I faced with following exception in WSO2 api manager
SSLPeerUnverifiedException: peer not authenticated exception
Related
The following error is being thrown when logging to Access Manager or the Content Manager Explorer (Classic) through an ADFS SAML Identity Provider.
An error occurred.
Unknown userid
Check the logs for more information.
How can I resolve this?
I have been trying to configure WSO2 API manager as our API Gateway. I am facing below issues while configuring and testing.
Authorization of apis migrated to WSO2
Getting JSONObject["exp"] not found. when trying to access API with Token
Not sure about the client ID which has to be given for Authorization URL: https://localhost:8243/authorize
Is this URL: https://localhost:8243/authorize is the one we use for authenticate the APIs
Have used carbon for creating users, Service and Identity providers, Are they related to each other and how can we use it for the JWT authentication
Is this subscription means creating a user for using API?
How i can group multiple APIs into a microgateway
Please help me
Thanks
I have setup WSO2 IS (5.6.0) and APIM (2.5.0) recently.
I have then tried to integrate both of them together so that IS can be used IDP and APIM can be logged in using SSO.
I did the changes according to this Link
(https://docs.wso2.com/display/AM250/Configuring+Identity+Server+as+IDP+for+SSO)
Things look fine and I am accessing https://apim.com/publisher URL for login in, I am getting IS login page.
Then I enter, username and password, it authenticates as well but then I get below error in browser:
Error when processing authentication request! Please try again.
Below are the logs from backend:
DEBUG {org.wso2.carbon.identity.sso.saml.validators.SSOAuthnRequestAbstractValidator} - Thread local tenant domain is set to: carbon.super
[2019-02-17 01:12:56,196] DEBUG {org.wso2.carbon.identity.sso.saml.validators.SPInitSSOAuthnRequestValidator} - Authentication Request Validation is successful..
[2019-02-17 01:12:56,803] DEBUG {org.wso2.carbon.identity.sso.saml.servlet.SAMLSSOProviderServlet} - Query string : null
[2019-02-17 01:12:56,804] DEBUG {org.wso2.carbon.identity.sso.saml.servlet.SAMLSSOProviderServlet} - No SaaS SAML service providers found for the issuer : API_PUBLISHER. Checking for SAML service providers registered in tenant domain : carbon.super
[2019-02-17 01:12:56,825] ERROR {org.wso2.carbon.identity.sso.saml.servlet.SAMLSSOProviderServlet} - Error when processing the authentication request!
org.wso2.carbon.identity.base.IdentityException: Error while reading service provider configurations for issuer : API_PUBLISHER in tenant domain : carbon.super
Can someone please check and let me know where I am doing wrong.
Thanks
It seems like you haven't enabled IdP initiated SSO in the Service Provider configurations at the WSO2IS side. Find the attached service provider configuration screenshot below,
Tried to reset the admin password for WSO2 Identity server and API manager, following instructions for API Manager and Identity server
but now the old applications are not being listed and in the wso2 carbon logs for identity server it shows "Illegal access attempt at from IP address while trying to authenticate access to service APIKeyValidationService". Any advice on how to debug the issue?
I successfully configured WSO2 API Manager 1.8.0 [e.g. https://wso2am.com:9443] and WSO2 Identity Server 5.0.0 SP1 [IS] acting as Key Manager [e.g. https://wso2is.com:9443] in a clustered setup on 2 different servers.
I also configured a Service Provider in the IS using a SAML SSO Inbound Authenticator and tested it with travelocity.com sample app.
The sample app builds the SAML request in the right way, but https://wso2am.com:9443/samlsso?SAMLRequest=[base64stuff] returns an HTTP Status 405 - HTTP method GET is not supported by this URL.
Changing the url in https://wso2is.com:9443/samlsso?SAMLRequest=[base64stuff]
leads to successful authentication.
Basically I want to be redirected to wso2am login page and not wso2is login page.
In this way, I could deploy in DMZ WSO2AM only, leaving WSOIS in the internal network.
How can I do?
Thanks
In this scenario I think your authentication request must be directed to IS server, not APIM. The IS server is the one who does the authentication. Hence it acts as the IDP. APIM is just a service provider (SP). Even if you succeeded (even it's not the correct behaviour) with sending a SAML request to https://wso2am.com:9443/samlsso endpoint, it will redirect you to the login page in IS server. So you have to send the SAML request to the https://wso2is.com:9443/samlsso endpoint for successful authentication & for the correct behavior.