wso2 am 2.0 ApiKeyValidator身份验证错误
我们最近将功能齐全的WSO2 AM 1.10升级为2.0。安装过程中没有出现错误,并且似乎已经完成。我们可以很好地使用出版商。但是,当我们转到商店,转到列出用户所有应用程序的选项卡时,它失败了,页面为空。日志显示:wso2 am 2.0 ApiKeyValidator身份验证错误,wso2,wso2-am,wso2carbon,Wso2,Wso2 Am,Wso2carbon,我们最近将功能齐全的WSO2 AM 1.10升级为2.0。安装过程中没有出现错误,并且似乎已经完成。我们可以很好地使用出版商。但是,当我们转到商店,转到列出用户所有应用程序的选项卡时,它失败了,页面为空。日志显示: WARN - CarbonAuthenticationUtil Failed Administrator login attempt 'MyUser[-1234]' at [2017-01-10 09:47:09,380-0500] WARN - Authenticati
WARN - CarbonAuthenticationUtil Failed Administrator login attempt 'MyUser[-1234]' at [2017-01-10 09:47:09,380-0500]
WARN - AuthenticationHandler Illegal access attempt at [2017-01-10 09:47:09,0380] from IP address IP-ADDRESS while trying to authenticate access to service APIKeyMgtSubscriberService
ERROR - AMDefaultKeyManagerImpl Can not retrieve OAuth application for the given consumer key : BigLongStringOfStuff org.apache.axis2.AxisFault: Access Denied. Authentication failed - Invalid credentials provided.
at org.apache.axis2.util.Utils.getInboundFaultFromMessageContext(Utils.java:531)
at org.apache.axis2.description.OutInAxisOperationClient.handleResponse(OutInAxisOperation.java:370)
at org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:445)
at org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:225)
at org.apache.axis2.client.OperationClient.execute(OperationClient.java:149)
at org.wso2.carbon.apimgt.keymgt.stub.subscriber.APIKeyMgtSubscriberServiceStub.retrieveOAuthApplication(APIKeyMgtSubscriberServiceStub.java:1683)
at org.wso2.carbon.apimgt.keymgt.client.SubscriberKeyMgtClient.getOAuthApplication(SubscriberKeyMgtClient.java:89)
at org.wso2.carbon.apimgt.impl.AMDefaultKeyManagerImpl.retrieveApplication(AMDefaultKeyManagerImpl.java:234)
at org.wso2.carbon.apimgt.impl.dao.ApiMgtDAO.getClientOfApplication(ApiMgtDAO.java:2389)
at org.wso2.carbon.apimgt.impl.dao.ApiMgtDAO.getOAuthApplications(ApiMgtDAO.java:2353)
at org.wso2.carbon.apimgt.impl.dao.ApiMgtDAO.getApplications(ApiMgtDAO.java:4649)
at org.wso2.carbon.apimgt.impl.APIConsumerImpl.getApplications(APIConsumerImpl.java:3136)
at org.wso2.carbon.apimgt.impl.UserAwareAPIConsumer.getApplications(UserAwareAPIConsumer.java:36)
at org.wso2.carbon.apimgt.hostobjects.APIStoreHostObject.jsFunction_getApplications(APIStoreHostObject.java:3225)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
我们使用的是只读LDAP存储,配置如下:
<UserManager>
<Realm>
<Configuration>
<AddAdmin>False</AddAdmin>
<AdminRole>AdminGroup</AdminRole>
<AdminUser>
<UserName>MyUser</UserName>
<Password>MyPW</Password>
</AdminUser>
<EveryOneRoleName>everyone</EveryOneRoleName> <!-- By default users in this role sees the registry root -->
<Property name="dataSource">jdbc/WSO2CarbonDB</Property>
</Configuration>
<UserStoreManager class="org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager">
<Property name="TenantManager">org.wso2.carbon.user.core.tenant.CommonHybridLDAPTenantManager</Property>
<Property name="ReadOnly">true</Property>
<Property name="Disabled">false</Property>
<Property name="MaxUserNameListLength">100</Property>
<Property name="ConnectionURL">ldap://MyServer:389</Property>
<Property name="ConnectionName">CN=MyUser,OU=1,OU=2,DC=a,DC=b,DC=c</Property>
