wso2-am

问题 I have a requirement to generate deep links/magic links for end users. The users will receive the link via email and on click of it requires to be auto logged in (passwordless login). The identity server that is being used is WSO2 identity server. I also have WSO2 API manager. Can you please suggest the mechanism via which WSO2 identity server would enable the view of the link/page without requiring the user to explicitly login. 回答1: I don't think this is supported out-of-the-box. But you can

问题 My web client application has different menus like read , delete , add ,view etc depending up on the users roles. I have different scope as read , delete , add etc and associated roles with them which is configured in WSO2 API Manager. when user logs in , I authenticate user via WSO2 API Manager and gets the token .How can i obtain all the valid scopes for that token so that i can show the user different menu's depending on the scopes i received? Since i have many scopes , i hope to have some

问题 I am integrating WSO2AM with our in-house proprietary Identity Provider (IDP). I was following the wso2 documentation "Exchanging SAML2 Bearer Tokens with OAuth2 - SAML Extension Grant Type". I have added Identity Providers in API Manager's management console and added public certificate .pem of IDP. Next I added wso2am as service provider on our IDP. I have generated a saml token from idp and i now i am ready to exchange it for OAuth token from API Manager. I am getting following error: {

问题 After working with WSO2 AM 1.10.0, we're now evaluating AM 2.1.0 for our WSO2 cluster. The cluster has two types of nodes: A manager node: a complete set of WSO2 AM products. A worker node: which runs only the gateway (-DworkerNode=true -Dprofile=gateway-worker) At the manager node, everything works ok. I am able to create a tenant (0000s7.com) and an API, and run it (I defined the GET verb to be unauthenticated, so no subscription is needed): $ curl http://localhost:8280/t/0000s7.com/ofer1/1

问题 Using WSO2AM 2.1.0 we have a question. By default the applications of the store are created by subscriber and each subscriber can see only own application (what makes sense). However here we have an environment where admins want to create a clientapplication configuration and then just pass client credentials to the clients (or developers). In this case - is it possible for admins could see/access applications of other admins? Edit: I thought I could see applications of other users in the

问题 I start the AM server by running the commond wso2carbon.sh and the carbon.log prompts the 5672 was used. So I have to modify the port. Thus, which configuration file I should modify? Thanks a lot. 回答1: Here is a quick grep which will help you. (note: here the port is changed from 5672 to 5678.) bhathiya@bhathiya-x1:/data/products/am/wso2am-2.0.0/bin$ grep -r 5678 ../repository/conf/ -A 5 -B 5 ../repository/conf/api-manager.xml- <!--InitDelay>300000</InitDelay> ../repository/conf/api-manager

问题 I deployed 2 keymanager nodes, 2 pub-store nodes, 1 gateway manager node and 2 gateway worker nodes in one server, and deployed nginx for load balance. When i try to access API via API Console, it reported below error: TID: [-1234] [] [2016-08-29 21:10:57,237] WARN {org.wso2.carbon.apimgt.gateway.handlers.security.APIAuthenticationHandler} - API authentication failure due to Unclassified Authentication Failure {org.wso2.carbon.apimgt.gateway.handlers.security.APIAuthenticationHandler} TID: [

问题 WSO2AM(1.10.0) is used in my organization as API gateway. Before releasing it to production, there are a few weakened protocols/ciphers found by a security company and they suggest disable these protocols as below, TLSv1.0 3DES based ciphers 1024 bit Diffie-Hellman groups Could anyone please suggest me how to turn them off and any side-effects? Thanks, Sean 回答1: You can disable TLSv1.0 by removing it from repository/conf/tomcat/catalina-server.xml file. <Connector protocol="org.apache.coyote

问题 I've just installed a new https certificate in wso2carbon.jks corresponding to the DNS name of the machine, and I've removed the old certificate. I have also changed all occurences of "{carbon.local.ip}" and "localhost" in carbon.xml and api-manager.xml to replace them with the new name of the machine (which is mapped in /etc/hosts too) as I was told to here : WSO2 not compatible with Docker After this, it starts with no error or warning in wso2carbon.log,and I can connect to store or

问题 Migrating from WSO2 AM 1.10 to 2.0. Won't mention all the obstacles I've had to overcame. But this one is pretty obvious and I am really stunned that this went overlooked/ignored by the developers before releasing the new version. Let's ignore all the bugs with CSRF, BUT this one sucks arse, too: Grouping and categorizing. WSO2 documents have not been updated since the last release, which is kinda sad. BUG 1: Grouping does not work unless all the subdirs (in Carbon) under "tags" dir are