WSO2 APIM 3.1.0 integration with Azure AD - wso2-api-manager

I am trying to integrate Azure AD with WSO2 APIM 3.1.0.
I have configured the IDP as Azure AD and the SPs for dev portal. When a user is trying to login to the dev portal, the first step works fine and the sign in page is redirected to Azure. The first step of the Oauth flow also works fine in retrieving the authorization code. But the next step of the Oauth flow is failing when the access token is supposed to be retrieved from the auth code. When the apim tries to connect to the endpoint to obtain the access token, it fails probably since it is retrieving a localhost endpoint for that step.
I think it should be login.microsoftonline.com endpoint. Could you please help?
here are the logs after I added a couple of logs in the jag file -
TID: [-1234] [devportal] [2020-12-07 22:06:35,705] ERROR {JAGGERY.services.login.login_callback:jag} - tokenEndpoint: https://localhost:9443/oauth2/token
TID: [-1234] [devportal] [2020-12-07 22:06:35,708] ERROR {JAGGERY.services.login.login_callback:jag} - tokenRequestData: [object Object]
TID: [-1234] [devportal] [2020-12-07 22:06:35,709] ERROR {JAGGERY.services.login.login_callback:jag} - base64encoded: ------------------------------------------------------
TID: [-1234] [devportal] [2020-12-07 22:06:35,748] ERROR {JAGGERY.services.login.login_callback:jag} - Could not retrieve access token. Response: {"error_description":"Invalid authorization code received from token request","error":"invalid_grant"}

Related

Artifactory SAML 2.0 Integration with PingFederate failure

We tried enabling SAML SSO on the Artifactory 7.35.1 with PingFederate but unsuccessful.
We have followed this documentation. Ping Authenticates successfully and redirects to Artifactory but Artifactory fails with the below error.
{"errors":[{"status":400,"message":"{"error":"Error occurred while trying to login using SAML. Check your Artifactory logs for more details."}"}]}
We tried to enable log following this guide but the "artifactory.log" file is not getting created and SAML XML is not logged to any of the log files as stated.
Appreciate any guidance to debug or fix the error.

Error SC424 connecting Make.com to google analytics

Ive added a new api app in GCS for GA4 & UA data connection to make.com. I granted credentials and added google analytics scope. The authorised redirect URI I used was https://www.integromat.com/oauth/cb/google/. I keep getting the following error when trying to connect make.com via the OAuth 2.0 module:
{"message":"The request failed due to failure of a previous request.","code":"SC424","suberrors":[{"message":"Account error (invalid_request)","name":"Error"}]}

Access Management 9.5 - An error occurred. Unknown userid message when logging through ADFS SAML Identity Provider

The following error is being thrown when logging to Access Manager or the Content Manager Explorer (Classic) through an ADFS SAML Identity Provider.
An error occurred.
Unknown userid
Check the logs for more information.
How can I resolve this?

