0

Apim(publisher) page and IS page is working fine but APIM admin page throwing this error"The server could not verify that you are authorized to access the requested resource"

We are doing upgradation for the version for IS version 5.11.0 and APIM version 4.1.0 , The admin page of APIM is not working ,"Error 403 : Forbidden" . and there is no error coming in the logs.

CKR
  • 11

1 Answers1

0

Have you configured the primary user store for APIM properly as mentioned in [1]? By default APIM 4.1.0 comes with a JDBC user store and IS 5.11.0 comes with an LDAP. So, you need to point both user stores to one of your choosing so that the relevant users (including admin users) will be persisted there.

For example, assuming you have deployed IS with an offset of 1, you can point the user store of APIM to that of IS as follows in the deployment.toml.

[user_store]
type = "read_write_ldap_unique_id"
connection_url = "ldap://localhost:10390"
connection_name = "uid=admin,ou=system"
connection_password = "admin"
base_dn = "dc=wso2,dc=org"

Please refer [2] and [1] for more information.

[1] - https://apim.docs.wso2.com/en/latest/administer/managing-users-and-roles/managing-user-stores/configure-primary-user-store/configuring-the-primary-user-store/

[2] - https://apim.docs.wso2.com/en/latest/install-and-setup/setup/distributed-deployment/configuring-wso2-identity-server-as-a-key-manager/#step-5-configure-wso2-api-m-with-the-wso2-is

RrR-
  • 1,251
  • 3
  • 15
  • 32
  • I followed the step [2] - https://apim.docs.wso2.com/en/latest/install-and-setup/setup/distributed-deployment/configuring-wso2-identity-server-as-a-key-manager/#step-5-configure-wso2-api-m-with-the-wso2-is is it compulsory to add ldap for IS or is it fine to do with jdbc i'm not sure . [user_store] type = "database_unique_id" [user_store.properties] ReadGroupsPasswordHashMethod = "SHA" [realm_manager.properties] MultiTenantRealmConfigBuilder = "org.wso2.carbon.user.core.config.multitenancy.SimpleRealmConfigBuilder" – CKR Feb 24 '23 at 08:45
  • whatever we change in IS same change did in Apim for user store ,[user_store.properties] same error coming – CKR Feb 24 '23 at 08:54
  • Error 500 : The page cannot be displayed. The server encountered an internal error or misconfiguration and was unable to complete your request. – CKR Feb 24 '23 at 09:02
  • It is not compulsory to add an ldap. You need to have the same user store in both APIM and IS. Also, if there is an error in carbon log, please add it to the question – RrR- Feb 24 '23 at 10:40
  • After having same user store in both APIM and IS . now admin page is working. But now in logs i'm getting this Error. ERROR {org.wso2.is.notification.EventSender} - Error while sending Revocation Event to https://:/internal/data/v1/notify javax.net.ssl.SSLPeerUnverifiedException: Certificate for doesn't match any of the subject alternative names: ERROR {org.wso2.carbon.apimgt.rest.api.util.impl.OAuthOpaqueAuthenticatorImpl} - Provided access token is invalid – CKR Mar 01 '23 at 06:28
  • And in Devportal after adding new Application while going for GENERATE KEYS for the newly added one in Production Keys , below mentioned errors im getting in logs and page getting Blank. ERROR {org.wso2.carbon.apimgt.impl.AbstractKeyManager} - Can not create OAuth application  : admin_8d304dad-9f06-4236-8694-abf185393fff_PRODUCTION for application: On_104 and key type: PRODUCTION org.wso2.carbon.apimgt.impl.kmclient.KeyManagerClientException: Received status code: 500 Reason: ERROR {org.wso2.carbon.apimgt.impl.utils.APIUtil} - Error occurred while executing SubscriberKeyMgtClient. – CKR Mar 01 '23 at 06:36