.apache.http.nio.reactor.ssl.SSLIOSession.doHandshake(SSLIOSession.java:293)
... 9 more
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:397)
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:302)
at sun.security.validator.Validator.validate(Validator.java:262)
at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:281)
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:136)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1626)
... 17 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:392)
... 23 more
TID: [-1234] [] [2020-02-29 13:34:58,948] WARN {org.apache.synapse.endpoints.EndpointContext} - Endpoint : SirPuntuali--vv1.0.0_APIproductionEndpoint with address https://ENDPOINT_IP_ADDRESS/cmd/j/ will be marked SUSPENDED as it failed {org.apache.synapse.endpoints.EndpointContext}
TID: [-1234] [] [2020-02-29 13:34:58,948] WARN {org.apache.synapse.endpoints.EndpointContext} - Suspending endpoint : SirPuntuali--vv1.0.0_APIproductionEndpoint with address https://ENDPOINT_IP_ADDRESS/cmd/j/ - last suspend duration was : 30000ms and current suspend duration is : 30000ms - Next retry after : Sat Feb 29 13:35:28 CET 2020 {org.apache.synapse.endpoints.EndpointContext}
TID: [-1234] [] [2020-02-29 13:34:58,949] INFO {org.apache.synapse.mediators.builtin.LogMediator} - STATUS = Executing default 'fault' sequence, ERROR_CODE = 101500, ERROR_MESSAGE = Error in Sender {org.apache.synapse.mediators.builtin.LogMediator}
TID: [-1] [] [2020-02-29 13:34:58,979] INFO {org.wso2.carbon.databridge.core.DataBridge} - user admin connected {org.wso2.carbon.databridge.core.DataBridge}
So it seems that WSO2 API Manager is trying to send the request to the correct endpoint but there is a certificate problem. Is it this reasoning correct?
If this could be the problem now I have some doubts about what I have to do to solve my problem:
Have I to obtain a certificate generated on the server hosting the final endpoint and have I to set it on my WSO2 API Manager or, on the contrary, have I to generate a certificate on the WSO2 API Manager machine and I have to provide it to the machine hosting the final API?
Reading on the documentation it seems to me that I have to obtain a certificate from the API hosting machine and I have to upload this certificate into WSO2 API Manager application (as shown here: https://apim.docs.wso2.com/en/latest/learn/design-api/endpoints/certificates/). But I am not sure of this assumption.
A self signed certificate is ok? In case what is the procedure to generate it and what kind of certificate I need to obtain (I have to provide precise information to the guys working on the final API machine)
Probably a trivial question: the Store portal is generating a cURL request using the -k option that is used to ignore certificate (infact performing it directly in the shell it seems to work fine). Why sending the request from the Store portal is not working? I suspect that it generates a cURL request for test pourpose but that under the hood the API Manager is not performing a simple cURL request.
The behavior is a bit strange. Just to explain what happens here, there are 2 HTTP calls involved.
The client (curl or UI) to the gateway
The gateway to the backend
As per the 2nd error trace, the problem is with the connection between the gateway and the backend. Answering your first question, to resolve this, you have to get the certificate of the backend endpoint and install it to the APIM's client-truststore.jks. You can either do it for each API via the UI, or you can directly install it to the jks file.
However, since this is independent of the client you use, you should see the same behavior for both cURL and UI. I don't get how it works for cURL.
Answering your 3rd question, the UI does not use curl inside to make the call to the gateway. And it has nothing to do with the above error either.
Hello I am very much new to WSO2 products and exploring WSO2 API Manager 2.6.0 and WSO2 IS - KM 5.9.0. I am trying to use WSO2 IS -KM as key manager for WSO2 API M. I have followed all the steps mentioned in https://docs.wso2.com/display/AM260/Configuring+WSO2+Identity+Server+as+a+Key+Manager#ConfiguringWSO2IdentityServerasaKeyManager-Step1-DownloadWSO2ISasaKeyManager(WSO2IS-KM)
But I am getting the following error in API M carbon log when I try to call an API with generated token through API Manager.
