Can anyone tell me why WSo2 API Manager does not authenticate? I have set up two WSo2 API Manager 1.8.0 instances and created an api.it is working fine as prototyped api. after it save and publish and call the api with an access token
getting the following rsponce
<ams:fault xmlns:ams="http://wso2.org/apimanager/security">
<ams:code>900906</ams:code>
<ams:message>
No matching resource found in the API for the given request
</ams:message>
<ams:description>
Access failure for API: /api/stature, version: 1.0.0 with key: null
</ams:description>
</ams:fault>
and here is the wso2carbon.log:
TID[-1234] [AM] [2015-01-19 00:12:47,263] ERROR {org.wso2.carbon.apimgt.gateway.handlers.security.APIAuthenticationHandler} -
API authentication failure org.wso2.carbon.apimgt.gateway.handlers.security.oauth.OAuthAuthenticator.authenticate(OAuthAuthenticator.java:212)
org.wso2.carbon.apimgt.gateway.handlers.security.APIAuthenticationHandler.handleRequest(APIAuthenticationHandler.java:94)
org.apache.synapse.rest.API.process(API.java:284) org.apache.synapse.rest.RESTRequestHandler.dispatchToAPI(RESTRequestHandler.java:83)
org.apache.synapse.rest.RESTRequestHandler.process(RESTRequestHandler.java:64)
org.apache.synapse.core.axis2.Axis2SynapseEnvironment.injectMessage(Axis2SynapseEnvironment.java:220)
org.apache.synapse.core.axis2.SynapseMessageReceiver.receive(SynapseMessageReceiver.java:83)
org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:180)
org.apache.synapse.transport.passthru.ServerWorker.processNonEntityEnclosingRESTHandler(ServerWorker.java:344)
org.apache.synapse.transport.passthru.ServerWorker.run(ServerWorker.java:168)
org.apache.axis2.transport.base.threads.NativeWorkerPool$1.run(NativeWorkerPool.java:172)
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
java.lang.Thread.run(Thread.java:745)
No matching resource found in the API for the given request
The above issue occurs, when your request URL is wrong and APIManager could not match that with existing published APIs.
If the published API configuration is not deployed properly in the gateway. You can check this, browsing to Gateway's synapse config folder/api folder.(inside/repository/deployment/server)
If the relevant API entries are missing at APIM DB.
Do you try with distributed setup? did you change DBs? Check above all 3 points, then you can figure out the issue quickly.
Related
I am getting following error while running DataFlow pipeline
Error reporting inventory checksum: code: "Unauthenticated", message: "Request is missing required authentication credential.
Expected OAuth 2 access token, login cookie or other valid authentication credential.
We have created service account dataflow#12345678.iam.gserviceaccount.com with following roles
BigQuery Data Editor
Cloud KMS CryptoKey Decrypter
Dataflow Worker
Logs Writer
Monitoring Metric Writer
Pub/Sub Subscriber
Pub/Sub Viewer
Storage Object Creator
And in our python code we are using import google.auth
Any idea what am I missing here ?
I do not believe I need to create key for SA , however I am not sure if "OAuth 2 access token" for SA need to be created ? If yes how ?
This was the issue in my case https://cloud.google.com/dataflow/docs/guides/common-errors#lookup-policies
If you are trying to access a service through HTTP, with a custom request (not using a client library), you can obtain a OAuth2 token for that service account using the metadata server of the worker VM. See this example for Cloud Run, you can use the same code snippet in Dataflow to get a token and use it with your custom HTTP request:
https://cloud.google.com/run/docs/authenticating/service-to-service#acquire-token
I want to use Apache Nifi to track real time tweets
i pasted in my keys correctly but all requests return this error :
19:15:20 UTC ERROR
GetTwitter[id=59b5cb18-017e-1000-a6a2-991a653ec138] Received error HTTP_ERROR: HTTP/1.1 403 Forbidden. Will attempt to reconnect
i dont know where the problem is from.
thank you.
403 Forbidden means the Twitter API is rejecting your request - your access keys could be incorrect, or you might not have the right access rights for the endpoint you're accessing.
The request is understood, but it has been refused or access is not allowed. An accompanying error message will explain why.
Check that your developer account includes access to the endpoint you’re trying to use. You may also need to get your App allowlisted (e.g. Engagement API or Ads API) or sign up for access.
From https://developer.twitter.com/en/support/twitter-api/error-troubleshooting
Make sure you follow the advice from Twitter here and make note of:
With Essential access, you are only able to make requests to the Twitter API v2 endpoints, and not the v1.1 or enterprise endpoints. You are limited to 500K Tweets/month, and unable to take advantage of certain developer portal functionality such as teams and access to additional App environments
There are limits on what you can do with the Essential access level. See here.
If that doesn't help - please include a screenshot of your GetTwitter config and your version of NiFi.
If it raises 403 error while using GetTwitter processor in nifi.
