wso2 / product-apim

Welcome to the WSO2 API Manager source code! For info on working with the WSO2 API Manager repository and contributing code, click the link below.
http://wso2.github.io/
Apache License 2.0
846 stars 785 forks source link

APIM v4.0.0 / WSO2 IS External Key Manager - DCR call from APIM to WSO2 IS is using properties not part of the schema #11333

Open bmonteiro opened 3 years ago

bmonteiro commented 3 years ago

Description:

When registering an external Key Manager via /admin UI of Type WSO2 IS the REST call to WSO2 IS is giving 400 HTTP ERROR because the request is wrong.

REQUEST ==> curl -X POST "https://wso2is.domain.com:443/api/identity/oauth2/dcr/v1.1/register" -H "Authorization: Basic XXXX" -H "Content-Type: application/json" -d '{"client_name":"admin_5e91e162-eded-4c0c-bbfc-3e6f90ca78cc_PRODUCTION","token_type_extension":"JWT","grant_types":["client_credentials"],"ext_application_owner":"admin"}' -v

RESPONSE ==> Unrecognized field "ext_application_owner" (class org.wso2.carbon.identity.oauth2.dcr.endpoint.dto.RegistrationRequestDTO), not marked as ignorable (16 known properties: "token_type_extension", "jwks_uri", "application_type", "redirect_uris", "ext_param_sp_template", "url", "contacts", "ext_param_client_secret", "grant_types", "request_uris", "backchannel_logout_uri", "response_types", "client_name", "post_logout_redirect_uris", "backchannel_logout_session_required", "ext_param_client_id"])
* Connection #0 to host wso2is.domain.com left intact
 at [Source: (org.apache.cxf.transport.http.AbstractHTTPDestination$1); line: 1, column: 163] (through reference chain: org.wso2.carbon.identity.oauth2.dcr.endpoint.dto.RegistrationRequestDTO["ext_application_owner"])* Closing connection 0

LOGS from APIM

wso2am-pattern-3-am-cp-2-deployment-8b4cd5958-rhv4n wso2am [2021-06-14 19:53:39,492] DEBUG - RequestAddCookies CookieSpec selected: default
wso2am-pattern-3-am-cp-2-deployment-8b4cd5958-rhv4n wso2am [2021-06-14 19:53:39,493] DEBUG - RequestAddCookies Cookie [version: 0][name: route][value: 1623700397.975.2777.535425][domain: wso2is.xxxxxx.com][path: /][expiry: null] match [(secure)wso2is.yara-dfdp.com:443/api/identity/oauth2/dcr/v1.1/register]
wso2am-pattern-3-am-cp-2-deployment-8b4cd5958-rhv4n wso2am [2021-06-14 19:53:39,493] DEBUG - RequestAuthCache Auth cache not set in the context
wso2am-pattern-3-am-cp-2-deployment-8b4cd5958-rhv4n wso2am [2021-06-14 19:53:39,494] DEBUG - PoolingHttpClientConnectionManager Connection request: [route: {s}->https://wso2is.xxxxxx.com:443][total available: 1; route allocated: 1 of 50; total allocated: 1 of 100]
wso2am-pattern-3-am-cp-2-deployment-8b4cd5958-rhv4n wso2am [2021-06-14 19:53:39,497] DEBUG - wire http-outgoing-12 << "[read] I/O error: Read timed out"
wso2am-pattern-3-am-cp-2-deployment-8b4cd5958-rhv4n wso2am [2021-06-14 19:53:39,498] DEBUG - PoolingHttpClientConnectionManager Connection leased: [id: 12][route: {s}->https://wso2is.xxxxxx.com:443][total available: 0; route allocated: 1 of 50; total allocated: 1 of 100]
wso2am-pattern-3-am-cp-2-deployment-8b4cd5958-rhv4n wso2am [2021-06-14 19:53:39,498] DEBUG - DefaultManagedHttpClientConnection http-outgoing-12: set socket timeout to 0
wso2am-pattern-3-am-cp-2-deployment-8b4cd5958-rhv4n wso2am [2021-06-14 19:53:39,498] DEBUG - DefaultManagedHttpClientConnection http-outgoing-12: set socket timeout to 60000
wso2am-pattern-3-am-cp-2-deployment-8b4cd5958-rhv4n wso2am [2021-06-14 19:53:39,498] DEBUG - MainClientExec Executing request POST /api/identity/oauth2/dcr/v1.1/register HTTP/1.1
wso2am-pattern-3-am-cp-2-deployment-8b4cd5958-rhv4n wso2am [2021-06-14 19:53:39,498] DEBUG - MainClientExec Proxy auth state: UNCHALLENGED
wso2am-pattern-3-am-cp-2-deployment-8b4cd5958-rhv4n wso2am [2021-06-14 19:53:39,499] DEBUG - headers http-outgoing-12 >> POST /api/identity/oauth2/dcr/v1.1/register HTTP/1.1
wso2am-pattern-3-am-cp-2-deployment-8b4cd5958-rhv4n wso2am [2021-06-14 19:53:39,499] DEBUG - headers http-outgoing-12 >> Authorization: Basic XXXXXX
wso2am-pattern-3-am-cp-2-deployment-8b4cd5958-rhv4n wso2am [2021-06-14 19:53:39,499] DEBUG - headers http-outgoing-12 >> Content-Type: application/json
wso2am-pattern-3-am-cp-2-deployment-8b4cd5958-rhv4n wso2am [2021-06-14 19:53:39,499] DEBUG - headers http-outgoing-12 >> X-WSO2-Tenant: carbon.super
wso2am-pattern-3-am-cp-2-deployment-8b4cd5958-rhv4n wso2am [2021-06-14 19:53:39,499] DEBUG - headers http-outgoing-12 >> Accept: */*
wso2am-pattern-3-am-cp-2-deployment-8b4cd5958-rhv4n wso2am [2021-06-14 19:53:39,500] DEBUG - headers http-outgoing-12 >> Content-Length: 194
wso2am-pattern-3-am-cp-2-deployment-8b4cd5958-rhv4n wso2am [2021-06-14 19:53:39,500] DEBUG - headers http-outgoing-12 >> Host: wso2is.xxxxxx.com:443
wso2am-pattern-3-am-cp-2-deployment-8b4cd5958-rhv4n wso2am [2021-06-14 19:53:39,500] DEBUG - headers http-outgoing-12 >> Connection: Keep-Alive
wso2am-pattern-3-am-cp-2-deployment-8b4cd5958-rhv4n wso2am [2021-06-14 19:53:39,500] DEBUG - headers http-outgoing-12 >> User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.10)