TID: [-1] [] [2019-11-04 16:51:40,484] WARN {org.apache.synapse.transport.http.access.AccessConfiguration} - Error loading properties from file: access-log.properties {org.apache.synapse.transport.http.access.AccessConfiguration}
TID: [-1234] [] [2019-11-04 16:51:40,535] INFO {org.apache.synapse.core.axis2.TimeoutHandler} - This engine will expire all callbacks after GLOBAL_TIMEOUT: 120 seconds, irrespective of the timeout action, after the specified or optional timeout {org.apache.synapse.core.axis2.TimeoutHandler}
TID: [-1234] [] [2019-11-04 16:52:52,019] DEBUG {org.wso2.carbon.apimgt.gateway.handlers.security.oauth.OAuthAuthenticator} - Received Token 403252b7-c890-38ce-add7-013eb510b1e3 {org.wso2.carbon.apimgt.gateway.handlers.security.oauth.OAuthAuthenticator}
TID: [-1234] [] [2019-11-04 16:52:52,019] DEBUG {org.wso2.carbon.apimgt.gateway.handlers.security.oauth.OAuthAuthenticator} - Default Version API invoked {org.wso2.carbon.apimgt.gateway.handlers.security.oauth.OAuthAuthenticator}
TID: [-1234] [] [2019-11-04 16:52:52,019] DEBUG {org.wso2.carbon.apimgt.gateway.handlers.security.oauth.OAuthAuthenticator} - Removing Authorization header from headers {org.wso2.carbon.apimgt.gateway.handlers.security.oauth.OAuthAuthenticator}
TID: [-1234] [] [2019-11-04 16:52:52,020] DEBUG {org.wso2.carbon.apimgt.gateway.handlers.security.APIKeyValidator} - Resource not found in cache for key: /pocGet/1.0.0/1.0.0/getAllDDN:GET {org.wso2.carbon.apimgt.gateway.handlers.security.APIKeyValidator}
TID: [-1234] [] [2019-11-04 16:52:52,020] DEBUG {org.wso2.carbon.apimgt.gateway.handlers.security.APIKeyValidator} - Setting REST_SUB_REQUEST_PATH in msg context: /getAllDDN {org.wso2.carbon.apimgt.gateway.handlers.security.APIKeyValidator}
TID: [-1234] [] [2019-11-04 16:52:52,020] DEBUG {org.wso2.carbon.apimgt.gateway.handlers.security.APIKeyValidator} - Cache miss for Resource for key: /pocGet/1.0.0/1.0.0/getAllDDN:GET {org.wso2.carbon.apimgt.gateway.handlers.security.APIKeyValidator}
TID: [-1234] [] [2019-11-04 16:52:52,021] DEBUG {org.wso2.carbon.apimgt.gateway.handlers.security.APIKeyValidator} - Could not find API object in cache for key: /pocGet/1.0.0/1.0.0 {org.wso2.carbon.apimgt.gateway.handlers.security.APIKeyValidator}
TID: [-1234] [] [2019-11-04 16:52:52,022] DEBUG {org.wso2.carbon.apimgt.gateway.handlers.security.keys.APIKeyValidatorClientPool} - Initializing new APIKeyValidatorClient instance {org.wso2.carbon.apimgt.gateway.handlers.security.keys.APIKeyValidatorClientPool}
TID: [-1234] [] [2019-11-04 16:52:52,032] DEBUG {org.wso2.carbon.apimgt.gateway.handlers.security.keys.APIKeyValidatorClient} - Get all URI templates request from gateway to keymanager via web service call for:/pocGet/1.0.0 at [2019.11.04 16:52:52,032 IST] {org.wso2.carbon.apimgt.gateway.handlers.security.keys.APIKeyValidatorClient}
TID: [-1234] [] [2019-11-04 16:52:54,786] DEBUG {org.wso2.carbon.apimgt.gateway.handlers.security.APIAuthenticationHandler} - Call to Key Manager : API call failed reason=API_authentication_failure transactionId=urn:uuid:32a9f7d6-f642-4276-8452-637d65a01d61 with userAgent=PostmanRuntime/7.1.1 for requestURI=/pocGet/1.0.0/getAllDDN at time=Mon Nov 04 16:52:52 IST 2019 from clientIP=10.40.254.70, elapsedTimeInMilliseconds=0 {org.wso2.carbon.apimgt.gateway.handlers.security.APIAuthenticationHandler}
TID: [-1234] [] [2019-11-04 16:52:54,789] ERROR {org.wso2.carbon.apimgt.gateway.handlers.security.APIAuthenticationHandler} - API authentication failure due to Unclassified Authentication Failure {org.wso2.carbon.apimgt.gateway.handlers.security.APIAuthenticationHandler}
org.wso2.carbon.apimgt.gateway.handlers.security.APISecurityException: Error while accessing backend services for API key validation