WSO2 APIM 2.6.0 publishing APIs using RestAPIs

I have recently upgraded the WSO2 APIM from 2.5.0 to 2.6.0
Currently, performing basic tests and things are working fine. I am also using MSSQL database.
Now, using restAPIs, I am creating APIs in publisher and then I am publishing the APIs. Both of the functionalities are working fine. But, I do see one issue while invoking the API.
So to test it, I am subscribing to the API which is published and using correct token I am invoking it.
While invoking the API for the first time, I am getting below error
TID: [-1234] [] [2019-10-08 14:58:16,263] WARN {org.wso2.carbon.apimgt.keymgt.service.thrift.APIKeyValidationServiceImpl} - Invalid session id for thrift authenticator. {org.wso2.carbon.apimgt.keymgt.service.thrift.APIKeyValidationServiceImpl}
TID: [-1234] [] [2019-10-08 14:58:16,263] ERROR {org.wso2.carbon.apimgt.keymgt.service.thrift.APIKeyValidationServiceImpl} - Error in invoking validate key via thrift.. {org.wso2.carbon.apimgt.keymgt.service.thrift.APIKeyValidationServiceImpl}
TID: [-1234] [] [2019-10-08 14:58:16,264] WARN {org.wso2.carbon.apimgt.gateway.handlers.security.thrift.ThriftKeyValidatorClient} - Login failed.. Authenticating again.. {org.wso2.carbon.apimgt.gateway.handlers.security.thrift.ThriftKeyValidatorClient}
TID: [-1234] [] [2019-10-08 14:58:16,338] INFO {org.wso2.carbon.core.services.util.CarbonAuthenticationUtil} - 'admin#carbon.super [-1234]' logged in at [2019-10-08 14:58:16,338+0000] from IP address {org.wso2.carbon.core.services.util.CarbonAuthenticationUtil}
TID: [-1234] [] [2019-10-08 14:58:16,370] WARN {org.wso2.carbon.apimgt.gateway.handlers.security.APIAuthenticationHandler} - API authentication failure due to No matching resource found in the API for the given request {org.wso2.carbon.apimgt.gateway.handlers.security.APIAuthenticationHandler}
then, subsequent Invokes give below
TID: [-1234] [] [2019-10-08 14:59:29,462] WARN {org.wso2.carbon.apimgt.gateway.handlers.security.APIAuthenticationHandler} - API authentication failure due to No matching resource found in the API for the given request {org.wso2.carbon.apimgt.gateway.handlers.security.APIAuthenticationHandler}
Now, What I do is I republish the API from the /publisher portal and then I again invoke that using same oauth token, it works fine without any issue.
Can someone please help me here. Anyone got this issue in 2.6.0?
Thanks
"API authentication failure due to No matching resource found in the API for the given request"
The reason for this is resource validation fails after dispatching the API invocation request. And it may be due to corresponding API resources cannot be found in the database or resource ambiguous scenarios. So please check in the database after publishing and invoking the API via the Rest API whether the exact resources exist in the database.

WSO2: IS and APIM SAML SSO Error - Error when processing authentication request

I have setup WSO2 IS (5.6.0) and APIM (2.5.0) recently.
I have then tried to integrate both of them together so that IS can be used IDP and APIM can be logged in using SSO.
I did the changes according to this Link
(https://docs.wso2.com/display/AM250/Configuring+Identity+Server+as+IDP+for+SSO)
Things look fine and I am accessing https://apim.com/publisher URL for login in, I am getting IS login page.
Then I enter, username and password, it authenticates as well but then I get below error in browser:
Error when processing authentication request! Please try again.
Below are the logs from backend:
DEBUG {org.wso2.carbon.identity.sso.saml.validators.SSOAuthnRequestAbstractValidator} - Thread local tenant domain is set to: carbon.super
[2019-02-17 01:12:56,196] DEBUG {org.wso2.carbon.identity.sso.saml.validators.SPInitSSOAuthnRequestValidator} - Authentication Request Validation is successful..
[2019-02-17 01:12:56,803] DEBUG {org.wso2.carbon.identity.sso.saml.servlet.SAMLSSOProviderServlet} - Query string : null
[2019-02-17 01:12:56,804] DEBUG {org.wso2.carbon.identity.sso.saml.servlet.SAMLSSOProviderServlet} - No SaaS SAML service providers found for the issuer : API_PUBLISHER. Checking for SAML service providers registered in tenant domain : carbon.super
[2019-02-17 01:12:56,825] ERROR {org.wso2.carbon.identity.sso.saml.servlet.SAMLSSOProviderServlet} - Error when processing the authentication request!
org.wso2.carbon.identity.base.IdentityException: Error while reading service provider configurations for issuer : API_PUBLISHER in tenant domain : carbon.super
Can someone please check and let me know where I am doing wrong.
Thanks
It seems like you haven't enabled IdP initiated SSO in the Service Provider configurations at the WSO2IS side. Find the attached service provider configuration screenshot below,

Resources