Issues while configuring the API Subscription BPS WSO2

Question

So, i've my WSO2 BPS 3.6.0 configured to support SSL and a custom hostname i.e. mydomain.domain.com:9445 etc. and i'm trying to implement the API Subscription Workflow by following this documentation.

Now i've performed the following steps:

• set the offset of wso2 bps to 2 and it is running fine with port: 9445

• edited the wsa:Address tag in bothSubscriptionService.epr and SubscriptionCallbackService.epr located in API-M_HOME/business-processes/epr as the bps server had a customized hostname instead of localhost (not sure if performing this step was right)

  SubscriptionService.epr SubscriptionCallBackService.epr

• copy-pasted the epr folder from API-M_HOME/business-processes/epr to BPS_HOME/repository/conf/epr

• Added the required BPEL package and human task accordingly

• Navigated to the carbon console from APIM and edited the workflow-extensions.xml, here's how it looks like

• set the TaskCoordinationEnabled tag of b4p-cordination-config.xml to true located in BPS_Home\repository\conf

Consider OTHER required configurations:

At API Manager End:

• site.json file located at APIM_Home\repository\deployment\server\jaggeryapps\admin\site\conf

{
  "theme": {
    "base": "wso2",
    "subtheme": "modern"
  },
  "context": "/admin",
  "request_url": "READ_FROM_REQUEST",
  "tasksPerPage": 10,
  "allowedPermission": "/permission/admin/manage/apim_admin",
  "workflows": {
     "workFlowServerURL": "https://mydomain.domain.com:9445/services/",
  },
  "ssoConfiguration": {
    "enabled": "false",
    "issuer": "API_WORKFLOW_ADMIN",
    "identityProviderURL": "https://localhost:9443/samlsso",
    "keyStorePassword": "",
    "identityAlias": "",
    "keyStoreName": "",
    "verifyAssertionValidityPeriod": "true",
    "audienceRestrictionsEnabled": "true",
    "responseSigningEnabled": "true",
    "assertionSigningEnabled": "true",
    "assertionEncryptionEnabled": "false",
    "idpInit" : "false",
    "idpInitSSOURL" : "https://localhost:9443/samlsso?spEntityID=API_WORKFLOW_ADMIN",
    "externalLogoutPage" : "https://localhost:9443/samlsso?slo=true"
  },
  "reverseProxy": {
    "enabled": false,
    // values true , false , "auto" - will look for  X-Forwarded-* headers
    "host": "sample.proxydomain.com",
    // If reverse proxy do not have a domain name use IP
    "context": ""
    //"regContext":"" // Use only if different path is used for registry
  }
}

• the workflowconfiguration in api-manager.xml

At BPS end:

• carbon.xml

Issue: Now whenever a user navigates to APIM Store and subscribes to any API, the subscription request is listed at the APIM Admin console. When i select APPROVE from the provided ddl and click on the COMPLETE button, the record vanishes. However, this is the error that i see at WSO2's CMD windows:

APIM's cmd window

[2017-11-09 00:13:17,022] INFO - TimeoutHandler This engine will expire all cal lbacks after GLOBAL_TIMEOUT: 120 seconds, irrespective of the timeout action, af ter the specified or optional timeout

[2017-11-09 00:13:17,164] ERROR - TargetHandler I/O error: Host name verificatio n failed for host : localhost javax.net.ssl.SSLException: Host name verification failed for host : localhost at org.apache.synapse.transport.http.conn.ClientSSLSetupHandler.verify(C lientSSLSetupHandler.java:171) at org.apache.http.nio.reactor.ssl.SSLIOSession.doHandshake(SSLIOSession .java:308) at org.apache.http.nio.reactor.ssl.SSLIOSession.isAppInputReady(SSLIOSes sion.java:410) at org.apache.http.impl.nio.reactor.AbstractIODispatch.inputReady(Abstra ctIODispatch.java:119) at org.apache.http.impl.nio.reactor.BaseIOReactor.readable(BaseIOReactor .java:159) at org.apache.http.impl.nio.reactor.AbstractIOReactor.processEvent(Abstr actIOReactor.java:338) at org.apache.http.impl.nio.reactor.AbstractIOReactor.processEvents(Abst ractIOReactor.java:316) at org.apache.http.impl.nio.reactor.AbstractIOReactor.execute(AbstractIO Reactor.java:277) at org.apache.http.impl.nio.reactor.BaseIOReactor.execute(BaseIOReactor. java:105) at org.apache.http.impl.nio.reactor.AbstractMultiworkerIOReactor$Worker. run(AbstractMultiworkerIOReactor.java:586) at java.lang.Thread.run(Thread.java:745)

[2017-11-09 00:13:17,188] WARN - EndpointContext Endpoint : AnonymousEndpoint w ith address https://localhost:9443/store/site/blocks/workflow/workflow-listener/ ajax/workflow-listener.jag will be marked SUSPENDED as it failed