at org.wso2.carbon.apimgt.gateway.handlers.security.keys.WSAPIKeyDataStore.getAllURITemplates(WSAPIKeyDataStore.java:77)
at org.wso2.carbon.apimgt.gateway.handlers.security.APIKeyValidator.getAllURITemplates(APIKeyValidator.java:791)
at org.wso2.carbon.apimgt.gateway.handlers.security.APIKeyValidator.doGetAPIInfo(APIKeyValidator.java:639)
at org.wso2.carbon.apimgt.gateway.handlers.security.APIKeyValidator.findMatchingVerb(APIKeyValidator.java:573)
at org.wso2.carbon.apimgt.gateway.handlers.security.APIKeyValidator.getResourceAuthenticationScheme(APIKeyValidator.java:357)
at org.wso2.carbon.apimgt.gateway.handlers.security.oauth.OAuthAuthenticator.authenticate(OAuthAuthenticator.java:127)
at org.wso2.carbon.apimgt.gateway.handlers.security.APIAuthenticationHandler.isAuthenticate(APIAuthenticationHandler.java:210)
at org.wso2.carbon.apimgt.gateway.handlers.security.APIAuthenticationHandler.handleRequest(APIAuthenticationHandler.java:158)
at org.apache.synapse.rest.API.process(API.java:325)
at org.apache.synapse.rest.RESTRequestHandler.apiProcessNonDefaultStrategy(RESTRequestHandler.java:149)
at org.apache.synapse.rest.RESTRequestHandler.dispatchToAPI(RESTRequestHandler.java:95)
at org.apache.synapse.rest.RESTRequestHandler.process(RESTRequestHandler.java:71)
at org.apache.synapse.core.axis2.Axis2SynapseEnvironment.injectMessage(Axis2SynapseEnvironment.java:303)
at org.apache.synapse.core.axis2.SynapseMessageReceiver.receive(SynapseMessageReceiver.java:92)
at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:180)
at org.apache.synapse.transport.passthru.ServerWorker.processNonEntityEnclosingRESTHandler(ServerWorker.java:337)
at org.apache.synapse.transport.passthru.ServerWorker.run(ServerWorker.java:158)
at org.apache.axis2.transport.base.threads.NativeWorkerPool$1.run(NativeWorkerPool.java:172)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:748)
Caused by: org.wso2.carbon.apimgt.gateway.handlers.security.APISecurityException: Error while accessing backend services for API key validation
at org.wso2.carbon.apimgt.gateway.handlers.security.keys.APIKeyValidatorClient.getAllURITemplates(APIKeyValidatorClient.java:189)
at org.wso2.carbon.apimgt.gateway.handlers.security.keys.WSAPIKeyDataStore.getAllURITemplates(WSAPIKeyDataStore.java:75)
... 20 more
Caused by: org.apache.axis2.AxisFault: org.apache.axis2.databinding.ADBException: Unexpected subelement {http://model.api.apimgt.carbon.wso2.org/xsd}id
at org.apache.axis2.AxisFault.makeFault(AxisFault.java:430)
at org.wso2.carbon.apimgt.keymgt.stub.validator.APIKeyValidationServiceStub.fromOM(APIKeyValidationServiceStub.java:1452)
at org.wso2.carbon.apimgt.keymgt.stub.validator.APIKeyValidationServiceStub.getAllURITemplates(APIKeyValidationServiceStub.java:245)
at org.wso2.carbon.apimgt.gateway.handlers.security.keys.APIKeyValidatorClient.getAllURITemplates(APIKeyValidatorClient.java:173)
... 21 more
Caused by: java.lang.Exception: org.apache.axis2.databinding.ADBException: Unexpected subelement {http://model.api.apimgt.carbon.wso2.org/xsd}id
at org.wso2.carbon.apimgt.api.model.xsd.URITemplate$Factory.parse(URITemplate.java:3025)
at org.wso2.carbon.apimgt.keymgt.stub.types.axis2.GetAllURITemplatesResponse$Factory.parse(GetAllURITemplatesResponse.java:489)
at org.wso2.carbon.apimgt.keymgt.stub.validator.APIKeyValidationServiceStub.fromOM(APIKeyValidationServiceStub.java:1376)
... 23 more
Caused by: org.apache.axis2.databinding.ADBException: Unexpected subelement {http://model.api.apimgt.carbon.wso2.org/xsd}id
at org.wso2.carbon.apimgt.api.model.xsd.URITemplate$Factory.parse(URITemplate.java:3019)
... 25 more
I have imported self signed certificate of WSO2 IS-KM in API Manager.
