Hi Isura, In the log files, please search for “vazquj2”. That is the user who fails to login. I’ll send the conf files shortly. After more research it seems that APIM is looking user roles in UM_ROLES instead of UM_HYBRID_ROLES.
Thanks, Javier From: Isura Karunaratne [mailto:is...@wso2.com] Sent: Monday, May 29, 2017 1:24 AM To: Vazquez-Hidalgo, Javier Cc: dev@wso2.org Subject: Re: [Dev] API 2.1.0 + Identity Server 5.3.0 Hi Javier, According to the apim-wso2carbon.log file, only admin user tried login to the APIM instance and it was a success login. Please attach the log, once the store login failure occurs. Also, attach the conf folders in each products. Thanks Isura. On Fri, May 26, 2017 at 8:56 PM, Vazquez-Hidalgo, Javier <javier.vazquez-hida...@tdsecurities.com<mailto:javier.vazquez-hida...@tdsecurities.com>> wrote: Hi Isura, Thanks for your help! Attached to the email are both logs with “log4j.logger.org.wso2.carbon.user.core=DEBUG” enabled. Regards, Javier From: Isura Karunaratne [mailto:is...@wso2.com<mailto:is...@wso2.com>] Sent: Friday, May 26, 2017 3:10 AM To: Vazquez-Hidalgo, Javier Cc: dev@wso2.org<mailto:dev@wso2.org> Subject: Re: [Dev] API 2.1.0 + Identity Server 5.3.0 Hi Javier, We need additional information to analyze the issue. Attach the wso2carbon.log file after enabling the debug logs for org.wso2.carbon.user.core package as follows. Add following entry to /repository/conf/log4j.properties file log4j.logger.org.wso2.carbon.user.core=DEBUG Thanks Isura. On Fri, May 26, 2017 at 12:50 AM, Vazquez-Hidalgo, Javier <javier.vazquez-hida...@tdsecurities.com<mailto:javier.vazquez-hida...@tdsecurities.com>> wrote: Hello, I’m trying to setup APIM 2.1.0 + Identity Server 5.3.0 on separate boxes, at this point I have all configurations in place with shared databases and I added a secondary User Store (Read-Only LDAP) on the Identity Server and I’m able to assign permissions, etc.. The problem I’m having is that when I try to login to the API Store using a user from the secondary user store I get the following error in the login screen: “Error! Login failed. Insufficient Privileges.” APIM Logs: ------------- [2017-05-25 14:49:52,812] ERROR - JDBCAuthorizationManager Error occurred while accessing Java Security Manager Privilege Block [2017-05-25 14:49:52,812] ERROR - APIStoreHostObject Login failed. Insufficient Privileges. IS Log: ----------- [2017-05-25 14:49:52,498] INFO {org.wso2.carbon.core.services.util.CarbonAuthenticationUtil} - 'DOMAIN/xxx@carbon.super [-1234]' logged in at [2017-05-25 14:49:52,497-0400] So, it seems that the user is authenticated but something is happening. Just to be clear, the user from the secondary user store has “Internal/subscriber” role which should be sufficient to login. I also created a test user in the IS primary store and assigned “Internal/subscriber” role and that worked fine. Any help or pointers is appreciated. Thanks, Javier Vazquez If you wish to unsubscribe from receiving commercial electronic messages from TD Bank Group, please click here<http://www.td.com/tdoptout> or go to the following web address: www.td.com/tdoptout<http://www.td.com/tdoptout> Si vous souhaitez vous désabonner des messages électroniques de nature commerciale envoyés par Groupe Banque TD veuillez cliquer ici<http://www.td.com/tddesab> ou vous rendre à l'adresse www.td.com/tddesab<http://www.td.com/tddesab> NOTICE: Confidential message which may be privileged. Unauthorized use/disclosure prohibited. If received in error, please go to www.td.com/legal<http://www.td.com/legal> for instructions. AVIS : Message confidentiel dont le contenu peut être privilégié. Utilisation/divulgation interdites sans permission. Si reçu par erreur, prière d'aller au www.td.com/francais/avis_juridique<http://www.td.com/francais/avis_juridique> pour des instructions. _______________________________________________ Dev mailing list Dev@wso2.org<mailto:Dev@wso2.org> http://wso2.org/cgi-bin/mailman/listinfo/dev -- Isura Dilhara Karunaratne Senior Software Engineer | WSO2 Email: is...@wso2.com<mailto:is...@wso2.com> Mob : +94 772 254 810<tel:+94%2077%20225%204810> Blog : http://isurad.blogspot.com/ -- Isura Dilhara Karunaratne Senior Software Engineer | WSO2 Email: is...@wso2.com<mailto:is...@wso2.com> Mob : +94 772 254 810 Blog : http://isurad.blogspot.com/
_______________________________________________ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev