Search This Blog

Friday, August 16, 2013

SAML OAuth Grant Type with OpenID Connect

This is an extenstion on the blog provided by Johann at
http://nallaa.wordpress.com/2013/04/04/saml2-bearer-assertion-profile-for-oauth-2-0-with-wso2-identity-server/

on how to use the SAML OAuth grant type with OpenID Connect

1. Create SAML2 assertion

Download the java client here. 
But use this jar which is modifed to send claim attributes.
https://svn.wso2.org/repos/wso2/people/chamaraa/SAML2AssertionCreator.jar SAML2AssertionCreator.jar

The command to use the client is

 java -jar SAML2AssertionCreator.jar SAML2AssertionCreator admin https://localhost:9443/oauth2/token https://localhost:9443/oauth2/token /home/chamara/isrelease/14082013/wso2is-4.5.0-SNAPSHOT-AD/repository/resources/security/wso2carbon.jks wso2carbon wso2carbon wso2carbon

The result will be

 SLF4J: Failed to load class "org.slf4j.impl.StaticLoggerBinder".  
 SLF4J: Defaulting to no-operation (NOP) logger implementation  
 SLF4J: See http://www.slf4j.org/codes.html#StaticLoggerBinder for further details.  
 Assertion String: <?xml version="1.0" encoding="UTF-8"?><saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="opgehlkjdppnfmpjpgolbekkghdjkpbjhpjggbbl" IssueInstant="2013-08-16T11:26:19.710Z" Version="2.0"><saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">SAML2AssertionCreator</saml:Issuer><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">  
 <ds:SignedInfo>  
 <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>  
 <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>  
 <ds:Reference URI="#opgehlkjdppnfmpjpgolbekkghdjkpbjhpjggbbl">  
 <ds:Transforms>  
 <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>  
 <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="ds saml xs xsi"/></ds:Transform>  
 </ds:Transforms>  
 <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>  
 <ds:DigestValue>Yu1RAlCuatR035v/zsy1jbJaa2g=</ds:DigestValue>  
 </ds:Reference>  
 </ds:SignedInfo>  
 <ds:SignatureValue>  
 Bom3LNNumJhwdB/grQqsDIRB17mMLFouoYc7JLce9yQNiagres4bmkyAWBq74uFxitMJJbgdnTUK  
 PQ5NoDMp3Zw0tjo+cjXZNhHXbEJY8uGvSDC/dI6QOhzCWSPvvb4rwG1JKYSFtNCfuCricFH6Y0JQ  
 xRr3KtwD7ehMpWxU/pY=  
 </ds:SignatureValue>  
 <ds:KeyInfo><ds:X509Data><ds:X509Certificate>MIICNTCCAZ6gAwIBAgIES343gjANBgkqhkiG9w0BAQUFADBVMQswCQYDVQQGEwJVUzELMAkGA1UE  
 CAwCQ0ExFjAUBgNVBAcMDU1vdW50YWluIFZpZXcxDTALBgNVBAoMBFdTTzIxEjAQBgNVBAMMCWxv  
 Y2FsaG9zdDAeFw0xMDAyMTkwNzAyMjZaFw0zNTAyMTMwNzAyMjZaMFUxCzAJBgNVBAYTAlVTMQsw  
 CQYDVQQIDAJDQTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzENMAsGA1UECgwEV1NPMjESMBAGA1UE  
 AwwJbG9jYWxob3N0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCUp/oV1vWc8/TkQSiAvTou  
 sMzOM4asB2iltr2QKozni5aVFu818MpOLZIr8LMnTzWllJvvaA5RAAdpbECb+48FjbBe0hseUdN5  
 HpwvnH/DW8ZccGvk53I6Orq7hLCv1ZHtuOCokghz/ATrhyPq+QktMfXnRS4HrKGJTzxaCcU7OQID  
 AQABoxIwEDAOBgNVHQ8BAf8EBAMCBPAwDQYJKoZIhvcNAQEFBQADgYEAW5wPR7cr1LAdq+IrR44i  