[2017-11-09 00:13:17,193] WARN - EndpointContext Suspending endpoint : Anonymou sEndpoint with address https://localhost:9443/store/site/blocks/workflow/workflo w-listener/ajax/workflow-listener.jag - current suspend duration is : 30000ms - Next retry after : Thu Nov 09 00:13:47 EST 2017

[2017-11-0900:13:17,201] INFO - LogMediator STATUS = Executing default 'fault' sequence, ERROR_CODE = 101500, ERROR_MESSAGE = Error in Sender

[2017-11-09 00:14:17,238] INFO - SourceHandler Writer null when calling informW riterError [2017-11-09 00:14:17,238] WARN - SourceHandler Connection time out after reques t is read: http-incoming-1 Socket Timeout : 60000 Remote Address : /10.10.30.130 :49249

[2017-11-09 00:14:24,671] ERROR - AxisEngine The endpoint reference (EPR) for th e Operation not found is /services/WorkflowCallbackService and the WSA Action = null. If this EPR was previously reachable, please contact the server administra tor. org.apache.axis2.AxisFault: The endpoint reference (EPR) for the Operation not f ound is /services/WorkflowCallbackService and the WSA Action = null. If this EPR was previously reachable, please contact the server administrator. at org.apache.axis2.engine.DispatchPhase.checkPostConditions(DispatchPha se.java:102) at org.apache.axis2.engine.Phase.invoke(Phase.java:329) at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:261) at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:167) at org.apache.synapse.transport.passthru.ServerWorker.processNonEntityEn closingRESTHandler(ServerWorker.java:325) at org.apache.synapse.transport.passthru.ServerWorker.run(ServerWorker.j ava:158) at org.apache.axis2.transport.base.threads.NativeWorkerPool$1.run(Native WorkerPool.java:172) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor. java:1142) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor .java:617) at java.lang.Thread.run(Thread.java:745) [2017-11-09 00:14:24,673] ERROR - ServerWorker Error processing GET request for : /services/WorkflowCallbackService org.apache.axis2.AxisFault: The endpoint reference (EPR) for the Operation not f ound is /services/WorkflowCallbackService and the WSA Action = null. If this EPR was previously reachable, please contact the server administrator. at org.apache.axis2.engine.DispatchPhase.checkPostConditions(DispatchPha se.java:102) at org.apache.axis2.engine.Phase.invoke(Phase.java:329) at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:261) at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:167) at org.apache.synapse.transport.passthru.ServerWorker.processNonEntityEn closingRESTHandler(ServerWorker.java:325) at org.apache.synapse.transport.passthru.ServerWorker.run(ServerWorker.j ava:158) at org.apache.axis2.transport.base.threads.NativeWorkerPool$1.run(Native WorkerPool.java:172) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor. java:1142) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor .java:617) at java.lang.Thread.run(Thread.java:745)

BPS's cmd window:

[2017-11-09 00:14:16,738] ERROR {org.wso2.carbon.bpel.core.ode.integration.Partn erService} - Error sending message to Axis2 for ODE mex {PartnerRoleMex#hqejbhc nphrcr2a32g83oh [PID {http://workflow.subscription.apimgt.carbon.wso2.org}Subscr iptionApprovalWorkFlowProcess-1] calling org.apache.ode.bpel.epr.WSAEndpoint@705 fc38f.resumeEvent(...) Status REQUEST} org.apache.axis2.AxisFault: Read timed out at org.apache.axis2.AxisFault.makeFault(AxisFault.java:430) at org.apache.axis2.transport.http.HTTPSender.sendViaPost(HTTPSender.jav a:199) at org.apache.axis2.transport.http.HTTPSender.send(HTTPSender.java:77) at org.apache.axis2.transport.http.CommonsHTTPTransportSender.writeMessa geWithCommons(CommonsHTTPTransportSender.java:451) at org.apache.axis2.transport.http.CommonsHTTPTransportSender.invoke(Com monsHTTPTransportSender.java:278) at org.apache.axis2.engine.AxisEngine.send(AxisEngine.java:442) at org.apache.axis2.description.OutOnlyAxisOperationClient.executeImpl(O utOnlyAxisOperation.java:297) at org.apache.axis2.client.OperationClient.execute(OperationClient.java: 149) at org.wso2.carbon.bpel.core.ode.integration.utils.AxisServiceUtils.invo keService(AxisServiceUtils.java:323) at org.wso2.carbon.bpel.core.ode.integration.PartnerService.invoke(Partn erService.java:333) at org.wso2.carbon.bpel.core.ode.integration.BPELMessageExchangeContextI mpl.invokePartner(BPELMessageExchangeContextImpl.java:43) at org.apache.ode.bpel.engine.BpelRuntimeContextImpl.invoke(BpelRuntimeC ontextImpl.java:897) at org.apache.ode.bpel.runtime.INVOKE.run(INVOKE.java:130) at sun.reflect.GeneratedMethodAccessor54.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces sorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:483) at org.apache.ode.jacob.vpu.JacobVPU$JacobThreadImpl.run(JacobVPU.java:4 51) at org.apache.ode.jacob.vpu.JacobVPU.execute(JacobVPU.java:139) at org.apache.ode.bpel.engine.BpelRuntimeContextImpl.execute(BpelRuntime ContextImpl.java:1002) at org.apache.ode.bpel.engine.PartnerLinkMyRoleImpl.invokeInstance(Partn erLinkMyRoleImpl.java:250) at org.apache.ode.bpel.engine.BpelProcess$1.invoke(BpelProcess.java:288)

    at org.apache.ode.bpel.engine.BpelProcess.invokeProcess(BpelProcess.java

:224) at org.apache.ode.bpel.engine.BpelProcess.invokeProcess(BpelProcess.java :279) at org.apache.ode.bpel.engine.BpelProcess.handleJobDetails(BpelProcess.j ava:434) at org.apache.ode.bpel.engine.BpelEngineImpl.onScheduledJob(BpelEngineIm pl.java:558) at org.apache.ode.bpel.engine.BpelServerImpl.onScheduledJob(BpelServerIm pl.java:467) at org.apache.ode.scheduler.simple.SimpleScheduler$RunJob$1.call(SimpleS cheduler.java:633) at org.apache.ode.scheduler.simple.SimpleScheduler$RunJob$1.call(SimpleS cheduler.java:627) at org.apache.ode.scheduler.simple.SimpleScheduler.execTransaction(Simpl eScheduler.java:298) at org.apache.ode.scheduler.simple.SimpleScheduler.execTransaction(Simpl eScheduler.java:253) at org.apache.ode.scheduler.simple.SimpleScheduler$RunJob.call(SimpleSch eduler.java:627) at org.apache.ode.scheduler.simple.SimpleScheduler$RunJob.call(SimpleSch eduler.java:611) at java.util.concurrent.FutureTask.run(FutureTask.java:266) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor. java:1142) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor .java:617) at java.lang.Thread.run(Thread.java:745) Caused by: java.net.SocketTimeoutException: Read timed out at java.net.SocketInputStream.socketRead0(Native Method) at java.net.SocketInputStream.read(SocketInputStream.java:150) at java.net.SocketInputStream.read(SocketInputStream.java:121) at sun.security.ssl.InputRecord.readFully(InputRecord.java:465) at sun.security.ssl.InputRecord.read(InputRecord.java:503) at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:961) at sun.security.ssl.SSLSocketImpl.readDataRecord(SSLSocketImpl.java:918)

    at sun.security.ssl.AppInputStream.read(AppInputStream.java:105)
    at java.io.BufferedInputStream.fill(BufferedInputStream.java:246)
    at java.io.BufferedInputStream.read(BufferedInputStream.java:265)
    at org.apache.commons.httpclient.HttpParser.readRawLine(HttpParser.java:

78) at org.apache.commons.httpclient.HttpParser.readLine(HttpParser.java:106 ) at org.apache.commons.httpclient.HttpConnection.readLine(HttpConnection. java:1116) at org.apache.commons.httpclient.MultiThreadedHttpConnectionManager$Http ConnectionAdapter.readLine(MultiThreadedHttpConnectionManager.java:1413) at org.apache.commons.httpclient.HttpMethodBase.readStatusLine(HttpMetho dBase.java:1973) at org.apache.commons.httpclient.HttpMethodBase.readResponse(HttpMethodB ase.java:1735) at org.apache.commons.httpclient.HttpMethodBase.execute(HttpMethodBase.j ava:1098) at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(Htt pMethodDirector.java:398) at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMe thodDirector.java:171) at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.jav a:397) at org.apache.axis2.transport.http.AbstractHTTPSender.executeMethod(Abst ractHTTPSender.java:659) at org.apache.axis2.transport.http.HTTPSender.sendViaPost(HTTPSender.jav a:195) ... 34 more

What could be the issue here? Any idea? do let me know. Thanks

Note that the bps workflow for API STATE CHANGE works just fine with the same configurations

Answer 1

Please note, that you are using calls with HTTPS with specific domain names

Host name verification failed for host : localhost at org.apache.synapse.transport.http.conn.ClientSSLSetupHandler.verify(ClientSSLSetupHandler.java:171) at org.apache.http.nio.reactor.ssl.SSLIOSession.doHandshake(SSLIOSession .java:308)

the certificate provided is CN=localhost, so indeed the host verification fails

what you can do about it

• simplest way is switching to http when on secure network (behind firewall, vpn, ..)
• update SSL certificates of BPS and APIM to match their hostnames and they have to trust each others certificate (or certificate issuer)
• disable SSL hostname validation in axis2.xml (I do not recommend it, good for DEV, VERY BAD for PROD) - set <parameter name="HostnameVerifier">AllowAll</parameter>