wso2am-pattern-3-am-cp-2-deployment-8b4cd5958-rhv4n wso2am [2021-06-14 19:53:39,501] DEBUG - headers http-outgoing-12 >> Cookie: route=1623700397.975.2777.535425
wso2am-pattern-3-am-cp-2-deployment-8b4cd5958-rhv4n wso2am [2021-06-14 19:53:39,501] DEBUG - headers http-outgoing-12 >> Accept-Encoding: gzip,deflate
wso2am-pattern-3-am-cp-2-deployment-8b4cd5958-rhv4n wso2am [2021-06-14 19:53:39,501] DEBUG - wire http-outgoing-12 >> "POST /api/identity/oauth2/dcr/v1.1/register HTTP/1.1[\r][\n]"
wso2am-pattern-3-am-cp-2-deployment-8b4cd5958-rhv4n wso2am [2021-06-14 19:53:39,501] DEBUG - wire http-outgoing-12 >> "Authorization: Basic XXXXXXXX[\r][\n]"
wso2am-pattern-3-am-cp-2-deployment-8b4cd5958-rhv4n wso2am [2021-06-14 19:53:39,501] DEBUG - wire http-outgoing-12 >> "Content-Type: application/json[\r][\n]"
wso2am-pattern-3-am-cp-2-deployment-8b4cd5958-rhv4n wso2am [2021-06-14 19:53:39,502] DEBUG - wire http-outgoing-12 >> "X-WSO2-Tenant: carbon.super[\r][\n]"
wso2am-pattern-3-am-cp-2-deployment-8b4cd5958-rhv4n wso2am [2021-06-14 19:53:39,502] DEBUG - wire http-outgoing-12 >> "Accept: */*[\r][\n]"
wso2am-pattern-3-am-cp-2-deployment-8b4cd5958-rhv4n wso2am [2021-06-14 19:53:39,502] DEBUG - wire http-outgoing-12 >> "Content-Length: 194[\r][\n]"
wso2am-pattern-3-am-cp-2-deployment-8b4cd5958-rhv4n wso2am [2021-06-14 19:53:39,502] DEBUG - wire http-outgoing-12 >> "Host: wso2is.xxxxx.com:443[\r][\n]"
wso2am-pattern-3-am-cp-2-deployment-8b4cd5958-rhv4n wso2am [2021-06-14 19:53:39,503] DEBUG - wire http-outgoing-12 >> "Connection: Keep-Alive[\r][\n]"
wso2am-pattern-3-am-cp-2-deployment-8b4cd5958-rhv4n wso2am [2021-06-14 19:53:39,503] DEBUG - wire http-outgoing-12 >> "User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.10)[\r][\n]"
wso2am-pattern-3-am-cp-2-deployment-8b4cd5958-rhv4n wso2am [2021-06-14 19:53:39,503] DEBUG - wire http-outgoing-12 >> "Cookie: route=1623700397.975.2777.535425[\r][\n]"
wso2am-pattern-3-am-cp-2-deployment-8b4cd5958-rhv4n wso2am [2021-06-14 19:53:39,503] DEBUG - wire http-outgoing-12 >> "Accept-Encoding: gzip,deflate[\r][\n]"
wso2am-pattern-3-am-cp-2-deployment-8b4cd5958-rhv4n wso2am [2021-06-14 19:53:39,504] DEBUG - wire http-outgoing-12 >> "[\r][\n]"
wso2am-pattern-3-am-cp-2-deployment-8b4cd5958-rhv4n wso2am [2021-06-14 19:53:39,504] DEBUG - wire http-outgoing-12 >> "{[\n]"
wso2am-pattern-3-am-cp-2-deployment-8b4cd5958-rhv4n wso2am [2021-06-14 19:53:39,504] DEBUG - wire http-outgoing-12 >> "  "client_name": "admin_5e91e162-eded-4c0c-bbfc-3e6f90ca78cc_PRODUCTION",[\n]"
wso2am-pattern-3-am-cp-2-deployment-8b4cd5958-rhv4n wso2am [2021-06-14 19:53:39,504] DEBUG - wire http-outgoing-12 >> "  "token_type_extension": "JWT",[\n]"
wso2am-pattern-3-am-cp-2-deployment-8b4cd5958-rhv4n wso2am [2021-06-14 19:53:39,505] DEBUG - wire http-outgoing-12 >> "  "grant_types": [[\n]"
wso2am-pattern-3-am-cp-2-deployment-8b4cd5958-rhv4n wso2am [2021-06-14 19:53:39,505] DEBUG - wire http-outgoing-12 >> "    "client_credentials"[\n]"
wso2am-pattern-3-am-cp-2-deployment-8b4cd5958-rhv4n wso2am [2021-06-14 19:53:39,505] DEBUG - wire http-outgoing-12 >> "  ],[\n]"
wso2am-pattern-3-am-cp-2-deployment-8b4cd5958-rhv4n wso2am [2021-06-14 19:53:39,505] DEBUG - wire http-outgoing-12 >> "  "ext_application_owner": "admin"[\n]"
wso2am-pattern-3-am-cp-2-deployment-8b4cd5958-rhv4n wso2am [2021-06-14 19:53:39,505] DEBUG - wire http-outgoing-12 >> "}"
