Develop Reference

( WSO2 AM 4.1 : Token Endpoint ) Can we use the gateway as the default token Endpoint?

in new wso2 apim versions (4.0/4.1) the default token endpoint has changed . It used to be the Gateway : https://gw.wso2.com/oauth2/token and the the call is redirected to the key manager node . Now with the news versions , we do not need to go trough that process as we can directly call the key-manager for token operations .
is there a way to preseve the same behavior of the old versions in the new version 4.1 ?
For now, I tried adding the TokenAPI.xml api in the synapse-configs to see if i can produce the same experience , but the api is automatically destroyed in startup.
Any ideas ?
Thank you in advance .
Best regards,

Yes, the gateway removes those files.
To keep custom runtime artifacts deployed in the Gateway, add the following configuration in the /repository/conf/deployment.toml file.
[apim.sync_runtime_artifacts.gateway.skip_list]
apis = ["token_api_file_name.xml"]
Refer - https://apim.docs.wso2.com/en/latest/install-and-setup/setup/distributed-deployment/deploying-wso2-api-m-in-a-distributed-setup/#configure-the-gateway-nodes

Update WordPress Theme / Plugin from Private GitHub Repo

Background
I am working on a custom theme for my WordPress site which I would like to manage from a private GitHub repo. (This theme will never be pushed into the WordPress market place) The general idea would be that I use the repo to manage the code and then once I tag a new version, the tag would trigger an update for the WordPress theme.
I have this pattern working using the following as a template:
https://github.com/krafit/wp-gitlab-updater
(Yes, I know the repo is for Gitlab and not GitHub)
Since my repo is private, I will need to generate a user token to allow the theme to be updated. And because the user token is capable of accessing all my private repos, the idea of sharing the user token with another plugin is discomforting from a security standpoint. (Meaning, I'm uncomfortable using a plugin like: https://github.com/afragen/git-updater)
Question
The problem is that GitHub has deprecated the use of access_token as a query string parameter, so all tokens must be sent over as an Authorization header.
How do I add an authorization header to the request WordPress sends to download the artifact?
What I've Tried
When I check for new tags I use the code:
protected function fetch_tags_from_repo( $git_url, $repo, $access_token ) {
$request_url = "$git_url/repos/$repo/tags?access_token=$access_token";
$args = [
"headers" => [
"Accept" => "application/vnd.github.v3+json",
"Authorization" => "token " . $access_token
]
];
$request = wp_safe_remote_get( $request_url, $args );
return $request;
}
This works without any issues. However...
During the pre_set_site_transient_update_themes hook I return an object that looks like:
$transient->response[ $theme['name'] ]['theme'] = $theme['name'];
$transient->response[ $theme['name'] ]['new_version'] = $latest_version;
$transient->response[ $theme['name'] ]['package'] = $theme_package;
The problem is, I have no way of adding an Authorization header to the transient response object. Therefore, when WP later tries to download the artifact, it fails.
Note: The $theme_package string is a URL which looks like:
$theme_package = "$git_url/repos/$repo/zipball/refs/tags/$latest_version";
Any support appreciated, thank you!

Honestly, this problem has been exhausting and enough is enough...
Answer
Eject from GitHub and use Gitlab because they still support access_token as a header. They have unlimited free private repos <5gb storage.

If you are planning to distribute the private repo with a license I recommend you not to expose your access credentials in the script.
Instead you should use the GitHub PHP API together with a SSH Key that you setup in your repo settings or a GitHub App with access permission granted on your repo.
Here is a solid SDK to start from:
https://github.com/KnpLabs/php-github-api
Alternatively as you suggested it in your answer, a third party service could be used to manage the credentials on your behalf.
Gitlab is a nice generic and low cost option but if you are looking for something dedicated to Wordpress development I recommend WP Package Editor (WP2E)
Among other things the service uses a registered GitHub App to pull the latest version from public / private GitHub repositories:
https://github.com/marketplace/wp-package-editor
This is quoted from the documentation regarding how it is implemented with GitHub:
For a script to be successfully imported to the library of repositories and later be synchronized as an installer dependency there are 4 conditions :
The GitHub App must be connected to a WP2E account
The “read-only” access to the repository must be granted to the WP2E GitHub App
The script must be a valid WP theme or plugin
The repository must have at least one “release” on GitHub
Note: In order to synchronize with the GitHub account/repo the GitHub App should be integrated via the saas panel ( not directly via the GitHub Marketplace )

Alfresco with Drupal CMIS

I am attempting to configure Drupal CMIS to connect to the Alfresco public test repository.
I am using this CMIS module
https://www.drupal.org/project/cmis
I am using Alfresco 4.x CMIS Content Repository as found here
https://www.alfresco.com/cmis
The problem is that when i try to browse the repository in drupal I get the following message
There has been an problem contacting the CMIS server, please see the logs.
The error log always reads
HTTP call to [repository link here, shown in code sample bellow] returned [307]. Response: Authentication Required Authentication Required
my Drupal settings file contains the following
$conf['cmis_repositories'] = array(
'default' => array(
'user' => 'admin',
'password' => 'admin',
'url' => 'http://docs.oasis-open.org/ns/cmis/ws/200908/'
)
);
The config is copy/pasted from the modules documentation and includes the URL which appears in the error message. Also I have viewed the $conf global using print('' .print_r($conf,true) . '') so I definitely have settings.php correct.
is my admin, pass, url combination still valid (ie is the site up to date)
what else could be causing this?

Your url seems to be wrong.
Please try with http://cmis.alfresco.com/cmisatom (Atompub ) , http://cmis.alfresco.com/cmisbrowser (json)
Links are there in the alfresco web link mentioned by you
cheers,
Saurav

OpenAM J2EE agent installation bringing down tomcat

OpenAM version -12 , Agent version 3.5 and 3.3 , tomcat version 7
I have tried to follow the link https://forums.alfresco.com/forum/installation-upgrades-configuration-integration/authentication-ldap-sso/sso-openam-06052012 to set up my J2EE Agent. Let me paste the steps after asking the question(see at the end)
but I am getting the error as asked below
Not able to configure J2ee agent on adding my customized data store for users
I have tried to use 3.5 version installed and uninstalled multiple times and tried previous version.
There is a nice discussion on this topic at http://database.developer-works.com/article/16009911/%22Cannot+obtain+Application+SSO+token%22+error
but it did not help me much.
I am using LDAP so I have used LDAP realm and subjects are showing up ok. Also I am observing that the policy tab has changed quite a bit from how it is described in the Blogs.
Now with the roadblock I am not sure how to proceed as the error is not giving me any clue what to do. I even added the file named AMConfig.properties in the classpath with username and password of the agent and tried the username and password of the OpenAM admin too as suggested in the discussion mentioned. but that too did not help.
The issue is the Tomcat now is not starting and giving error that AMConfig.properties properties are needed
I know the OpenAM Realm setup is good as I am able to login via this realm to another application (Liferay) where I just have to give the URL for use OpenAM integration. but after uninstallation of the agent the tomcat starts without any error and i am able to login to the application
-------------------Step copied from 1st link(modified)--------------------------
1. Configure your OpenAM agent (tried both 3.5 and 3.3 version on tomcat 7)
a. Log into OpenAM as the admin user and navigate to "Access Control -> (Your Realm) - where in my case LDAP Realm (other application using it without issue)
b. Select Policies -> New Policy
c. Enter Share as the policy name and then create 2 new URL Policy agent rules
d. 1st Resource Name = http://:/share/*
e. 2nd Resource Name = http://alfresco.domain.com:8080/share/*?*
f. Add a subjects - already part of LDAP Realm
g. Now select Agents -> J2EE - > (your J2EE agent)
h. Select the Application tab
i. Login Processing -> Login Form URI - add /share/page/dologin
j. Logout Processing -> Application Logout URL - add Map Key = share - Corresponding Map Value = /share/page/dologout
k. Not Enforced URI Processing - Add 2 entries - /share and /share/
l. Profile Attributes Processing - Select HTTP_HEADER and add Map Key = uid - Corresponding Map Value = SsoUserHeader (This is what I called my header in the alfresco-global.properties file - see below)
Auth chain
authentication.chain=external1:external,alfrescoNtlm1:alfrescoNtlm
alfresco.authentication.allowGuestLogin=true
SSO settings
external.authentication.enabled=true
external.authentication.defaultAdministratorUserNames=admin
external.authentication.proxyUserName=
external.authentication.proxyHeader=SsoUserHeader
NOTE- It does not seem possible to configure SSO where the Guest login has been disabled. There are webscripts used on the Alfresco repository that need guest login.
That concludes the setup for Alfresco and OpenAM
For Share you need to have the following section uncommented in your share-config-custom.xml
alfresco/web-extension/alfresco-system.p12
pkcs12
alfresco-system
alfrescoCookie
Alfresco Connector
Connects to an Alfresco instance using cookie-based authentication
org.alfresco.web.site.servlet.SlingshotAlfrescoConnector
alfrescoHeader
Alfresco Connector
Connects to an Alfresco instance using header and cookie-based authentication
org.alfresco.web.site.servlet.SlingshotAlfrescoConnector
SsoUserHeader
alfresco
Alfresco - user access
Access to Alfresco Repository WebScripts that require user authentication
alfrescoHeader
http://alfreso.domain.com:8080/alfresco/wcs
user
true
Notice I am not using the SSL cert and in my alfrescoHeader connector I have used SsoUserHeader (as setup in OpenAM) and the endpoint uses the alfrescoHeader connector
Now you need to add the OpenAM filter to the Share web.xml file
Add the following filter just before the Share SSO authentication support filter
Agent
com.sun.identity.agents.filter.AmAgentFilter
Add the following filter mapping to the filter-mapping section
Agent
REQUEST
INCLUDE
FORWARD
ERROR
----- End ----------

The error message is a bit misleading: the Cannot obtain application SSO token in general means that the agent was unable to authenticate itself. When you install the agent, the agent asks for a profile name and a password file, those values need to correspond to the agent profile configured within OpenAM.
To test if you can authenticate as the user, you could simply try to authenticate as the agent by making the following request:
curl -d "username=profilename&password=password&uri=realm=/%26module=Application" http://aldaris.sch.bme.hu:8080/openam/identity/authenticate
In the above command the realm value needs to be the same as the value for the "com.sun.identity.agents.config.organization.name" property defined in OpenSSOAgentBootstrap.properties (under the agent's install directory).
Having bad username/password combination is only one of the possible root causes for this exception though. It is also possible that during startup the agent was unable to connect to OpenAM to authenticate itself. In those cases the problem could be:
network error, firewall issues preventing the agent from contacting OpenAM
SSL trust issues: agent's JVM does not trust the certificate of OpenAM's container (only problem if you've installed the agent by providing OpenAM's HTTPS URL and the certificate is self-signed or just simply not trusted by the JVM)

Ruby - "Certificate Verify Failed" Error on WePay Embedded Checkout

I am attempting to set up the WePay API to accept payments on my website via the Embedded Checkout, and I am running into some issues. The website is currently hosted on my local machine for testing and was created in Ruby on Rails (ruby 1.9.3p545 and Rails 3.2.13). I have my own shopping cart system in place, so when the user clicks on the “Checkout” button in the cart, I added the following code in the next controller action:
# set _use_stage to false for live environments
wepay = WePay.new(CLIENT_ID, CLIENT_SECRET, USE_STAGE)
# create the checkout
response = wepay.call('/checkout/create', ACCESS_TOKEN, {
:account_id => ACCOUNT_ID,
:amount => '24.95',
:short_description => 'Software',
:type => 'SERVICE'
})
I have done this because the page that loads after the user clicks on “Checkout” will show the WePay iframe, and I need to receive a checkout_id and a checkout_uri before showing the iframe. All of the variables in capital letters are defined in the config\environments\development.rb file and are based on their respective values from my WePay account. Upon clicking the “Checkout” button, I found that the call to /checkout/create fails. I receive the following error message:
SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed
The WePay calls and objects are recognized since I have included the correct WePay gem in my Gemfile.
For reference, the official documentation for WePay's Embedded Checkout can be found here: https://www.wepay.com/developer/process_payments/iframe-checkout
EDIT:
I resolved the issue by following the instructions on the first answer at the following link: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed on WINDOWS

To recap the fix here-added the 'certified' gem to the Gemfile fixed the problem.