Hello,
Thank you for your answers.
I activated the DEBUG mode on the IS in the
class org.wso2.carbon.apimgt.keymgt.service.APIKeyValidationService and I
can see that the IS receives something because when I send a wrong OAuth
token, its says
[2017-06-16 12:10:00,563] ERROR
{org.wso2.carbon.apimgt.impl.AMDefaultKeyManagerImpl} - Invalid OAuth
Token : Invalid accessken
And when I send a right one:
[2017-06-16 14:19:52,028] DEBUG
{org.wso2.carbon.apimgt.keymgt.service.APIKeyValidationService} - OAuth
token response from Manager to gateway: , appName=myApp ,
userName=myUser@carbon.super , transactionId= ,
consumerKey=5bWQioSHWbt9I24xizeP0o20a , isAuthorized=true ,
responseTime=Fri Jun 16 14:19:52 CEST 2017
[2017-06-16 14:19:52,028] DEBUG
{org.wso2.carbon.apimgt.keymgt.service.APIKeyValidationService} -
APIKeyValidationInfoDTO bee returning : APIKeyValidationInfoDTO = {
authorized:true , subscriber:admin , tier:Unlimited , type:PRODUCTION ,
userType:APPLICATION_USER , endUserToken:null ,
endUserName:myUser@carbon.super , applicationId:3 ,
applicationName:myApp , applicationr:Unlimited , validationStatus:0 ,
validityPeriod:2009000 , issuedTime:1497615592019 , apiName:MyAPI ,
consumerKey:5bWQioSH9I24xizeP0oxTw20a , spikeArrestLimit:0 ,
spikeArrestUnit:null , subscriberTenantDomain:carbon.super ,
stopOnQuotaReach:true ,iPublisher:admin]]
We can see the authorized: true (if that means something) so it is like the
API manager don't know how to interpret this message and take a shortcut to
conclusion because of an Axis error. So from here, I don't know what to do
:(
Regards,
Thomas
2017-06-16 13:13 GMT+02:00 Farasath Ahamed <farasa...@wso2.com>:
>
>
>
>
> On Fri, Jun 16, 2017 at 4:37 PM, Rajith Roshan <raji...@wso2.com> wrote:
>
>> Hi Thomas,
>>
>> You need to subscribe to that particular api from the application you
>> have generated access token. if there is no valid subscription then this
>> error can happen.
>> And also if you have assigned specif scopes to api resource , then the
>> access token should also have that scopes when it was generated.
>> This resource forbidden issue can occur due to above mentioned errors.
>>
>
> In those cases shouldn't the error codes be different according to [1].
>
>
> <ams:fault xmlns:ams="http://wso2.org/apimanager/security";>
> <ams:code>900900</ams:code>
> <ams:message>Unclassified Authentication Failure</ams:message>
> <ams:description>Resource forbidden</ams:description>
> </ams:fault>
>
> Error code 900900. according [1] says that,
> Backend service for key validation is not accessible when trying to invoke
> an API
>
>
>
>
> [1] https://docs.wso2.com/display/AM210/Error+Handling
>
>
>>
>> Thanks!
>> Rajith
>>
>> On Fri, Jun 16, 2017 at 12:32 PM, Thomas LEGRAND <
>> thomas.legr...@versusmind.eu> wrote:
>>
>>> Hello !
>>>
>>> Sure. Here is my api-manager.xml AM configuration file:
>>>
>>> <APIManager>
>>> <!-- JNDI name of the data source to be used by the API publisher,
>>> API store and API
>>> key manager. This data source should be defined in the
>>> master-datasources.xml file
>>> in conf/datasources directory. -->
>>> <DataSourceName>jdbc/WSO2AM_DB</DataSourceName>
>>>
>>> <!-- This parameter is used when adding api management capability to
>>> other products like GReg, AS, DSS etc.-->
>>> <!--GatewayType>Synapse</GatewayType-->
>>> <GatewayType>None</GatewayType>
>>>
>>> <!-- This parameter is used to enable the securevault support when
>>> try to publish endpoint secured APIs. Values should be "true" or "false".
>>> By default secure vault is disabled.-->
>>> <EnableSecureVault>false</EnableSecureVault>
>>>
>>> <!-- Authentication manager configuration for API publisher and API
>>> store. This is
>>> a required configuration for both web applications as their
>>> user authentication
>>> logic relies on this. -->
>>> <AuthManager>
>>> <!-- Server URL of the Authentication service -->
>>> <!--ServerURL>https://localhost:${mgt.transport.https.port}$
>>> {carbon.context}services/</ServerURL-->
>>> <ServerURL>https://localhost:9448/services/</ServerURL>
>>> <!-- Admin username for the Authentication manager. -->
>>> <Username>${admin.username}</Username>
>>> <!-- Admin password for the Authentication manager. -->
>>> <Password>${admin.password}</Password>
>>> <!-- Indicates whether the permissions checking of the user (on
>>> the Publisher and Store) should be done
>>> via a remote service. The check will be done on the local
>>> server when false. -->
>>> <CheckPermissionsRemotely>false</CheckPermissionsRemotely>
>>> </AuthManager>
>>>
>>> <JWTConfiguration>
>>> <!-- Enable/Disable JWT generation. Default is false. -->
>>> <!-- EnableJWTGeneration>false</EnableJWTGeneration-->
>>>
>>> <!-- Name of the security context header to be added to the
>>> validated requests. -->
>>> <JWTHeader>X-JWT-Assertion</JWTHeader>
>>>
>>> <!-- Fully qualified name of the class that will retrieve
>>> additional user claims
>>> to be appended to the JWT. If not specified no claims will
>>> be appended.If user wants to add all user claims in the
>>> jwt token, he needs to enable this parameter.
