I have recently upgraded the WSO2 APIM from 2.5.0 to 2.6.0
Currently, performing basic tests and things are working fine. I am also using MSSQL database.
Now, using restAPIs, I am creating APIs in publisher and then I am publishing the APIs. Both of the functionalities are working fine. But, I do see one issue while invoking the API.
So to test it, I am subscribing to the API which is published and using correct token I am invoking it.
While invoking the API for the first time, I am getting below error
TID: [-1234] [] [2019-10-08 14:58:16,263] WARN {org.wso2.carbon.apimgt.keymgt.service.thrift.APIKeyValidationServiceImpl} - Invalid session id for thrift authenticator. {org.wso2.carbon.apimgt.keymgt.service.thrift.APIKeyValidationServiceImpl}
TID: [-1234] [] [2019-10-08 14:58:16,263] ERROR {org.wso2.carbon.apimgt.keymgt.service.thrift.APIKeyValidationServiceImpl} - Error in invoking validate key via thrift.. {org.wso2.carbon.apimgt.keymgt.service.thrift.APIKeyValidationServiceImpl}
TID: [-1234] [] [2019-10-08 14:58:16,264] WARN {org.wso2.carbon.apimgt.gateway.handlers.security.thrift.ThriftKeyValidatorClient} - Login failed.. Authenticating again.. {org.wso2.carbon.apimgt.gateway.handlers.security.thrift.ThriftKeyValidatorClient}
TID: [-1234] [] [2019-10-08 14:58:16,338] INFO {org.wso2.carbon.core.services.util.CarbonAuthenticationUtil} - 'admin#carbon.super [-1234]' logged in at [2019-10-08 14:58:16,338+0000] from IP address {org.wso2.carbon.core.services.util.CarbonAuthenticationUtil}
TID: [-1234] [] [2019-10-08 14:58:16,370] WARN {org.wso2.carbon.apimgt.gateway.handlers.security.APIAuthenticationHandler} - API authentication failure due to No matching resource found in the API for the given request {org.wso2.carbon.apimgt.gateway.handlers.security.APIAuthenticationHandler}
then, subsequent Invokes give below
TID: [-1234] [] [2019-10-08 14:59:29,462] WARN {org.wso2.carbon.apimgt.gateway.handlers.security.APIAuthenticationHandler} - API authentication failure due to No matching resource found in the API for the given request {org.wso2.carbon.apimgt.gateway.handlers.security.APIAuthenticationHandler}
Now, What I do is I republish the API from the /publisher portal and then I again invoke that using same oauth token, it works fine without any issue.
Can someone please help me here. Anyone got this issue in 2.6.0?
Thanks
"API authentication failure due to No matching resource found in the API for the given request"
The reason for this is resource validation fails after dispatching the API invocation request. And it may be due to corresponding API resources cannot be found in the database or resource ambiguous scenarios. So please check in the database after publishing and invoking the API via the Rest API whether the exact resources exist in the database.
Related
I have two server that run in following addresses:
https://172.25.129.66:9443/publisher
https://172.25.129.67:9443/publisher
I faced with following error in wso2 api manager 3.2.0 :
Registered callback does not match with the provided url
And also I configured call back url in carbon as folowing :
regexp=(https://172.25.129.66:9443/publisher/services/auth/callback/login|https://172.25.129.66:9443/publisher/services/auth/callback/logout|https://172.25.129.67:9443/publisher/services/auth/callback/login|https://172.25.129.67:9443/publisher/services/auth/callback/logout)
What is the problem that only https://172.25.129.67:9443/publisher has call back error?
This error might have occurred due to the mismatch of the API Publisher or API Dev portal access URLs and callback URLs which are configured in API Publisher and API Devportal Service Providers.
Please refer https://apim.docs.wso2.com/en/3.2.0/troubleshooting/troubleshooting-invalid-callback-error/#troubleshooting-registered-callback-does-not-match-with-the-provided-url-error to resolve this issue.
