WSO2 api manager 3.2.0 access permission problem - wso2-api-manager

I use WSO2 api manager 3.2.0 and I create a user x with role /publisher, when login in carbon by user x, I just could change passowrd.But when I copy the url of add keystore from admin to user url in browser, user x can also access to keystore as follows :
Could you please guide me to solve the problem?

The Carbon UI is rendered based on the permissions which the particular user has. Raise a Git issue in the following repo: Product-APIM stating the observations and reproducing steps

Related

What is the PingFederate default admin account?

I got the PingFederate running (from the docker image)and I can access the portal but it asks for a username and password.
I find online references that the default account would be "Administrator"/"administrator" or "administrator"/"2Federate", but nothing works.
I also deleted the file /server/default/data/pingfederate-admin-user.xml which should trigger to use the default account but no luck with those 2 credentials above.
After lot of research I found a guide that says that the default account is "administrator"/"2FederateM0re" and that one worked!

If log in with SSO, the role will continue to be overwritten

In WSO2 API Manager, we try to access Subscriber UI and Publisher UI through SSO. The SSO connection works fine, but Admin gave a special user the publisher creator permission. but If that user accesses the Subscriber UI again through SSO, the newly given permission(publisher creator) is lost and reset to the initial setting. What should I do in this case?
As per the description, I believe that you have created multiple Identity Providers to log in to Publisher and Devportal. Also, have enabled the Just-In-Time provisioning at the Identity Providers.
If yes, try adding the following configuration in the APIM's deployment.toml and try out the scenario
[authentication.framework.extensions]
provisioning_handler = "org.wso2.carbon.identity.application.authentication.framework.handler.provisioning.impl.SystemRolesRetainedProvisionHandler"
The default provisioning handler removes any additional roles that have been assigned to the logged-in user performing the sign-in process. The above-given Provisioning Handler is an extended version to not remove the additional (custom) assigned roles from the user using the login process.

Microsoft Bot Framework Insufficient privileges to perform this operation

I created a Microsoft Account using my work mail.
Using this account, with 50$ credit, i tried to register my bot (already published using visual studio 2017). The problem is that when i tried to obtain the credentials for my bot, i'm getting an error that says i don't have enough privileges (even though i'm supposed to be the administrator of the account)
Button i clicked to get credentials
Error image
Please log into http://aad.portal.azure.com and go to Users and Groups -> User Settings and check if Users Can Register Applications is set to Yes.

Account Locked in API Manager Store & Publisher 2.1.0

Is there a way to lock a user's account after a certain number of failed login attempts to the API Store and API Publisher? I already check at FAQ API Manager, but then the documentation redirect to Identity Server files.
Its there any method on how to solve this issues?
Thank You.
You can change the following properties in APIM_HOME/repository/conf/identity/identity-mgt.properties file.
Authentication.Policy.Account.Lock.On.Failure.Max.Attempts
Authentication.Policy.Password.Expire.Time=0
# If account verification is not enabled, following property will decide where user must be lock or not after user is created
Authentication.Policy.Account.Lock.On.Creation=false
Authentication.Policy.Account.Lock.Time=0
Authentication.Policy.Account.Lock.On.Failure=false
Authentication.Policy.Account.Lock.On.Failure.Max.Attempts=0
You should first install following Identity Feature in WSO2 API Manager.
Account Recovery and Credential Management
version : 5.7.5
Then you will get the identity-mgt.properties file in your /repository/conf/identity directory.
By changing the following property value to the preferred number you can achive the account locking after several attempts.
Authentication.Policy.Account.Lock.On.Failure.Max.Attempts=0
Note :
To install the above feature,
Login to Management Console of API Manager 2.1.0 (httpso://localhost:9443/carbon)
Go to Configure > Features > Repository Management and add the following repository.
http://product-dist.wso2.com/p2/carbon/releases/wilkes/
Then search for "Account Recovery and Credential Management Feature".
Select and install the version 5.7.5 as below.
Restart the Server.

Why anonymous user needs right "Feeds_ViewFeed" to publish a package by an authenticated user?

I'm not able to publish a package for an authenticated user by using the username:password as an API key, as long the anonymous user does not have at least the "Feeds_ViewFeed" right.
But I don't want to have my packages visible for anonymous users. But I need to publish packages by an authenticated user.
Tested with the following configuration
ProGet is hosted by the windows service
Anonymous has no rights assigned
If I try to push a package I get the following error:
Pushing xxx to 'xxx'...
Please provide credentials for: xxx UserName:
Cannot prompt for input in non-interactive mode.
Tried as well to give the anonymous user the "Feeds_AddPackage" right and protect the feed by an API key. Doesn't work either without the "Feeds_ViewFeed" assigned to anonymous. As soon as "Feeds_ViewFeed" is assigned pushing with an API key works as well.
Is this by design, configuration error or a bug?
Any advice?
Product: ProGet
Version: 3.5.5

Resources