<Property name="ConnectionPassword">MyPW</Property>
<Property name="UserSearchBase">DC=a,DC=b,DC=c</Property>
<Property name="UserNameListFilter">(objectClass=user)(|(memberOf=CN=MyGroup-Subscriber,OU=1,OU=2,DC=a,DC=b,DC=c)(sAMAccountName=MyUser))</Property>
<Property name="UserNameSearchFilter">(|(&(objectClass=person)(sAMAccountName=?)(memberOf=CN=MyGroup-Subscriber,OU=1,OU=2,DC=a,DC=b,DC=c))(sAMAccountName=MyUser))</Property>
<Property name="UserNameAttribute">sAMAccountName</Property>
<Property name="DisplayNameAttribute">displayName</Property>
<Property name="ReadGroups">true</Property>
<Property name="GroupSearchBase">OU=Groups,OU=1,OU=2,DC=a,DC=b,DC=c</Property>
<Property name="GroupNameListFilter">(&(objectClass=group)(cn=MyGroup*))</Property>
<Property name="GroupNameSearchFilter">(&(objectClass=group)(cn=MyGroup?))</Property>
<Property name="GroupNameAttribute">cn</Property>
<Property name="MembershipAttribute">member</Property>
<Property name="MemberOfAttribute">memberOf</Property>
<Property name="MultipleAttributeSeparator">,</Property>
<Property name="PasswordHashMethod">PLAIN_TEXT</Property>
<Property name="UserRolesCacheEnabled">true</Property>
<Property name="ReplaceEscapeCharactersAtUserLogin">true</Property>
<Property name="MaxRoleNameListLength">100</Property>
<Property name="MaxUserNameListLength">100</Property>
<Property name="SCIMEnabled">false</Property>
</UserStoreManager>
<AuthorizationManager
class="org.wso2.carbon.user.core.authorization.JDBCAuthorizationManager">
<Property name="AdminRoleManagementPermissions">/permission</Property>
<Property name="AuthorizationCacheEnabled">true</Property>
</AuthorizationManager>
</Realm>
</UserManager>
假的
管理组
我的用户
MyPW
每个人
jdbc/WSO2CarbonDB
org.wso2.carbon.user.core.tenant.CommonHybridlDaptentManager
真的
假的
100
ldap://MyServer:389
CN=MyUser,OU=1,OU=2,DC=a,DC=b,DC=c
MyPW
DC=a,DC=b,DC=c
(objectClass=user)(|(memberOf=CN=MyGroup订户,OU=1,OU=2,DC=a,DC=b,DC=c)(sAMAccountName=MyUser))
(|)(&;(objectClass=person)(sAMAccountName=?)(memberOf=CN=MyGroup订户,OU=1,OU=2,DC=a,DC=b,DC=c))(sAMAccountName=MyUser))
sAMAccountName
显示名称
真的
OU=组,OU=1,OU=2,DC=a,DC=b,DC=c
(&;(objectClass=group)(cn=MyGroup*))
(&;(objectClass=group)(cn=MyGroup?)
cn
成员
成员
,
纯文本
真的
真的
100
100
假的
/许可
真的
在ApiKeyValidator密钥的Api-Manager.xml配置中,我们有:
<APIKeyValidator>
<!-- Server URL of the API key manager -->
<ServerURL>https://MyURL:${mgt.transport.https.port}${carbon.context}services/</ServerURL>
<!-- Admin username for API key manager.
<Username>MyUser</Username>
<!-- Admin password for API key manager. -->
<Password>MyPW</Password>
<KeyValidatorClientType>ThriftClient</KeyValidatorClientType>
<ThriftClientConnectionTimeOut>10000</ThriftClientConnectionTimeOut>
<EnableThriftServer>true</EnableThriftServer>
<ThriftServerHost>localhost</ThriftServerHost>
<KeyValidationHandlerClassName>org.wso2.carbon.apimgt.keymgt.handlers.DefaultKeyValidationHandler</KeyValidationHandlerClassName>
https://MyURL:${mgt.transport.https.port}${carbon.context}服务/
MyPW
节俭客户
10000
真的
本地服务器
org.wso2.carbon.apimgt.keymgt.handlers.DefaultKeyValidationHandler
使用相同的配置文件条目时,在1.10中没有出现此错误。是否知道为什么会发生这种情况?因此我找到了发生这种情况的原因-如果user-mgt.xml文件中列出了不正确的提供者,就会发生这种情况。如果您在上面看到我的文件,我尝试使用只读LDAP,但我列出了RDBMS提供程序 改变了这条线和吊杆,所有的信号都恢复正常了