I am using ITX V9.0 and under properties--> transformation extender option , the mapruntime for datapower option is disabled. Could anyone let me know how to enable it?
It can't be enabled as DataPower only supports WTX 8.4 and not ITX v9.
To my knowledge there is no set date/version for when the WTX/ITX version will be updated in Datapower.
Related
in new wso2 apim versions (4.0/4.1) the default token endpoint has changed . It used to be the Gateway : https://gw.wso2.com/oauth2/token and the the call is redirected to the key manager node . Now with the news versions , we do not need to go trough that process as we can directly call the key-manager for token operations .
is there a way to preseve the same behavior of the old versions in the new version 4.1 ?
For now, I tried adding the TokenAPI.xml api in the synapse-configs to see if i can produce the same experience , but the api is automatically destroyed in startup.
Any ideas ?
Thank you in advance .
Best regards,
Yes, the gateway removes those files.
To keep custom runtime artifacts deployed in the Gateway, add the following configuration in the /repository/conf/deployment.toml file.
[apim.sync_runtime_artifacts.gateway.skip_list]
apis = ["token_api_file_name.xml"]
Refer - https://apim.docs.wso2.com/en/latest/install-and-setup/setup/distributed-deployment/deploying-wso2-api-m-in-a-distributed-setup/#configure-the-gateway-nodes
In my local PC Braintree showing error "The request was aborted: Could not create SSL/TLS secure channel" when executing :
var clientToken = gateway.ClientToken.generate();
I am using "Braintree-2.33.0.dll" and my target .net version is 4.5.1.
I have enabled TLS 1.2.
It was working nicely three days ago. But suddenly started showing error. Many people faced same error and most of then have changed the SecurityProtocol. I dont find any way to change that from braintree. Is there any way to change
ServicePointManager.SecurityProtocol
for braintree ? or anything else I am missing or need to do ?
Thanks in advance.
Full disclosure: I work at Braintree. If you have any further questions, feel free to contact support.
You need to update the .NET Braintree SDK you're using to at least version 3.1.0, the minimum version that supports TLS 1.2. Once compelete, you can validate your setup using the steps here.
On December 13, 2016, Braintree transitioned sandbox to only accept requests made using TLS 1.2+. After June 30th, 2017, Braintree will no longer officially support any requests in the production environment below TLS 1.2.
Setting this anywhere in your program.cs or startup.cs worked for me, even on versions greater than 3.1:
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12
I am using IBM HTTP Server 9.0 , when i try to create a .kdb file, it is throwing error as " The provider for keystore type 'IBMCMSKS' is not available. ",
Note :- 'CMS' Key Store is not present in the ikeyman.bat file
Please help me how to add this key store in the ikeyman
Thanks in advance
In IHS 8.5.5 this option has helped me: -DADD_CMS_SERVICE_PROVIDER_ENABLED=true
E.g.
/opt/IBM/HTTPServer/java/jre/bin/ikeycmd -DADD_CMS_SERVICE_PROVIDER_ENABLED=true -cert -getdefault -db XXX.kdb -stashed
I faced same issue while using IHS 8.5.5.15, and resolved by adding providers in java.security
security.provider.1=com.ibm.crypto.pkcs11impl.provider.IBMPKCS11Impl
security.provider.2=com.ibm.security.cmskeystore.CMSProvider
Ensure you have correct numbering of rest of providers.
Use gskcapicmd if it is available. This won't work with JKS files though. Or upgrade to 9.0.0.3 which fixes the issue.
I have created a custom federated authenticator in WSO2-APIM/IS and have enable Just-In-Time Provisioning.
Since in API Manager when an application is created a corresponding service provider will be created as well. I want to have all service provider be using my custom authenticator as default which, I think, can be done by editing the file repository\conf\identity\identity-providers\default.xml
However I can not find the information in the documentation on the format of this file which I need to configure my custom federated authenticator and enable JIT Provisioning. Can anyone please guide me to the configuration detail of this file.
Below is the default repository\conf\identity\identity-providers\default.xml
<IdentityProvider>
<IdentityProviderName>default</IdentityProviderName>
<DisplayName>default</DisplayName>
<IdentityProviderDescription></IdentityProviderDescription>
<Alias></Alias>
<IsPrimary></IsPrimary>
<IsFederationHub></IsFederationHub>
<HomeRealmId></HomeRealmId>
<ProvisioningRole></ProvisioningRole>
<FederatedAuthenticatorConfigs></FederatedAuthenticatorConfigs>
<DefaultAuthenticatorConfig>
</DefaultAuthenticatorConfig>
<ProvisioningConnectorConfigs>
<!--<ProvisioningConnectorConfig>
<ProvisioningProperties>
</ProvisioningProperties>
</ProvisioningConnectorConfig>-->
</ProvisioningConnectorConfigs>
<!--<DefaultProvisioningConnectorConfig></DefaultProvisioningConnectorConfig>-->
<ClaimConfig></ClaimConfig>
<Certificate></Certificate>
<PermissionAndRoleConfig></PermissionAndRoleConfig>
<JustInTimeProvisioningConfig></JustInTimeProvisioningConfig>
</IdentityProvider>
Thank you very much in advanced.
As per the code here, It should be in the following format.
<JustInTimeProvisioningConfig>
<UserStoreClaimUri></UserStoreClaimUri>
<ProvisioningUserStore>PRIMARY</ProvisioningUserStore>
<IsProvisioningEnabled>true</ProvisioningEnabled>
</JustInTimeProvisioningConfig>
Change the ProvisioningUserStore to reflect yours.
I am trying to configure alfresco 5.0d community to use kerberos and SSO via active directory.
My setup works fine when I login in the alfresco form login page (without SSO),
However, When enabling SSO, I see this exception in the alfresco logfile:
KrbException: KDC cannot accommodate requested option (13)
at sun.security.krb5.KrbTgsRep.<init>(KrbTgsRep.java:70)
at sun.security.krb5.KrbTgsReq.getReply(KrbTgsReq.java:259)
After looking at it with wireshark, it seems like the difference in the TGS-REQ message is that when using SSO, there is an option flag called request-anonymous that is enabled. This causes the KDC to answer with a KDC_ERR_BADOPTION message.
Is there a way to configure kerberos to not set the request-anonymous flag?
Or alternitavely, is there a way to tell the KDC server to deal with it properly?