2

I a trying to deploy WSO2 API manager (APIM) with a custom valid certificate and to use the option to encrypt in the DB token and secret user information.

I can use my certificate all right, its green even in chrome and everything will work: token emission, api consomption with a token and token revocation. But, as soon as I try to use the option to encrypt tokens I get an error when trying to use the token. Token expired. If I push the logging to DEBUG level, nothing unusual happens but for the token being considered expired and APIM returns expired credentials.

Any one know how to use this options ? And yes, I have tried to set that option from the get go to make sure is active before any user, api, tenant or anything else is created on the server. If I deactivate it, every thing works normally for subscription taken after deactivation.

Thank you.

Abimaran Kugathasan
  • 31,165
  • 11
  • 75
  • 105
Simon Pierre Desrosiers
  • 43
  • 5
  • Have you generated any tokens before enable token encryption? Also, Can you add the exact error response you are getting? – Abimaran Kugathasan Oct 10 '16 at 03:37
  • I have tried both. But, I just redid it using ansible. Configuration are pushed before the manager is started for the first time. I get the answer : ``` 900901 Invalid Credentials Access failure for API: /t/test.vdm/PE/v1.0, version: v1.0. Make sure your have given the correct access token ``` from the server. Ill put the logs in a second comment. – Simon Pierre Desrosiers Oct 10 '16 at 19:34
  • Highly redacted log: ```TID: [-1] [] [2016-10-10 15:28:24,427] ERROR {...TokenPersistenceTask} - Error occurred while persisting access token :24f7a1bab4fae90e4d558b675666cf32 {...TokenPersistenceTask} ....IdentityOAuth2Exception: Invalid request at org.wso2.carbon.identity.oauth2.dao.TokenMgtDAO.storeAccessToken(TokenMgtDAO.java:244) TID: [-1234] [] [2016-10-10 15:28:39,917] ERROR {...} - Invalid OAuth Token : Invalid access token {...} TID: [1] [] [2016-10-10 15:28:39,926] @test.vdm [1] [AM] WARN ....} - API authentication failure due to Invalid Credentials ``` – Simon Pierre Desrosiers Oct 10 '16 at 19:41
  • You can see two log files [here](http://crypto.cs.mcgill.ca/~simonpie/WSO2/) – Simon Pierre Desrosiers Oct 10 '16 at 19:49
  • Could it be that more modification are to be done to identity.xml ? The documentation just says to modify the `` tag, but there are many other fields that look very pertinent to change. Especially since I am using an external mysql server. – Simon Pierre Desrosiers Oct 11 '16 at 18:53
  • Whle generating this custom certificate, did you add `data encipherment` property to it? Otherwise the certificate can not be used to encrypt the data. But the server tries to decrypt. – Nipun Thathsara Nov 20 '18 at 22:05

0 Answers0