3

I've written a drop-in jar for the wso2is server we are hosting on-premises that includes an implementation of the AbstractIdentityTenantMgtListener. I hook on the onTenantCreate event to use the credentials of the administrator and create a new userstore for the tenant.

The API I am invoking is this one: https://is.docs.wso2.com/en/latest/develop/userstore-rest-api/#/User%20Store/addUserStore against a v5.10.0 wso2is server.

The uri I use includes the /t/{tenantDomain} path segment.

Using the tenant admin's credentials I am not rejected as unauthorized but instead the server fails to store the userstore's configuration file with the following exception:

wso2-identity-server                 | [2020-09-11 07:44:36,611] [e909f3d3-17bb-49e7-9951-538e9016fad9] ERROR {org.wso2.carbon.identity.user.store.configuration.utils.SecondaryUserStoreConfigurationUtil} - Error while creating 'userstores' directory to store configurations for tenant = 7
wso2-identity-server                 | [2020-09-11 07:44:36,659] [e909f3d3-17bb-49e7-9951-538e9016fad9] ERROR {org.wso2.carbon.identity.api.server.userstore.v1.core.ServerUserStoreService} - errorCode: SUS-65001 | message: Server Encountered an error while adding secondary user store. org.wso2.carbon.identity.user.store.configuration.utils.IdentityUserStoreMgtException:  Error occurred while creating or closing the output stream from /home/wso2carbon/wso2is-5.10.0/repository/tenants/7/userstores/leon_com.xml
wso2-identity-server                 |  at org.wso2.carbon.identity.user.store.configuration.dao.impl.FileBasedUserStoreDAOImpl.writeToUserStoreConfigurationFile(FileBasedUserStoreDAOImpl.java:148)
wso2-identity-server                 |  at org.wso2.carbon.identity.user.store.configuration.dao.impl.FileBasedUserStoreDAOImpl.doAddUserStore(FileBasedUserStoreDAOImpl.java:292)
wso2-identity-server                 |  at org.wso2.carbon.identity.user.store.configuration.dao.AbstractUserStoreDAO.addUserStore(AbstractUserStoreDAO.java:42)

The error code is SUS-65001 but unfortunately I can't find it listed under here: https://is.docs.wso2.com/en/latest/references/error-catalog/#secondary-user-store-errors Does anyone have any idea what causes this?

Edit Further clarifications: The local installation of wso2is is based on the docker image for wso2is. The Dockerfile itself or our docker-compose.yml does not define any mounted volumes. Moreover when I use the dashboard to create a secondary userstore for tenants it works without errors indicating that the wso2 server process has write access to the file system. Only the invocation of the API leads to the write access error.

Community
  • 1
  • 1
Vasilis Tsirkinidis
  • 73
  • 7
  • `Error occurred while creating or closing the output stream from...` WSO2 is creating a new file in the `/repository/deployment/userstores` directory upon adding a new user store. Make sure this volume mount(if any) is accessible and has write permission to the WSO2 process. – Nipun Thathsara Sep 14 '20 at 14:47
  • @NipunThathsara To clarify further the local installation of wso2is is based on the docker image for wso2is [1]. The Dockerfile itself or our docker-compose.yml does not define any mounted volumes. Moreover when I use the dashboard to create a secondary userstore for tenants it works without errors indicating that the wso2 server process has write access to the file system. Only the invocation of the API leads to the write access error. [1] https://hub.docker.com/r/wso2/wso2is – Vasilis Tsirkinidis Sep 15 '20 at 10:48
  • This needs to be further investigated. Can you post the code fragment(s) of the Tenant Listener, which performs the User Store creation. I am wondering if there can be a file/directory permissions being set by the code. – Ruwan Abeykoon Sep 18 '20 at 08:27
  • I have placed a zipped directory of the code that reproduces this behavior. https://drive.google.com/file/d/1N3hKV0cgY1O-7TszgkOMEjB1imTrlJbH/view?usp=sharing – Vasilis Tsirkinidis Sep 21 '20 at 10:35

0 Answers0