I am using a Postgre DB and have created separate DB for AM(WSO2AMDB), UM(WSO2UMDB) and REG(WSO2CarbonDB). Both WSO2API-M and WSO2IS-KM are sharing these DBs.
Please help me out resolving this issue.
N.B - When I used only WSO2API manager with it's own Key manager, I could successfully test an API call from PostMan to back end REST service through API gateway.
We are trying to configure WSO2 IS to use a SQL Server database as the default primary datasource.
We have reviewed the following guides from the documentation: https://docs.wso2.com/display/IS500/Setting+up+MySQL https://docs.wso2.com/display/IS500/Configuring+a+JDBC+User+Store
we run the command wso2server.bat -Dsetup and everything run without problem, also the user admin exist in table dbo.UM_USER with password "admin"
But when we trying to login to admin console we received the following error :
Failed Administrator login attempt 'admin[-1234]' at [2015-01-08 22:31:03,647-0500],
We also noticed that the tenant id is -1234. Is that an expected default or indicate a potential multi-tenant error?
In the log file, I found :
TID: [-1234] [] [2018-02-27 01:20:37,171] DEBUG {org.wso2.carbon.identity.application.common.processors.RandomPasswordProcessor} - Cache Key not found for Random Password Container
TID: [-1] [] [2018-02-27 01:20:37,172] DEBUG {org.wso2.carbon.context.PrivilegedCarbonContext} - Resolving tenant id from tenant domain
TID: [-1234] [] [2018-02-27 01:20:37,172] DEBUG {org.wso2.carbon.identity.event.IdentityEventConfigBuilder} - Secret Resolver is not present. Will not resolve encryptions in config file
TID: [-1234] [] [2018-02-27 01:20:37,173] DEBUG {org.wso2.carbon.identity.event.IdentityEventConfigBuilder} - Secret Resolver is not present. Will not resolve encryptions in config file
TID: [-1234] [] [2018-02-27 01:20:37,173] DEBUG {org.wso2.carbon.identity.event.IdentityEventConfigBuilder} - Secret Resolver is not present. Will not resolve encryptions in config file
TID: [-1234] [] [2018-02-27 01:20:37,174] DEBUG {org.wso2.carbon.identity.event.IdentityEventConfigBuilder} - Secret Resolver is not present. Will not resolve encryptions in config file
TID: [-1234] [] [2018-02-27 01:20:37,175] DEBUG {org.wso2.carbon.identity.event.IdentityEventConfigBuilder} - Secret Resolver is not present. Will not resolve encryptions in config file
TID: [-1234] [] [2018-02-27 01:20:37,175] DEBUG {org.wso2.carbon.identity.event.IdentityEventConfigBuilder} - Secret Resolver is not present. Will not resolve encryptions in config file
TID: [-1234] [] [2018-02-27 01:20:37,176] DEBUG {org.wso2.carbon.identity.event.IdentityEventConfigBuilder} - Secret Resolver is not present. Will not resolve encryptions in config file
TID: [-1234] [] [2018-02-27 01:20:37,177] DEBUG {org.wso2.carbon.identity.event.IdentityEventConfigBuilder} - Secret Resolver is not present. Will not resolve encryptions in config file
TID: [-1234] [] [2018-02-27 01:20:37,177] DEBUG {org.wso2.carbon.identity.event.IdentityEventConfigBuilder} - Secret Resolver is not present. Will not resolve encryptions in config file
TID: [-1234] [] [2018-02-27 01:20:37,179] DEBUG {org.wso2.carbon.idp.mgt.dao.CacheBackedIdPMgtDAO} - Cache entry found for Identity Provider LOCAL
TID: [-1234] [] [2018-02-27 01:20:37,179] DEBUG {org.wso2.carbon.identity.application.common.processors.RandomPasswordProcessor} - Cache Key not found for Random Password Container
TID: [-1] [] [2018-02-27 01:20:37,179] DEBUG {org.wso2.carbon.context.PrivilegedCarbonContext} - Resolving tenant id from tenant domain
TID: [-1234] [] [2018-02-27 01:20:37,180] DEBUG {org.wso2.carbon.user.core.common.AbstractUserStoreManager} - Authentication failure. Wrong username or password is provided.
TID: [-1234] [] [2018-02-27 01:20:37,180] WARN {org.wso2.carbon.core.services.util.CarbonAuthenticationUtil} - Failed Administrator login attempt 'admin[-1234]' at [2018-02-27 01:20:37,180+0300]
TID: [-1234] [] [2018-02-27 01:20:37,198] DEBUG {org.wso2.carbon.core.multitenancy.MultitenantAddressingBasedDispatcher} - [MessageContext: logID=f450ee3284096b972cdbd2e258325b986853f2e7012145d8] The system is checking the following RelatesTo: urn:uuid:d4d7fb9f-b19b-4feb-b88b-3378362a6e22
TID: [-1234] [] [2018-02-27 01:20:37,211] DEBUG {org.wso2.carbon.ui.CarbonUILoginUtil} - Authentication failure ...
org.wso2.carbon.core.common.AuthenticationException: Exception occurred while accessing user authorization info
at org.wso2.carbon.ui.AbstractCarbonUIAuthenticator.handleSecurity(AbstractCarbonUIAuthenticator.java:255)
you can see the config files and log with the following links :
link of config file wso2carbon.log
master-datasources link
link of config file user-mgt.xml
user-mgt Link
link of log file wso2carbon.log
wso2carbon log Link
I have a requirement to invoke a backend service endpoint which accepts requests of type application/json. It is a pass through API with no logic implemented before invocation.
I have a request payload in JSON with 2000 lines for POST method.
Once, I invoke the API, it doesn't call the backend service but tries to convert payload from JSON to XML and then failed.
Is it the expected behavior of API Manager where it converts all incoming requests in JSON to XML during processing before invoking back-end service.
Also, after failure API is moving into suspended state.
Any suggestions would be helpful.
Error below.
TID: [-1234] [] [2018-02-13 07:25:30,999] WARN {org.apache.synapse.endpoints.EndpointContext} - Suspending endpoint : AnonymousEndpoint with address http://localhost:{uri.var.portnum}/savepolicy/1.0 - current suspend duration is : 30000ms - Next retry after : Tue Feb 13 07:26:00 EET 2018 {org.apache.synapse.endpoints.EndpointContext}
TID: [-1234] [] [2018-02-13 07:25:30,999] INFO {org.apache.synapse.mediators.builtin.LogMediator} - STATUS = Executing default 'fault' sequence, ERROR_CODE = 101507, ERROR_MESSAGE = Error in Sender {org.apache.synapse.mediators.builtin.LogMediator}
TID: [-1234] [] [2018-02-13 07:25:31,000] ERROR {org.apache.synapse.commons.json.JsonUtil} - #toXml. Could not convert JSON Stream to XML. Cannot handle JSON input. Error>>> null {org.apache.synapse.commons.json.JsonUtil}
TID: [-1234] [] [2018-02-13 07:25:31,000] ERROR {org.apache.synapse.transport.passthru.util.DeferredMessageBuilder} - Error building message {org.apache.synapse.transport.passthru.util.DeferredMessageBuilder}
org.apache.axis2.AxisFault: Could not convert JSON Stream to XML. Cannot handle JSON input.
at org.apache.synapse.commons.json.JsonUtil.toXml(JsonUtil.java:298)
at org.apache.synapse.commons.json.JsonBuilder.processDocument(JsonBuilder.java:35)
at org.apache.synapse.transport.passthru.util.DeferredMessageBuilder.getDocument(DeferredMessageBuilder.java:148)
at org.apache.synapse.transport.passthru.util.RelayUtils.builldMessage(RelayUtils.java:136)
at org.apache.synapse.transport.passthru.util.RelayUtils.buildMessage(RelayUtils.java:99)
at org.apache.synapse.mediators.AbstractListMediator.buildMessage(AbstractListMediator.java:140)
at org.apache.synapse.mediators.AbstractListMediator.mediate(AbstractListMediator.java:83)
at org.apache.synapse.mediators.AbstractListMediator.mediate(AbstractListMediator.java:59)
at org.apache.synapse.mediators.base.SequenceMediator.mediate(SequenceMediator.java:158)
at org.apache.synapse.mediators.base.SequenceMediator.mediate(SequenceMediator.java:214)
at org.apache.synapse.mediators.AbstractListMediator.mediate(AbstractListMediator.java:97)
at org.apache.synapse.mediators.AbstractListMediator.mediate(AbstractListMediator.java:59)
at org.apache.synapse.mediators.base.SequenceMediator.mediate(SequenceMediator.java:158)
at org.apache.synapse.mediators.MediatorFaultHandler.onFault(MediatorFaultHandler.java:95)
at org.apache.synapse.FaultHandler.handleFault(FaultHandler.java:53)
at org.apache.synapse.endpoints.AbstractEndpoint.invokeNextFaultHandler(AbstractEndpoint.java:691)
at org.apache.synapse.endpoints.AbstractEndpoint.onFault(AbstractEndpoint.java:530)
at org.apache.synapse.endpoints.HTTPEndpoint.onFault(HTTPEndpoint.java:66)
at org.apache.synapse.FaultHandler.handleFault(FaultHandler.java:101)
at org.apache.synapse.core.axis2.SynapseCallbackReceiver.handleMessage(SynapseCallbackReceiver.java:285)
at org.apache.synapse.core.axis2.SynapseCallbackReceiver.receive(SynapseCallbackReceiver.java:188)
at org.apache.synapse.transport.passthru.TargetErrorHandler$1.run(TargetErrorHandler.java:139)
at org.apache.axis2.transport.base.threads.NativeWorkerPool$1.run(NativeWorkerPool.java:172)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)
Caused by: javax.xml.stream.XMLStreamException
at org.apache.synapse.commons.staxon.core.base.AbstractXMLStreamReader.initialize(AbstractXMLStreamReader.java:245)
at org.apache.synapse.commons.staxon.core.json.JsonXMLStreamReader.<init>(JsonXMLStreamReader.java:66)
at org.apache.synapse.commons.staxon.core.json.JsonXMLInputFactory.createXMLStreamReader(JsonXMLInputFactory.java:165)
at org.apache.synapse.commons.json.JsonUtil.getReader(JsonUtil.java:333)
at org.apache.synapse.commons.json.JsonUtil.getReader(JsonUtil.java:315)
at org.apache.synapse.commons.json.JsonUtil.toXml(JsonUtil.java:294)
... 25 more
Can you try changing the default JSON builder and formatter pair in < APIM_HOME >/repository/conf/axis2/axis2.xml file to following:
<messageBuilder contentType="application/json" class="org.apache.axis2.json.JSONStreamBuilder>
<messageFormatter contentType="application/json" class="org.apache.axis2.json.JSONStreamFormatterā/>
Restart the server after changing. https://docs.wso2.com/display/AM210/Transforming+API+Message+Payload#TransformingAPIMessagePayload-JSONmessagebuildersandformatters