0
環境:wso2 API-M + wso2身份服務器(密鑰管理器)和他們共享相同的用戶存儲。wso2:無法通過新租戶管理員登錄wso2 API-M admin
1.創建新的租戶TA。 (完成)
2.TA管理員嘗試登錄發佈者。 (失敗)
PS:連[email protected]也無法登錄
API-M錯誤日誌:
TID: [-1234] [] [2016-06-15 02:52:50,150] INFO {org.apache.axis2.transport.http.HTTPSender} - Unable to sendViaPost to url[https://my-idp:9443/services/LoggedUserInfoAdmin] {org.apache.axis2.transport.http.HTTPSender}
org.apache.axis2.AxisFault: Transport error: 401 Error: Unauthorized
at org.apache.axis2.transport.http.HTTPSender.handleResponse(HTTPSender.java:331)
at org.apache.axis2.transport.http.HTTPSender.sendViaPost(HTTPSender.java:196)
at org.apache.axis2.transport.http.HTTPSender.send(HTTPSender.java:77)
at org.apache.axis2.transport.http.CommonsHTTPTransportSender.writeMessageWithCommons(CommonsHTTPTransportSender.java:451)
at org.apache.axis2.transport.http.CommonsHTTPTransportSender.invoke(CommonsHTTPTransportSender.java:278)
at org.apache.axis2.engine.AxisEngine.send(AxisEngine.java:442)
at org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:430)
at org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:225)
at org.apache.axis2.client.OperationClient.execute(OperationClient.java:149)
at org.wso2.carbon.core.commons.stub.loggeduserinfo.LoggedUserInfoAdminStub.getUserInfo(LoggedUserInfoAdminStub.java:187)
at
org.wso2.carbon.apimgt.impl.utils.APIUtil.getLoggedInUserInfo(APIUtil.java:2064)
at org.wso2.carbon.apimgt.hostobjects.APIProviderHostObject.jsFunction_login(APIProviderHostObject.java:228)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.mozilla.javascript.MemberBox.invoke(MemberBox.java:126)
at org.mozilla.javascript.FunctionObject.call(FunctionObject.java:386)
at org.mozilla.javascript.optimizer.OptRuntime.call2(OptRuntime.java:42)
at org.jaggeryjs.rhino.publisher.modules.user.c1._c_anonymous_1(/publisher/modules/user/login.jag:19)
at org.jaggeryjs.rhino.publisher.modules.user.c1.call(/publisher/modules/user/login.jag)
at org.mozilla.javascript.ScriptRuntime.applyOrCall(ScriptRuntime.java:2430)
at org.mozilla.javascript.BaseFunction.execIdCall(BaseFunction.java:269)
at org.mozilla.javascript.IdFunctionObject.call(IdFunctionObject.java:97)
at org.mozilla.javascript.optimizer.OptRuntime.call2(OptRuntime.java:42)
at org.jaggeryjs.rhino.publisher.modules.user.c0._c_anonymous_1(/publisher/modules/user/module.jag:5)
at org.jaggeryjs.rhino.publisher.modules.user.c0.call(/publisher/modules/user/module.jag)
at org.mozilla.javascript.optimizer.OptRuntime.callN(OptRuntime.java:52)
at org.jaggeryjs.rhino.publisher.site.blocks.user.login.ajax.c0._c_anonymous_1(/publisher/site/blocks/user/login/ajax/login.jag:26)
at org.jaggeryjs.rhino.publisher.site.blocks.user.login.ajax.c0.call(/publisher/site/blocks/user/login/ajax/login.jag)
at org.mozilla.javascript.optimizer.OptRuntime.call0(OptRuntime.java:23)
at org.jaggeryjs.rhino.publisher.site.blocks.user.login.ajax.c0._c_script_0(/publisher/site/blocks/user/login/ajax/login.jag:5)
at org.jaggeryjs.rhino.publisher.site.blocks.user.login.ajax.c0.call(/publisher/site/blocks/user/login/ajax/login.jag)
at org.mozilla.javascript.ContextFactory.doTopCall(ContextFactory.java:394)
at org.mozilla.javascript.ScriptRuntime.doTopCall(ScriptRuntime.java:3091)
at org.jaggeryjs.rhino.publisher.site.blocks.user.login.ajax.c0.call(/publisher/site/blocks/user/login/ajax/login.jag)
org.wso2.carbon.tomcat.ext.valves.CarbonContextCreatorValve.invoke(CarbonContextCreatorValve.java:57)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:421)
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1074)
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:611)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1739)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1698)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:745)
身份服務器錯誤日誌:
[2016-06-15 03:53:38,767] ERROR {AUDIT_LOG}- Illegal access attempt at [2016-06-15 03:53:38,0767] from IP address 10.10.81.176 while trying to authenticate access to service LoggedUserInfoAdmin
我的問題:
1.我應該在創建新租戶後進行配置嗎?
2.我發現在carbon.super租戶中有10個應用程序(顯示在Managed/applications/list中),但在新租戶TA中沒有人。我應該將管理/應用程序的發佈者和商店應用程序(jaggery) ?
2016年8月11日的新
<UserStoreManager class="org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager">
<Property name="TenantManager">org.wso2.carbon.user.core.tenant.CommonHybridLDAPTenantManager</Property>
<Property name="ConnectionURL">ldap://LDAP_IP:389</Property>
<Property name="ConnectionName">uid=manager,ou=admins,dc=dc,dc=com</Property>
<Property name="ConnectionPassword">password</Property>
<Property name="UserSearchBase">ou=system,dc=dc,dc=com</Property>
<Property name="UserNameAttribute">uid</Property>
<Property name="UserNameSearchFilter">(&(objectClass=OpenLDAPperson)(uid=?))</Property>
<Property name="UserNameListFilter">(objectClass=OpenLDAPperson)</Property>
<Property name="DisplayNameAttribute"/>
<Property name="ReadGroups">true</Property>
<Property name="GroupSearchBase">ou=groups,dc=dc,dc=com</Property>
<Property name="GroupNameAttribute">cn</Property>
<Property name="GroupNameSearchFilter">(&(objectClass=groupOfNames)(cn=?))</Property>
<Property name="GroupNameListFilter">(objectClass=groupOfNames)</Property>
<Property name="MembershipAttribute">member</Property>
<Property name="BackLinksEnabled">false</Property>
<Property name="UsernameJavaRegEx">[a-zA-Z0-9._-|//]{3,30}$</Property>
<Property name="PasswordJavaRegEx">^[\S]{5,30}$</Property>
<Property name="RolenameJavaRegEx">[a-zA-Z0-9._-|//]{3,30}$</Property>
<Property name="SCIMEnabled">false</Property>
<Property name="PasswordHashMethod">PLAIN_TEXT</Property>
<Property name="MultiAttributeSeparator">,</Property>
<Property name="MaxUserNameListLength">100</Property>
<Property name="MaxRoleNameListLength">100</Property>
<Property name="UserRolesCacheEnabled">true</Property>
<Property name="ConnectionPoolingEnabled">true</Property>
<Property name="LDAPConnectionTimeout">5000</Property>
<Property name="ReadTimeout"/>
<Property name="RetryAttempts"/>
<Property name="ReplaceEscapeCharactersAtUserLogin">true</Property>
</UserStoreManager>
感謝
湯姆
您是否從API Manager Management Console創建租戶?您是否可以使用新的租戶管理員登錄到API Manager管理控制檯? –
我可以使用所有租戶管理員登錄到API-M管理控制檯,但無法登錄到發佈商,甚至無法存儲carbon.super租戶管理員。 –