API Key & consumer key aren't only a problem. Change the Twitter endpoint field while configuring the GetTwitter processor from
Filter Endpoint
to
Firehose Endpoint
In the field of twitter endpoint
Probably this will work!!
Api Auto discovery Error 400... when i deploy my api in cloud(anypoint through runtime manager) it got deployed. but, when i tried to get a response from postman, it says "service not available",i am not able to get a response back from postman.
Is it error 503? In that case the explanation is that the API is not correctly paired to the API in API Manager with client credentials and Autodiscovery. See https://support.mulesoft.com/s/article/API-returns-503-Service-Unavailable-error-to-clients
UPDATED QUESTION to clarify more.
I have two servers : wso2greg containing custom artefacts and wso2am (api manager).
The gouvernance register is intended to be used internally (intranet) and some of it's feature are intended to be exposed externally and acceded via it's rest API.
In order to manage wso2greg API accesss, we used an wso2am (api manager) server, where we did define an API that act as a proxy for the wso2greg API.
In our experiments, we found the strange behaviour described below :
Successfully direct calling wso2greg artefact rest api (the exact url is
https://localhost:9443/resource/1.0.0/artifact/_system/governance/myartifact/art1 and i'm following the documentation of this REST API from here https://docs.wso2.com/display/Governance520/Resources+with+REST+API ) using postman. The API reacts as described in the documentation.
Error 500, reported on wso2greg server, when calling the same REST API, but via API manager (using publisher application).
So as a summary :
Directly calling wso2greg rest API woks fine and a got results back
Adding this working API, in wso2am and than calling it gives always error 500.
As extra information:
Tested with other wso2greg REST API , such as "rating" or "comments" and I was able to call it successfully either directly or throw Api manager.
Tried to get information related to default wso2greg artifacts such as restservice, but i got exactly the same pb when (error 500) interagting with API manager.
Working with the last version of both products : wso2greg version 5.2.0 and wso2am version 1.10.0
Please advice, or clarify how could i debug this internal error in wso2greg.
Regards,
I hope your not using G-Reg + APIM feature installed version. I presume your using separate G-reg 5.2.0 and APIM x.x.x. Since your using the second option you can't use G-Reg REST API with APIM, therefore you have to use APIM REST API instead.
Get an API
Description: Get details of a specific API.
URI: http://localhost:9763/publisher/site/blocks/listing/ajax/item-list.jag
URI Parameters: action=getAPI&name=xxx&version=xxx&provider=xxx
HTTP Methods: POST
Example:
curl -X POST -b cookies http://localhost:9763/publisher/site/blocks/listing/ajax/item-list.jag -d "action=getAPI&name=PhoneVerification&version=1.0.0&provider=admin"
Please follow this link to see all the api usage.
Thanks #thusharaK for providing help.
The solution was to add Message Mediation Policies which forces json header on output.
Now i got my correct response from API manager (in fact, i got a binary response in test console and a json response in postman) .
Within the last few weeks a suite of our applications using Google's Oauth2 authentication system and the Apache Oltu library have stopped working.
All attempts to register or log in via Google meet with the same error:
Login/registration action failed: java.io.IOException: Attempted read from closed stream.
This was all working fine recently and we have made no code or application changes in the intervening time.
Has something changed at the Google end which is causing all these requests to fail?
I do no seem to have any logging or information available from my Google developer console.
Within my application the log entries indicate an attempt to authenticate which does not succeed.
The code which is now failing, which used to succeed is:
// obtain a AuthRequest message to be sent to the OpenID provider
OAuthClientRequest oauthRequest = OAuthClientRequest
.authorizationLocation(discovery.getAuthzEndpoint())
.setClientId(Oauth2Util.getClientId())
.setRedirectURI(responseURL)
.setResponseType(ResponseType.CODE.toString())
.setScope(GOOGLE_SCOPE)
.setState(state)
.buildQueryMessage();
response.sendRedirect(oauthRequest.getLocationUri());
which triggers an exception:
java.io.IOException: Attempted read from closed stream.
all advice gratefully received
Google retired OpenID 2.0 on 20th April. See http://googledevelopers.blogspot.co.uk/2015/03/reminder-to-migrate-to-oauth-20-or.html
ok, I think i have understood what's going on. It is related to the OpenID retirement, but somewhat obliquely
In my code:
OAuthClientRequest oauthRequest = OAuthClientRequest
.authorizationLocation(discovery.getAuthzEndpoint())
is using an internal 'discovery' module which is trying to source information in a way which has been deprecated as part of the turn off of OpenID
the preferred Oltu way appears to be
OAuthClientRequest oauthRequest = OAuthClientRequest
.authorizationProvider(OAuthProviderType.GOOGLE)
which works much better
rtm: https://cwiki.apache.org/confluence/display/OLTU/OAuth+2.0+Client+Quickstart