ok. I will check with him. Thanks

On Wed, Jun 1, 2016 at 11:46 AM, Nuwan Dias <nuw...@wso2.com> wrote:

> Ruwan worked on embedding the portal within the admin-dashboard. Can you
> please talk to him and see what this means in that context?
>
> On Wed, Jun 1, 2016 at 11:43 AM, Megala Uthayakumar <meg...@wso2.com>
> wrote:
>
>> No. This is the portal coming from carbon-dashboard feature. It is
>> different from admin-dashboard. Please see the screen-shot thanks.
>>
>> On Wed, Jun 1, 2016 at 11:36 AM, Nuwan Dias <nuw...@wso2.com> wrote:
>>
>>> Portal in the sense admin-dashboard right?
>>>
>>> On Wed, Jun 1, 2016 at 11:33 AM, Megala Uthayakumar <meg...@wso2.com>
>>> wrote:
>>>
>>>> I have already mounted the registry and publisher app is working fine
>>>> in tenant mode as well. This issue only exists in the portal app.
>>>>
>>>> Thanks.
>>>>
>>>> Regards,
>>>> Megala
>>>>
>>>> On Wed, Jun 1, 2016 at 11:26 AM, Nuwan Dias <nuw...@wso2.com> wrote:
>>>>
>>>>> You need to share the same registry (mount registries) between IS and
>>>>> APIM to make this work for tenants.
>>>>>
>>>>> Its because tenants have their key stores in the registry and the SAML
>>>>> response is signed using the key in this key store. If they don't share 
>>>>> the
>>>>> registry signing will be done by one key and verification will be done by 
>>>>> a
>>>>> non-matching public key. Hence, signature validation will fail.
>>>>>
>>>>> Disabling signature validation poses a security threat. Therefore its
>>>>> not recommended to do that.
>>>>>
>>>>> Thanks,
>>>>> NuwanD.
>>>>>
>>>>> On Wed, Jun 1, 2016 at 11:16 AM, Megala Uthayakumar <meg...@wso2.com>
>>>>> wrote:
>>>>>
>>>>>> It is working when I remove that signature validation part from
>>>>>> acs.jag
>>>>>>
>>>>>> On Wed, Jun 1, 2016 at 9:35 AM, Udara Rathnayake <uda...@wso2.com>
>>>>>> wrote:
>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> On Wed, Jun 1, 2016 at 8:53 AM, Megala Uthayakumar <meg...@wso2.com>
>>>>>>> wrote:
>>>>>>>
>>>>>>>> Hi All,
>>>>>>>>
>>>>>>>> I am trying to configure SSO in APIM 2.0.x by following [1].
>>>>>>>> Publisher and Store jaggery apps work as expected but when I try to 
>>>>>>>> login
>>>>>>>> to portal app(Portal of Dashboard Server) using SSO, it works fine 
>>>>>>>> when I
>>>>>>>> am logging in as super-tenant user but whenever I try to login in as a 
>>>>>>>> user
>>>>>>>> from other tenants, it throws following error,
>>>>>>>>
>>>>>>>> org.opensaml.xml.validation.ValidationException: Signature did not
>>>>>>>> validate against the credential's key
>>>>>>>>
>>>>>>> ​For the moment, shall we disable the signature validation and try?​
>>>>>>>
>>>>>>>
>>>>>>>> at
>>>>>>>> org.opensaml.xml.signature.SignatureValidator.validate(SignatureValidator.java:79)
>>>>>>>> at
>>>>>>>> org.jaggeryjs.modules.sso.common.util.Util.validateSignature(Util.java:290)
>>>>>>>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>>>>>>>> at
>>>>>>>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
>>>>>>>> at
>>>>>>>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>>>>>>>> at java.lang.reflect.Method.invoke(Method.java:606)
>>>>>>>> at org.mozilla.javascript.MemberBox.invoke(MemberBox.java:126)
>>>>>>>> at
>>>>>>>> org.mozilla.javascript.NativeJavaMethod.call(NativeJavaMethod.java:225)
>>>>>>>> at
>>>>>>>> org.mozilla.javascript.optimizer.OptRuntime.callN(OptRuntime.java:52)
