Yaroslav
Reputation: 67
Log in issue from ldap (WSO2 v4.2.0)
I go to the login page, and it goes under the admin user, but it does not go under my user from ldap, although on /carbon I see that the user has been pulled up and everything is fine. An error says "Login failed! Please check your username and password and try again.", although it is the correct password.
I created an ldap configuration file .xml in the folder /opt/wso2am/wso2am-4.2.0/repository/deployment/server/userstores, this setting has been since WSO2 version 2.6, and on /carbon it pulls all users clearly even in version 4.1.0 I logged in as a user from ldap.
I had the same configurations on version 4.1.0 and the same user log-in to /devportal, but on version 4.2.0 it doesn't. Did something change in this version or something else? I don't understand what the problem is, I didn't change anything on ldap between versions. How can I fix it?
I leave the deployment.tomland LDAP.xml configurations that I use for version 4.2.0 and these settings worked and I logged in to /devportal as user from ldap in version 4.1.0:
[server]
hostname = "{{ hostname }}"
#offset=0
base_path = "${carbon.protocol}://${carbon.host}:${carbon.management.port}"
#discard_empty_caches = false
server_role = "default"
[server.file_upload]
file_size_limit = "0"
[transport.https.properties]
proxyPort = 443
[super_admin]
username = "{{ apigw_server.admin.username }}"
password = "$secret{admin_password}"
create_admin_account = true
[user_store]
type = "database_unique_id"
[database.apim_db]
type = "mysql"
url = "jdbc:mysql://localhost:3306/{{ db.schemas.apim.apim_db }}"
username = "{{ db.user.username }}"
password = "$secret{wso2am_db_password}"
driver = "com.mysql.cj.jdbc.Driver"
[database.shared_db]
type = "mysql"
url = "jdbc:mysql://localhost:3306/{{ db.schemas.apim.shared_db }}"
username = "{{ db.user.username }}"
password = "$secret{wso2am_db_password}"
driver = "com.mysql.cj.jdbc.Driver"
#[keystore.tls]
#file_name = "wso2carbon.jks"
#type = "JKS"
#password = "wso2carbon"
#alias = "wso2carbon"
#key_password = "wso2carbon"
#[keystore.listener_profile]
#bind_address = "0.0.0.0"
[keystore.primary]
file_name = "wso2carbon.jks"
type = "JKS"
password = "$secret{keystore_password}"
alias = "wso2carbon"
key_password = "$secret{keystore_key_password}"
[keystore.internal]
file_name = "wso2carbon.jks"
type = "JKS"
password = "$secret{keystore_password}"
alias = "wso2carbon"
key_password = "$secret{keystore_key_password}"
[[apim.gateway.environment]]
name = "Default"
type = "hybrid"
provider = "wso2"
display_in_api_console = true
description = "This is a hybrid gateway that handles both production and sandbox token traffic."
show_as_token_endpoint_url = true
service_url = "https://{{ hostname }}:${mgt.transport.https.port}/services/"
username= "${admin.username}"
password= "${admin.password}"
ws_endpoint = "ws://{{ hostname }}"
wss_endpoint = "wss://{{ hostname }}"
http_endpoint = "http://{{ hostname }}"
https_endpoint = "https://{{ hostname }}"
websub_event_receiver_http_endpoint = "http://{{ hostname }}:9021"
websub_event_receiver_https_endpoint = "https://{{ hostname }}:8021"
[apim.sync_runtime_artifacts.gateway]
gateway_labels =["Default"]
#[apim.cache.gateway_token]
#enable = true
#expiry_time = "900s"
[apim.cache.resource]
enable = false
#expiry_time = "900s"
#[apim.cache.km_token]
#enable = false
#expiry_time = "15m"
#[apim.cache.recent_apis]
#enable = false
#[apim.cache.scopes]
#enable = true
#[apim.cache.publisher_roles]
#enable = true
[apim.cache.jwt_claim]
enable = false
#expiry_time = "15m"
#[apim.cache.tags]
#expiry_time = "2m"
[apim.analytics]
enable = false
auth_token = ""
[apim.key_manager]
enable_apikey_subscription_validation = true
#service_url = "https://{{ hostname }}/services/"
#username = "$ref{super_admin.username}"
#password = "$ref{super_admin.password}"
#pool.init_idle_capacity = 50
#pool.max_idle = 100
#key_validation_handler_type = "default"
#key_validation_handler_type = "custom"
#key_validation_handler_impl = "org.wso2.carbon.apimgt.keymgt.handlers.DefaultKeyValidationHandler"
#[apim.idp]
#server_url = "https://{{ hostname }}"
#authorize_endpoint = "https://{{ hostname }}/oauth2/authorize"
#oidc_logout_endpoint = "https://{{ hostname }}/oidc/logout"
#oidc_check_session_endpoint = "https://{{ hostname }}/oidc/checksession"
[apim.jwt]
enable = true
encoding = "base64" # base64,base64url
#generator_impl = "org.wso2.carbon.apimgt.keymgt.token.JWTGenerator"
claim_dialect = "https://some_domain.com/claims"
convert_dialect = true
header = "X-JWT-Assertion"
signing_algorithm = "NONE"
enable_user_claims = true
claims_extractor_impl = "org.wso2.carbon.apimgt.impl.token.DefaultClaimsRetriever"
[apim.jwt.gateway_generator]
impl = "com.some_domain.api.gateway.JwtTokenGenerator"
#[apim.oauth_config]
#enable_outbound_auth_header = false
#auth_header = "Authorization"
#revoke_endpoint = "https://some_domain.com:${https.nio.port}/revoke"
#enable_token_encryption = false
#enable_token_hashing = false
[apim.devportal]
url = "https://{{ hostname }}/devportal"
display_url = true
#enable_application_sharing = false
#if application_sharing_type, application_sharing_impl both defined priority goes to application_sharing_impl
#application_sharing_type = "default" #changed type, saml, default #todo: check the new config for rest api
#application_sharing_impl = "org.wso2.carbon.apimgt.impl.SAMLGroupIDExtractorImpl"
#display_multiple_versions = false
#display_deprecated_apis = false
#enable_comments = true
#enable_ratings = true
#enable_forum = true
#enable_anonymous_mode=true
#enable_cross_tenant_subscriptions = true
#default_reserved_username = "apim_reserved_user"
[apim.cors]
allow_origins = "*"
allow_methods = ["GET","PUT","POST","DELETE","PATCH","OPTIONS"]
allow_headers = [{{ cors.allowed_headers }}]
allow_credentials = false
#[apim.throttling]
#enable_data_publishing = true
#enable_policy_deploy = true
#enable_blacklist_condition = true
#enable_persistence = true
#throttle_decision_endpoints = ["tcp://localhost:5672","tcp://localhost:5672"]
#[apim.throttling.blacklist_condition]
#start_delay = "5m"
#period = "1h"
#[apim.throttling.jms]
#start_delay = "5m"
#[apim.throttling.event_sync]
#hostName = "0.0.0.0"
#port = 11224
#[apim.throttling.event_management]
#hostName = "0.0.0.0"
#port = 10005
#[[apim.throttling.url_group]]
#traffic_manager_urls = ["tcp://localhost:9611","tcp://localhost:9611"]
#traffic_manager_auth_urls = ["ssl://localhost:9711","ssl://localhost:9711"]
#type = "loadbalance"
#[[apim.throttling.url_group]]
#traffic_manager_urls = ["tcp://localhost:9611","tcp://localhost:9611"]
#traffic_manager_auth_urls = ["ssl://localhost:9711","ssl://localhost:9711"]
#type = "failover"
#[apim.workflow]
#enable = false
#service_url = "https://localhost:9445/bpmn"
#username = "$ref{super_admin.username}"
#password = "$ref{super_admin.password}"
#callback_endpoint = "https://localhost:${mgt.transport.https.port}/api/am/admin/v0.17/workflows/update-workflow-status"
#token_endpoint = "https://localhost:${https.nio.port}/token"
#client_registration_endpoint = "https://localhost:${mgt.transport.https.port}/client-registration/v0.17/register"
#client_registration_username = "$ref{super_admin.username}"
#client_registration_password = "$ref{super_admin.password}"
#data bridge config
#[transport.receiver]
#type = "binary"
#worker_threads = 10
#session_timeout = "30m"
#keystore.file_name = "$ref{keystore.tls.file_name}"
#keystore.password = "$ref{keystore.tls.password}"
#tcp_port = 9611
#ssl_port = 9711
#ssl_receiver_thread_pool_size = 100
#tcp_receiver_thread_pool_size = 100
#ssl_enabled_protocols = ["TLSv1","TLSv1.1","TLSv1.2"]
#ciphers = ["SSL_RSA_WITH_RC4_128_MD5","SSL_RSA_WITH_RC4_128_SHA"]
#[apim.notification]
#from_address = "APIM.com"
#username = "APIM"
#password = "APIM+123"
#hostname = "localhost"
#port = 3025
#enable_start_tls = false
#enable_authentication = true
#[apim.token.revocation]
#notifier_impl = "org.wso2.carbon.apimgt.keymgt.events.TokenRevocationNotifierImpl"
#enable_realtime_notifier = true
#realtime_notifier.ttl = 5000
#enable_persistent_notifier = true
#persistent_notifier.hostname = "https://localhost:2379/v2/keys/jti/"
#persistent_notifier.ttl = 5000
#persistent_notifier.username = "root"
#persistent_notifier.password = "root"
[[event_handler]]
name="userPostSelfRegistration"
subscriptions=["POST_ADD_USER"]
[service_provider]
sp_name_regex = "^[\\sa-zA-Z0-9._-]*$"
[database.local]
type = "mysql"
url = "jdbc:mysql://localhost:3306/{{ db.schemas.apim.local_db }}"
username = "{{ db.user.username }}"
password = "{{ db.user.password }}"
driver = "com.mysql.cj.jdbc.Driver"
[[event_listener]]
id = "token_revocation"
type = "org.wso2.carbon.identity.core.handler.AbstractIdentityHandler"
name = "org.wso2.is.notification.ApimOauthEventInterceptor"
order = 1
[event_listener.properties]
notification_endpoint = "https://{{ hostname }}/internal/data/v1/notify"
username = "${admin.username}"
password = "${admin.password}"
'header.X-WSO2-KEY-MANAGER' = "default"
[oauth.grant_type.token_exchange]
enable = true
allow_refresh_tokens = true
iat_validity_period = "1h"
[oauth.token_validation]
refresh_token_validity = 84600
Ldap configurations xml file:
<UserStoreManager class="org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager">
<Property name="StartTLSEnabled">true</Property>
<Property name="ConnectionURL">ldap://domain:389</Property>
<Property name="ConnectionName">cn=readuser,dc=ldap-domain,dc=domain,dc=com</Property>
<Property name="ConnectionPassword" encrypted="true">eyJjIjoiQkpraUc3MWN5bzdwM1hwZ0lOSnFnRDJLNjZLVm1sL2dCdDJTTkJ3UmRDaHEySzgwN1djendiZDZLNFJ3anY4eE5KRmJGdG95K1lQNG9EVVdlTlhuQkZwUFlDcFdhRVNNaGlZN2ZkajhoTzVmRzh5SmJwcXZaOUZEWndaam0vV2pFMmc1UG1sblEzUS9pMzBKNURNV2hncU92NFROam85RmJYcWxNZmtoa1JnN1RnYUFEc3h1eUxjaEtvejlET01WY2tvdTFXbDZ4eWxtVDZ2V2drMXptaEtRTlhGSkswOWJmTnFXOTNkT0FBdEJBQXlFd2s4bjREZ2ZnS2daUHUzdjZtMFZ3UWJpVVhyS2xTdS9VMUVTNnd5TTZjM1VRYzkyM0MzUWtLMWExRkxMOTZVVHB6ZnZmRGVMUzhMa0dpa0xqUWFqUG9UcVZ4RGh5WGJjZkR6MVFRXHUwMDNkXHUwMDNkIiwidCI6IlJTQS9FQ0IvT0FFUHdpdGhTSEExYW5kTUdGMVBhZGRpbmciLCJ0cCI6IjBGMEEzMjY1N0U1RTZCMDlGM0NGMDE4QzA5MjY4RUE2Qzg3QTZGNzgiLCJ0cGQiOiJTSEEtMSJ9</Property>
<Property name="UserSearchBase">ou=users,dc=ldap-yayu-carc,dc=carus,dc=com</Property>
<Property name="UserNameAttribute">uid</Property>
<Property name="UserNameSearchFilter">(&(objectClass=inetOrgPerson)(uid=?))</Property>
<Property name="UserNameListFilter">(&(objectClass=inetOrgPerson))</Property>
<Property name="UserDNPattern"/>
<Property name="DisplayNameAttribute">uid</Property>
<Property name="Disabled">false</Property>
<Property name="ReadGroups">true</Property>
<Property name="GroupSearchBase">ou=groups,dc=ldap-yayu-carc,dc=carus,dc=com</Property>
<Property name="GroupNameAttribute">cn</Property>
<Property name="GroupNameSearchFilter">(&(objectClass=groupOfNames)(cn=?))</Property>
<Property name="GroupNameListFilter">(&(objectClass=groupOfNames)(ou=groups))</Property>
<Property name="RoleDNPattern"/>
<!-- cn={0},ou=Groups,dc=wso2,dc=org -->
<Property name="MembershipAttribute">member</Property>
<Property name="BackLinksEnabled">false</Property>
<Property name="MemberOfAttribute">memberOf</Property>
<Property name="ReplaceEscapeCharactersAtUserLogin">true</Property>
<Property name="SCIMEnabled">false</Property>
<Property name="PasswordHashMethod">PLAIN_TEXT</Property>
<Property name="MultiAttributeSeparator">,</Property>
<Property name="MaxUserNameListLength">100</Property>
<Property name="MaxRoleNameListLength">100</Property>
<Property name="UserRolesCacheEnabled">true</Property>
<Property name="ConnectionPoolingEnabled">false</Property>
<Property name="LDAPConnectionTimeout">5000</Property>
<Property name="ReadTimeout">5000</Property>
<Property name="RetryAttempts">0</Property>
<Property name="CountRetrieverClass"/>
<Property name="java.naming.ldap.attributes.binary"/>
<Property name="DomainName">USERS</Property>
<Property name="Description">User store for USERS</Property>
</UserStoreManager>
Logs from carbon.log:
TID: [-1234] [] [2023-04-03 17:53:08,531] DEBUG {org.wso2.carbon.user.core.ldap.LdapContextWrapper} - Attribute java.naming.security.principal is skip adding to the environment for TLS LDAP initialization
TID: [-1234] [] [2023-04-03 17:53:08,531] DEBUG {org.wso2.carbon.user.core.ldap.LdapContextWrapper} - Attribute java.naming.security.authentication is skip adding to the environment for TLS LDAP initialization
TID: [-1234] [] [2023-04-03 17:53:08,531] DEBUG {org.wso2.carbon.user.core.ldap.LdapContextWrapper} - Attribute java.naming.security.credentials is skip adding to the environment for TLS LDAP initialization
TID: [-1234] [] [2023-04-03 17:53:08,592] DEBUG {org.wso2.carbon.user.core.ldap.LdapContextWrapper} - StartTLS connection established successfully with LDAP server
TID: [-1234] [] [2023-04-03 17:53:08,592] DEBUG {org.wso2.carbon.user.core.ldap.LdapContextWrapper} - Attribute java.naming.security.authentication is added to the TLS LdapContext environment
TID: [-1234] [] [2023-04-03 17:53:08,592] DEBUG {org.wso2.carbon.user.core.ldap.LdapContextWrapper} - Attribute java.naming.security.principal is added to the TLS LdapContext environment
TID: [-1234] [] [2023-04-03 17:53:08,592] DEBUG {org.wso2.carbon.user.core.ldap.LdapContextWrapper} - Attribute java.naming.security.credentials is added to the TLS LdapContext environment
TID: [-1234] [] [2023-04-03 17:53:08,609] DEBUG {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} - Replace escape characters configured to: true
TID: [-1234] [] [2023-04-03 17:53:08,611] DEBUG {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} - Searching for user with SearchFilter: (&(objectClass=inetOrgPerson)(uid=apiuser)) in SearchBase:
TID: [-1234] [] [2023-04-03 17:53:08,611] DEBUG {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} - Requesting attribute :scimId
TID: [-1234] [] [2023-04-03 17:53:08,640] DEBUG {org.wso2.carbon.user.core.ldap.StartTlsResponseWrapper} - Closing the StartTLS connection with LDAP server
TID: [-1234] [] [2023-04-03 17:53:08,641] DEBUG {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} - Read only user store timestamp attributes: []
TID: [-1234] [] [2023-04-03 17:53:08,641] DEBUG {org.wso2.carbon.identity.claim.metadata.mgt.dao.CacheBackedLocalClaimDAO} - Cache hit for local claim list for tenant: -1234
TID: [-1234] [] [2023-04-03 17:53:08,641] DEBUG {org.wso2.carbon.identity.mgt.listener.IdentityUserIdResolverListener} - A userID cannot be found in the userStoreManagerCARCYAYUfor the given userName: apiuser
TID: [-1234] [] [2023-04-03 17:53:08,641] DEBUG {org.wso2.carbon.identity.governance.listener.IdentityMgtEventListener} - post get user claim values is called in IdentityMgtEventListener
TID: [-1234] [] [2023-04-03 17:53:08,641] DEBUG {org.wso2.carbon.identity.governance.listener.IdentityStoreEventListener} - doPostGetUserClaimValues getting executed in the IdentityStoreEventListener for user: apiuser
TID: [-1234] [] [2023-04-03 17:53:08,642] DEBUG {org.wso2.carbon.user.core.common.AbstractUserStoreManager} - Users from user store: CARCYAYU : [CARCYAYU/apiuser]
TID: [-1234] [] [2023-04-03 17:53:08,645] DEBUG {org.wso2.carbon.identity.governance.listener.IdentityMgtEventListener} - post get user user list with id is called in IdentityMgtEventListener
TID: [-1234] [] [2023-04-03 17:53:08,646] DEBUG {org.wso2.carbon.user.core.common.AbstractUserStoreManager} - Post listener user list: [CARCYAYU/apiuser] for domain: CARCYAYU
TID: [-1234] [] [2023-04-03 17:53:08,646] DEBUG {org.wso2.carbon.user.core.common.AbstractUserStoreManager} - Secondary user list for domain: CARCYAYU : [org.wso2.carbon.user.core.common.User@c78c3011]
TID: [-1234] [] [2023-04-03 17:53:08,647] DEBUG {org.wso2.carbon.user.core.common.AbstractUserStoreManager} - Post listener user list: [CARCYAYU/apiuser] for domain: null
TID: [-1234] [] [2023-04-03 17:53:08,647] DEBUG {org.wso2.carbon.identity.governance.listener.IdentityMgtEventListener} - post authenticator is called in IdentityMgtEventListener
TID: [-1234] [] [2023-04-03 17:53:08,647] DEBUG {org.wso2.carbon.user.core.common.UserIdResolverCache} - Cache: user_id_from_user_name_cache which is under USER_ID_RESOLVER_CACHE_MANAGER, doesn't contain the key: apiuser
TID: [-1234] [] [2023-04-03 17:53:08,652] DEBUG {org.wso2.carbon.user.core.common.UserIdResolverCache} - Invalid input parameters in add to cache request. Cache key: apiuser ,Cache entry: null ,Cache: user_id_from_user_name_cache
TID: [-1234] [] [2023-04-03 17:53:08,652] DEBUG {org.wso2.carbon.user.core.common.UserIdResolverCache} - Invalid input parameters in add to cache request. Cache key: null ,Cache entry: apiuser ,Cache: user_name_from_user_id_cache
TID: [-1234] [] [2023-04-03 17:53:08,652] DEBUG {org.wso2.carbon.identity.governance.listener.IdentityMgtEventListener} - IdentityMgtEventListener returns since user: apiuser not available in current user store domain: PRIMARY
TID: [-1234] [] [2023-04-03 17:53:08,652] DEBUG {org.wso2.carbon.identity.governance.listener.IdentityMgtEventListener} - post authenticate with id by claim is called in IdentityMgtEventListener
TID: [-1234] [] [2023-04-03 17:53:08,652] DEBUG {org.wso2.carbon.user.core.common.AbstractUserStoreManager} - Authentication failure. Wrong username or password is provided.
TID: [-1234] [] [2023-04-03 17:53:08,653] DEBUG {org.wso2.carbon.identity.application.authenticator.basicauth.BasicAuthenticator} - User authentication failed due to invalid credentials
TID: [-1234] [] [2023-04-03 17:53:08,653] DEBUG {org.wso2.carbon.identity.event.handler.AbstractEventHandler} - Validate the association is sync or not.
TID: [-1234] [] [2023-04-03 17:53:08,653] DEBUG {org.wso2.carbon.identity.event.handler.AbstractEventHandler} - Get the subscription property value for property : operationAsync for event : AUTHENTICATION_STEP_FAILURE
TID: [-1234] [] [2023-04-03 17:53:08,653] DEBUG {org.wso2.carbon.identity.event.handler.AbstractEventHandler} - Get the subscription properties for event : AUTHENTICATION_STEP_FAILURE
TID: [-1234] [] [2023-04-03 17:53:08,653] DEBUG {org.wso2.carbon.identity.event.handler.AbstractEventHandler} - List of subscription properties for event : AUTHENTICATION_STEP_FAILURE
TID: [-1234] [] [2023-04-03 17:53:08,653] DEBUG {org.wso2.carbon.identity.event.handler.AbstractEventHandler} - Validate the association is sync or not.
TID: [-1234] [] [2023-04-03 17:53:08,653] DEBUG {org.wso2.carbon.identity.event.handler.AbstractEventHandler} - Get the subscription property value for property : operationAsync for event : AUTHENTICATION_STEP_FAILURE
TID: [-1234] [] [2023-04-03 17:53:08,653] DEBUG {org.wso2.carbon.identity.event.handler.AbstractEventHandler} - Get the subscription properties for event : AUTHENTICATION_STEP_FAILURE
TID: [-1234] [] [2023-04-03 17:53:08,653] DEBUG {org.wso2.carbon.identity.event.handler.AbstractEventHandler} - List of subscription properties for event : AUTHENTICATION_STEP_FAILURE
TID: [-1234] [] [2023-04-03 17:53:08,653] DEBUG {org.wso2.carbon.identity.event.handler.AbstractEventHandler} - Validate the association is sync or not.
TID: [-1234] [] [2023-04-03 17:53:08,653] DEBUG {org.wso2.carbon.identity.event.handler.AbstractEventHandler} - Get the subscription property value for property : operationAsync for event : AUTHENTICATION_STEP_FAILURE
TID: [-1234] [] [2023-04-03 17:53:08,653] DEBUG {org.wso2.carbon.identity.event.handler.AbstractEventHandler} - Get the subscription properties for event : AUTHENTICATION_STEP_FAILURE
TID: [-1234] [] [2023-04-03 17:53:08,653] DEBUG {org.wso2.carbon.identity.event.handler.AbstractEventHandler} - List of subscription properties for event : AUTHENTICATION_STEP_FAILURE
TID: [-1234] [] [2023-04-03 17:53:08,653] DEBUG {org.wso2.carbon.identity.event.handler.AbstractEventHandler} - Validate the association is sync or not.
TID: [-1234] [] [2023-04-03 17:53:08,653] DEBUG {org.wso2.carbon.identity.event.handler.AbstractEventHandler} - Get the subscription property value for property : operationAsync for event : AUTHENTICATION_STEP_FAILURE
TID: [-1234] [] [2023-04-03 17:53:08,653] DEBUG {org.wso2.carbon.identity.event.handler.AbstractEventHandler} - Get the subscription properties for event : AUTHENTICATION_STEP_FAILURE
TID: [-1234] [] [2023-04-03 17:53:08,653] DEBUG {org.wso2.carbon.identity.event.handler.AbstractEventHandler} - List of subscription properties for event : AUTHENTICATION_STEP_FAILURE
TID: [-1234] [] [2023-04-03 17:53:08,653] DEBUG {org.wso2.carbon.identity.captcha.validator.FailLoginAttemptValidationHandler} - failLoginAttemptValidator received event : AUTHENTICATION_STEP_FAILURE
TID: [-1234] [] [2023-04-03 17:53:08,653] DEBUG {org.wso2.carbon.identity.captcha.validator.FailLoginAttemptValidationHandler} - Evaluating failed login attempts for user: apiuser authenticated from: BasicAuthenticator
TID: [-1234] [] [2023-04-03 17:53:08,654] DEBUG {org.wso2.carbon.idp.mgt.IdentityProviderManager} - Resolved URL:https://api-yayu-carc.internal.carus.com:443/oauth2/authorize from file configuration for default url context: oauth2/authorize
Upvotes: 0
Views: 486
Answers (1)
ycr
Reputation: 14574
From the debug logs it seems it's unable to find a user with the username apiuser
A userID cannot be found in the userStoreManagerCARCYAYUfor the given userName: apiuser.
Hence either the user is not available in the search hierarchy it's looking in or the configs are off. Can you double check your LDAP configs?
Upvotes: 0
Related Questions
- What are CN, OU, DC in an LDAP search?
- WSO2 Identity Server error starting, cannot find admin
- How do two distinct assertion strings generate identical access tokens in WSO2 Identity Server?
- Username is Email Address
- Change password in WSO2 AM-Analytics
- WSO2 Custom claim handler not being called for password grant_type
- Refresh token returns invalid grant type
- WSO2 Identity Server external LDAP throws OBJECT_CLASS for OID identityperson does not exist