I am trying to integrate Azure AD with WSO2 APIM 3.1.0.
I have configured the IDP as Azure AD and the SPs for dev portal. When a user is trying to login to the dev portal, the first step works fine and the sign in page is redirected to Azure. The first step of the Oauth flow also works fine in retrieving the authorization code. But the next step of the Oauth flow is failing when the access token is supposed to be retrieved from the auth code. When the apim tries to connect to the endpoint to obtain the access token, it fails probably since it is retrieving a localhost endpoint for that step.
I think it should be login.microsoftonline.com endpoint. Could you please help?
here are the logs after I added a couple of logs in the jag file -
TID: [-1234] [devportal] [2020-12-07 22:06:35,705] ERROR {JAGGERY.services.login.login_callback:jag} - tokenEndpoint: https://localhost:9443/oauth2/token
TID: [-1234] [devportal] [2020-12-07 22:06:35,708] ERROR {JAGGERY.services.login.login_callback:jag} - tokenRequestData: [object Object]
TID: [-1234] [devportal] [2020-12-07 22:06:35,709] ERROR {JAGGERY.services.login.login_callback:jag} - base64encoded: ------------------------------------------------------
TID: [-1234] [devportal] [2020-12-07 22:06:35,748] ERROR {JAGGERY.services.login.login_callback:jag} - Could not retrieve access token. Response: {"error_description":"Invalid authorization code received from token request","error":"invalid_grant"}
I'm getting 'The identity provider configuration is disabled' from Firebase Google Authorization even though it is clearly enabled in the Firebase console. It doesn't happen for all Google accounts.
Is anyone aware of any other reasons why this error message would be the response from the Firebase Authorization server? This is a web-app.
I have setup WSO2 IS (5.6.0) and APIM (2.5.0) recently.
I have then tried to integrate both of them together so that IS can be used IDP and APIM can be logged in using SSO.
I did the changes according to this Link
(https://docs.wso2.com/display/AM250/Configuring+Identity+Server+as+IDP+for+SSO)
Things look fine and I am accessing https://apim.com/publisher URL for login in, I am getting IS login page.
Then I enter, username and password, it authenticates as well but then I get below error in browser:
Error when processing authentication request! Please try again.
Below are the logs from backend:
DEBUG {org.wso2.carbon.identity.sso.saml.validators.SSOAuthnRequestAbstractValidator} - Thread local tenant domain is set to: carbon.super
[2019-02-17 01:12:56,196] DEBUG {org.wso2.carbon.identity.sso.saml.validators.SPInitSSOAuthnRequestValidator} - Authentication Request Validation is successful..
[2019-02-17 01:12:56,803] DEBUG {org.wso2.carbon.identity.sso.saml.servlet.SAMLSSOProviderServlet} - Query string : null
[2019-02-17 01:12:56,804] DEBUG {org.wso2.carbon.identity.sso.saml.servlet.SAMLSSOProviderServlet} - No SaaS SAML service providers found for the issuer : API_PUBLISHER. Checking for SAML service providers registered in tenant domain : carbon.super
[2019-02-17 01:12:56,825] ERROR {org.wso2.carbon.identity.sso.saml.servlet.SAMLSSOProviderServlet} - Error when processing the authentication request!
org.wso2.carbon.identity.base.IdentityException: Error while reading service provider configurations for issuer : API_PUBLISHER in tenant domain : carbon.super
Can someone please check and let me know where I am doing wrong.
Thanks
It seems like you haven't enabled IdP initiated SSO in the Service Provider configurations at the WSO2IS side. Find the attached service provider configuration screenshot below,
A few years ago I signed up as a LinkedIn developer, registered an application and received my Client ID and Secret.
Using OAuth2, when I attempt to get an access token I get an error message saying "OAuth2 access is denied."
I've checked all the settings in my developer account and cannot see anything wrong, so I don't know why access is denied.
RESOLVED: I discovered that if I untick all of the Default Application Permissions with the exception of "r_basicprofile", I no longer get the OAuth2 access denied error.