>>>>>>>> at
>>>>>>>> org.jaggeryjs.rhino.<sso>.scripts.c0._c_anonymous_3(<sso>/scripts/sso.client.js:57)
>>>>>>>> at
>>>>>>>> org.jaggeryjs.rhino.<sso>.scripts.c0.call(<sso>/scripts/sso.client.js)
>>>>>>>> at
>>>>>>>> org.mozilla.javascript.optimizer.OptRuntime.call2(OptRuntime.java:42)
>>>>>>>> at
>>>>>>>> org.jaggeryjs.rhino.portal.controllers.c3._c_anonymous_1(/portal/controllers/acs.jag:77)
>>>>>>>> at
>>>>>>>> org.jaggeryjs.rhino.portal.controllers.c3.call(/portal/controllers/acs.jag)
>>>>>>>> at
>>>>>>>> org.mozilla.javascript.optimizer.OptRuntime.call0(OptRuntime.java:23)
>>>>>>>> at
>>>>>>>> org.jaggeryjs.rhino.portal.controllers.c3._c_script_0(/portal/controllers/acs.jag:20)
>>>>>>>> at
>>>>>>>> org.jaggeryjs.rhino.portal.controllers.c3.call(/portal/controllers/acs.jag)
>>>>>>>> at
>>>>>>>> org.mozilla.javascript.ContextFactory.doTopCall(ContextFactory.java:394)
>>>>>>>> at
>>>>>>>> org.mozilla.javascript.ScriptRuntime.doTopCall(ScriptRuntime.java:3091)
>>>>>>>> at
>>>>>>>> org.jaggeryjs.rhino.portal.controllers.c3.call(/portal/controllers/acs.jag)
>>>>>>>> at
>>>>>>>> org.jaggeryjs.rhino.portal.controllers.c3.exec(/portal/controllers/acs.jag)
>>>>>>>> at
>>>>>>>> org.jaggeryjs.scriptengine.engine.RhinoEngine.execScript(RhinoEngine.java:567)
>>>>>>>> at
>>>>>>>> org.jaggeryjs.scriptengine.engine.RhinoEngine.exec(RhinoEngine.java:273)
>>>>>>>> at
>>>>>>>> org.jaggeryjs.jaggery.core.manager.WebAppManager.exec(WebAppManager.java:587)
>>>>>>>> at
>>>>>>>> org.jaggeryjs.jaggery.core.manager.WebAppManager.execute(WebAppManager.java:507)
>>>>>>>> at
>>>>>>>> org.jaggeryjs.jaggery.core.JaggeryServlet.doPost(JaggeryServlet.java:29)
>>>>>>>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:650)
>>>>>>>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:731)
>>>>>>>> at
>>>>>>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303)
>>>>>>>> at
>>>>>>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
>>>>>>>> at
>>>>>>>> org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:747)
>>>>>>>> at
>>>>>>>> org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDispatcher.java:485)
>>>>>>>> at
>>>>>>>> org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:377)
>>>>>>>> at
>>>>>>>> org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:337)
>>>>>>>> at
>>>>>>>> org.jaggeryjs.jaggery.core.JaggeryFilter.doFilter(JaggeryFilter.java:21)
>>>>>>>> at
>>>>>>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
>>>>>>>> at
>>>>>>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
>>>>>>>> at
>>>>>>>> org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
>>>>>>>> at
>>>>>>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
>>>>>>>> at
>>>>>>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
>>>>>>>> at
>>>>>>>> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220)
>>>>>>>> at
>>>>>>>> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122)
>>>>>>>> at
>>>>>>>> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:505)
>>>>>>>> at
>>>>>>>> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:169)
>>>>>>>> at
>>>>>>>> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
>>>>>>>> at
>>>>>>>> org.wso2.carbon.tomcat.ext.valves.CompositeValve.continueInvocation(CompositeValve.java:99)
>>>>>>>> at
>>>>>>>> org.wso2.carbon.tomcat.ext.valves.CarbonTomcatValve$1.invoke(CarbonTomcatValve.java:47)
>>>>>>>> at
>>>>>>>> org.wso2.carbon.webapp.mgt.TenantLazyLoaderValve.invoke(TenantLazyLoaderValve.java:57)
>>>>>>>> at
>>>>>>>> org.wso2.carbon.event.receiver.core.internal.tenantmgt.TenantLazyLoaderValve.invoke(TenantLazyLoaderValve.java:48)
>>>>>>>> at
>>>>>>>> org.wso2.carbon.tomcat.ext.valves.TomcatValveContainer.invokeValves(TomcatValveContainer.java:47)
>>>>>>>> at
>>>>>>>> org.wso2.carbon.tomcat.ext.valves.CompositeValve.invoke(CompositeValve.java:62)
>>>>>>>> at
>>>>>>>> org.wso2.carbon.tomcat.ext.valves.CarbonStuckThreadDetectionValve.invoke(CarbonStuckThreadDetectionValve.java:159)
>>>>>>>> at
>>>>>>>> org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:956)
>>>>>>>> at
>>>>>>>> org.wso2.carbon.tomcat.ext.valves.CarbonContextCreatorValve.invoke(CarbonContextCreatorValve.java:57)
>>>>>>>> at
>>>>>>>> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
>>>>>>>> at
>>>>>>>> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:436)
>>>>>>>> at
>>>>>>>> org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1078)
>>>>>>>> at
>>>>>>>> org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:625)
>>>>>>>> at
>>>>>>>> org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1749)
>>>>>>>> at
>>>>>>>> org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1708)
>>>>>>>> at
>>>>>>>> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
>>>>>>>> at
>>>>>>>> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
>>>>>>>> at
>>>>>>>> org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
>>>>>>>> at java.lang.Thread.run(Thread.java:745)
>>>>>>>>
>>>>>>>> When I tried the same setup in product-ds using the internal
>>>>>>>> identity server, it works fine for both super-tenant and other tenants.
>>>>>>>>
>>>>>>>> What could be the possible reason for this? Any help on this is
>>>>>>>> highly appreciated.
>>>>>>>>
>>>>>>>> [1]
>>>>>>>> https://docs.wso2.com/display/AM1100/Configuring+Single+Sign-on+with+SAML2#ConfiguringSingleSign-onwithSAML2-ConfiguringWSO2APIManagerappsasSAML2.0SSOserviceproviders
>>>>>>>> Thanks.
>>>>>>>>
>>>>>>>> Regards,
>>>>>>>> Megala
>>>>>>>> --
>>>>>>>> Megala Uthayakumar
>>>>>>>>
>>>>>>>> Software Engineer
>>>>>>>> Mobile : 0779967122
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>> Regards,
>>>>>>> UdaraR
>>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>> Megala Uthayakumar
>>>>>>
>>>>>> Software Engineer
>>>>>> Mobile : 0779967122
>>>>>>
>>>>>> _______________________________________________
>>>>>> Dev mailing list
>>>>>> Dev@wso2.org
>>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> Nuwan Dias
>>>>>
>>>>> Technical Lead - WSO2, Inc. http://wso2.com
>>>>> email : nuw...@wso2.com
>>>>> Phone : +94 777 775 729
>>>>>
>>>>
>>>>
>>>>
>>>> --
>>>> Megala Uthayakumar
>>>>
>>>> Software Engineer
>>>> Mobile : 0779967122
>>>>
>>>
>>>
>>>
>>> --
>>> Nuwan Dias
>>>
>>> Technical Lead - WSO2, Inc. http://wso2.com
>>> email : nuw...@wso2.com
>>> Phone : +94 777 775 729
>>>
>>
>>
>>
>> --
>> Megala Uthayakumar
>>
>> Software Engineer
>> Mobile : 0779967122
>>
>
>
>
> --
> Nuwan Dias
>
> Technical Lead - WSO2, Inc. http://wso2.com
> email : nuw...@wso2.com
> Phone : +94 777 775 729
>



-- 
Megala Uthayakumar

Software Engineer
Mobile : 0779967122
_______________________________________________
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Reply via email to