Hello again,
I followed the tutorial in [1] to configure my Identity Server (IS) as a
key manager for my API Manager (AM). When I create my Production & Sandbox
applications in the AM, I can see service providers created in the IS. I
configures them to use SAML to retrieve informations like the roles, if the
authentication is successfull. And I can "exchange" my SAML assertion for a
OAuth token. So, everything is cool, here.
But, when I try to reuse this OAuth token to access to a resource via the
AM, it rejects me with this sweet message:
<ams:fault xmlns:ams="http://wso2.org/apimanager/security";>
<ams:code>900900</ams:code>
<ams:message>Unclassified Authentication Failure</ams:message>
<ams:description>Resource forbidden</ams:description>
</ams:fault>
But no errors in the logs but just a WARN. So, I activated the DEBUG mode
and then, I can see some intersting things:
[2017-06-15 16:44:52,954] WARN - APIAuthenticationHandler API
authentication failure due to Unclassified Authentication Failure
[2017-06-15 16:44:52,954] DEBUG - APIAuthenticationHandler API
authentication failed with error 900900
org.wso2.carbon.apimgt.gateway.handlers.security.APISecurityException:
Resource forbidden
at
org.wso2.carbon.apimgt.gateway.handlers.security.keys.WSAPIKeyDataStore.getAPIKeyData(WSAPIKeyDataStore.java:51)
at
org.wso2.carbon.apimgt.gateway.handlers.security.APIKeyValidator.doGetKeyValidationInfo(APIKeyValidator.java:253)
at
org.wso2.carbon.apimgt.gateway.handlers.security.APIKeyValidator.getKeyValidationInfo(APIKeyValidator.java:209)
at
org.wso2.carbon.apimgt.gateway.handlers.security.oauth.OAuthAuthenticator.authenticate(OAuthAuthenticator.java:196)
at
org.wso2.carbon.apimgt.gateway.handlers.security.APIAuthenticationHandler.handleRequest(APIAuthenticationHandler.java:117)
at org.apache.synapse.rest.API.process(API.java:325)
at
org.apache.synapse.rest.RESTRequestHandler.dispatchToAPI(RESTRequestHandler.java:90)
at
org.apache.synapse.rest.RESTRequestHandler.process(RESTRequestHandler.java:69)
at
org.apache.synapse.core.axis2.Axis2SynapseEnvironment.injectMessage(Axis2SynapseEnvironment.java:304)
at
org.apache.synapse.core.axis2.SynapseMessageReceiver.receive(SynapseMessageReceiver.java:78)
at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:180)
at
org.apache.synapse.transport.passthru.ServerWorker.processNonEntityEnclosingRESTHandler(ServerWorker.java:325)
at
org.apache.synapse.transport.passthru.ServerWorker.run(ServerWorker.java:158)
at
org.apache.axis2.transport.base.threads.NativeWorkerPool$1.run(NativeWorkerPool.java:172)
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)
Caused by:
org.wso2.carbon.apimgt.gateway.handlers.security.APISecurityException:
Error while accessing backend services for API key validation
at
org.wso2.carbon.apimgt.gateway.handlers.security.keys.APIKeyValidatorClient.getAPIKeyData(APIKeyValidatorClient.java:114)
at
org.wso2.carbon.apimgt.gateway.handlers.security.keys.WSAPIKeyDataStore.getAPIKeyData(WSAPIKeyDataStore.java:48)
... 16 more
Caused by: org.apache.axis2.AxisFault: org.apache.axis2.AxisFault: Mapping
qname not fond for the package: java.util
>From here, I don't know what to do since I tried some fancy URLs for the
ServerURL value in the elements AuthManager and APIKeyValidator.
My IS has an offset of 5 so the port is 9448. Here is the URL I used to
point to the IS server: https://localhost:9448/services/
Is there a way to know in which URL the IS deploy its Key Manager feature
web services (WS)?
Should I reinstall the Key Manager feature in the IS?
Regards,
Thomas
[1]
https://docs.wso2.com/display/AM210/Configuring+WSO2+Identity+Server+as+a+Key+Manager
_______________________________________________
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev
