I have created a REST API service which is calling another REST API through a POST request. I am using the call , send mediators to call the third party service hosted on same machine.When I try to call the WSO2 REST API the service is unable to call the third party service. The service drops message with a timeout or see an Exceeption that cannot send the call through sendPostURL.
I have tried using both send and call mediators (blocking, non blocking ) but the request never completes.
The authentication on third party API is Basic ( username/password).
Not sure what I am doing incorrect.
Following is the API request
<?xml version="1.0" encoding="UTF-8"?>
<api context="/xyz" name="XYZPostAPI" statistics="enable" trace="enable" xmlns="http://ws.apache.org/ns/synapse">
<resource methods="POST GET">
<inSequence>
<log description="Input"/>
<Header> variables
<call blocking="true">
<endpoint key="XYZPost"/>
</call>
</inSequence>
<outSequence>
<log description="Response">
<property expression="json-eval($)" name="JSON-Payload"/>
</log>
<respond description="batchId"/>
</outSequence>
<faultSequence>
<log description="FaultDetails">
<property name="text" value="An unexpected error occurred"/>
<property expression="$ctx:ERROR_MESSAGE" name="message"/>
<property expression="$ctx:ERROR_CODE" name="code"/>
<property expression="$ctx:ERROR_DETAIL" name="detail"/>
<property expression="$ctx:ERROR_EXCEPTION" name="exception"/>
</log>
<respond description="fault"/>
</faultSequence>
</resource>
</api>
Error seen:
a.
[2020-04-06 10:05:00,712] INFO {org.apache.synapse.mediators.builtin.LogMediator} - To: /nuxeopost, MessageID: urn:uuid:e445d272-b9eb-4e89-84f1-428c622213b8, Direction: request
[2020-04-06 10:05:00,713] INFO {API_LOGGER.NuxeoPostAPI} - To: /nuxeopost, MessageID: urn:uuid:e445d272-b9eb-4e89-84f1-428c622213b8, Direction: request
[2020-04-06 10:05:00,714] INFO {TRACE_LOGGER} - Sending message through endpoint : NuxeoPost resolving to address = http://localhost:8080/nuxeo/api/v1/upload
[2020-04-06 10:05:00,714] INFO {TRACE_LOGGER} - SOAPAction: null
[2020-04-06 10:05:00,715] INFO {TRACE_LOGGER} - WSA-Action: null
[2020-04-06 10:05:03,735] INFO {org.apache.axis2.transport.http.HTTPSender} - Unable to sendViaPost to url[http://localhost:8080/nuxeo/api/v1/upload] org.apache.axis2.AxisFault: Transport error: 401 Error:
at org.apache.axis2.transport.http.HTTPSender.handleResponse(HTTPSender.java:371)
at org.apache.axis2.transport.http.HTTPSender.sendViaPost(HTTPSender.java:200)
at org.apache.axis2.transport.http.HTTPSender.send(HTTPSender.java:81)
at org.apache.axis2.transport.http.CommonsHTTPTransportSender.writeMessageWithCommons(CommonsHTTPTransportSender.java:459)
at org.apache.axis2.transport.http.CommonsHTTPTransportSender.invoke(CommonsHTTPTransportSender.java:286)
at org.apache.axis2.engine.AxisEngine.send(AxisEngine.java:442)
at org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:442)
at org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:228)
at org.apache.axis2.client.OperationClient.execute(OperationClient.java:149)
at org.apache.synapse.message.senders.blocking.BlockingMsgSender.sendReceive(BlockingMsgSender.java:492)
at org.apache.synapse.message.senders.blocking.BlockingMsgSender.send(BlockingMsgSender.java:384)
at org.apache.synapse.core.axis2.Axis2FlexibleMEPClient.send(Axis2FlexibleMEPClient.java:92)
at org.apache.synapse.core.axis2.Axis2Sender.sendOn(Axis2Sender.java:85)
at org.apache.synapse.core.axis2.Axis2SynapseEnvironment.send(Axis2SynapseEnvironment.java:569)
at org.apache.synapse.endpoints.AbstractEndpoint.send(AbstractEndpoint.java:408)
at org.apache.synapse.endpoints.HTTPEndpoint.send(HTTPEndpoint.java:96)
at org.apache.synapse.endpoints.IndirectEndpoint.send(IndirectEndpoint.java:56)
at org.apache.synapse.mediators.builtin.CallMediator.handleBlockingCall(CallMediator.java:165)
at org.apache.synapse.mediators.builtin.CallMediator.mediate(CallMediator.java:120)
at org.apache.synapse.mediators.AbstractListMediator.mediate(AbstractListMediator.java:109)
at org.apache.synapse.mediators.AbstractListMediator.mediate(AbstractListMediator.java:71)
at org.apache.synapse.mediators.base.SequenceMediator.mediate(SequenceMediator.java:158)
at org.apache.synapse.rest.Resource.process(Resource.java:331)
at org.apache.synapse.rest.API.process(API.java:440)
at org.apache.synapse.rest.RESTRequestHandler.apiProcess(RESTRequestHandler.java:135)
at org.apache.synapse.rest.RESTRequestHandler.dispatchToAPI(RESTRequestHandler.java:113)
at org.apache.synapse.rest.RESTRequestHandler.process(RESTRequestHandler.java:71)
at org.apache.synapse.core.axis2.Axis2SynapseEnvironment.injectMessage(Axis2SynapseEnvironment.java:325)
at org.apache.synapse.core.axis2.SynapseMessageReceiver.receive(SynapseMessageReceiver.java:98)
at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:180)
at org.apache.synapse.transport.passthru.ServerWorker.processNonEntityEnclosingRESTHandler(ServerWorker.java:367)
at org.apache.synapse.transport.passthru.ServerWorker.processEntityEnclosingRequest(ServerWorker.java:412)
at org.apache.synapse.transport.passthru.ServerWorker.run(ServerWorker.java:181)
at org.apache.axis2.transport.base.threads.NativeWorkerPool$1.run(NativeWorkerPool.java:172)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:748)
[2020-04-06 10:05:03,762] WARN {API_LOGGER.NuxeoPostAPI} - ERROR_CODE : 401 ERROR_MESSAGE : Transport error: 401 Error:
[2020-04-06 10:05:03,763] WARN {org.apache.synapse.endpoints.EndpointContext} - Endpoint : NuxeoPost with address http://localhost:8080/nuxeo/api/v1/upload will be marked SUSPENDED as it failed
[2020-04-06 10:05:03,764] WARN {org.apache.synapse.endpoints.EndpointContext} - Suspending endpoint : NuxeoPost with address http://localhost:8080/nuxeo/api/v1/upload - current suspend duration is : 30000ms - Next retry after : Mon Apr 06 10:05:33 IST 2020
[2020-04-06 10:05:03,764] INFO {API_LOGGER.NuxeoPostAPI} - FaultHandler executing impl: org.apache.synapse.mediators.MediatorFaultHandler
[2020-04-06 10:05:03,765] WARN {API_LOGGER.NuxeoPostAPI} - Executing fault sequence mediator : org.apache.synapse.mediators.base.SequenceMediator
b.
2020-04-06 09:48:02,801] INFO {org.apache.synapse.transport.passthru.core.PassThroughListeningIOReactorManager} - Pass-through EI_INTERNAL_HTTPS_INBOUND_ENDPOINT Listener started on 0.0.0.0:9164
[2020-04-06 09:49:04,842] INFO {org.apache.synapse.mediators.builtin.LogMediator} - To: /nuxeopost, MessageID: urn:uuid:01e07a5c-93b7-47b8-a8f6-b04f6da03649, Direction: request
[2020-04-06 09:49:04,842] INFO {API_LOGGER.NuxeoPostAPI} - To: /nuxeopost, MessageID: urn:uuid:01e07a5c-93b7-47b8-a8f6-b04f6da03649, Direction: request
[2020-04-06 09:49:04,844] INFO {TRACE_LOGGER} - Sending message through endpoint : NuxeoPostSample resolving to address = http://localhost:8080/nuxeo/api/v1/upload
[2020-04-06 09:49:04,844] INFO {TRACE_LOGGER} - SOAPAction: null
[2020-04-06 09:49:04,844] INFO {TRACE_LOGGER} - WSA-Action: null
[2020-04-06 09:49:04,853] INFO {org.apache.synapse.core.axis2.TimeoutHandler} - This engine will expire all callbacks after GLOBAL_TIMEOUT: 120 seconds, irrespective of the timeout action, after the specified or optional timeout
[2020-04-06 09:51:19,854] WARN {org.apache.synapse.core.axis2.TimeoutHandler} - Expiring message ID : urn:uuid:d6945cd0-6e98-4dfb-a837-5d764cd3cabd; dropping message after GLOBAL_TIMEOUT of : 120 seconds for Endpoint [NuxeoPostSample], URI : http://localhost:8080/nuxeo/api/v1/upload, Received through API : NuxeoPostAPI
[2020-04-06 09:52:04,850] INFO {org.apache.synapse.transport.passthru.SourceHandler} - Writer null when calling informWriterError
[2020-04-06 09:52:04,851] WARN {org.apache.synapse.transport.passthru.SourceHandler} - Connection time out after request is read: http-incoming-3 Socket Timeout : 180000 Remote Address : /127.0.0.1:56896
Related
I am enabling SSL in my mulesoft application.
I have added a keyStore in my application in http request connector.
Everything works fine. Deployed to cloudhub by skipping Munits and tested. Everything works fine. Munit are running fine in local machine.
But when I run MUnit tests in jenkins. It throws below error.
Caused by:
org.mule.runtime.api.lifecycle.InitialisationException:Unable to
initialise TLS configuration
Caused by:org.mule.runtime.api.lifecycle.CreateException: Failed to
load KeyStore:
/mnt/jenkins/workspace/mule-jobs/application-prc-nonprod/target/munitworkingdir-5223661232046316/container/apps/application-prc/server-keystore-nonprod.jks
Caused by: java.io.IOException: Invalid keystore format
I have enabled this TLS for mulesoft system API and I am mocking this request connector. Not sure why it wants this jks file from jenkins location as shown in the error.
Any lead would be really helpful.
Http connection configuration
<http:request-config name="Mule_AWS_Request_configuration" doc:name="HTTP Request configuration" doc:id="067166d7-313b-432a-b653-88617b728c5a" responseTimeout="${muleApi.aws.response.timeout}">
<http:request-connection protocol="HTTPS" host="${muleApi.aws.host} " connectionIdleTimeout="${muleApi.aws.idletTimeout}">
<reconnection >
<reconnect frequency="${muleApi.aws.retryFrequency}" count="${muleApi.aws.reconnectionAttempts}" />
</reconnection>
<tls:context>
<tls:trust-store insecure="true"/>
<tls:key-store type="jks" path="${tls.keyStore.path}" keyPassword="${secure::tls.keyStore.keyPassword}" password="${secure::tls.keyStore.password}" />
</tls:context>
</http:request-connection>
</http:request-config>
Http request
<http:request method="POST" doc:name="POST ZIP / aws system api call" doc:id="965033c6-4623-45cd-9326-920534684ace" config-ref="Mule_AWS_Request_configuration" path="${muleApi.aws.path}" responseTimeout="600000" requestStreamingMode="ALWAYS">
<non-repeatable-stream />
<http:headers><![CDATA[#[output application/java
---
{
"client_secret" : p('secure::muleApi.aws.client_secret'),
"Content-Type" : "application/zip",
"client_id" : p('secure::muleApi.aws.client_id')
}]]]></http:headers>
<http:query-params><![CDATA[#[output application/java
---
{
"bucketName" : p('muleApi.aws.params.bucketName'),
"key" : vars.key,
"extractZipContent": vars.extractZipContent default "true",
"extractContentType": vars.extractContentType default "csv"
}]]]></http:query-params>
<http:response-validator>
<http:success-status-code-validator values="200..499" />
</http:response-validator>
</http:request>
Location of keyStore.
path: src/main/resource/server-keystore-nonprod.jks
I am just mocking the request connector as shown below.
[![enter image description here][3]][3]
Mule Version is 4.4.0
MUnit version is 2.3.5
Providing the logs till i see this error below.
INFO 2022-12-07 09:27:52,417 [munit.01] org.mule.munit.runner.remote.api.server.RunnerServer: Waiting for client connection
INFO 2022-12-07 09:27:52,418 [munit.01] org.mule.munit.runner.remote.api.server.RunnerServer: Client connection received from localhost - true
WARN 2022-12-07 09:27:52,859 [munit.01] org.mule.runtime.config.internal.dsl.spring.ComponentConfigurationBuilder: Parameter ignore from extension munit has a defaultValue configured in the componentBuildingDefinition but not in the extensionModel.
INFO 2022-12-07 09:27:53,029 [munit.01] org.mule.runtime.api.message.AbstractMuleMessageBuilderFactory: Loaded MuleMessageBuilderFactory implementation 'org.mule.runtime.core.internal.message.DefaultMessageBuilderFactory' from classloader 'java.net.URLClassLoader#3bbf841e'
WARN 2022-12-07 09:27:53,056 [munit.01] org.mule.runtime.core.internal.security.tls.TlsProperties: File tls-default.conf not found, using default configuration.
INFO 2022-12-07 09:27:53,057 [munit.01] org.mule.runtime.api.tls.AbstractTlsContextFactoryBuilderFactory: Loaded TlsContextFactoryBuilderFactory implementation 'org.mule.runtime.module.tls.api.DefaultTlsContextFactoryBuilderFactory' from classloader 'java.net.URLClassLoader#3bbf841e'
WARN 2022-12-07 09:27:53,097 [munit.01] org.mule.runtime.module.tls.internal.DefaultTlsContextFactory: TLS context trust store set as insecure. No certificate validations will be performed, rendering connections vulnerable to attacks. Use at own risk.
