ok. I will check with him. Thanks On Wed, Jun 1, 2016 at 11:46 AM, Nuwan Dias <nuw...@wso2.com> wrote:
> Ruwan worked on embedding the portal within the admin-dashboard. Can you > please talk to him and see what this means in that context? > > On Wed, Jun 1, 2016 at 11:43 AM, Megala Uthayakumar <meg...@wso2.com> > wrote: > >> No. This is the portal coming from carbon-dashboard feature. It is >> different from admin-dashboard. Please see the screen-shot thanks. >> >> On Wed, Jun 1, 2016 at 11:36 AM, Nuwan Dias <nuw...@wso2.com> wrote: >> >>> Portal in the sense admin-dashboard right? >>> >>> On Wed, Jun 1, 2016 at 11:33 AM, Megala Uthayakumar <meg...@wso2.com> >>> wrote: >>> >>>> I have already mounted the registry and publisher app is working fine >>>> in tenant mode as well. This issue only exists in the portal app. >>>> >>>> Thanks. >>>> >>>> Regards, >>>> Megala >>>> >>>> On Wed, Jun 1, 2016 at 11:26 AM, Nuwan Dias <nuw...@wso2.com> wrote: >>>> >>>>> You need to share the same registry (mount registries) between IS and >>>>> APIM to make this work for tenants. >>>>> >>>>> Its because tenants have their key stores in the registry and the SAML >>>>> response is signed using the key in this key store. If they don't share >>>>> the >>>>> registry signing will be done by one key and verification will be done by >>>>> a >>>>> non-matching public key. Hence, signature validation will fail. >>>>> >>>>> Disabling signature validation poses a security threat. Therefore its >>>>> not recommended to do that. >>>>> >>>>> Thanks, >>>>> NuwanD. >>>>> >>>>> On Wed, Jun 1, 2016 at 11:16 AM, Megala Uthayakumar <meg...@wso2.com> >>>>> wrote: >>>>> >>>>>> It is working when I remove that signature validation part from >>>>>> acs.jag >>>>>> >>>>>> On Wed, Jun 1, 2016 at 9:35 AM, Udara Rathnayake <uda...@wso2.com> >>>>>> wrote: >>>>>> >>>>>>> >>>>>>> >>>>>>> On Wed, Jun 1, 2016 at 8:53 AM, Megala Uthayakumar <meg...@wso2.com> >>>>>>> wrote: >>>>>>> >>>>>>>> Hi All, >>>>>>>> >>>>>>>> I am trying to configure SSO in APIM 2.0.x by following [1]. >>>>>>>> Publisher and Store jaggery apps work as expected but when I try to >>>>>>>> login >>>>>>>> to portal app(Portal of Dashboard Server) using SSO, it works fine >>>>>>>> when I >>>>>>>> am logging in as super-tenant user but whenever I try to login in as a >>>>>>>> user >>>>>>>> from other tenants, it throws following error, >>>>>>>> >>>>>>>> org.opensaml.xml.validation.ValidationException: Signature did not >>>>>>>> validate against the credential's key >>>>>>>> >>>>>>> For the moment, shall we disable the signature validation and try? >>>>>>> >>>>>>> >>>>>>>> at >>>>>>>> org.opensaml.xml.signature.SignatureValidator.validate(SignatureValidator.java:79) >>>>>>>> at >>>>>>>> org.jaggeryjs.modules.sso.common.util.Util.validateSignature(Util.java:290) >>>>>>>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) >>>>>>>> at >>>>>>>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) >>>>>>>> at >>>>>>>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) >>>>>>>> at java.lang.reflect.Method.invoke(Method.java:606) >>>>>>>> at org.mozilla.javascript.MemberBox.invoke(MemberBox.java:126) >>>>>>>> at >>>>>>>> org.mozilla.javascript.NativeJavaMethod.call(NativeJavaMethod.java:225) >>>>>>>> at >>>>>>>> org.mozilla.javascript.optimizer.OptRuntime.callN(OptRuntime.java:52) >>>>>>>> at >>>>>>>> org.jaggeryjs.rhino.<sso>.scripts.c0._c_anonymous_3(<sso>/scripts/sso.client.js:57) >>>>>>>> at >>>>>>>> org.jaggeryjs.rhino.<sso>.scripts.c0.call(<sso>/scripts/sso.client.js) >>>>>>>> at >>>>>>>> org.mozilla.javascript.optimizer.OptRuntime.call2(OptRuntime.java:42) >>>>>>>> at >>>>>>>> org.jaggeryjs.rhino.portal.controllers.c3._c_anonymous_1(/portal/controllers/acs.jag:77) >>>>>>>> at >>>>>>>> org.jaggeryjs.rhino.portal.controllers.c3.call(/portal/controllers/acs.jag) >>>>>>>> at >>>>>>>> org.mozilla.javascript.optimizer.OptRuntime.call0(OptRuntime.java:23) >>>>>>>> at >>>>>>>> org.jaggeryjs.rhino.portal.controllers.c3._c_script_0(/portal/controllers/acs.jag:20) >>>>>>>> at >>>>>>>> org.jaggeryjs.rhino.portal.controllers.c3.call(/portal/controllers/acs.jag) >>>>>>>> at >>>>>>>> org.mozilla.javascript.ContextFactory.doTopCall(ContextFactory.java:394) >>>>>>>> at >>>>>>>> org.mozilla.javascript.ScriptRuntime.doTopCall(ScriptRuntime.java:3091) >>>>>>>> at >>>>>>>> org.jaggeryjs.rhino.portal.controllers.c3.call(/portal/controllers/acs.jag) >>>>>>>> at >>>>>>>> org.jaggeryjs.rhino.portal.controllers.c3.exec(/portal/controllers/acs.jag) >>>>>>>> at >>>>>>>> org.jaggeryjs.scriptengine.engine.RhinoEngine.execScript(RhinoEngine.java:567) >>>>>>>> at >>>>>>>> org.jaggeryjs.scriptengine.engine.RhinoEngine.exec(RhinoEngine.java:273) >>>>>>>> at >>>>>>>> org.jaggeryjs.jaggery.core.manager.WebAppManager.exec(WebAppManager.java:587) >>>>>>>> at >>>>>>>> org.jaggeryjs.jaggery.core.manager.WebAppManager.execute(WebAppManager.java:507) >>>>>>>> at >>>>>>>> org.jaggeryjs.jaggery.core.JaggeryServlet.doPost(JaggeryServlet.java:29) >>>>>>>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:650) >>>>>>>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:731) >>>>>>>> at >>>>>>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303) >>>>>>>> at >>>>>>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) >>>>>>>> at >>>>>>>> org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:747) >>>>>>>> at >>>>>>>> org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDispatcher.java:485) >>>>>>>> at >>>>>>>> org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:377) >>>>>>>> at >>>>>>>> org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:337) >>>>>>>> at >>>>>>>> org.jaggeryjs.jaggery.core.JaggeryFilter.doFilter(JaggeryFilter.java:21) >>>>>>>> at >>>>>>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) >>>>>>>> at >>>>>>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) >>>>>>>> at >>>>>>>> org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52) >>>>>>>> at >>>>>>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) >>>>>>>> at >>>>>>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) >>>>>>>> at >>>>>>>> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220) >>>>>>>> at >>>>>>>> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122) >>>>>>>> at >>>>>>>> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:505) >>>>>>>> at >>>>>>>> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:169) >>>>>>>> at >>>>>>>> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103) >>>>>>>> at >>>>>>>> org.wso2.carbon.tomcat.ext.valves.CompositeValve.continueInvocation(CompositeValve.java:99) >>>>>>>> at >>>>>>>> org.wso2.carbon.tomcat.ext.valves.CarbonTomcatValve$1.invoke(CarbonTomcatValve.java:47) >>>>>>>> at >>>>>>>> org.wso2.carbon.webapp.mgt.TenantLazyLoaderValve.invoke(TenantLazyLoaderValve.java:57) >>>>>>>> at >>>>>>>> org.wso2.carbon.event.receiver.core.internal.tenantmgt.TenantLazyLoaderValve.invoke(TenantLazyLoaderValve.java:48) >>>>>>>> at >>>>>>>> org.wso2.carbon.tomcat.ext.valves.TomcatValveContainer.invokeValves(TomcatValveContainer.java:47) >>>>>>>> at >>>>>>>> org.wso2.carbon.tomcat.ext.valves.CompositeValve.invoke(CompositeValve.java:62) >>>>>>>> at >>>>>>>> org.wso2.carbon.tomcat.ext.valves.CarbonStuckThreadDetectionValve.invoke(CarbonStuckThreadDetectionValve.java:159) >>>>>>>> at >>>>>>>> org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:956) >>>>>>>> at >>>>>>>> org.wso2.carbon.tomcat.ext.valves.CarbonContextCreatorValve.invoke(CarbonContextCreatorValve.java:57) >>>>>>>> at >>>>>>>> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116) >>>>>>>> at >>>>>>>> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:436) >>>>>>>> at >>>>>>>> org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1078) >>>>>>>> at >>>>>>>> org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:625) >>>>>>>> at >>>>>>>> org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1749) >>>>>>>> at >>>>>>>> org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1708) >>>>>>>> at >>>>>>>> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) >>>>>>>> at >>>>>>>> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) >>>>>>>> at >>>>>>>> org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) >>>>>>>> at java.lang.Thread.run(Thread.java:745) >>>>>>>> >>>>>>>> When I tried the same setup in product-ds using the internal >>>>>>>> identity server, it works fine for both super-tenant and other tenants. >>>>>>>> >>>>>>>> What could be the possible reason for this? Any help on this is >>>>>>>> highly appreciated. >>>>>>>> >>>>>>>> [1] >>>>>>>> https://docs.wso2.com/display/AM1100/Configuring+Single+Sign-on+with+SAML2#ConfiguringSingleSign-onwithSAML2-ConfiguringWSO2APIManagerappsasSAML2.0SSOserviceproviders >>>>>>>> Thanks. >>>>>>>> >>>>>>>> Regards, >>>>>>>> Megala >>>>>>>> -- >>>>>>>> Megala Uthayakumar >>>>>>>> >>>>>>>> Software Engineer >>>>>>>> Mobile : 0779967122 >>>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> Regards, >>>>>>> UdaraR >>>>>>> >>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> Megala Uthayakumar >>>>>> >>>>>> Software Engineer >>>>>> Mobile : 0779967122 >>>>>> >>>>>> _______________________________________________ >>>>>> Dev mailing list >>>>>> Dev@wso2.org >>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>>>> >>>>>> >>>>> >>>>> >>>>> -- >>>>> Nuwan Dias >>>>> >>>>> Technical Lead - WSO2, Inc. http://wso2.com >>>>> email : nuw...@wso2.com >>>>> Phone : +94 777 775 729 >>>>> >>>> >>>> >>>> >>>> -- >>>> Megala Uthayakumar >>>> >>>> Software Engineer >>>> Mobile : 0779967122 >>>> >>> >>> >>> >>> -- >>> Nuwan Dias >>> >>> Technical Lead - WSO2, Inc. http://wso2.com >>> email : nuw...@wso2.com >>> Phone : +94 777 775 729 >>> >> >> >> >> -- >> Megala Uthayakumar >> >> Software Engineer >> Mobile : 0779967122 >> > > > > -- > Nuwan Dias > > Technical Lead - WSO2, Inc. http://wso2.com > email : nuw...@wso2.com > Phone : +94 777 775 729 > -- Megala Uthayakumar Software Engineer Mobile : 0779967122
_______________________________________________ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