wso2am-pattern-3-am-cp-1-deployment-5bd8b76798-7stmk wso2am [2021-06-14 19:53:39,565] DEBUG - JMSTaskManager Waiting for a message for Siddhi-JMS-Consumer - duration : 1000ms
wso2am-pattern-3-am-cp-1-deployment-5bd8b76798-7stmk wso2am [2021-06-14 19:53:39,566] DEBUG - Dispatcher Set Dispatcher Connection Started: Currently Started
wso2am-pattern-3-am-cp-1-deployment-5bd8b76798-7stmk wso2am [2021-06-14 19:53:39,593] DEBUG - SlotManagerStandalone Slot Manager - giving a slot from fresh pool. Slot= null
wso2am-pattern-3-am-cp-1-deployment-5bd8b76798-7stmk wso2am [2021-06-14 19:53:39,594] DEBUG - SlotManagerStandalone Slot Manager - returns empty slot for the queue: AMQP_Topic_keymanager_NODE:wso2am-pattern-3-am-cp-1-deployment-5bd8b76798-7stmk/10.80.126.242
wso2am-pattern-3-am-cp-1-deployment-5bd8b76798-7stmk wso2am [2021-06-14 19:53:39,594] DEBUG - MessageDeliveryTask 1 milli seconds to get a slot from slot manager
wso2am-pattern-3-am-cp-1-deployment-5bd8b76798-7stmk wso2am [2021-06-14 19:53:39,594] DEBUG - MessageDeliveryTask Received an empty slot from slot manager
wso2am-pattern-3-am-cp-1-deployment-5bd8b76798-7stmk wso2am [2021-06-14 19:53:39,594] DEBUG - RDBMSMessageStoreImpl Metadata and content removed for 0 messages.
wso2am-pattern-3-am-cp-1-deployment-5bd8b76798-7stmk wso2am [2021-06-14 19:53:39,595] DEBUG - SlotManagerStandalone Slot Manager - giving a slot from fresh pool. Slot= null
wso2am-pattern-3-am-cp-1-deployment-5bd8b76798-7stmk wso2am [2021-06-14 19:53:39,595] DEBUG - SlotManagerStandalone Slot Manager - returns empty slot for the queue: AMQP_Topic_notification_NODE:wso2am-pattern-3-am-cp-1-deployment-5bd8b76798-7stmk/10.80.126.242
wso2am-pattern-3-am-cp-1-deployment-5bd8b76798-7stmk wso2am [2021-06-14 19:53:39,595] DEBUG - MessageDeliveryTask 0 milli seconds to get a slot from slot manager
wso2am-pattern-3-am-cp-1-deployment-5bd8b76798-7stmk wso2am [2021-06-14 19:53:39,595] DEBUG - MessageDeliveryTask Received an empty slot from slot manager
wso2am-pattern-3-am-cp-1-deployment-5bd8b76798-7stmk wso2am [2021-06-14 19:53:39,595] DEBUG - RDBMSMessageStoreImpl Metadata and content removed for 0 messages.
wso2am-pattern-3-am-cp-2-deployment-8b4cd5958-rhv4n wso2am [2021-06-14 19:53:39,658] DEBUG - wire http-outgoing-12 << "HTTP/1.1 400 [\r][\n]"
wso2am-pattern-3-am-cp-2-deployment-8b4cd5958-rhv4n wso2am [2021-06-14 19:53:39,659] DEBUG - wire http-outgoing-12 << "Date: Mon, 14 Jun 2021 19:53:39 GMT[\r][\n]"
wso2am-pattern-3-am-cp-2-deployment-8b4cd5958-rhv4n wso2am [2021-06-14 19:53:39,659] DEBUG - wire http-outgoing-12 << "Content-Type: text/plain[\r][\n]"
wso2am-pattern-3-am-cp-2-deployment-8b4cd5958-rhv4n wso2am [2021-06-14 19:53:39,659] DEBUG - wire http-outgoing-12 << "Content-Length: 712[\r][\n]"
wso2am-pattern-3-am-cp-2-deployment-8b4cd5958-rhv4n wso2am [2021-06-14 19:53:39,660] DEBUG - wire http-outgoing-12 << "Connection: keep-alive[\r][\n]"
wso2am-pattern-3-am-cp-2-deployment-8b4cd5958-rhv4n wso2am [2021-06-14 19:53:39,660] DEBUG - wire http-outgoing-12 << "X-Frame-Options: DENY[\r][\n]"
wso2am-pattern-3-am-cp-2-deployment-8b4cd5958-rhv4n wso2am [2021-06-14 19:53:39,660] DEBUG - wire http-outgoing-12 << "X-Content-Type-Options: nosniff[\r][\n]"
wso2am-pattern-3-am-cp-2-deployment-8b4cd5958-rhv4n wso2am [2021-06-14 19:53:39,660] DEBUG - wire http-outgoing-12 << "X-XSS-Protection: 1; mode=block[\r][\n]"