INFO 2022-12-07 09:27:57,038 [munit.01] org.mule.runtime.core.privileged.lifecycle.AbstractLifecycleManager: Initialising Bean: org.mule.runtime.module.extension.internal.runtime.config.ConfigurationProviderToolingAdapter-HTTP-requestConfig-implicit
INFO 2022-12-07 09:27:57,054 [munit.01] org.mule.runtime.core.privileged.lifecycle.AbstractLifecycleManager: Starting Bean: org.mule.runtime.module.extension.internal.runtime.config.ConfigurationProviderToolingAdapter-HTTP-requestConfig-implicit
INFO 2022-12-07 09:27:58,454 [munit.01] org.mule.runtime.core.privileged.lifecycle.AbstractLifecycleManager: Initialising Bean: org.mule.runtime.module.extension.internal.runtime.config.DynamicConfigurationProvider-JSON_Logger_Config
INFO 2022-12-07 09:27:58,458 [munit.01] org.mule.runtime.core.privileged.lifecycle.AbstractLifecycleManager: Initialising Bean: org.mule.runtime.module.extension.internal.runtime.config.ConfigurationProviderToolingAdapter-Mule_AWS_Request_configuration
org.mule.runtime.api.exception.MuleRuntimeException: org.mule.runtime.api.lifecycle.InitialisationException: Unable to initialise TLS configuration
Caused by: org.mule.runtime.api.lifecycle.InitialisationException: Unable to initialise TLS configuration
Caused by: org.mule.runtime.api.lifecycle.CreateException: Failed to load KeyStore: /mnt/jenkins/workspace/mule-jobs-nonprod/biz-prc-marketing-bulk-api-nonprod/target/munitworkingdir-5223661232046316/container/apps/biz-prc-marketing-bulk-api/server-keystore-nonprod.jks
Caused by: java.io.IOException: Invalid keystore format
Components Involved: Spring Config-server, Spring AMQP (RabbitMQ), Spring Config-client
Goal: Use push notification to inform config-client to refresh config.
RabbitMQ instance: From docker hub, I pulled rabbitmq:3-management image and ran.
Config-client AMQP version pom.xml:
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-bus-amqp</artifactId>
<version>1.3.1.RELEASE</version>
</dependency>
Config-server pom.xml:
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-config-monitor</artifactId>
<version>1.3.1.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-stream-rabbit</artifactId>
<version>1.2.1.RELEASE</version>
</dependency>
Fault Tolerance Scenario:
- Bring down RabbitMQ service/cluster/instance.
- All config client looses connectivity. Queues are deleted since they were created as auto-delete.
- Bring back up RabbitMQ service.
Expectation: All config client should reconnect successfully.
Reality: This is not working. Please see below error.
2018-03-27 09:07:12.850 WARN 21251 --- [AO2Q06fYCALSA-6] o.s.a.r.listener.BlockingQueueConsumer : Failed to declare queue:springCloudBus.anonymous.FGZPCPqzTAO2Q06fYCALSA
2018-03-27 09:07:12.851 ERROR 21251 --- [AO2Q06fYCALSA-6] o.s.a.r.l.SimpleMessageListenerContainer : Consumer received fatal exception on startup
org.springframework.amqp.rabbit.listener.QueuesNotAvailableException: Cannot prepare queue for listener. Either the queue doesn't exist or the broker will not allow us to use it.
at org.springframework.amqp.rabbit.listener.BlockingQueueConsumer.start(BlockingQueueConsumer.java:548)
at org.springframework.amqp.rabbit.listener.SimpleMessageListenerContainer$AsyncMessageProcessingConsumer.run(SimpleMessageListenerContainer.java:1335)
at java.base/java.lang.Thread.run(Thread.java:844)
Caused by: org.springframework.amqp.rabbit.listener.BlockingQueueConsumer$DeclarationException: Failed to declare queue(s):[springCloudBus.anonymous.FGZPCPqzTAO2Q06fYCALSA]
at org.springframework.amqp.rabbit.listener.BlockingQueueConsumer.attemptPassiveDeclarations(BlockingQueueConsumer.java:621)
at org.springframework.amqp.rabbit.listener.BlockingQueueConsumer.start(BlockingQueueConsumer.java:520)
[common frames omitted]
Caused by: java.io.IOException: null
Caused by: com.rabbitmq.client.ShutdownSignalException: channel error; protocol method: #method(reply-code=404, reply-text=NOT_FOUND - no queue 'springCloudBus.anonymous.FGZPCPqzTAO2Q06fYCALSA' in vhost '/', class-id=50, method-id=10)
[common frames omitted]
Caused by: com.rabbitmq.client.ShutdownSignalException: channel error; protocol method: #method(reply-code=404, reply-text=NOT_FOUND - no queue 'springCloudBus.anonymous.FGZPCPqzTAO2Q06fYCALSA' in vhost '/', class-id=50, method-id=10)
at com.rabbitmq.client.impl.ChannelN.asyncShutdown(ChannelN.java:505)
[common frames omitted]
2018-03-27 09:07:12.852 ERROR 21251 --- [AO2Q06fYCALSA-6] o.s.a.r.l.SimpleMessageListenerContainer : Stopping container from aborted consumer
2018-03-27 09:07:12.853 INFO 21251 --- [AO2Q06fYCALSA-6] o.s.a.r.l.SimpleMessageListenerContainer : Waiting for workers to finish.
2018-03-27 09:07:12.853 INFO 21251 --- [AO2Q06fYCALSA-6] o.s.a.r.l.SimpleMessageListenerContainer : Successfully waited for workers to finish.
Description of error from my understanding
config client using the existing broker, listener tried to reconnect but queue is missing. Makes 3 retries by default. This is expected as we are going through a scenario when a Rabbit MQ service is down and restarted without persistent data. Issue is reconnection fails. I know from many articles that mentions we cannot redeclare queue without using admin. For that we create a XML config file that creates property beans declaring admin and other stuff.
What is the ask?
- Will it be ideal if all this is taken care as by default scenario.
** Also I still don't have the working solution. NEED HELP"
I just tested it with Boot 2.0 and Finchley.M9 (bus 2.0.0.M7) with no problems...
2018-03-27 13:25:06.125 INFO 36716 --- [ main] c.s.b.r.p.RabbitExchangeQueueProvisioner : declaring queue for inbound: springCloudBus.anonymous.tySvAS8BSpS7OtQ_VCeiVQ, bound to: springCloudBus
...
2018-03-27 13:26:38.220 ERROR 36716 --- [ 127.0.0.1:5672] o.s.a.r.c.CachingConnectionFactory : Channel shutdown: connection error; protocol method: #method(reply-code=320, reply-text=CONNECTION_FORCED - broker forced connection closure with reason 'shutdown', class-id=0, method-id=0)
2018-03-27 13:26:58.757 INFO 36716 --- [pS7OtQ_VCeiVQ-6] o.s.a.r.c.CachingConnectionFactory : Attempting to connect to: [localhost:5672]
2018-03-27 13:26:58.761 INFO 36716 --- [pS7OtQ_VCeiVQ-6] o.s.a.r.c.CachingConnectionFactory : Created new connection: rabbitConnectionFactory#52c8295b:5/SimpleConnection#74846ead [delegate=amqp://guest#127.0.0.1:5672/, localPort= 49746]
2018-03-27 13:26:58.762 INFO 36716 --- [pS7OtQ_VCeiVQ-6] o.s.amqp.rabbit.core.RabbitAdmin : Auto-declaring a non-durable, auto-delete, or exclusive Queue (springCloudBus.anonymous.tySvAS8BSpS7OtQ_VCeiVQ) durable:false, auto-delete:true, exclusive:true. It will be redeclared if the broker stops and is restarted while the connection factory is alive, but all messages will be lost.
The RabbitExchangeQueueProvisioner explicitly sets up a RabbitAdmin to re-declare the queue after the connection is re-established.
I'll try with older versions now...
EDIT
Same result with boot 1.5.10 and Edgware.SR3 (bus 1.3.3.RELEASE).
EDIT2
Same result with the 1.3.1 bus starter (brings in 1.2.1 stream rabbit). Works fine.
I am trying to connect opscenter to DSE cluster, I tried and verified the same configurations with in the other environments (DEV, STAGING) but while I am trying to do the same on Prod, I am getting these error on agent.log file
INFO [async-dispatch-64] 2017-12-14 18:29:24,728 Starting system.
INFO [async-dispatch-64] 2017-12-14 18:29:24,730 Starting
JMXComponent
WARN [async-dispatch-64] 2017-12-14 18:29:24,732 Exception while
processing JMX data: java.lang.SecurityException: Authentication
failed! Credentials required
ERROR [async-dispatch-64] 2017-12-14 18:29:24,732 Security failure
connecting to JMX: Authentication failed! Credentials required
INFO [async-dispatch-64] 2017-12-14 18:29:24,733 Starting
StompComponent
INFO [async-dispatch-64] 2017-12-14 18:29:24,733 SSL communication is
disabled
INFO [async-dispatch-64] 2017-12-14 18:29:24,733 Creating stomp
connection to x.y.z.x:61620
ERROR [async-dispatch-64] 2017-12-14 18:29:24,736 Dec 14, 2017
6:29:24 PM org.jgroups.client.StompConnection connect
INFO: Connected to x.y.z.x:1234
WARN [async-dispatch-64] 2017-12-14 18:29:29,738 Attempted to ping
opscenterd on stomp but did not receive a reply in time, will retry
again later.
ERROR [StompConnection receiver] 2017-12-14 18:29:29,740 Dec 14, 2017
6:29:29 PM org.jgroups.client.StompConnection run
SEVERE: JGRP000112: Connection closed unexpectedly:
java.net.SocketException: Socket closed
at java.net.SocketInputStream.socketRead0(Native Method)
at java.net.SocketInputStream.socketRead(SocketInputStream.java:116)
at java.net.SocketInputStream.read(SocketInputStream.java:171)
at java.net.SocketInputStream.read(SocketInputStream.java:141)
at java.net.SocketInputStream.read(SocketInputStream.java:224)
at java.io.FilterInputStream.read(FilterInputStream.java:83)
at org.jgroups.util.Util.readLine(Util.java:2825)
at org.jgroups.protocols.STOMP.readFrame(STOMP.java:240)
at org.jgroups.client.StompConnection.run(StompConnection.java:274)
at java.lang.Thread.run(Thread.java:745)
INFO [async-dispatch-64] 2017-12-14 18:29:29,742 Starting
JMXComponent
WARN [async-dispatch-64] 2017-12-14 18:29:29,744 Exception while
processing JMX data: java.lang.SecurityException: Authentication
failed! Credentials required
ERROR [async-dispatch-64] 2017-12-14 18:29:29,744 Security failure
connecting to JMX: Authentication failed! Credentials required
INFO [async-dispatch-64] 2017-12-14 18:29:29,744 Starting
JMXComponent
WARN [async-dispatch-64] 2017-12-14 18:29:29,746 Exception while
processing JMX data: java.lang.SecurityException: Authentication
failed! Credentials required
ERROR [async-dispatch-64] 2017-12-14 18:29:29,746 Security failure
connecting to JMX: Authentication failed! Credentials required
Also the opscenterd.log show no errors for the cluster.
The configuration that i used are below.
I have used address.yaml
stomp_interface: x.x.x.x
use_ssl: 0
metrics_enabled: 1
hosts: [x.x.x.x, x.x.x.x]
storage_keyspace: opscenter_abc
cluster_name.conf
[jmx]
port = 7199
password = abc
username = abc
[cassandra]
seed_hosts = x.x.x.x , x.x.x.x , x.x.x.x
api_port = 9160
cql_port = 9042
password = abc
username = fabe
[storage_cassandra]
seed_hosts = x.x.x.x, x.x.x.x
api_port = 9160
cql_port = 9042
keyspace = opscenter_abc
[cassandra_metrics]
5min_ttl = 2419200
[cluster_display_options]
display_name = badkfj
I have problems getting work "SAML2 Bearer Assertion profile for Oauth" within WSO2 API Manager(9445 port).
My Setup,
I created an application (app1) in API manager tenant domain (wso2.com) and generated keys.
When I log into IS as admin of wso2.com tenant domain I see a service provider is created for my application (app1).
I configured the SP of app1 and created the IDP as explained in documentation.
I could generate SAML assertion by SAML2AssertionCreator.
When I try to generate access token using the assertion generated with command I get "
{"error":"invalid_grant","error_description":"Provided Authorization Grant is invalid"}
SAML Assertion
<?xml version="1.0" encoding="UTF-8"?>
<saml:Assertion
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="alajckjphcbadkfhacmcfnnanohlnlpbhfomlmjm" IssueInstant="2017-06-13T08:05:36.500Z" Version="2.0">
<saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">TestSP</saml:Issuer>
<ds:Signature
xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="#alajckjphcbadkfhacmcfnnanohlnlpbhfomlmjm">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<ec:InclusiveNamespaces
xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="ds saml xs xsi"/>
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>ISNhVVsEbeRLN2MQdob0qs1QEXc=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
XrMqLJO6z8BERlmrysn9aV9m1GPte3hOUqxNUhr8eTMtho2zjYE5fJkbT+pf8oHxXUaozefs5G+o
N0tWQc9pqXxuYtk6Lk/EimMzF2xEgrtEzZqksVebJagz9UeOr1mfubZpSGcfdWMHSJdkOuAmsW0E
rqIc1RZDh+95aoh3VmE=
</ds:SignatureValue>
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>MIICNTCCAZ6gAwIBAgIES343gjANBgkqhkiG9w0BAQUFADBVMQswCQYDVQQGEwJVUzELMAkGA1UE
CAwCQ0ExFjAUBgNVBAcMDU1vdW50YWluIFZpZXcxDTALBgNVBAoMBFdTTzIxEjAQBgNVBAMMCWxv
Y2FsaG9zdDAeFw0xMDAyMTkwNzAyMjZaFw0zNTAyMTMwNzAyMjZaMFUxCzAJBgNVBAYTAlVTMQsw
CQYDVQQIDAJDQTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzENMAsGA1UECgwEV1NPMjESMBAGA1UE
AwwJbG9jYWxob3N0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCUp/oV1vWc8/TkQSiAvTou
sMzOM4asB2iltr2QKozni5aVFu818MpOLZIr8LMnTzWllJvvaA5RAAdpbECb+48FjbBe0hseUdN5
HpwvnH/DW8ZccGvk53I6Orq7hLCv1ZHtuOCokghz/ATrhyPq+QktMfXnRS4HrKGJTzxaCcU7OQID
AQABoxIwEDAOBgNVHQ8BAf8EBAMCBPAwDQYJKoZIhvcNAQEFBQADgYEAW5wPR7cr1LAdq+IrR44i
QlRG5ITCZXY9hI0PygLP2rHANh+PYfTmxbuOnykNGyhM6FjFLbW2uZHQTY1jMrPprjOrmyK5sjJR
O4d1DeGHT/YnIjs9JogRKv4XHECwLtIVdAbIdWHEtVZJyMSktcyysFcvuhPQK8Qc/E/Wq8uHSCo=</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</ds:Signature>
<saml:Subject>
<saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">admin</saml:NameID>
<saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
<saml:SubjectConfirmationData InResponseTo="0" NotOnOrAfter="2017-06-13T08:10:36.500Z" Recipient="https://localhost:9445/oauth2/token"/>
</saml:SubjectConfirmation>
</saml:Subject>
<saml:Conditions NotBefore="2017-06-13T08:05:36.500Z" NotOnOrAfter="2017-06-13T08:10:36.500Z">
<saml:AudienceRestriction>
<saml:Audience>https://localhost:9445/oauth2/token</saml:Audience>
</saml:AudienceRestriction>
</saml:Conditions>
<saml:AuthnStatement AuthnInstant="2017-06-13T08:05:36.601Z">
<saml:AuthnContext>
<saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</saml:AuthnContextClassRef>
</saml:AuthnContext>
</saml:AuthnStatement>
<saml:AttributeStatement>
<saml:Attribute Name="C">
<saml:AttributeValue
xmlns:xs="http://www.w3.org/2001/XMLSchema"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">:
</saml:AttributeValue>
</saml:Attribute>
</saml:AttributeStatement>
</saml:Assertion>
Command java -jar SAML2AssertionCreator.jar TestSP admin https://localhost:9445/oauth2/token https://localhost:9445/oauth2/token .../wso2/wso2is-5.1.0/repository/resources/security/resources/security/wso2carbon.jks wso2carbon wso2carbon wso2carbon
Token CMD-
curl -k -d "grant_type=urn:ietf:params:oauth:grant-type:saml2-bearer&assertion=<Assertion_provided_by_client>&scope=PRODUCTION" -H "Authorization: Basic <Base64 encoded consumer key:consumer secret>" -H "Content-Type:application/x-www-form-urlencoded" https://<IP of the APIM server>:9445/oauth2/token
Logs
[2017-06-13 12:56:17,036] DEBUG - OAuth2Service Access Token request received for Client ID 0rD1Hf7ZT5ZMz5ZJkMDpCZSBOHka, User ID null, Scope : [PRODUCTION] and Grant Type : urn:ietf:params:oauth:grant-type:saml2-bearer
[2017-06-13 12:56:17,036] DEBUG - AbstractClientAuthHandler Can authenticate with client ID and Secret. Client ID: 0rD1Hf7ZT5ZMz5ZJkMDpCZSBOHka
[2017-06-13 12:56:17,039] DEBUG - AbstractClientAuthHandler Grant type : urn:ietf:params:oauth:grant-type:saml2-bearer Strict client validation set to : null
[2017-06-13 12:56:17,043] DEBUG - OAuth2Util Client credentials were available in the cache for client id : 0rD1Hf7ZT5ZMz5ZJkMDpCZSBOHka
[2017-06-13 12:56:17,045] DEBUG - OAuth2Util Successfully authenticated the client with client id : 0rD1Hf7ZT5ZMz5ZJkMDpCZSBOHka
[2017-06-13 12:56:17,055] DEBUG - SAML2BearerGrantHandler SAML Assertion Audience Restriction validation failed against the Audience : https://192.168.0.4:9445/oauth2/token of Identity Provider : IS in tenant : carbon.super
[2017-06-13 12:56:17,055] DEBUG - AccessTokenIssuer Invalid Grant provided by the client Id: 0rD1Hf7ZT5ZMz5ZJkMDpCZSBOHka
[2017-06-13 12:56:17,060] DEBUG - AccessTokenIssuer OAuth-Error-Code=invalid_grant client-id=0rD1Hf7ZT5ZMz5ZJkMDpCZSBOHka grant-type=urn:ietf:params:oauth:grant-type:saml2-bearer scope=PRODUCTION
I have done everything as in the tutorials of official cas.
When redirecting from google's page to my cas application I am getting the following exception.
2014-08-06 11:26:01,286 INFO [org.jasig.cas.authentication.PolicyBasedAuthenticationManager] - <ClientAuthenticationHandler failed authenticating org.jasig.cas.support.pac4j.authentication.principal.ClientCredential#bad528>
2014-08-06 11:26:01,358 INFO [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN
=============================================================
WHO: audit:unknown
WHAT: supplied credentials: [org.jasig.cas.support.pac4j.authentication.principal.ClientCredential#bad528]
ACTION: AUTHENTICATION_FAILED
APPLICATION: CAS
WHEN: Wed Aug 06 11:26:01 NPT 2014
CLIENT IP ADDRESS: 10.0.2.2
SERVER IP ADDRESS: 10.0.2.15
=============================================================
>
2014-08-06 11:26:01,414 INFO [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN
=============================================================
WHO: audit:unknown
WHAT: 1 errors, 0 successes
ACTION: TICKET_GRANTING_TICKET_NOT_CREATED
APPLICATION: CAS
WHEN: Wed Aug 06 11:26:01 NPT 2014
CLIENT IP ADDRESS: 10.0.2.2
SERVER IP ADDRESS: 10.0.2.15
=============================================================
>
2014-08-06 11:26:01.487:WARN:oejs.ServletHandler:
org.springframework.web.util.NestedServletException: Request processing failed; nested exception is org.springframework.webflow.execution.ActionExecutionException: Exception thrown executing org.jasig.cas.support.pac4j.web.flow.ClientAction#e5c8 in state 'clientAction' of flow 'login' -- action execution attributes were 'map[[empty]]'
at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:948)
at org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:827)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:735)
at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:812)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:848)
at org.jasig.cas.web.init.SafeDispatcherServlet.service(SafeDispatcherServlet.java:125)
at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:684)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1496)
at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:88)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:343)
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:260)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1484)
at com.github.inspektr.common.web.ClientInfoThreadLocalFilter.doFilter(ClientInfoThreadLocalFilter.java:63)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1476)
at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:501)
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:137)
at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:557)
at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:231)
at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1086)
at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:429)
at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:193)
at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1020)
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:135)
at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:255)
at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:154)
at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:116)
at org.eclipse.jetty.server.Server.handle(Server.java:370)
at org.eclipse.jetty.server.AbstractHttpConnection.handleRequest(AbstractHttpConnection.java:494)
at org.eclipse.jetty.server.AbstractHttpConnection.headerComplete(AbstractHttpConnection.java:971)
at org.eclipse.jetty.server.AbstractHttpConnection$RequestHandler.headerComplete(AbstractHttpConnection.java:1033)
at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:644)
at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:235)
at org.eclipse.jetty.server.AsyncHttpConnection.handle(AsyncHttpConnection.java:82)
at org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:696)
at org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:53)
at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:608)
at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:543)
at java.lang.Thread.run(Thread.java:745)
Caused by:
org.springframework.webflow.execution.ActionExecutionException: Exception thrown executing org.jasig.cas.support.pac4j.web.flow.ClientAction#e5c8 in state 'clientAction' of flow 'login' -- action execution attributes were 'map[[empty]]'
at org.springframework.webflow.execution.ActionExecutor.execute(ActionExecutor.java:60)
at org.springframework.webflow.action.EvaluateAction.doExecute(EvaluateAction.java:77)
at org.springframework.webflow.action.AbstractAction.execute(AbstractAction.java:188)
at org.springframework.webflow.execution.AnnotatedAction.execute(AnnotatedAction.java:145)
at org.springframework.webflow.execution.ActionExecutor.execute(ActionExecutor.java:51)
at org.springframework.webflow.engine.ActionState.doEnter(ActionState.java:101)
at org.springframework.webflow.engine.State.enter(State.java:194)
at org.springframework.webflow.engine.Flow.start(Flow.java:535)
at org.springframework.webflow.engine.impl.FlowExecutionImpl.start(FlowExecutionImpl.java:366)
at org.springframework.webflow.engine.impl.FlowExecutionImpl.start(FlowExecutionImpl.java:222)
at org.springframework.webflow.executor.FlowExecutorImpl.launchExecution(FlowExecutorImpl.java:140)
at org.springframework.webflow.mvc.servlet.FlowHandlerAdapter.handle(FlowHandlerAdapter.java:193)
at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:925)
at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:856)
at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:936)
at org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:827)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:735)
at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:812)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:848)
at org.jasig.cas.web.init.SafeDispatcherServlet.service(SafeDispatcherServlet.java:125)
at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:684)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1496)
at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:88)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:343)
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:260)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1484)
When I open the Cas login page again and hit the "login with google" button again, It shows that the login is successful. But It always fails the first time.
Could someone help me out what I am missing.
After trying different thing, I tried changing the scope of the client.
Previously I was using scope to be EMAIL and it was failing. When I used EMAIL_AND_PROFILE, it worked correctly.
<bean id="google1" class="org.pac4j.oauth.client.Google2Client">
<property name="key" value="<key>" />
<property name="secret" value="<secret_value>" />
<property name="scope" value="EMAIL_AND_PROFILE" />
</bean>