 QlRG5ITCZXY9hI0PygLP2rHANh+PYfTmxbuOnykNGyhM6FjFLbW2uZHQTY1jMrPprjOrmyK5sjJR  
 O4d1DeGHT/YnIjs9JogRKv4XHECwLtIVdAbIdWHEtVZJyMSktcyysFcvuhPQK8Qc/E/Wq8uHSCo=</ds:X509Certificate></ds:X509Data></ds:KeyInfo></ds:Signature><saml:Subject><saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">admin</saml:NameID><saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><saml:SubjectConfirmationData InResponseTo="0" NotOnOrAfter="2013-08-16T11:31:19.710Z" Recipient="https://localhost:9443/oauth2/token"/></saml:SubjectConfirmation></saml:Subject><saml:Conditions NotBefore="2013-08-16T11:26:19.710Z" NotOnOrAfter="2013-08-16T11:31:19.710Z"><saml:AudienceRestriction><saml:Audience>https://localhost:9443/oauth2/token</saml:Audience></saml:AudienceRestriction></saml:Conditions><saml:AuthnStatement AuthnInstant="2013-08-16T11:26:19.869Z"><saml:AuthnContext><saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</saml:AuthnContextClassRef></saml:AuthnContext></saml:AuthnStatement><saml:AttributeStatement><saml:Attribute><saml:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">/</saml:AttributeValue></saml:Attribute></saml:AttributeStatement></saml:Assertion>  
 base64-url Encoded Assertion String: PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48c2FtbDpBc3NlcnRpb24geG1s%0AbnM6c2FtbD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFzc2VydGlvbiIgSUQ9Im9wZ2Vo%0AbGtqZHBwbmZtcGpwZ29sYmVra2doZGprcGJqaHBqZ2diYmwiIElzc3VlSW5zdGFudD0iMjAxMy0w%0AOC0xNlQxMToyNjoxOS43MTBaIiBWZXJzaW9uPSIyLjAiPjxzYW1sOklzc3VlciBGb3JtYXQ9InVy%0AbjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpuYW1laWQtZm9ybWF0OmVudGl0eSI%2BU0FNTDJBc3Nl%0AcnRpb25DcmVhdG9yPC9zYW1sOklzc3Vlcj48ZHM6U2lnbmF0dXJlIHhtbG5zOmRzPSJodHRwOi8v%0Ad3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjIj4KPGRzOlNpZ25lZEluZm8%2BCjxkczpDYW5vbmlj%0AYWxpemF0aW9uTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8xMC94bWwt%0AZXhjLWMxNG4jIi8%2BCjxkczpTaWduYXR1cmVNZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3Lncz%0ALm9yZy8yMDAwLzA5L3htbGRzaWcjcnNhLXNoYTEiLz4KPGRzOlJlZmVyZW5jZSBVUkk9IiNvcGdl%0AaGxramRwcG5mbXBqcGdvbGJla2tnaGRqa3BiamhwamdnYmJsIj4KPGRzOlRyYW5zZm9ybXM%2BCjxk%0AczpUcmFuc2Zvcm0gQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcj%0AZW52ZWxvcGVkLXNpZ25hdHVyZSIvPgo8ZHM6VHJhbnNmb3JtIEFsZ29yaXRobT0iaHR0cDovL3d3%0Ady53My5vcmcvMjAwMS8xMC94bWwtZXhjLWMxNG4jIj48ZWM6SW5jbHVzaXZlTmFtZXNwYWNlcyB4%0AbWxuczplYz0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8xMC94bWwtZXhjLWMxNG4jIiBQcmVmaXhM%0AaXN0PSJkcyBzYW1sIHhzIHhzaSIvPjwvZHM6VHJhbnNmb3JtPgo8L2RzOlRyYW5zZm9ybXM%2BCjxk%0AczpEaWdlc3RNZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRz%0AaWcjc2hhMSIvPgo8ZHM6RGlnZXN0VmFsdWU%2BWXUxUkFsQ3VhdFIwMzV2L3pzeTFqYkphYTJnPTwv%0AZHM6RGlnZXN0VmFsdWU%2BCjwvZHM6UmVmZXJlbmNlPgo8L2RzOlNpZ25lZEluZm8%2BCjxkczpTaWdu%0AYXR1cmVWYWx1ZT4KQm9tM0xOTnVtSmh3ZEIvZ3JRcXNESVJCMTdtTUxGb3VvWWM3SkxjZTl5UU5p%0AYWdyZXM0Ym1reUFXQnE3NHVGeGl0TUpKYmdkblRVSwpQUTVOb0RNcDNadzB0am8rY2pYWk5oSFhi%0ARUpZOHVHdlNEQy9kSTZRT2h6Q1dTUHZ2YjRyd0cxSktZU0Z0TkNmdUNyaWNGSDZZMEpRCnhScjNL%0AdHdEN2VoTXBXeFUvcFk9CjwvZHM6U2lnbmF0dXJlVmFsdWU%2BCjxkczpLZXlJbmZvPjxkczpYNTA5%0ARGF0YT48ZHM6WDUwOUNlcnRpZmljYXRlPk1JSUNOVENDQVo2Z0F3SUJBZ0lFUzM0M2dqQU5CZ2tx%0AaGtpRzl3MEJBUVVGQURCVk1Rc3dDUVlEVlFRR0V3SlZVekVMTUFrR0ExVUUKQ0F3Q1EwRXhGakFV%0AQmdOVkJBY01EVTF2ZFc1MFlXbHVJRlpwWlhjeERUQUxCZ05WQkFvTUJGZFRUekl4RWpBUUJnTlZC%0AQU1NQ1d4dgpZMkZzYUc5emREQWVGdzB4TURBeU1Ua3dOekF5TWpaYUZ3MHpOVEF5TVRNd056QXlN%0AalphTUZVeEN6QUpCZ05WQkFZVEFsVlRNUXN3CkNRWURWUVFJREFKRFFURVdNQlFHQTFVRUJ3d05U%0AVzkxYm5SaGFXNGdWbWxsZHpFTk1Bc0dBMVVFQ2d3RVYxTlBNakVTTUJBR0ExVUUKQXd3SmJHOWpZ%0AV3hvYjNOME1JR2ZNQTBHQ1NxR1NJYjNEUUVCQVFVQUE0R05BRENCaVFLQmdRQ1VwL29WMXZXYzgv%0AVGtRU2lBdlRvdQpzTXpPTTRhc0IyaWx0cjJRS296bmk1YVZGdTgxOE1wT0xaSXI4TE1uVHpXbGxK%0AdnZhQTVSQUFkcGJFQ2IrNDhGamJCZTBoc2VVZE41Ckhwd3ZuSC9EVzhaY2NHdms1M0k2T3JxN2hM%0AQ3YxWkh0dU9Db2tnaHovQVRyaHlQcStRa3RNZlhuUlM0SHJLR0pUenhhQ2NVN09RSUQKQVFBQm94%0ASXdFREFPQmdOVkhROEJBZjhFQkFNQ0JQQXdEUVlKS29aSWh2Y05BUUVGQlFBRGdZRUFXNXdQUjdj%0AcjFMQWRxK0lyUjQ0aQpRbFJHNUlUQ1pYWTloSTBQeWdMUDJySEFOaCtQWWZUbXhidU9ueWtOR3lo%0ATTZGakZMYlcydVpIUVRZMWpNclBwcmpPcm15SzVzakpSCk80ZDFEZUdIVC9ZbklqczlKb2dSS3Y0%0AWEhFQ3dMdElWZEFiSWRXSEV0VlpKeU1Ta3RjeXlzRmN2dWhQUUs4UWMvRS9XcTh1SFNDbz08L2Rz%0AOlg1MDlDZXJ0aWZpY2F0ZT48L2RzOlg1MDlEYXRhPjwvZHM6S2V5SW5mbz48L2RzOlNpZ25hdHVy%0AZT48c2FtbDpTdWJqZWN0PjxzYW1sOk5hbWVJRCBGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpT%0AQU1MOjEuMTpuYW1laWQtZm9ybWF0OmVtYWlsQWRkcmVzcyI%2BYWRtaW48L3NhbWw6TmFtZUlEPjxz%0AYW1sOlN1YmplY3RDb25maXJtYXRpb24gTWV0aG9kPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoy%0ALjA6Y206YmVhcmVyIj48c2FtbDpTdWJqZWN0Q29uZmlybWF0aW9uRGF0YSBJblJlc3BvbnNlVG89%0AIjAiIE5vdE9uT3JBZnRlcj0iMjAxMy0wOC0xNlQxMTozMToxOS43MTBaIiBSZWNpcGllbnQ9Imh0%0AdHBzOi8vbG9jYWxob3N0Ojk0NDMvb2F1dGgyL3Rva2VuIi8%2BPC9zYW1sOlN1YmplY3RDb25maXJt%0AYXRpb24%2BPC9zYW1sOlN1YmplY3Q%2BPHNhbWw6Q29uZGl0aW9ucyBOb3RCZWZvcmU9IjIwMTMtMDgt%0AMTZUMTE6MjY6MTkuNzEwWiIgTm90T25PckFmdGVyPSIyMDEzLTA4LTE2VDExOjMxOjE5LjcxMFoi%0APjxzYW1sOkF1ZGllbmNlUmVzdHJpY3Rpb24%2BPHNhbWw6QXVkaWVuY2U%2BaHR0cHM6Ly9sb2NhbGhv%0Ac3Q6OTQ0My9vYXV0aDIvdG9rZW48L3NhbWw6QXVkaWVuY2U%2BPC9zYW1sOkF1ZGllbmNlUmVzdHJp%0AY3Rpb24%2BPC9zYW1sOkNvbmRpdGlvbnM%2BPHNhbWw6QXV0aG5TdGF0ZW1lbnQgQXV0aG5JbnN0YW50%0APSIyMDEzLTA4LTE2VDExOjI2OjE5Ljg2OVoiPjxzYW1sOkF1dGhuQ29udGV4dD48c2FtbDpBdXRo%0AbkNvbnRleHRDbGFzc1JlZj51cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YWM6Y2xhc3NlczpQ%0AYXNzd29yZDwvc2FtbDpBdXRobkNvbnRleHRDbGFzc1JlZj48L3NhbWw6QXV0aG5Db250ZXh0Pjwv%0Ac2FtbDpBdXRoblN0YXRlbWVudD48c2FtbDpBdHRyaWJ1dGVTdGF0ZW1lbnQ%2BPHNhbWw6QXR0cmli%0AdXRlPjxzYW1sOkF0dHJpYnV0ZVZhbHVlIHhtbG5zOnhzPSJodHRwOi8vd3d3LnczLm9yZy8yMDAx%0AL1hNTFNjaGVtYSIgeG1sbnM6eHNpPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYS1p%0AbnN0YW5jZSIgeHNpOnR5cGU9InhzOnN0cmluZyI%2BLzwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3Nh%0AbWw6QXR0cmlidXRlPjwvc2FtbDpBdHRyaWJ1dGVTdGF0ZW1lbnQ%2BPC9zYW1sOkFzc2VydGlvbj4%3D


You have to extract the base64-url Encoded Assertion String and use it in a http POST request;

Jmeter script is attached here

For this POST request to work you have to add the Trusted Identity Provider to IS.
For that first export the trusted certificate from the wso2carbon.jks

 wso2is-4.5.0/repository/resources/security$ keytool -export -alias wso2carbon -keystore wso2carbon.jks -storepass wso2carbon -file mycert.pem

Add this certificate in the IS -> Configure -> Trusted Idps -> Add New Trusted Identity Provider ->

Identity Provider Name: test
Identity Provider Issuer: SAML2AssertionCreator
Identity Provider Public Certificate: attach the certificate
 Identity Provider Audience: https://localhost:9443/oauth2/token 

The Jmeter response will be your access token and refresh token

 {"token_type":"bearer","expires_in":2947,"refresh_token":"74a77731f314f641f98c2470af1b879","id_token":"eyJhbGciOiJub25lIiwidHlwIjoiSldUIn0=\r\n.eyJleHAiOi01MzEzNjg4MDQsImF6cCI6IkNqZ2dmaW1yNWNneFFSOFpQNkRseEZmTlVpY2EiLCJz\r\ndWIiOiJhZG1pbiIsImVtYWlsIjoiY2hhbWFyYUB3c28yLmNvbSIsImF1ZCI6IkNqZ2dmaW1yNWNn\r\neFFSOFpQNkRseEZmTlVpY2EiLCJpc3MiOiJodHRwczpcL1wvbG9jYWxob3N0Ojk0NDNcL29hdXRo\r\nMmVuZHBvaW50c1wvdG9rZW4iLCJ0ZWxlcGhvbmUiOiIrOTQ3NTUwMTIwNjAiLCJpYXQiOi01MzQ5\r\nNjg4MDQsImNvdW50cnkiOiJTcmkgTGFua2EifQ==\r\n.","access_token":"edec914a3decfbfcf32d2573dc540c0"}

In that response you can extract the id_token which is

 eyJhbGciOiJub25lIiwidHlwIjoiSldUIn0=\r\n.eyJleHAiOi01MzEzNjg4MDQsImF6cCI6IkNqZ2dmaW1yNWNneFFSOFpQNkRseEZmTlVpY2EiLCJz\r\ndWIiOiJhZG1pbiIsImVtYWlsIjoiY2hhbWFyYUB3c28yLmNvbSIsImF1ZCI6IkNqZ2dmaW1yNWNn\r\neFFSOFpQNkRseEZmTlVpY2EiLCJpc3MiOiJodHRwczpcL1wvbG9jYWxob3N0Ojk0NDNcL29hdXRo\r\nMmVuZHBvaW50c1wvdG9rZW4iLCJ0ZWxlcGhvbmUiOiIrOTQ3NTUwMTIwNjAiLCJpYXQiOi01MzQ5\r\nNjg4MDQsImNvdW50cnkiOiJTcmkgTGFua2EifQ==\r\n.

And if you decode this with a base64 decoder, You will get the result as

 {"alg":"none","typ":"JWT"}  
 {"exp":-531368804,"azp":"Cjggfimr5cgxQR8ZP6DlxFfNUica","sub":"admin","email":"chamara@wso2.com","aud":"Cjggfimr5cgxQR8ZP6DlxFfNUica","iss":"https:\/\/localhost:9443\/oauth2endpoints\/token","telephone":"+94755012060","iat":-534968804,"country":"Sri Lanka"}


Posted by at 1 comment:

Thursday, July 11, 2013

An Axis2 Service to Log the incoming message

Java class is:

 package org.wso2.logservice;  
 import org.apache.commons.logging.Log;  
 import org.apache.commons.logging.LogFactory;  
 public class LogService{  
   private static final Log log = LogFactory.getLog(LogService.class);  
   public void LogAndDrop (String incoming) {     
     log.info("The message is: "+ incoming);  
   }  
   public String LogAndAck (String incoming) {  
     log.info("The message is: "+ incoming);  
     return "Logged: "+ incoming;  
   }  
 }

Use this class and build an axis2 service.
Then you can deploy the service in WSO2 Application Server and invoke.

