Open 2Ppisa opened 2 years ago
I'm able to login to apim carbon console by using tenant's admin credentials by adding the following configuration in deplyment.toml file (some guidance on this is available on apim doc)
[encryption]
internal_crypto_provider = "org.wso2.carbon.crypto.provider.SymmetricKeyInternalCryptoProvider"
key = "<same-of-is>"
[system.parameter]
"org.wso2.CipherTransformation" = "AES/GCM/NoPadding"
Actually I don't know if there are any other implication due to this change. For example, I found the same configuration has impact on OAuth2 token
Description:
Using apim integrated with is-as-km, following the documentation in https://apim.docs.wso2.com/en/latest/install-and-setup/setup/distributed-deployment/configuring-wso2-identity-server-as-a-key-manager/ I'm unable to login in /carbon apim using the admin's tenant credential.
I also tried to apply the configuration in https://github.com/wso2/product-apim/issues/10260 that is not reported in main doc.
Enabling the traces I found 2 main stacktrace that may be related to the issue. One found at apim server startup (extracted from wso2carbon_startup_server.log):
Another one at failed login time (extracted from wso2carbon_failed_login.log):
Steps to reproduce:
Create a tenant on is-as-km: curl -k -X POST "https://is-dev.poc.acme.org/api/server/v1/tenants" -H "accept: /" -H "Content-Type: application/json" -H "Authorization: Basic YWRtaW46YWRtaW4=" -d "{\"domain\":\"orders1.acme.org\",\"owners\":[{\"username\":\"order_admin\",\"password\":\"myPwd\",\"email\":\"order_admin@orders1.acme.org\",\"firstname\":\"order_admin\",\"lastname\":\"order_admin\",\"provisioningMethod\":\"inline-password\"}]}"
Try to login to https://apimportal-dev.poc.acme.org/carbon/admin/login.jsp?loginStatus=false using the tenant admin credential: order_admin@orders1.acme.org myPwd
Got Authentication failed
Affected Product Version:
APIM container builded from https://github.com/wso2/docker-apim/blob/v4.0.0.2/dockerfiles/centos/apim/Dockerfile API IS container builded from https://github.com/wso2/docker-is/blob/v5.11.0.6/dockerfiles/jdk11/centos/is/Dockerfile
Environment details (with versions):