wso2am-pattern-3-am-cp-2-deployment-8b4cd5958-rhv4n wso2am [2021-06-14 19:53:39,660] DEBUG - wire http-outgoing-12 << "Strict-Transport-Security: max-age=15724800; includeSubDomains[\r][\n]"
wso2am-pattern-3-am-cp-2-deployment-8b4cd5958-rhv4n wso2am [2021-06-14 19:53:39,661] DEBUG - wire http-outgoing-12 << "[\r][\n]"
wso2am-pattern-3-am-cp-2-deployment-8b4cd5958-rhv4n wso2am [2021-06-14 19:53:39,661] DEBUG - wire http-outgoing-12 << "Unrecognized field "ext_application_owner" (class org.wso2.carbon.identity.oauth2.dcr.endpoint.dto.RegistrationRequestDTO), not marked as ignorable (16 known properties: "token_type_extension", "jwks_uri", "application_type", "redirect_uris", "ext_param_sp_template", "url", "contacts", "ext_param_client_secret", "grant_types", "request_uris", "backchannel_logout_uri", "response_types", "client_name", "post_logout_redirect_uris", "backchannel_logout_session_required", "ext_param_client_id"])[\n]"
wso2am-pattern-3-am-cp-2-deployment-8b4cd5958-rhv4n wso2am [2021-06-14 19:53:39,661] DEBUG - wire http-outgoing-12 << " at [Source: (org.apache.cxf.transport.http.AbstractHTTPDestination$1); line: 7, column: 29] (through reference chain: org.wso2.carbon.identity.oauth2.dcr.endpoint.dto.RegistrationRequestDTO["ext_application_owner"])"
wso2am-pattern-3-am-cp-2-deployment-8b4cd5958-rhv4n wso2am [2021-06-14 19:53:39,662] DEBUG - headers http-outgoing-12 << HTTP/1.1 400
wso2am-pattern-3-am-cp-2-deployment-8b4cd5958-rhv4n wso2am [2021-06-14 19:53:39,662] DEBUG - headers http-outgoing-12 << Date: Mon, 14 Jun 2021 19:53:39 GMT
wso2am-pattern-3-am-cp-2-deployment-8b4cd5958-rhv4n wso2am [2021-06-14 19:53:39,662] DEBUG - headers http-outgoing-12 << Content-Type: text/plain
wso2am-pattern-3-am-cp-2-deployment-8b4cd5958-rhv4n wso2am [2021-06-14 19:53:39,662] DEBUG - headers http-outgoing-12 << Content-Length: 712
wso2am-pattern-3-am-cp-2-deployment-8b4cd5958-rhv4n wso2am [2021-06-14 19:53:39,663] DEBUG - headers http-outgoing-12 << Connection: keep-alive
wso2am-pattern-3-am-cp-2-deployment-8b4cd5958-rhv4n wso2am [2021-06-14 19:53:39,663] DEBUG - headers http-outgoing-12 << X-Frame-Options: DENY
wso2am-pattern-3-am-cp-2-deployment-8b4cd5958-rhv4n wso2am [2021-06-14 19:53:39,663] DEBUG - headers http-outgoing-12 << X-Content-Type-Options: nosniff
wso2am-pattern-3-am-cp-2-deployment-8b4cd5958-rhv4n wso2am [2021-06-14 19:53:39,663] DEBUG - headers http-outgoing-12 << X-XSS-Protection: 1; mode=block
wso2am-pattern-3-am-cp-2-deployment-8b4cd5958-rhv4n wso2am [2021-06-14 19:53:39,663] DEBUG - headers http-outgoing-12 << Strict-Transport-Security: max-age=15724800; includeSubDomains

The WSO2 IS API is missing such field

https://docs.wso2.com/display/IS511/apidocs/OAuth2-dynamic-client-registration/#!/operations#OAuth2DCR#registerApplication

NOTE: The docs could be way better and mention that the user cannot use the well-known URL https://wso2is.xxx.com:443/oauth2/token/.well-known/openid-configuration for all the fields and edit manually the field Client Registration Endpoint to use the REST API from keymanager-operations deployed in WSO2 IS

Steps to reproduce:

Create an External KM via /admin UI of type WSO2 IS and then try to generate tokens via DevPortal

Affected Product Version:

APIM v4.0.0

Environment details (with versions):

Suggested Assignees:

@Rajith90

tharindu1st commented 3 years ago

@bmonteiro please follow https://apim.docs.wso2.com/en/latest/administer/key-managers/configure-wso2is-connector/