>>> The DefaultClaimsRetriever class adds user claims from the
>>> default carbon user store. -->
>>> <!--ClaimsRetrieverImplClass>org.wso2.carbon.apimgt.impl.tok
>>> en.DefaultClaimsRetriever</ClaimsRetrieverImplClass-->
>>>
>>> <!-- The dialectURI under which the claimURIs that need to be
>>> appended to the
>>> JWT are defined. Not used with custom ClaimsRetriever
>>> implementations. The
>>> same value is used in the keys for appending the default
>>> properties to the
>>> JWT. -->
>>> <!--ConsumerDialectURI>http://wso2.org/claims</ConsumerDiale
>>> ctURI-->
>>>
>>> <!-- Signature algorithm. Accepts "SHA256withRSA" or "NONE". To
>>> disable signing explicitly specify "NONE". -->
>>> <!--SignatureAlgorithm>SHA256withRSA</SignatureAlgorithm-->
>>>
>>> <!-- This parameter specifies which implementation should be
>>> used for generating the Token. JWTGenerator is the
>>> default implementation provided. -->
>>> <JWTGeneratorImpl>org.wso2.carbon.apimgt.keymgt.token.JWTGen
>>> erator</JWTGeneratorImpl>
>>>
>>> <!-- This parameter specifies which implementation should be
>>> used for generating the Token. For URL safe JWT
>>> Token generation the implementation is provided in
>>> URLSafeJWTGenerator -->
>>> <!--<JWTGeneratorImpl>org.wso2.carbon.apimgt.keymgt.token.UR
>>> LSafeJWTGenerator</JWTGeneratorImpl>-->
>>>
>>> <!-- Remove UserName from JWT Token -->
>>> <!-- <RemoveUserNameFromJWTForAppli
>>> cationToken>true</RemoveUserNameFromJWTForApplicationToken>-->
>>> </JWTConfiguration>
>>>
>>> <!-- Primary/secondary login configuration for APIstore. If user
>>> likes to keep two login attributes in a distributed setup, to login the
>>> APIstore,
>>> he should configure this section. Primary login doesn't have a claimUri
>>> associated with it. But secondary login, which is a claim attribute,
>>> is associated with a claimuri.-->
>>> <!--LoginConfig>
>>> <UserIdLogin primary="true">
>>> <ClaimUri></ClaimUri>
>>> </UserIdLogin>
>>> <EmailLogin primary="false">
>>> <ClaimUri>http://wso2.org/claims/emailaddress</ClaimUri>
>>> </EmailLogin>
>>> </LoginConfig-->
>>>
>>> <!-- Credentials for the API gateway admin server. This configuration
>>> is mainly used by the API publisher and store to connect to the
>>> API gateway and
>>> create/update published API configurations. -->
>>> <APIGateway>
>>> <!-- The environments to which an API will be published -->
>>> <Environments>
>>> <!-- Environments can be of different types. Allowed values
>>> are 'hybrid', 'production' and 'sandbox'.
>>> An API deployed on a 'production' type gateway will
>>> only support production keys
>>> An API deployed on a 'sandbox' type gateway will only
>>> support sandbox keys
>>> An API deployed on a 'hybrid' type gateway will support
>>> both production and sandbox keys. -->
>>> <!-- api-console element specifies whether the environment
>>> should be listed in API Console or not -->
>>> <Environment type="hybrid" api-console="true">
>>> <Name>Production and Sandbox</Name>
>>> <Description>This is a hybrid gateway that handles both
>>> production and sandbox token traffic.</Description>
>>> <!-- Server URL of the API gateway -->
>>> <ServerURL>https://localhost:$
>>> {mgt.transport.https.port}${carbon.context}services/</ServerURL>
>>> <!-- Admin username for the API gateway. -->
>>> <Username>${admin.username}</Username>
>>> <!-- Admin password for the API gateway.-->
>>> <Password>${admin.password}</Password>
>>> <!-- Endpoint URLs for the APIs hosted in this API
>>> gateway.-->
>>> <GatewayEndpoint>http://${carb
>>> on.local.ip}:${http.nio.port},https://${carbon.local.ip}:${h
>>> ttps.nio.port}</GatewayEndpoint>
>>> </Environment>
>>> </Environments>
>>> </APIGateway>
>>>
>>> <CacheConfigurations>
>>> <!-- Enable/Disable token caching at the Gateway-->
>>> <EnableGatewayTokenCache>true</EnableGatewayTokenCache>
>>> <!-- Enable/Disable API resource caching at the Gateway-->
>>> <EnableGatewayResourceCache>true</EnableGatewayResourceCache>
>>> <!-- Enable/Disable API key validation information caching at
>>> key-management server -->
>>> <EnableKeyManagerTokenCache>false</EnableKeyManagerTokenCache>
>>> <!-- This parameter specifies whether Recently Added APIs will
>>> be loaded from the cache or not.
>>> If there are multiple API modification during a short time
>>> period, better to disable cache. -->
>>> <EnableRecentlyAddedAPICache>false</EnableRecentlyAddedAPICache>
>>> <!-- JWT claims Cache expiry in seconds -->
>>> <!--JWTClaimCacheExpiry>900</JWTClaimCacheExpiry-->
>>> <!-- Expiry time for the apim key mgt validation info cache -->
>>> <!--TokenCacheExpiry>900</TokenCacheExpiry-->
>>> <!-- This parameter specifies the expiration time of the
>>> TagCache. TagCache will
>>> only be created when this element is uncommented. When the
>>> specified
>>> time duration gets elapsed ,tag cache will get
>>> re-generated. -->
>>> <!--TagCacheDuration>120000</TagCacheDuration-->
>>> </CacheConfigurations>
>>>
>>> <!--
>>> API usage tracker configuration used by the DAS data publisher
>>> and
>>> Google Analytics publisher in API gateway.
>>> -->
>>> <Analytics>
>>> <!-- Enable Analytics for API Manager -->
>>> <Enabled>false</Enabled>
>>>
>>> <!-- Server URL of the remote DAS/CEP server used to collect
>>> statistics. Must
>>> be specified in protocol://hostname:port/ format.
>>>
>>> An event can also be published to multiple Receiver Groups
>>> each having 1 or more receivers. Receiver
>>> Groups are delimited by curly braces whereas receivers are
>>> delimited by commas.
>>> Ex - Multiple Receivers within a single group
>>> tcp://localhost:7612/,tcp://localhost:7613/,tcp://localhost
>>> :7614/
>>>
>>> Ex - Multiple Receiver Groups with two receivers each
>>> {tcp://localhost:7612/,tcp://localhost:7613},{tcp://localho
>>> st:7712/,tcp://localhost:7713/} -->
>>> <DASServerURL>{tcp://localhost:7612}</DASServerURL>
>>> <!--DASAuthServerURL>{ssl://localhost:7712}</DASAuthServerURL-->
>>> <!-- Administrator username to login to the remote DAS server.
>>> -->
>>> <DASUsername>${admin.username}</DASUsername>
>>> <!-- Administrator password to login to the remote DAS server.
>>> -->
>>> <DASPassword>${admin.password}</DASPassword>
>>>
>>> <!-- For APIM implemented Statistic client for RDBMS -->
>>> <StatsProviderImpl>org.wso2.carbon.apimgt.usage.client.impl.
>>> APIUsageStatisticsRdbmsClientImpl</StatsProviderImpl>
>>>
>>> <!-- DAS REST API configuration -->
>>> <DASRestApiURL>https://localhost:9444</DASRestApiURL>
>>> <DASRestApiUsername>${admin.username}</DASRestApiUsername>
>>> <DASRestApiPassword>${admin.password}</DASRestApiPassword>
>>>
>>> <!-- Below property is used to skip trying to connect to event
>>> receiver nodes when publishing events even if
>>> the stats enabled flag is set to true. -->
>>> <SkipEventReceiverConnection>false</SkipEventReceiverConnection>
>>>
>>> <!-- API Usage Data Publisher. -->
>>> <PublisherClass>org.wso2.carbon.apimgt.usage.publisher.APIMg
>>> tUsageDataBridgeDataPublisher</PublisherClass>
>>>
>>> <!-- If below property set to true,then the response message
>>> size will be calculated and publish
>>> with each successful API invocation event. -->
>>> <PublishResponseMessageSize>false</PublishResponseMessageSize>
>>> <!-- Data publishing stream names and versions of API requests,
>>> responses and faults. If the default values
>>> are changed, the toolbox also needs to be changed
>>> accordingly. -->
>>> <Streams>
>>> <Request>
>>> <Name>org.wso2.apimgt.statistics.request</Name>
>>> <Version>1.1.0</Version>
>>> </Request>
>>> <Response>
>>> <Name>org.wso2.apimgt.statistics.response</Name>
>>> <Version>1.1.0</Version>
>>> </Response>
>>> <Fault>
>>> <Name>org.wso2.apimgt.statistics.fault</Name>
>>> <Version>1.0.0</Version>
>>> </Fault>
>>> <Throttle>
>>> <Name>org.wso2.apimgt.statistics.throttle</Name>
>>> <Version>1.0.0</Version>
>>> </Throttle>
>>> <Workflow>
>>> <Name>org.wso2.apimgt.statistics.workflow</Name>
>>> <Version>1.0.0</Version>
>>> </Workflow>
>>> <ExecutionTime>
>>> <Name>org.wso2.apimgt.statistics.execution.time</Name>
>>> <Version>1.0.0</Version>
>>> </ExecutionTime>
>>> <AlertTypes>
>>> <Name>org.wso2.analytics.apim.
>>> alertStakeholderInfo</Name>
>>> <Version>1.0.0</Version>
>>> </AlertTypes>
>>> </Streams>
>>>
>>> </Analytics>
>>>
>>> <!--
>>> API key validator configuration used by API key manager (IS),
>>> API store and API gateway.
>>> API gateway uses it to validate and authenticate users against
>>> the provided API keys.
>>> -->
>>> <APIKeyValidator>
>>> <!-- Server URL of the API key manager -->
>>> <!--ServerURL>https://localhost:${mgt.transport.https.port}$
>>> {carbon.context}services/</ServerURL-->
>>> <ServerURL>https://localhost:9448/services/</ServerURL>
>>>
>>> <!-- Admin username for API key manager. -->
>>> <Username>${admin.username}</Username>
>>> <!-- Admin password for API key manager. -->
>>> <Password>${admin.password}</Password>
>>> <!--Username>admin</Username>
>>> <Password>admin</Password-->
>>>
>>> <!-- Configurations related to enable thrift support for
>>> key-management related communication.
>>> If you want to switch back to Web Service Client, change
>>> the value of "KeyValidatorClientType" to "WSClient".
>>> In a distributed environment;
>>> -If you are at the Gateway node, you need to point
>>> "ThriftClientPort" value to the "ThriftServerPort" value given at
>>> KeyManager node.
>>> -If you need to start two API Manager instances in the same
>>> machine, you need to give different ports to "ThriftServerPort" value in
>>> two nodes.
>>> -ThriftServerHost - Allows to configure a hostname for the
>>> thrift server. It uses the carbon hostname by default.
>>> -The Gateway uses this parameter to connect to the key
>>> validation thrift service. -->
>>> <KeyValidatorClientType>WSClient</KeyValidatorClientType>
>>> <ThriftClientConnectionTimeOut>10000</ThriftClientConnection
>>> TimeOut>
>>> <!--ThriftClientPort>10397</ThriftClientPort-->
>>>
>>> <EnableThriftServer>false</EnableThriftServer>
>>> <ThriftServerHost>localhost</ThriftServerHost>
>>> <!--ThriftServerPort>10397</ThriftServerPort-->
>>>
>>> <!--ConnectionPool>
>>> <MaxIdle>100</MaxIdle>
>>> <InitIdleCapacity>50</InitIdleCapacity>
>>> </ConnectionPool-->
>>> <!-- Specifies the implementation to be used for
>>> KeyValidationHandler. Steps for validating a token can be controlled by
>>> plugging in a
>>> custom KeyValidation Handler -->
>>> <KeyValidationHandlerClassName>org.wso2.carbon.apimgt.keymgt
>>> .handlers.DefaultKeyValidationHandler</KeyValidationHandlerClassName>
>>> </APIKeyValidator>
>>>
>>> <!-- Uncomment this section only if you are going to have an
>>> instance other than KeyValidator as your KeyManager.
>>> Unless a ThirdParty KeyManager is used, you don't need to
>>> configure this section. -->
>>> <!--APIKeyManager>
>>> <KeyManagerClientImpl>org.wso2.carbon.apimgt.impl.AMDefaultK
>>> eyManagerImpl</KeyManagerClientImpl>
>>> <Configuration>
>>> <ServerURL>https://localhost:${mgt.transport.https.port}${ca
>>> rbon.context}services/</ServerURL>
>>> <Username>${admin.username}</Username>
>>> <Password>${admin.password}</Password>
>>> <TokenURL>https://${carbon.local.ip}:${https.nio.port}/token
>>> </TokenURL>
>>> <RevokeURL>https://${carbon.local.ip}:${https.nio.port}/revo
>>> ke</RevokeURL>
>>> </Configuration>
>>> </APIKeyManager-->
>>>
>>> <OAuthConfigurations>
>>> <!-- Remove OAuth headers from outgoing message. -->
>>> <!--RemoveOAuthHeadersFromOutMessage>true</RemoveOAuthHeader
>>> sFromOutMessage-->
>>> <!-- Scope used for marking Application Tokens. If a token is
>>> generated with this scope, they will be treated as Application Access
>>> Tokens -->
>>> <ApplicationTokenScope>am_application_scope</ApplicationToke
>>> nScope>
>>> <!-- All scopes under the ScopeWhitelist element are not
>>> validating against roles that has assigned to it.
>>> By default ^device_.* and openid scopes have been white
>>> listed internally. -->
>>> <!--ScopeWhitelist>
>>> <Scope>^device_.*</Scope>
>>> <Scope>openid</Scope>
>>> </ScopeWhitelist-->
>>> <!-- Name of the token API -->
>>> <TokenEndPointName>/oauth2/token</TokenEndPointName>
>>> <!-- This the API URL for revoke API. When we revoke tokens
>>> revoke requests should go through this
>>> API deployed in API gateway. Then it will do cache
>>> invalidations related to revoked tokens.
>>> In distributed deployment we should configure this property
>>> in key manager node by pointing
>>> gateway https( /http, we recommend users to use 'https'
>>> endpoints for security purpose) url.
>>> Also please note that we should point gateway revoke
>>> service to key manager -->
>>> <RevokeAPIURL>https://localhost:${https.nio.port}/revoke</Re
>>> vokeAPIURL>
>>> <!-- Whether to encrypt tokens when storing in the Database
>>> Note: If changing this value to true, change the value of
>>> <TokenPersistenceProcessor> to
>>>
>>> org.wso2.carbon.identity.oauth.tokenprocessor.EncryptionDecryptionPersistenceProcessor
>>> in the identity.xml -->
>>> <EncryptPersistedTokens>false</EncryptPersistedTokens>
>>> </OAuthConfigurations>
>>>
>>> <!-- Settings related to managing API access tiers. -->
>>> <TierManagement>
>>> <!-- Enable the providers to expose their APIs over the special
>>> 'Unlimited' tier which
>>> basically disables tier based throttling for the specified
>>> APIs. -->
>>> <EnableUnlimitedTier>true</EnableUnlimitedTier>
>>> </TierManagement>
>>>
>>> <!-- API Store Related Configurations -->
>>> <APIStore>
>>> <!--GroupingExtractor>org.wso2.carbon.apimgt.impl.DefaultGro
>>> upIDExtractorImpl</GroupingExtractor-->
>>> <!--This property is used to indicate how we do user name
>>> comparision for token generation https://wso2.org/jira/browse/A
>>> PIMANAGER-2225-->
>>> <CompareCaseInsensitively>true</CompareCaseInsensitively>
>>> <DisplayURL>false</DisplayURL>
>>> <URL>https://localhost:${mgt.transport.https.port}/store</URL>
>>>
>>> <!-- Server URL of the API Store. -->
>>> <ServerURL>https://localhost:${mgt.transport.https.port}${ca
>>> rbon.context}services/</ServerURL>
>>> <!-- Admin username for API Store. -->
>>> <Username>${admin.username}</Username>
>>>
>>> <!-- Admin password for API Store. -->
>>> <Password>${admin.password}</Password>
>>> <!-- This parameter specifies whether to display multiple
>>> versions of same
>>> API or only showing the latest version of an API. -->
>>> <DisplayMultipleVersions>false</DisplayMultipleVersions>
>>> <!-- This parameter specifies whether to display all the APIs
>>> [which are having DEPRECATED/PUBLISHED status] or only
>>> display the APIs
>>> with having their status is as 'PUBLISHED' -->
>>> <DisplayAllAPIs>false</DisplayAllAPIs>
>>> <!-- Uncomment this to limit the number of APIs in api the API
>>> Store -->
>>> <!--APIsPerPage>5</APIsPerPage-->
>>>
>>> <!-- This parameter specifies whether to display the comment
>>> editing facility or not.
>>> Default is "true". If user wants to disable, he must set
>>> this param as "false" -->
>>> <DisplayComments>true</DisplayComments>
>>>
>>> <!-- This parameter specifies whether to display the ratings or
>>> not.
>>> Default is "true". If user wants to disable, he must set
>>> this param as "false" -->
>>> <DisplayRatings>true</DisplayRatings>
>>>
>>> <!--set isStoreForumEnabled to false for disable forum in
>>> store-->
>>> <!--isStoreForumEnabled>false</isStoreForumEnabled-->
>>> </APIStore>
>>>
>>> <APIPublisher>
>>> <DisplayURL>false</DisplayURL>
>>> <URL>https://localhost:${mgt.transport.https.port}/publisher
>>> </URL>
>>> <!-- This parameter specifies enabling the capability of setting
>>> API documentation level granular visibility levels.
>>> By default any document associate with an API will have the
>>> same permissions set as the API.With enabling below
>>> property,it will show two additional permission levels as
>>> visible only to all registered users in a particular
>>> domain or only visible to API doc creator -->
>>> <!--EnableAPIDocVisibilityLevels>true</EnableAPIDocVisibilit
>>> yLevels-->
>>> <!-- Uncomment this to limit the number of APIs in api the API
>>> Publisher -->
>>> <!--APIsPerPage>30</APIsPerPage-->
>>> </APIPublisher>
>>>
>>> <!-- Status observers can be registered against the API Publisher to
>>> listen for
>>> API status update events. Each observer must implement the
>>> APIStatusObserver
>>> interface. Multiple observers can be engaged if necessary and
>>> in such situations
>>> they will be notified in the order they are defined here.
>>> This configuration is unused from API Manager version 1.10.0 -->
>>> <!--StatusObservers>
>>> <Observer>org.wso2.carbon.apimgt.impl.observers.SimpleLoggin
>>> gObserver</Observer>
>>> </StatusObservers-->
>>>
>>> <!-- Use this configuration Create APIs at the Server startup -->
>>> <StartupAPIPublisher>
>>> <!-- Enable/Disable the API Startup Publisher -->
>>> <Enabled>false</Enabled>
>>>
>>> <!-- Configuration to create APIs for local endpoints.
>>> Endpoint will be computed as http://${carbon.local.ip}:${mg
>>> t.transport.http.port}/Context.
>>> Define many LocalAPI elements as below to create many APIs
>>> for local Endpoints.
>>> IconPath should be relative to CARBON_HOME. -->
>>> <LocalAPIs>
>>> <LocalAPI>
>>> <Context>/resource</Context>
>>> <Provider>admin</Provider>
>>> <Version>1.0.0</Version>
>>> <IconPath>none</IconPath>
>>> <DocumentURL>none</DocumentURL>
>>> <AuthType>Any</AuthType>
>>> </LocalAPI>
>>> </LocalAPIs>
>>>
>>> <!-- Configuration to create APIs for remote endpoints.
>>> When Endpoint need to be defined use this configuration.
>>> Define many API elements as below to create many APIs
>>> for external Endpoints.
>>> If you do not need to add Icon or Documentation set
>>> 'none' as the value for IconPath & DocumentURL. -->
>>> <!--APIs>
>>> <API>
>>> <Context>/resource</Context>
>>> <Endpoint>http://localhost:9764/resource</Endpoint>
>>> <Provider>admin</Provider>
>>> <Version>1.0.0</Version>
>>> <IconPath>none</IconPath>
>>> <DocumentURL>none</DocumentURL>
>>> <AuthType>Any</AuthType>
>>> </API>
>>> </APIs-->
>>> </StartupAPIPublisher>
>>>
>>> <!-- Configuration to enable/disable sending CORS headers in the
>>> Gateway response
>>> and define the Access-Control-Allow-Origin header value.-->
>>> <CORSConfiguration>
>>> <!-- Configuration to enable/disable sending CORS headers from
>>> the Gateway-->
>>> <Enabled>true</Enabled>
>>>
>>> <!-- The value of the Access-Control-Allow-Origin header.
>>> Default values are
>>> API Store addresses, which is needed for swagger to
>>> function. -->
>>> <Access-Control-Allow-Origin>*</Access-Control-Allow-Origin>
>>>
>>> <!-- Configure Access-Control-Allow-Methods -->
>>> <Access-Control-Allow-Methods>GET,PUT,POST,DELETE,PATCH,OPTI
>>> ONS</Access-Control-Allow-Methods>
>>>
>>> <!-- Configure Access-Control-Allow-Headers -->
>>> <Access-Control-Allow-Headers>authorization,Access-Control-A
>>> llow-Origin,Content-Type,SOAPAction</Access-Control-Allow-Headers>
>>>
>>> <!-- Configure Access-Control-Allow-Credentials -->
>>> <!-- Specifying this header to true means that the server allows
>>> cookies (or other user credentials) to be included on cross-origin requests.
>>> It is false by default and if you set it to true then make
>>> sure that the Access-Control-Allow-Origin header does not contain the
>>> wildcard (*) -->
>>> <Access-Control-Allow-Credentials>false</Access-Control-Allo
>>> w-Credentials>
>>> </CORSConfiguration>
>>>
>>> <!-- This property is there to configure velocity log output into
>>> existing Log4j carbon Logger.
>>> You can enable this and set preferable Logger name. -->
>>> <!-- VelocityLogger>VELOCITY</VelocityLogger -->
>>>
>>> <RESTAPI>
>>> <!--Configure white-listed URIs of REST API. Accessing
>>> white-listed URIs does not require credentials (does not require
>>> Authorization header). -->
>>> <WhiteListedURIs>
>>> <WhiteListedURI>
>>> <URI>/api/am/publisher/{version}/swagger.json</URI>
>>> <HTTPMethods>GET,HEAD</HTTPMethods>
>>> </WhiteListedURI>
>>> <WhiteListedURI>
>>> <URI>/api/am/store/{version}/swagger.json</URI>
>>> <HTTPMethods>GET,HEAD</HTTPMethods>
>>> </WhiteListedURI>
>>> <WhiteListedURI>
>>> <URI>/api/am/admin/{version}/swagger.json</URI>
>>> <HTTPMethods>GET,HEAD</HTTPMethods>
>>> </WhiteListedURI>
>>> <WhiteListedURI>
>>> <URI>/api/am/store/{version}/apis</URI>
>>> <HTTPMethods>GET,HEAD</HTTPMethods>
>>> </WhiteListedURI>
>>> <WhiteListedURI>
>>> <URI>/api/am/store/{version}/apis/{apiId}</URI>
>>> <HTTPMethods>GET,HEAD</HTTPMethods>
>>> </WhiteListedURI>
>>> <WhiteListedURI>
>>> <URI>/api/am/store/{version}/apis/{apiId}/swagger</URI>
>>> <HTTPMethods>GET,HEAD</HTTPMethods>
>>> </WhiteListedURI>
>>> <WhiteListedURI>
>>> <URI>/api/am/store/{version}/a
>>> pis/{apiId}/documents</URI>
>>> <HTTPMethods>GET,HEAD</HTTPMethods>
>>> </WhiteListedURI>
>>> <WhiteListedURI>
>>> <URI>/api/am/store/{version}/a
>>> pis/{apiId}/documents/{documentId}</URI>
>>> <HTTPMethods>GET,HEAD</HTTPMethods>
>>> </WhiteListedURI>
>>> <WhiteListedURI>
>>> <URI>/api/am/store/{version}/a
>>> pis/{apiId}/documents/{documentId}/content</URI>
>>> <HTTPMethods>GET,HEAD</HTTPMethods>
>>> </WhiteListedURI>
>>> <WhiteListedURI>
>>> <URI>/api/am/store/{version}/a
>>> pis/{apiId}/thumbnail</URI>
>>> <HTTPMethods>GET,HEAD</HTTPMethods>
>>> </WhiteListedURI>
>>> <WhiteListedURI>
>>> <URI>/api/am/store/{version}/tags</URI>
>>> <HTTPMethods>GET,HEAD</HTTPMethods>
>>> </WhiteListedURI>
>>> <WhiteListedURI>
>>> <URI>/api/am/store/{version}/tiers/{tierLevel}</URI>
>>> <HTTPMethods>GET,HEAD</HTTPMethods>
>>> </WhiteListedURI>
>>> <WhiteListedURI>
>>> <URI>/api/am/store/{version}/t
>>> iers/{tierLevel}/{tierName}</URI>
>>> <HTTPMethods>GET,HEAD</HTTPMethods>
>>> </WhiteListedURI>
>>> </WhiteListedURIs>
>>> <ETagSkipList>
>>> <ETagSkipURI>
>>> <URI>/api/am/store/{version}/apis</URI>
>>> <HTTPMethods>GET</HTTPMethods>
>>> </ETagSkipURI>
>>> <ETagSkipURI>
>>> <URI>/api/am/store/{version}/apis/generate-sdk</URI>
>>> <HTTPMethods>POST</HTTPMethods>
>>> </ETagSkipURI>
>>> <ETagSkipURI>
>>> <URI>/api/am/store/{version}/a
>>> pis/{apiId}/documents</URI>
>>> <HTTPMethods>GET</HTTPMethods>
>>> </ETagSkipURI>
>>> <ETagSkipURI>
>>> <URI>/api/am/store/{version}/applications</URI>
>>> <HTTPMethods>GET</HTTPMethods>
>>> </ETagSkipURI>
>>> <ETagSkipURI>
>>> <URI>/api/am/store/{version}/a
>>> pplications/generate-keys</URI>
>>> <HTTPMethods>POST</HTTPMethods>
>>> </ETagSkipURI>
>>> <ETagSkipURI>
>>> <URI>/api/am/store/{version}/subscriptions</URI>
>>> <HTTPMethods>GET,POST</HTTPMethods>
>>> </ETagSkipURI>
>>> <ETagSkipURI>
>>> <URI>/api/am/store/{version}/tags</URI>
>>> <HTTPMethods>GET</HTTPMethods>
>>> </ETagSkipURI>
>>> <ETagSkipURI>
>>> <URI>/api/am/store/{version}/tiers/{tierLevel}</URI>
>>> <HTTPMethods>GET</HTTPMethods>
>>> </ETagSkipURI>
>>> <ETagSkipURI>
>>> <URI>/api/am/store/{version}/t
>>> iers/{tierLevel}/{tierName}</URI>
>>> <HTTPMethods>GET</HTTPMethods>
>>> </ETagSkipURI>
>>> <ETagSkipURI>
>>> <URI>/api/am/publisher/{version}/apis</URI>
>>> <HTTPMethods>GET,POST</HTTPMethods>
>>> </ETagSkipURI>
>>> <ETagSkipURI>
>>> <URI>/api/am/publisher/{version}/apis/{apiId}</URI>
>>> <HTTPMethods>GET,DELETE,PUT</HTTPMethods>
>>> </ETagSkipURI>
>>> <ETagSkipURI>
>>> <URI>/api/am/publisher/{versio
>>> n}/apis/{apiId}/swagger</URI>
>>> <HTTPMethods>GET,PUT</HTTPMethods>
>>> </ETagSkipURI>
>>> <ETagSkipURI>
>>> <URI>/api/am/publisher/{versio
>>> n}/apis/{apiId}/thumbnail</URI>
>>> <HTTPMethods>GET,POST</HTTPMethods>
>>> </ETagSkipURI>
>>> <ETagSkipURI>
>>> <URI>/api/am/publisher/{versio
>>> n}/apis/{apiId}/change-lifecycle</URI>
>>> <HTTPMethods>POST</HTTPMethods>
>>> </ETagSkipURI>
>>> <ETagSkipURI>
>>> <URI>/api/am/publisher/{versio
>>> n}/apis/{apiId}/copy-api</URI>
>>> <HTTPMethods>POST</HTTPMethods>
>>> </ETagSkipURI>
>>> <ETagSkipURI>
>>> <URI>/api/am/publisher/{versio
>>> n}/applications/{applicationId}</URI>
>>> <HTTPMethods>GET</HTTPMethods>
>>> </ETagSkipURI>
>>> <ETagSkipURI>
>>> <URI>/api/am/publisher/{versio
>>> n}/apis/{apiId}/documents</URI>
>>> <HTTPMethods>GET,POST</HTTPMethods>
>>> </ETagSkipURI>
>>> <ETagSkipURI>
>>> <URI>/api/am/publisher/{versio
>>> n}/apis/{apiId}/documents/{documentId}/content</URI>
>>> <HTTPMethods>GET,POST</HTTPMethods>
>>> </ETagSkipURI>
>>> <ETagSkipURI>
>>> <URI>/api/am/publisher/{versio
>>> n}/apis/{apiId}/documents/{documentId}</URI>
>>> <HTTPMethods>GET,PUT,DELETE</HTTPMethods>
>>> </ETagSkipURI>
>>> <ETagSkipURI>
>>> <URI>/api/am/publisher/{version}/environments</URI>
>>> <HTTPMethods>GET</HTTPMethods>
>>> </ETagSkipURI>
>>> <ETagSkipURI>
>>> <URI>/api/am/publisher/{version}/subscriptions</URI>
>>> <HTTPMethods>GET</HTTPMethods>
>>> </ETagSkipURI>
>>> <ETagSkipURI>
>>> <URI>/api/am/publisher/{versio
>>> n}/subscriptions/block-subscription</URI>
>>> <HTTPMethods>POST</HTTPMethods>
>>> </ETagSkipURI>
>>> <ETagSkipURI>
>>> <URI>/api/am/publisher/{versio
>>> n}/subscriptions/{subscriptionId}</URI>
>>> <HTTPMethods>GET</HTTPMethods>
>>> </ETagSkipURI>
>>> <ETagSkipURI>
>>> <URI>/api/am/publisher/{versio
>>> n}/subscriptions/unblock-subscription</URI>
>>> <HTTPMethods>POST</HTTPMethods>
>>> </ETagSkipURI>
>>> <ETagSkipURI>
>>> <URI>/api/am/publisher/{version}/tiers/{tierLevel}</URI>
>>> <HTTPMethods>GET,POST</HTTPMethods>
>>> </ETagSkipURI>
>>> <ETagSkipURI>
>>> <URI>/api/am/publisher/{versio
>>> n}/tiers/{tierLevel}/{tierName}</URI>
>>> <HTTPMethods>GET,PUT,DELETE</HTTPMethods>
>>> </ETagSkipURI>
>>> <ETagSkipURI>
>>> <URI>/api/am/publisher/{versio
>>> n}/tiers/update-permission</URI>
>>> <HTTPMethods>POST</HTTPMethods>
>>> </ETagSkipURI>
>>> </ETagSkipList>
>>> </RESTAPI>
>>> <ThrottlingConfigurations>
>>> <EnableAdvanceThrottling>true</EnableAdvanceThrottling>
>>> <DataPublisher>
>>> <Enabled>true</Enabled>
>>> <Type>Binary</Type>
>>> <ReceiverUrlGroup>tcp://${carbon.local.ip}:${receiver.url.po
>>> rt}</ReceiverUrlGroup>
>>> <AuthUrlGroup>ssl://${carbon.local.ip}:${auth.url.port}</Aut
>>> hUrlGroup>
>>> <Username>${admin.username}</Username>
>>> <Password>${admin.password}</Password>
>>> <DataPublisherPool>
>>> <MaxIdle>1000</MaxIdle>
>>> <InitIdleCapacity>200</InitIdleCapacity>
>>> </DataPublisherPool>
>>> <DataPublisherThreadPool>
>>> <CorePoolSize>200</CorePoolSize>
>>> <MaxmimumPoolSize>1000</MaxmimumPoolSize>
>>> <KeepAliveTime>200</KeepAliveTime>
>>> </DataPublisherThreadPool>
>>> </DataPublisher>
>>> <PolicyDeployer>
>>> <ServiceURL>https://localhost:${mgt.transport.https.port}${c
>>> arbon.context}services/</ServiceURL>
>>> <Username>${admin.username}</Username>
>>> <Password>${admin.password}</Password>
>>> </PolicyDeployer>
>>> <BlockCondition>
>>> <Enabled>true</Enabled>
>>> <!--InitDelay>300000</InitDelay>
>>> <Period>3600000</Period-->
>>> </BlockCondition>
>>> <JMSConnectionDetails>
>>> <Enabled>true</Enabled>
>>> <ServiceURL>tcp://${carbon.local.ip}:${jms.port}</ServiceURL
>>> >
>>> <Username>${admin.username}</Username>
>>> <Password>${admin.password}</Password>
>>> <Destination>throttleData</Destination>
>>> <!--InitDelay>300000</InitDelay-->
>>> <JMSConnectionParameters>
>>> <transport.jms.ConnectionFacto
>>> ryJNDIName>TopicConnectionFactory</transport.jms.ConnectionF
>>> actoryJNDIName>
>>> <transport.jms.DestinationType
>>> >topic</transport.jms.DestinationType>
>>> <java.naming.factory.initial>o
>>> rg.wso2.andes.jndi.PropertiesFileInitialContextFactory</java
>>> .naming.factory.initial>
>>> <connectionfactory.TopicConnec
>>> tionFactory>amqp://${jms.username}:${jms.password}@clientid/
>>> carbon?brokerlist='${jms.url}'</connectionfactory.TopicConne
>>> ctionFactory>
>>> </JMSConnectionParameters>
>>> <JMSTaskManager>
>>> <MinThreadPoolSize>20</MinThreadPoolSize>
>>> <MaxThreadPoolSize>100</MaxThreadPoolSize>
>>> <KeepAliveTimeInMillis>1000</KeepAliveTimeInMillis>
>>> <JobQueueSize>10</JobQueueSize>
>>> </JMSTaskManager>
>>> </JMSConnectionDetails>
>>> <JMSEventPublisherParameters>
>>> <java.naming.factory.initial>o
>>> rg.wso2.andes.jndi.PropertiesFileInitialContextFactory</java
>>> .naming.factory.initial>
>>> <java.naming.provider.url>repo
>>> sitory/conf/jndi.properties</java.naming.provider.url>
>>> <transport.jms.DestinationType
>>> >topic</transport.jms.DestinationType>
>>> <transport.jms.Destination>thr
>>> ottleData</transport.jms.Destination>
>>> <transport.jms.ConcurrentPubli
>>> shers>allow</transport.jms.ConcurrentPublishers>
>>> <transport.jms.ConnectionFacto
>>> ryJNDIName>TopicConnectionFactory</transport.jms.ConnectionF
>>> actoryJNDIName>
>>> </JMSEventPublisherParameters>
>>> <!--DefaultLimits>
>>> <SubscriptionTierLimits>
>>> <Gold>5000</Gold>
>>> <Silver>2000</Silver>
>>> <Bronze>1000</Bronze>
>>> <Unauthenticated>60</Unauthenticated>
>>> </SubscriptionTierLimits>
>>> <ApplicationTierLimits>
>>> <50PerMin>50</50PerMin>
>>> <20PerMin>20</20PerMin>
>>> <10PerMin>10</10PerMin>
>>> </ApplicationTierLimits>
>>> <ResourceLevelTierLimits>
>>> <50KPerMin>50000</50KPerMin>
>>> <20KPerMin>20000</20KPerMin>
>>> <10KPerMin>10000</10KPerMin>
>>> </ResourceLevelTierLimits>
>>> </DefaultLimits-->
>>> <EnableUnlimitedTier>true</EnableUnlimitedTier>
>>> <EnableHeaderConditions>false</EnableHeaderConditions>
>>> <EnableJWTClaimConditions>false</EnableJWTClaimConditions>
>>> <EnableQueryParamConditions>false</EnableQueryParamConditions>
>>> </ThrottlingConfigurations>
>>>
>>> <WorkflowConfigurations>
>>> <Enabled>false</Enabled>
>>> <ServerUrl>https://localhost:9445/bpmn</ServerUrl>
>>> <ServerUser>${admin.username}</ServerUser>
>>> <ServerPassword>${admin.password}</ServerPassword>
>>> <WorkflowCallbackAPI>https://localhost:${mgt.transport.https
>>> .port}/api/am/publisher/v0.11/workflows/update-workflow-stat
>>> us</WorkflowCallbackAPI>
>>> <TokenEndPoint>https://localhost:${https.nio.port}/token</To
>>> kenEndPoint>
>>> <DCREndPoint>https://localhost:${mgt.transport.https.port}/c
>>> lient-registration/v0.11/register</DCREndPoint>
>>> <DCREndPointUser>${admin.username}</DCREndPointUser>
>>> <DCREndPointPassword>${admin.password}</DCREndPointPassword>
>>> </WorkflowConfigurations>
>>>
>>> <SwaggerCodegen>
>>> <ClientGeneration>
>>> <GroupId>org.wso2</GroupId>
>>> <ArtifactId>org.wso2.client.</ArtifactId>
>>> <ModelPackage>org.wso2.client.model.</ModelPackage>
>>> <ApiPackage>org.wso2.client.api.</ApiPackage>
>>> <!-- Configure supported languages/Frameworks as comma
>>> separated values,
>>> Supported Languages/Frameworks : android, java, scala,
>>> csharp, cpp, dart, flash, go, groovy, javascript, jmeter,
>>> nodejs, perl, php, python, ruby, swift, clojure, aspNet5,
>>> asyncScala, spring, csharpDotNet2, haskell-->
>>> <SupportedLanguages>java,android</SupportedLanguages>
>>> </ClientGeneration>
>>> </SwaggerCodegen>
>>>
>>> </APIManager>
>>>
>>> Do you need my IS one, too?
>>>
>>> Regards,
>>>
>>> Thomas
>>>
>>> 2017-06-15 22:16 GMT+02:00 Farasath Ahamed <farasa...@wso2.com>:
>>>
>>>> Would be better if you could share the api-manager.xml configuration
>>>> file to see if there are any errors in configs.
>>>>
>>>>
>>>>
>>>>
>>>> Farasath Ahamed
>>>> Software Engineer, WSO2 Inc.; http://wso2.com
>>>> Mobile: +94777603866
>>>> Blog: blog.farazath.com
>>>> Twitter: @farazath619 <https://twitter.com/farazath619>
>>>> <http://wso2.com/signature>
>>>>
>>>>
>>>>
>>>> On Thu, Jun 15, 2017 at 8:40 PM, Thomas LEGRAND <
>>>> thomas.legr...@versusmind.eu> wrote:
>>>>
>>>>> Hello again,
>>>>>
>>>>> I followed the tutorial in [1] to configure my Identity Server (IS) as
>>>>> a key manager for my API Manager (AM). When I create my Production &
>>>>> Sandbox applications in the AM, I can see service providers created in the
>>>>> IS. I configures them to use SAML to retrieve informations like the roles,
>>>>> if the authentication is successfull. And I can "exchange" my SAML
>>>>> assertion for a OAuth token. So, everything is cool, here.
>>>>>
>>>>> But, when I try to reuse this OAuth token to access to a resource via
>>>>> the AM, it rejects me with this sweet message:
>>>>>
>>>>> <ams:fault xmlns:ams="http://wso2.org/apimanager/security";>
>>>>> <ams:code>900900</ams:code>
>>>>> <ams:message>Unclassified Authentication Failure</ams:message>
>>>>> <ams:description>Resource forbidden</ams:description>
>>>>> </ams:fault>
>>>>>
>>>>> But no errors in the logs but just a WARN. So, I activated the DEBUG
>>>>> mode and then, I can see some intersting things:
>>>>>
>>>>> [2017-06-15 16:44:52,954] WARN - APIAuthenticationHandler API
>>>>> authentication failure due to Unclassified Authentication Failure
>>>>> [2017-06-15 16:44:52,954] DEBUG - APIAuthenticationHandler API
>>>>> authentication failed with error 900900
>>>>> org.wso2.carbon.apimgt.gateway.handlers.security.APISecurityException:
>>>>> Resource forbidden
>>>>> at org.wso2.carbon.apimgt.gateway
>>>>> .handlers.security.keys.WSAPIKeyDataStore.getAPIKeyData(WSAP
>>>>> IKeyDataStore.java:51)
>>>>> at org.wso2.carbon.apimgt.gateway
>>>>> .handlers.security.APIKeyValidator.doGetKeyValidationInfo(AP
>>>>> IKeyValidator.java:253)
>>>>> at org.wso2.carbon.apimgt.gateway
>>>>> .handlers.security.APIKeyValidator.getKeyValidationInfo(APIK
>>>>> eyValidator.java:209)
>>>>> at org.wso2.carbon.apimgt.gateway
>>>>> .handlers.security.oauth.OAuthAuthenticator.authenticate(OAu
>>>>> thAuthenticator.java:196)
>>>>> at org.wso2.carbon.apimgt.gateway
>>>>> .handlers.security.APIAuthenticationHandler.handleRequest(AP
>>>>> IAuthenticationHandler.java:117)
>>>>> at org.apache.synapse.rest.API.process(API.java:325)
>>>>> at org.apache.synapse.rest.RESTRe
>>>>> questHandler.dispatchToAPI(RESTRequestHandler.java:90)
>>>>> at org.apache.synapse.rest.RESTRe
>>>>> questHandler.process(RESTRequestHandler.java:69)
>>>>> at org.apache.synapse.core.axis2.
>>>>> Axis2SynapseEnvironment.injectMessage(Axis2SynapseEnvironmen
>>>>> t.java:304)
>>>>> at org.apache.synapse.core.axis2.
>>>>> SynapseMessageReceiver.receive(SynapseMessageReceiver.java:78)
>>>>> at org.apache.axis2.engine.AxisEn
>>>>> gine.receive(AxisEngine.java:180)
>>>>> at org.apache.synapse.transport.p
>>>>> assthru.ServerWorker.processNonEntityEnclosingRESTHandler(Se
>>>>> rverWorker.java:325)
>>>>> at org.apache.synapse.transport.p
>>>>> assthru.ServerWorker.run(ServerWorker.java:158)
>>>>> at org.apache.axis2.transport.bas
>>>>> e.threads.NativeWorkerPool$1.run(NativeWorkerPool.java:172)
>>>>> at java.util.concurrent.ThreadPoo
>>>>> lExecutor.runWorker(ThreadPoolExecutor.java:1142)
>>>>> at java.util.concurrent.ThreadPoo
>>>>> lExecutor$Worker.run(ThreadPoolExecutor.java:617)
>>>>> at java.lang.Thread.run(Thread.java:745)
>>>>> Caused by: org.wso2.carbon.apimgt.gateway
>>>>> .handlers.security.APISecurityException: Error while accessing
>>>>> backend services for API key validation
>>>>> at org.wso2.carbon.apimgt.gateway
>>>>> .handlers.security.keys.APIKeyValidatorClient.getAPIKeyData(
>>>>> APIKeyValidatorClient.java:114)
>>>>> at org.wso2.carbon.apimgt.gateway
>>>>> .handlers.security.keys.WSAPIKeyDataStore.getAPIKeyData(WSAP
>>>>> IKeyDataStore.java:48)
>>>>> ... 16 more
>>>>> Caused by: org.apache.axis2.AxisFault: org.apache.axis2.AxisFault:
>>>>> Mapping qname not fond for the package: java.util
>>>>>
>>>>> From here, I don't know what to do since I tried some fancy URLs for
>>>>> the ServerURL value in the elements AuthManager and APIKeyValidator.
>>>>> My IS has an offset of 5 so the port is 9448. Here is the URL I used
>>>>> to point to the IS server: https://localhost:9448/services/
>>>>>
>>>>> Is there a way to know in which URL the IS deploy its Key Manager
>>>>> feature web services (WS)?
>>>>> Should I reinstall the Key Manager feature in the IS?
>>>>>
>>>>> Regards,
>>>>>
>>>>> Thomas
>>>>>
>>>>> [1] https://docs.wso2.com/display/AM210/Configuring+WSO2+Ide
>>>>> ntity+Server+as+a+Key+Manager
>>>>>
>>>>> _______________________________________________
>>>>> Dev mailing list
>>>>> Dev@wso2.org
>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>>>>
>>>>>
>>>>
>>>
>>> _______________________________________________
>>> Dev mailing list
>>> Dev@wso2.org
>>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>>
>>>
>>
>>
>> --
>> Rajith Roshan
>> Software Engineer, WSO2 Inc.
>> Mobile: +94-7 <%2B94-71-554-8430>17-064-214
>>
>
>
_______________________________________________
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev
