Hi Any one can help to get out from this Issue.
I'm newbie to pingfederate and tried do IDP Initiated log-out.
with the IDP SLO URL appeding TargetResource parameter to redirect after the logout. user logout is working fine and after log off Pingfederate doesnt redirect to TargetResource URL and still showing pingfederate log out page.
EDIT: I'm using PingFederate 6.10 version and from the documentation understand TargetResource parameter can be used to redirect after log-off.
URL for IDP SLO :
https://Machine-IP:9031/idp/startSLO.ping?PartnerSpId=HRIM:SAML2:PRODUCTION-IDP&TargetResource=http://Machine-IP:8005/logout
Am i missing any configuration for the redirection.
EDIT-2:
Below is Ping Federate server log, PF server throws
"Nonsuccess Response status: urn:oasis:names:tc:SAML:2.0:status:Responder
Status Message: Unexpected Runtime Authn Adapter Integration Problem."
entityId: HRIM:SAML2:PRODUCTION-IDP (SP)
Binding: urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
relayState: aDz9NF0AZEMnJmAy6EM5N9vq8XNcEA
SignatureStatus: VALID
Binding says to sign: true
09:56:31,632 DEBUG [TrackingIdSupport] [cross-reference-message] entityid:null subject:null
09:56:31,632 WARN [HandleLogoutResponse] Invalid response: InMessageContext
XML: <samlp:LogoutResponse Destination="https://192.168.2.64:9031/idp/SLO.saml2" InResponseTo="hk6gFs__DcEmUVt.W5B9YJT6e5R" IssueInstant="2015-06-19T13:56:31.363Z" ID="EpSPm27S53BhzqTEnX6OYS-DeLu" Version="2.0" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
<saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">HRIM:SAML2:PRODUCTION-IDP</saml:Issuer>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="#EpSPm27S53BhzqTEnX6OYS-DeLu">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>q7i/J6rrBAvwehMrFnr11sQTg6g=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>KMfBgt792oj3mfQ6JiWklHNUlh8QpDliYhLGr4NPJ5ti6UnvSBQNVOOIuHXpwvodCElEQJR527M/
94erFkCA9SK1rwy/Ib6jyCZPCaim3qLavOmBQOaiY8ymBEqTPeMvtN/IVKSf4yOhAYEmiIHS/rMs
m2D+UY898kgn+L+/SYs=</ds:SignatureValue>
</ds:Signature>
<samlp:Status>
<samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Responder"/>
<samlp:StatusMessage>Unexpected Runtime Authn Adapter Integration Problem.</samlp:StatusMessage>
<samlp:StatusDetail>
<Cause>org.sourceid.websso.profiles.RequestProcessingException: Unexpected Runtime Authn Adapter Integration Problem.</Cause>
</samlp:StatusDetail>
</samlp:Status>
</samlp:LogoutResponse>
entityId: HRIM:SAML2:PRODUCTION-IDP (SP)
Binding: urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
relayState: aDz9NF0AZEMnJmAy6EM5N9vq8XNcEA
SignatureStatus: VALID
Binding says to sign: true
-------------------------------------
Nonsuccess Response status: urn:oasis:names:tc:SAML:2.0:status:Responder
Status Message: Unexpected Runtime Authn Adapter Integration Problem.
-------------------------------------
09:56:31,632 DEBUG [IdpSessionRegistryMapImpl] getRegisteredAuthnBeans(MV8o6ixVX2KuJ9t3lbi5Re) found [IdpHashableAuthnBean: 86d72689520858914485566f334f6d3fde4b08d5] authn beans
09:56:31,632 DEBUG [IdpSessionRegistryMapImpl] getIssuedSessions for authnbean IdpHashableAuthnBean: 86d72689520858914485566f334f6d3fde4b08d5 assertion ids: []
09:56:31,632 DEBUG [IdpSessionRegistryMapImpl] getIssuedSessions for authnbean IdpHashableAuthnBean: 86d72689520858914485566f334f6d3fde4b08d5 assertion ids: []
09:56:31,632 DEBUG [InterReqStateMgmtMapImpl] Object removeAttr(key: GkIkCfHYlNs9B1UyPtmmiD, name: HtmlFormIdpAuthnAdapter:SESSION): {username=carol#highroads.com, DN=cn=Carol,ou=Users,dc=highroads,dc=com, TargetResource=http://172.25.242.205:8005/index}
09:56:31,632 DEBUG [IdpSessionRegistryMapImpl] unregisterAuthnBean IdpHashableAuthnBean: 86d72689520858914485566f334f6d3fde4b08d5 from session id MV8o6ixVX2KuJ9t3lbi5Re. Session now has 0 beans associated with it.
![I'm getting following error page in browser][1]
[1]: http://i.stack.imgur.com/eC43g.png
The /idp/startSLO.ping endpoint does not support a PartnerSpId query parameter. When you hit that endpoint, you're telling PingFed to start a "single logout" which is intended to log you out of ALL the SPs that PingFed is aware of for the browser session - so the PartnerSpId (used to identify the partner with which you want to SSO with, when using the startSSO endpoint) is unneeded.
From the documentation on that endpoint, it only supports three parameters: TargetResource, InErrorResource, and Binding, all of which are optional.
I got my Issue resolved. follow below URL and its very helpful.
https://ping.force.com/Support/PingIdentityVideoLibrary?id=2415947630001
Related
I set a subscription with https protocol.
Then, i based on this guide to confirm subscription :
https://docs.aws.amazon.com/code-samples/latest/catalog/php-sns-ConfirmSubscription.php.html
But alway get error :
<ErrorResponse xmlns="http://sns.amazonaws.com/doc/2010-03-31/">
<Error>
<Type>Sender</Type>
<Code>InvalidPara (truncated...)
InvalidParameter (client): Invalid token - <ErrorResponse xmlns="http://sns.amazonaws.com/doc/2010-03-31/">
<Error>
<Type>Sender</Type>
<Code>InvalidParameter</Code>
<Message>Invalid token</Message>
</Error>
<RequestId>f90e5404-35f1-5610-9c9f-0f8586a56ab2</RequestId>
</ErrorResponse>
i don't know why....
I have the following problem with WSO2 API Manager and I suspect that it could be a problem related to certificate of the final HTTPS endpoint that it was registered.
I try to explain my situation in details:
First thing: I changed this section of the repository/conf/axis2/axis2.xml file in order to contact the 443 port instead the default 8243 port to call the registered endpoint over HTTPS (at the moment I can't change the registered end point port and I can't install a reverse proxy, but I have to test if the system works as expected, basically I need to call the final endpoint on the 443 port and I have to obtain the JSON response).
The original section that I changed is:
<transportReceiver name="https" class="org.apache.synapse.transport.passthru.PassThroughHttpSSLListener">
<parameter name="port" locked="false">8243</parameter>
<parameter name="non-blocking" locked="false">true</parameter>
<!--parameter name="bind-address" locked="false">hostname or IP address</parameter-->
<!--parameter name="WSDLEPRPrefix" locked="false">https://apachehost:port/somepath</parameter-->
<parameter name="httpGetProcessor" locked="false">org.wso2.carbon.mediation.transport.handlers.PassThroughNHttpGetProcessor</parameter>
<parameter name="keystore" locked="false">
<KeyStore>
<Location>repository/resources/security/wso2carbon.jks</Location>
<Type>JKS</Type>
<Password>wso2carbon</Password>
<KeyPassword>wso2carbon</KeyPassword>
</KeyStore>
</parameter>
<parameter name="truststore" locked="false">
<TrustStore>
<Location>repository/resources/security/client-truststore.jks</Location>
<Type>JKS</Type>
<Password>wso2carbon</Password>
</TrustStore>
</parameter>
<!--<parameter name="SSLVerifyClient">require</parameter>
supports optional|require or defaults to none -->
</transportReceiver>
I changed it in this way:
<transportReceiver name="https" class="org.apache.synapse.transport.passthru.PassThroughHttpSSLListener">
<parameter name="port" locked="false">443</parameter>
<parameter name="non-blocking" locked="false">true</parameter>
<!--parameter name="bind-address" locked="false">hostname or IP address</parameter-->
<!--parameter name="WSDLEPRPrefix" locked="false">https://apachehost:port/somepath</parameter-->
<parameter name="httpGetProcessor" locked="false">org.wso2.carbon.mediation.transport.handlers.PassThroughNHttpGetProcessor</parameter>
<parameter name="keystore" locked="false">
<KeyStore>
<Location>repository/resources/security/wso2carbon.jks</Location>
<Type>JKS</Type>
<Password>wso2carbon</Password>
<KeyPassword>wso2carbon</KeyPassword>
</KeyStore>
</parameter>
<parameter name="truststore" locked="false">
<TrustStore>
<Location>repository/resources/security/client-truststore.jks</Location>
<Type>JKS</Type>
<Password>wso2carbon</Password>
</TrustStore>
</parameter>
<!--<parameter name="SSLVerifyClient">require</parameter>
supports optional|require or defaults to none -->
</transportReceiver>
Basically I only changed the 8243 default port with 443 standard HTTPS port used to expose the final endpoint.
Now, executing the API from the Store portal I obtain a cURL command that works on the expected 443 port:
curl -k -X POST "https://ENDPOINT_IP_ADDRESS:443/puntualitest/v1.0.0/puntuali" -H "accept: application/json" -H "Content-Type: application/json" -H "Authorization: Bearer XXXXX-YYYY-ZZZZ-KKKK-WWWW" -d "{ \"header\": { \"msgUid\": \"a36bea3f-6dc6-49d7-9376-f31692930ba9\", \"timestamp\": 1567060509108, \"metadata\": { \"TRACKER_BIZID_REV_CODICE\": \"7175\", \"TRACKER_BIZID_REV_NUMERO\": \"545/2019\" }, \"codApplication\": null, \"codEnte\": null, \"invocationContext\": null, \"caller\": \"SRW\", \"user\": null, \"service\": \"crediti.invioPosizioneCreditoria\" }, \"body\": { \"#dto\": \"binary\", \"content\": \"PD94bWwgdmVyc2..............................+\" }}"
This seems correct, trying to perform the previous cURL command from the bash shell of the machine on which WSO2 API Manager is installed I obtain a JSON response from the API, this:
{"timestamp":"2020-02-29T12:13:54.630+0000","status":404,"error":"Not Found","message":"No message available","path":"/puntualitest/v1.0.0/puntuali"}
It contains an error message but I think that it is cause by a "wrong" payload, anyway it seems that the final registered API endpoint received my request, elaboreted it and return me a JSON message (is it this reasoning correct)?
The problem is that trying to perform the request directly from the inside of the Store portal of WSO2 API Manager I am obtaining the following error message:
<am:fault xmlns:am="http://wso2.org/apimanager">
<am:code>101500</am:code>
<am:type>Status report</am:type>
<am:message>Runtime Error</am:message>
<am:description>Error in Sender</am:description>
</am:fault>
Reading on the documantation it seems to me that the error having code 101500 could be related to a certificate problem:
WSO2 ESB 4.9.0: what means error 101500
The previous link referer to ESB product and not API Manager but I suspect that the problem could be the same. I suspect it also because into my log file (/usr/lib/wso2/wso2am/2.6.0/repository/logs/wso2carbon.log) when I perform the previous request from the Store portal I obtain the following error message:
TID: [-1] [] [2020-02-29 13:34:58,686] ERROR {org.apache.synapse.transport.passthru.SourceHandler} - I/O error: Received fatal alert: certificate_unknown {org.apache.synapse.transport.passthru.SourceHandler}
javax.net.ssl.SSLException: Received fatal alert: certificate_unknown
at sun.security.ssl.Alerts.getSSLException(Alerts.java:208)
at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1647)
at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1615)
at sun.security.ssl.SSLEngineImpl.recvAlert(SSLEngineImpl.java:1781)
at sun.security.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:1070)
at sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:896)
at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:766)
at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:624)
at org.apache.http.nio.reactor.ssl.SSLIOSession.doUnwrap(SSLIOSession.java:245)
at org.apache.http.nio.reactor.ssl.SSLIOSession.doHandshake(SSLIOSession.java:280)
at org.apache.http.nio.reactor.ssl.SSLIOSession.isAppInputReady(SSLIOSession.java:410)
at org.apache.http.impl.nio.reactor.AbstractIODispatch.inputReady(AbstractIODispatch.java:119)
at org.apache.http.impl.nio.reactor.BaseIOReactor.readable(BaseIOReactor.java:159)
at org.apache.http.impl.nio.reactor.AbstractIOReactor.processEvent(AbstractIOReactor.java:338)
at org.apache.http.impl.nio.reactor.AbstractIOReactor.processEvents(AbstractIOReactor.java:316)
at org.apache.http.impl.nio.reactor.AbstractIOReactor.execute(AbstractIOReactor.java:277)
at org.apache.http.impl.nio.reactor.BaseIOReactor.execute(BaseIOReactor.java:105)
at org.apache.http.impl.nio.reactor.AbstractMultiworkerIOReactor$Worker.run(AbstractMultiworkerIOReactor.java:586)
at java.lang.Thread.run(Thread.java:748)
TID: [-1234] [] [2020-02-29 13:34:58,827] WARN {org.wso2.carbon.apimgt.keymgt.service.thrift.APIKeyValidationServiceImpl} - Invalid session id for thrift authenticator. {org.wso2.carbon.apimgt.keymgt.service.thrift.APIKeyValidationServiceImpl}
TID: [-1234] [] [2020-02-29 13:34:58,829] ERROR {org.wso2.carbon.apimgt.keymgt.service.thrift.APIKeyValidationServiceImpl} - Error in invoking validate key via thrift.. {org.wso2.carbon.apimgt.keymgt.service.thrift.APIKeyValidationServiceImpl}
TID: [-1234] [] [2020-02-29 13:34:58,830] WARN {org.wso2.carbon.apimgt.gateway.handlers.security.thrift.ThriftKeyValidatorClient} - Login failed.. Authenticating again.. {org.wso2.carbon.apimgt.gateway.handlers.security.thrift.ThriftKeyValidatorClient}
TID: [-1234] [] [2020-02-29 13:34:58,846] INFO {org.wso2.carbon.core.services.util.CarbonAuthenticationUtil} - 'admin#carbon.super [-1234]' logged in at [2020-02-29 13:34:58,845+0100] from IP address {org.wso2.carbon.core.services.util.CarbonAuthenticationUtil}
TID: [-1] [] [2020-02-29 13:34:58,941] ERROR {org.apache.synapse.transport.passthru.TargetHandler} - I/O error: General SSLEngine problem {org.apache.synapse.transport.passthru.TargetHandler}
javax.net.ssl.SSLHandshakeException: General SSLEngine problem
at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1521)
at sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:528)
at sun.security.ssl.SSLEngineImpl.writeAppRecord(SSLEngineImpl.java:1197)
at sun.security.ssl.SSLEngineImpl.wrap(SSLEngineImpl.java:1165)
at javax.net.ssl.SSLEngine.wrap(SSLEngine.java:469)
at org.apache.http.nio.reactor.ssl.SSLIOSession.doWrap(SSLIOSession.java:237)
at org.apache.http.nio.reactor.ssl.SSLIOSession.doHandshake(SSLIOSession.java:271)
at org.apache.http.nio.reactor.ssl.SSLIOSession.isAppInputReady(SSLIOSession.java:410)
at org.apache.http.impl.nio.reactor.AbstractIODispatch.inputReady(AbstractIODispatch.java:119)
at org.apache.http.impl.nio.reactor.BaseIOReactor.readable(BaseIOReactor.java:159)
at org.apache.http.impl.nio.reactor.AbstractIOReactor.processEvent(AbstractIOReactor.java:338)
at org.apache.http.impl.nio.reactor.AbstractIOReactor.processEvents(AbstractIOReactor.java:316)
at org.apache.http.impl.nio.reactor.AbstractIOReactor.execute(AbstractIOReactor.java:277)
at org.apache.http.impl.nio.reactor.BaseIOReactor.execute(BaseIOReactor.java:105)
at org.apache.http.impl.nio.reactor.AbstractMultiworkerIOReactor$Worker.run(AbstractMultiworkerIOReactor.java:586)
at java.lang.Thread.run(Thread.java:748)
Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1709)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:318)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:310)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1639)
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:223)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1037)
at sun.security.ssl.Handshaker$1.run(Handshaker.java:970)
at sun.security.ssl.Handshaker$1.run(Handshaker.java:967)
at java.security.AccessController.doPrivileged(Native Method)
at sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1459)
at org.apache.http.nio.reactor.ssl.SSLIOSession.doRunTask(SSLIOSession.java:255)
at org.apache.http.nio.reactor.ssl.SSLIOSession.doHandshake(SSLIOSession.java:293)
... 9 more
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:397)
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:302)
at sun.security.validator.Validator.validate(Validator.java:262)
at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:281)
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:136)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1626)
... 17 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:392)
... 23 more
TID: [-1234] [] [2020-02-29 13:34:58,948] WARN {org.apache.synapse.endpoints.EndpointContext} - Endpoint : SirPuntuali--vv1.0.0_APIproductionEndpoint with address https://ENDPOINT_IP_ADDRESS/cmd/j/ will be marked SUSPENDED as it failed {org.apache.synapse.endpoints.EndpointContext}
TID: [-1234] [] [2020-02-29 13:34:58,948] WARN {org.apache.synapse.endpoints.EndpointContext} - Suspending endpoint : SirPuntuali--vv1.0.0_APIproductionEndpoint with address https://ENDPOINT_IP_ADDRESS/cmd/j/ - last suspend duration was : 30000ms and current suspend duration is : 30000ms - Next retry after : Sat Feb 29 13:35:28 CET 2020 {org.apache.synapse.endpoints.EndpointContext}
TID: [-1234] [] [2020-02-29 13:34:58,949] INFO {org.apache.synapse.mediators.builtin.LogMediator} - STATUS = Executing default 'fault' sequence, ERROR_CODE = 101500, ERROR_MESSAGE = Error in Sender {org.apache.synapse.mediators.builtin.LogMediator}
TID: [-1] [] [2020-02-29 13:34:58,979] INFO {org.wso2.carbon.databridge.core.DataBridge} - user admin connected {org.wso2.carbon.databridge.core.DataBridge}
So it seems that WSO2 API Manager is trying to send the request to the correct endpoint but there is a certificate problem. Is it this reasoning correct?
If this could be the problem now I have some doubts about what I have to do to solve my problem:
Have I to obtain a certificate generated on the server hosting the final endpoint and have I to set it on my WSO2 API Manager or, on the contrary, have I to generate a certificate on the WSO2 API Manager machine and I have to provide it to the machine hosting the final API?
Reading on the documentation it seems to me that I have to obtain a certificate from the API hosting machine and I have to upload this certificate into WSO2 API Manager application (as shown here: https://apim.docs.wso2.com/en/latest/learn/design-api/endpoints/certificates/). But I am not sure of this assumption.
A self signed certificate is ok? In case what is the procedure to generate it and what kind of certificate I need to obtain (I have to provide precise information to the guys working on the final API machine)
Probably a trivial question: the Store portal is generating a cURL request using the -k option that is used to ignore certificate (infact performing it directly in the shell it seems to work fine). Why sending the request from the Store portal is not working? I suspect that it generates a cURL request for test pourpose but that under the hood the API Manager is not performing a simple cURL request.
The behavior is a bit strange. Just to explain what happens here, there are 2 HTTP calls involved.
The client (curl or UI) to the gateway
The gateway to the backend
As per the 2nd error trace, the problem is with the connection between the gateway and the backend. Answering your first question, to resolve this, you have to get the certificate of the backend endpoint and install it to the APIM's client-truststore.jks. You can either do it for each API via the UI, or you can directly install it to the jks file.
However, since this is independent of the client you use, you should see the same behavior for both cURL and UI. I don't get how it works for cURL.
Answering your 3rd question, the UI does not use curl inside to make the call to the gateway. And it has nothing to do with the above error either.
I have one API that have been published in WSO2 API gateway.
When I test API, I got this error message from console.
Exception in thread "pool-65-thread-1"
java.lang.NumberFormatException: For input string: "0:0:0:0:0:0:0:1"
at java.lang.NumberFormatException.forInputString(NumberFormatException.java:65)
at java.lang.Long.parseLong(Long.java:589)
at java.lang.Long.parseLong(Long.java:631)
at org.wso2.carbon.apimgt.impl.utils.APIUtil.ipToLong_aroundBody512(APIUtil.java:7851)
at org.wso2.carbon.apimgt.impl.utils.APIUtil.ipToLong(APIUtil.java:7847)
at org.wso2.carbon.apimgt.gateway.throttling.publisher.DataProcessAndPublishingAgent.run_aroundBody4(DataProcessAndPublishingAgent.java:155)
at org.wso2.carbon.apimgt.gateway.throttling.publisher.DataProcessAndPublishingAgent.run(DataProcessAndPublishingAgent.java:141)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:748)
According to the blog, they say it need to disable IPv6.
I just disable by registry for IPv6 and add IPV6support only at JAVA_OPTS at wso2server.bat file.
Then I restart again, it still show as IPv6 address.
[2020-01-15 14:40:21,171] INFO - PassThroughListeningIOReactorManager
Pass-through HTTP Listener started on 0:0:0:0:0:0:0:0:8280
[2020-01-15 14:40:21,172] INFO - PassThroughHttpMultiSSLListener Starting
Pass-through HTTPS Listener...
[2020-01-15 14:40:21,192] INFO -
PassThroughListeningIOReactorManager Pass-through HTTPS Listener
started on 0:0:0:0:0:0:0:0:8243
[2020-01-15 14:40:21,449] INFO -
TaskServiceImpl Task service starting in STANDALONE mode...
[2020-01-15 14:40:21,509] INFO - RegistryEventingServiceComponent
Successfully Initialized Eventing on Registry
[2020-01-15 14:40:21,652] INFO - JMXServerManager JMX Service URL :
service:jmx:rmi://localhost:11111/jndi/rmi://localhost:9999/jmxrmi
When I run again, I got same error.
Please help to answer?
In the latest API Manager versions, we have provided IPv6 support for throttling usecases. If you take the latest pack or a WUM updated pack of your current version
, you should not get this issue.
Also as a workaround, you could set an IPv4 address using X-Forwarded-For header and invoke the API
We are using PingFederate as an SP and have configured opentokenadapter. We are also using PingFederate Apache Agent (mod_pf.so) for SSO. When the user is clicking on logout link below steps are happening:
Call goes to the logout url defined in mod_pf.conf file (PingFederateCancelURL) This is our application logout page.
Another call goes to /sp/startSLO.png and I can see SLO logs in the pingfederate server.
However there is no call going to IDP configured for this connection. Are we missing any configuration?
P.S. We have not configured Logout Service in the opentoken adapter configuration.
Adding Logs:
2016-06-13 03:01:36,128 tid:C0aV2SqcQXoy97ployGFLFGFR14 DEBUG [org.sourceid.websso.servlet.IntegrationControllerServlet] GET: https://ny-pingfed-app02.na.rtdom.net:9031/sp/startSLO.ping
2016-06-13 03:01:36,128 tid:C0aV2SqcQXoy97ployGFLFGFR14 DEBUG [org.sourceid.saml20.service.impl.grouprpc.PreferredNodes] [] -> indices to addresses -> [10.221.56.36:7600, 10.221.56.29:7600]
2016-06-13 03:01:36,128 DEBUG [com.pingidentity.jgroups.MuxInvocationHandler] invocation of lookupAuthnBeansAndSessions on org.sourceid.saml20.service.impl.localmemory.SpSessionRegistryMapImpl#7a85063c{bean->session=19, nidKey->sessionlists=7, pfsessionid->beanslist=17} w/args: [oYxtMFSy5GYQ5lK3EN1Lkt] returned {SpHashableAuthnBean: 8b3ec7801a2976aa103df829dffc21f260ea7aca=WebSsoSession{entityId='https://devci-casshib-ny.mediaocean.com/idp/shibboleth', assertionId='_36dab27f092d6367407cb9042e350aed', sessionIndex='_0d66d53a8fea5733ea5621a7b90b923b', nameId(value)=_3aa309b361c657bf1bc2a307d19ac432}}
2016-06-13 03:01:36,131 tid:C0aV2SqcQXoy97ployGFLFGFR14 DEBUG [org.sourceid.saml20.service.impl.grouprpc.SpSessionRegistryGroupRpcImpl] called mode:GET_MAJORITY lookupAuthnBeansAndSessions([oYxtMFSy5GYQ5lK3EN1Lkt]) on [10.221.56.36:7600, 10.221.56.29:7600] responses:
[sender=10.221.56.36:7600, retval={SpHashableAuthnBean: 8b3ec7801a2976aa103df829dffc21f260ea7aca=WebSsoSession{entityId='https://devci-casshib-ny.mediaocean.com/idp/shibboleth', assertionId='_36dab27f092d6367407cb9042e350aed', sessionIndex='_0d66d53a8fea5733ea5621a7b90b923b', nameId(value)=_3aa309b361c657bf1bc2a307d19ac432}}, received=true, suspected=false]
[sender=10.221.56.29:7600, retval={SpHashableAuthnBean: 8b3ec7801a2976aa103df829dffc21f260ea7aca=WebSsoSession{entityId='https://devci-casshib-ny.mediaocean.com/idp/shibboleth', assertionId='_36dab27f092d6367407cb9042e350aed', sessionIndex='_0d66d53a8fea5733ea5621a7b90b923b', nameId(value)=_3aa309b361c657bf1bc2a307d19ac432}}, received=true, suspected=false]
2016-06-13 03:01:36,131 tid:C0aV2SqcQXoy97ployGFLFGFR14 DEBUG [org.sourceid.saml20.service.impl.grouprpc.PreferredNodes] [] -> indices to addresses -> [10.221.56.36:7600, 10.221.56.29:7600]
2016-06-13 03:01:36,131 tid:C0aV2SqcQXoy97ployGFLFGFR14 DEBUG [org.sourceid.saml20.service.impl.grouprpc.SpSessionRegistryGroupRpcImpl] called mode:GET_NONE unregisterSessionsReceived([[SpHashableAuthnBean: 8b3ec7801a2976aa103df829dffc21f260ea7aca]]) on [10.221.56.36:7600, 10.221.56.29:7600]
2016-06-13 03:01:36,230 DEBUG [com.pingidentity.jgroups.MuxInvocationHandler] invocation of unregisterSessionsReceived on org.sourceid.saml20.service.impl.localmemory.SpSessionRegistryMapImpl#7a85063c{bean->session=18, nidKey->sessionlists=6, pfsessionid->beanslist=16} w/args: [[SpHashableAuthnBean: 8b3ec7801a2976aa103df829dffc21f260ea7aca]] returned null
2016-06-13 03:01:36,263 tid:C0aV2SqcQXoy97ployGFLFGFR14 DEBUG [org.sourceid.util.log.internal.TrackingIdSupport] [cross-reference-message] PFSessionXRefID:_0d66d53a8fea5733ea5621a7b90b923b
2016-06-13 03:01:36,501 WARN [org.eclipse.jetty.servlet.ServletHandler]
javax.servlet.ServletException: org.sourceid.websso.profiles.ProcessRuntimeException: org.sourceid.saml20.adapter.AuthnAdapterException: Logout functionality invoked, but no logout service is configured for this adapter.
at org.sourceid.servlet.ServletExceptionSupport.throwServletException(ServletExceptionSupport.java:26)
at org.sourceid.websso.servlet.IntegrationControllerServlet.process(IntegrationControllerServlet.java:88)
at org.sourceid.websso.servlet.EnforcerServletBase.checkProcess(EnforcerServletBase.java:84)
It seems that Logout Service is mandatory parameter. What should be it's value? Should it be IDP's SLO endpoint or application's (which SP is protecting) logout url?
I'm trying to get Web Deploy to work from Web Matrix and I've searched through through all the logs and events and can't seem to find the source of the following error in the event viewer:
Log Name: Microsoft Web Deploy
Source: Web Deploy
Date: 9/4/2013 1:48:16 PM
Event ID: 1
Task Category: None
Level: Error
Keywords: Classic
User: XXX
Computer: XX
Description:
User:
Client IP:
Content-Type:
Version: 9.0.0.0
MSDeploy.VersionMin: 7.1.600.0
MSDeploy.VersionMax: 9.0.1762.0
MSDeploy.Method: GetPackage
MSDeploy.RequestId: 4cab8a9b-5c5c-4f99-8141-52e5453b88f9
MSDeploy.RequestCulture: en-US
MSDeploy.RequestUICulture: en-US
ServerVersion: 9.0.1762.0
Skip: objectName="^configProtectedData$"
Provider: iisApp, Path: xxx.xxx.xxx
A tracing deployment agent exception occurred that was propagated to the client. Request ID '4cab8a9b-5c5c-4f99-8141-52e5453b88f9'. Request Timestamp: '9/4/2013 1:48:15 PM'. Error Details:
System.Web.HttpException: The remote host closed the connection. The error code is 0x800704CD.
at System.Web.Hosting.IIS7WorkerRequest.RaiseCommunicationError(Int32 result, Boolean throwOnDisconnect)
at System.Web.Hosting.IIS7WorkerRequest.ExplicitFlush()
at System.Web.HttpResponse.Flush(Boolean finalFlush)
at System.IO.BufferedStream.FlushWrite()
at System.IO.BufferedStream.Flush()
at System.IO.BufferedStream.Dispose(Boolean disposing)
at System.IO.Stream.Close()
at Microsoft.Web.Deployment.PackageSerializer.Dispose()
at Microsoft.Web.Deployment.DeploymentAgent.HandleGetPackage(DeploymentAgentWorkerRequest workerRequest)
at Microsoft.Web.Deployment.DeploymentAgent.HandleRequestWorker(DeploymentAgentAsyncData asyncData)
at Microsoft.Web.Deployment.DeploymentAgent.HandleRequest(DeploymentAgentAsyncData asyncData)
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Web Deploy" />
<EventID Qualifiers="0">1</EventID>
<Level>2</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2013-09-04T17:48:16.000000000Z" />
<EventRecordID>238</EventRecordID>
<Channel>Microsoft Web Deploy</Channel>
<Computer>xxxx</Computer>
<Security UserID="S-1-5-21-3588641846-14347574-4076679054-500" />
</System>
<EventData>
<Data>User:
Client IP:
Content-Type:
Version: 9.0.0.0
MSDeploy.VersionMin: 7.1.600.0
MSDeploy.VersionMax: 9.0.1762.0
MSDeploy.Method: GetPackage
MSDeploy.RequestId: 4cab8a9b-5c5c-4f99-8141-52e5453b88f9
MSDeploy.RequestCulture: en-US
MSDeploy.RequestUICulture: en-US
ServerVersion: 9.0.1762.0
Skip: objectName="^configProtectedData$"
Provider: iisApp, Path: xxx.xxx.xxx
A tracing deployment agent exception occurred that was propagated to the client. Request ID '4cab8a9b-5c5c-4f99-8141-52e5453b88f9'. Request Timestamp: '9/4/2013 1:48:15 PM'. Error Details:
System.Web.HttpException: The remote host closed the connection. The error code is 0x800704CD.
at System.Web.Hosting.IIS7WorkerRequest.RaiseCommunicationError(Int32 result, Boolean throwOnDisconnect)
at System.Web.Hosting.IIS7WorkerRequest.ExplicitFlush()
at System.Web.HttpResponse.Flush(Boolean finalFlush)
at System.IO.BufferedStream.FlushWrite()
at System.IO.BufferedStream.Flush()
at System.IO.BufferedStream.Dispose(Boolean disposing)
at System.IO.Stream.Close()
at Microsoft.Web.Deployment.PackageSerializer.Dispose()
at Microsoft.Web.Deployment.DeploymentAgent.HandleGetPackage(DeploymentAgentWorkerRequest workerRequest)
at Microsoft.Web.Deployment.DeploymentAgent.HandleRequestWorker(DeploymentAgentAsyncData asyncData)
at Microsoft.Web.Deployment.DeploymentAgent.HandleRequest(DeploymentAgentAsyncData asyncData)
</Data>
</EventData>
</Event>
I used Web Deploy on the server to create the settings file using IIS on the host. This error appears during the simple web page compatibility test. Any clues as to what may be going on?
The error is basically because the remote server, or the hosting service provider closed the request.
Sometimes it is also stated as the server is trying to deny or is try to cancel the requests. For instance, a user started to download some file or a page, and the server is off so the download would be cancelled, or the download would fail.
There are many issues for this error code.
Here is a post from another forum. forums.asp.net
The best method would be to check the settings on the server that you are having hosting from. Or contact them directly to get help regarding this issue.
Edit:
Getting LogFiles:
You can get the LogFiles here:
start --> run --> LogFiles
2011-09-20 21:25:25 xx.xxx.xxx.xxx 36482 192.168.10.32 80 HTTP/1.1 POST /orders/mail/mailorderentry - - Timer_HeaderWait –
2011-09-20 21:22:29 xx.xxx.xxx.xxx 44399 192.168.10.32 80 HTTP/1.1 POST /orders/mail/mailorderentry - - Client_Reset –
HttpRunTime:
Secondly the request closed issue can also raise if the httpRunTime is out (timeout). But that exception isn't here I am sure, however still try this too: http://msdn.microsoft.com/en-us/library/e1f13641.aspx
Antivirus (If any):
Also, please try check if Antivirus is installed, then is it allowing the server to communicate with users or not? Sometimes along with Firewall, Antivirus might also try to stop the connections.
I recently had the exact same eventLogs, after the webmatrix web deploy throwed a "can not publish" (without any apparent reasons because it worked several month so far).
After some searches (unlucky) and a lot of fumbling, I got it to work again just by using a windows user with administrator privileges instead of the IIS Manager Users configuration.