While invoking with a String value you will be able to notice that the message you sent will be logged in the wso2carbon.log as

 TID: [0] [AS] [2013-07-11 10:42:23,686] INFO {org.wso2.logservice.LogService} - The message is: Logging is what? Good ! {org.wso2.logservice.LogService}  
 TID: [0] [AS] [2013-07-11 10:42:37,993] INFO {org.wso2.logservice.LogService} - The message is: Logging and getting a response is what? Goood ! {org.wso2.logservice.LogService}
Posted by at No comments:

Wednesday, July 10, 2013

WSO2 ESB, MB integration to serve a backend axis2service with more than one JMS queues to ensure the speed and the integrity

WSO2 ESB's JMS Message Store implementation can be used to store incoming messages in a queue and serve a backend service without having to worry about the integrity of the messages.

In a simple scenario it is possible to implement a Proxy service which the client sees and calls to, a message store which stores those messages in a JMS queue and a message processor which fetches those messages and send to the defined endpoint.

We can implement a scenario which uses more than one queues and more than one message stores to put messages into those queues and more than one message processors to fetch from queues and serves one backend endpoint. Here we will have to use more than one proxy service in ESB and the requests coming in can be load balanced to which proxy it should go and which ESB node it should go.

Here I'm using three proxy services in two ESB nodes. The load balancing to each proxy needs to be done from the client side. But the load balancing to each ESB node will be happened by the ELB.

First you have to configure a ESB Cluster load balanced by a WSO2 ELB and with JMS transport enabled with a WSO2 MB. After that you can use the following synapse configurations to implement the scenario.

One set of Proxy, Store, Processor, Endpoint configuration of ESB node 1;

Proxy; 

 <?xml version="1.0" encoding="UTF-8"?>  
 <proxy xmlns="http://ws.apache.org/ns/synapse"  
     name="Proxy1"  
     transports="https http"  
     startOnLoad="true"  
     trace="disable">  
   <description/>  
   <target>  
    <inSequence>  
      <property name="FORCE_SC_ACCEPTED" value="true" scope="axis2"/>  
      <property name="OUT_ONLY" value="true"/>  
      <property name="target.endpoint" value="logndrop"/>  
      <store messageStore="JMSMS"/>  
    </inSequence>  
   </target>  
 </proxy>


Endpoint;

 <?xml version="1.0" encoding="UTF-8"?>  
 <endpoint xmlns="http://ws.apache.org/ns/synapse" name="logndrop">  
   <address uri="http://localhost:9773/as/services/LognDrop"/>  
 </endpoint>


Message Store;
  
 <?xml version="1.0" encoding="UTF-8"?>  
 <messageStore xmlns="http://ws.apache.org/ns/synapse"  
        class="org.wso2.carbon.message.store.persistence.jms.JMSMessageStore"  
        name="JMSMS">  
   <parameter name="java.naming.factory.initial">org.wso2.andes.jndi.PropertiesFileInitialContextFactory</parameter>  
   <parameter name="store.jms.cache.connection">false</parameter>  
   <parameter name="java.naming.provider.url">repository/conf/jndi.properties</parameter>  
   <parameter name="store.jms.destination">JMSMS</parameter>  
   <parameter name="store.jms.JMSSpecVersion">1.1</parameter>  
 </messageStore>


Message Processor;

 <?xml version="1.0" encoding="UTF-8"?>  
 <messageProcessor xmlns="http://ws.apache.org/ns/synapse"  
          class="org.apache.synapse.message.processors.forward.ScheduledMessageForwardingProcessor"  
          name="Processor1"  
          messageStore="JMSMS">  
   <parameter name="max.delivery.attempts">4</parameter>  
   <parameter name="interval">4000</parameter>  
 </messageProcessor>



The other set of Proxy, Store, Processor, Endpoint configuration of ESB node 1;

Proxy;

 <?xml version="1.0" encoding="UTF-8"?>  
 <proxy xmlns="http://ws.apache.org/ns/synapse"  
     name="Proxy2"  
     transports="https http"  
     startOnLoad="true"  
     trace="disable">  
   <description/>  
   <target>  
    <inSequence>  
      <property name="FORCE_SC_ACCEPTED" value="true" scope="axis2"/>  
      <property name="OUT_ONLY" value="true"/>  
      <property name="target.endpoint" value="logndrop"/>  
      <store messageStore="JMSMS2"/>  
    </inSequence>  
   </target>  
 </proxy>


Endpoint; 

 <?xml version="1.0" encoding="UTF-8"?>  
 <endpoint xmlns="http://ws.apache.org/ns/synapse" name="logndrop">  
   <address uri="http://localhost:9773/as/services/LognDrop"/>  
 </endpoint>


Message Store; 

 <?xml version="1.0" encoding="UTF-8"?>  
 <messageStore xmlns="http://ws.apache.org/ns/synapse"  
        class="org.wso2.carbon.message.store.persistence.jms.JMSMessageStore"  
        name="JMSMS2">  
   <parameter name="java.naming.factory.initial">org.wso2.andes.jndi.PropertiesFileInitialContextFactory</parameter>  
   <parameter name="store.jms.cache.connection">false</parameter>  
   <parameter name="java.naming.provider.url">repository/conf/jndi.properties</parameter>  
   <parameter name="store.jms.JMSSpecVersion">1.1</parameter>  
   <parameter name="store.jms.destination">JMSMS2</parameter>  
 </messageStore>


Message Processor;

 <?xml version="1.0" encoding="UTF-8"?>  
 <messageProcessor xmlns="http://ws.apache.org/ns/synapse"  
          class="org.apache.synapse.message.processors.forward.ScheduledMessageForwardingProcessor"  
          name="Processor2"  
          messageStore="JMSMS2">  
   <parameter name="max.delivery.attempts">4</parameter>  
   <parameter name="interval">4000</parameter>  
 </messageProcessor>


This configuration needs to be synced with one other esb node in a esb cluster. The requests needs to be load balanced to each proxies by the client. And each of these messages will be load balanced to each ESB node in the cluster by the ELB. In my implementation I haven't used a ELB so that I had to load balance the requests to each esb nodes too by the client. Also I used three Proxy services, three Message Stores and Three Message Processors which talks to the same backend. Here only two are mentioned.

The backend service is a Axis2 Service which prints the incoming message and forget it.

 public class LognDrop {  
         public void logndrop(String value) {  
             System.out.println("Value is:" + value);  
         }  
 }


Service can be found at;

https://svn.wso2.org/repos/wso2/trunk/commons/qa/qa-artifacts/app-server/LognDrop.aar

An Apache Jmeter project is the client which sends a string value to the proxy services. So that finally we can see how the requests are processed.
The Jmeter script can be found at;
https://svn.wso2.org/repos/wso2/trunk/commons/qa/qa-artifacts/app-server/jmeter-tests/InvokeLognDrop.jmx



Results;
  
 You can enable DEBUG logs for ESB JMS Message Processors by putting the following entry in {ESB_HOME}/repository/conf/log4j.properties

 #JMS Message Processor log  
 log4j.logger.org.wso2.carbon.jmsms.MSMPLog=DEBUG


 so that you can see the execution in the ESB side as following;

 [2013-07-10 12:39:42,416] DEBUG - MSMPLog [JMSMS] Storing[1] MessageID:urn:uuid:d3e97693-9b07-46e4-a7c9-4b108965a188  
 [2013-07-10 12:39:42,439] DEBUG - MSMPLog [JMSMS] Storing[2] MessageID:urn:uuid:e9e391cb-3778-4e9e-8490-99d68dea4a9d  
 [2013-07-10 12:39:42,492] DEBUG - MSMPLog [JMSMS2] Storing[1] MessageID:urn:uuid:d0b76a30-9107-4db9-b159-8b70b707d29b  
 [2013-07-10 12:39:42,510] DEBUG - MSMPLog [JMSMS2] Storing[2] MessageID:urn:uuid:7c4579bf-cdb5-4173-a961-36c7cbeb2299  
 [2013-07-10 12:39:42,567] DEBUG - MSMPLog [JMSMS3] Storing[1] MessageID:urn:uuid:289e4073-1199-4805-9c32-46d689902059  
 [2013-07-10 12:39:42,584] DEBUG - MSMPLog [JMSMS3] Storing[2] MessageID:urn:uuid:f942d2c1-14b1-4867-8727-f745af147a6b  
 [2013-07-10 12:39:42,590] DEBUG - MSMPLog [JMSMS] Storing[3] MessageID:urn:uuid:32aa8ac0-470c-4293-8d36-1682df482a2a  
 [2013-07-10 12:39:42,658] DEBUG - MSMPLog [JMSMS] Storing[4] MessageID:urn:uuid:962808ff-19bf-4d86-a4b1-2e7e0b4363ec  
 [2013-07-10 12:39:42,672] DEBUG - MSMPLog [JMSMS2] Storing[3] MessageID:urn:uuid:62b3cfe6-f947-49e2-a43f-a39d09970147  
 [2013-07-10 12:39:42,716] DEBUG - MSMPLog [JMSMS2] Storing[4] MessageID:urn:uuid:d463555f-6955-450a-9b84-d2d2a6749712  
 [2013-07-10 12:39:42,731] DEBUG - MSMPLog [JMSMS3] Storing[3] MessageID:urn:uuid:56221673-e159-4604-8baf-31193fb0536e  
 [2013-07-10 12:39:42,747] DEBUG - MSMPLog [JMSMS] Storing[5] MessageID:urn:uuid:76ad4a31-91f4-4372-a851-2189723c485c  
 [2013-07-10 12:39:42,783] DEBUG - MSMPLog [JMSMS3] Storing[4] MessageID:urn:uuid:087fba00-7d6f-4138-8fa8-06c1549b508a  
 [2013-07-10 12:39:42,845] DEBUG - MSMPLog [JMSMS] Storing[6] MessageID:urn:uuid:5ba9bdba-9ada-48ae-ac33-41bcd22d4b73  
 [2013-07-10 12:39:42,848] DEBUG - MSMPLog [JMSMS2] Storing[5] MessageID:urn:uuid:7af16cc1-ee29-4f16-addc-0d9ae4b51f9b  
 [2013-07-10 12:39:42,921] DEBUG - MSMPLog [JMSMS2] Storing[6] MessageID:urn:uuid:3d802cb7-a029-4a59-b8b3-4c1b1074d4ab  
 [2013-07-10 12:39:42,971] DEBUG - MSMPLog [JMSMS] Storing[7] MessageID:urn:uuid:0dbd1ff5-071f-4d4e-b9df-ede65146cd20  
 [2013-07-10 12:39:42,999] DEBUG - MSMPLog [JMSMS3] Storing[5] MessageID:urn:uuid:19f02a23-6149-4c82-be32-9ec69986a45e  
 [2013-07-10 12:39:43,058] DEBUG - MSMPLog [JMSMS] Storing[8] MessageID:urn:uuid:3307251f-31cb-4690-bb23-224c4fd8d480  
 [2013-07-10 12:39:43,075] DEBUG - MSMPLog [JMSMS3] Storing[6] MessageID:urn:uuid:ba76517e-f4f2-4a5d-81eb-ed6c4f260783  
 [2013-07-10 12:39:43,078] DEBUG - MSMPLog [JMSMS2] Storing[7] MessageID:urn:uuid:3c5aa2fb-ad8c-4f9e-8c4d-222a21d2892f  
 [2013-07-10 12:39:43,150] DEBUG - MSMPLog [JMSMS] Storing[9] MessageID:urn:uuid:a08658be-a5b4-4cc4-a485-b53b86a2d871  
 [2013-07-10 12:39:43,161] DEBUG - MSMPLog [JMSMS3] Storing[7] MessageID:urn:uuid:3a487564-41ff-464a-bca7-6bc83030f03b  
 [2013-07-10 12:39:43,170] DEBUG - MSMPLog [JMSMS2] Storing[8] MessageID:urn:uuid:773b675f-f96f-48b1-a1f9-be31b102a933  
 [2013-07-10 12:39:43,177] DEBUG - MSMPLog [Processor2] Fetched[1] MessageID:urn:uuid:d0b76a30-9107-4db9-b159-8b70b707d29b  
 [2013-07-10 12:39:43,199] DEBUG - MSMPLog [Processor2] Fetched[2] MessageID:urn:uuid:3c121aab-ca24-45ba-a3bb-c727ecfda28a  
 [2013-07-10 12:39:43,227] DEBUG - MSMPLog [JMSMS2] Storing[7] MessageID:urn:uuid:82f95665-c758-4c8e-ae8d-a0db3c389a32  
 [2013-07-10 12:39:43,236] DEBUG - MSMPLog [Processor2] Fetched[3] MessageID:urn:uuid:62b3cfe6-f947-49e2-a43f-a39d09970147  
 [2013-07-10 12:39:43,246] DEBUG - MSMPLog [JMSMS] Storing[10] MessageID:urn:uuid:be8c177b-2483-4db4-8a39-fcf6f6b4793e  
 [2013-07-10 12:39:43,255] DEBUG - MSMPLog [Processor2] Fetched[4] MessageID:urn:uuid:d463555f-6955-450a-9b84-d2d2a6749712  
 [2013-07-10 12:39:43,303] DEBUG - MSMPLog [JMSMS3] Storing[8] MessageID:urn:uuid:91fef3e9-1146-4903-a790-02fee3685f26  
 [2013-07-10 12:39:43,337] DEBUG - MSMPLog [JMSMS2] Storing[6] MessageID:urn:uuid:2b4a76a8-2c6d-4e99-9da7-be5cf207aee1  
 [2013-07-10 12:39:43,348] DEBUG - MSMPLog [JMSMS3] Storing[9] MessageID:urn:uuid:cc754b66-11bf-40f0-b9d8-7ec72ac7397a  
 [2013-07-10 12:39:43,379] DEBUG - MSMPLog [JMSMS3] Storing[10] MessageID:urn:uuid:06bf808e-f35f-4724-ad34-d723d39b7131  
 [2013-07-10 12:39:43,412] DEBUG - MSMPLog [Processor2] Fetched[5] MessageID:urn:uuid:7af16cc1-ee29-4f16-addc-0d9ae4b51f9b  
 [2013-07-10 12:39:43,436] DEBUG - MSMPLog [Processor2] Fetched[6] MessageID:urn:uuid:3d802cb7-a029-4a59-b8b3-4c1b1074d4ab  
 [2013-07-10 12:39:43,455] DEBUG - MSMPLog [Processor2] Fetched[7] MessageID:urn:uuid:3c5aa2fb-ad8c-4f9e-8c4d-222a21d2892f  
 [2013-07-10 12:39:43,835] DEBUG - MSMPLog [Processor1] Fetched[1] MessageID:urn:uuid:1f50e3f1-46aa-470c-bf77-feea4088f32b  
 [2013-07-10 12:39:43,852] DEBUG - MSMPLog [Processor1] Fetched[2] MessageID:urn:uuid:32aa8ac0-470c-4293-8d36-1682df482a2a  
 [2013-07-10 12:39:43,867] DEBUG - MSMPLog [Processor1] Fetched[3] MessageID:urn:uuid:8bb300cb-faa9-45b4-bbd9-1d1e83f5aea7  
 [2013-07-10 12:39:43,878] DEBUG - MSMPLog [Processor1] Fetched[4] MessageID:urn:uuid:2103ba47-77e8-4518-8050-e18b81be62dd  
 [2013-07-10 12:39:43,890] DEBUG - MSMPLog [Processor3] Fetched[1] MessageID:urn:uuid:289e4073-1199-4805-9c32-46d689902059  
 [2013-07-10 12:39:43,893] DEBUG - MSMPLog [Processor1] Fetched[5] MessageID:urn:uuid:ee2b3c05-8a68-40ef-a2f1-be8c12a2a788  
 [2013-07-10 12:39:43,916] DEBUG - MSMPLog [Processor2] Fetched[8] MessageID:urn:uuid:773b675f-f96f-48b1-a1f9-be31b102a933  
 [2013-07-10 12:39:43,938] DEBUG - MSMPLog [Processor3] Fetched[2] MessageID:urn:uuid:b6fdf8eb-24eb-4ff4-8d49-5b58ae4fd38a  
 [2013-07-10 12:39:43,943] DEBUG - MSMPLog [Processor2] Fetched[9] MessageID:urn:uuid:82f95665-c758-4c8e-ae8d-a0db3c389a32  
 [2013-07-10 12:39:43,947] DEBUG - MSMPLog [Processor1] Fetched[6] MessageID:urn:uuid:e24eb516-c99c-4051-af0c-6120e9c9cd01  
 [2013-07-10 12:39:43,960] DEBUG - MSMPLog [Processor3] Fetched[3] MessageID:urn:uuid:56221673-e159-4604-8baf-31193fb0536e  
 [2013-07-10 12:39:43,961] DEBUG - MSMPLog [Processor2] Fetched[10] MessageID:urn:uuid:2b4a76a8-2c6d-4e99-9da7-be5cf207aee1  
 [2013-07-10 12:39:43,967] DEBUG - MSMPLog [Processor1] Fetched[7] MessageID:urn:uuid:909f69a0-44d9-462c-a8f8-1065fe81232d  
 [2013-07-10 12:39:43,974] DEBUG - MSMPLog [Processor3] Fetched[4] MessageID:urn:uuid:087fba00-7d6f-4138-8fa8-06c1549b508a  
 [2013-07-10 12:39:43,979] DEBUG - MSMPLog [Processor1] Fetched[8] MessageID:urn:uuid:54b99480-9976-436f-8aa2-f80d70602433  
 [2013-07-10 12:39:43,985] DEBUG - MSMPLog [Processor3] Fetched[5] MessageID:urn:uuid:19f02a23-6149-4c82-be32-9ec69986a45e  
 [2013-07-10 12:39:43,995] DEBUG - MSMPLog [Processor3] Fetched[6] MessageID:urn:uuid:ba76517e-f4f2-4a5d-81eb-ed6c4f260783  
 [2013-07-10 12:39:44,006] DEBUG - MSMPLog [Processor3] Fetched[7] MessageID:urn:uuid:3a487564-41ff-464a-bca7-6bc83030f03b  
 [2013-07-10 12:39:44,016] DEBUG - MSMPLog [Processor3] Fetched[8] MessageID:urn:uuid:91fef3e9-1146-4903-a790-02fee3685f26  
 [2013-07-10 12:39:44,031] DEBUG - MSMPLog [Processor3] Fetched[9] MessageID:urn:uuid:cc754b66-11bf-40f0-b9d8-7ec72ac7397a  
 [2013-07-10 12:39:44,045] DEBUG - MSMPLog [Processor3] Fetched[10] MessageID:urn:uuid:06bf808e-f35f-4724-ad34-d723d39b7131  
 [2013-07-10 12:40:38,572] DEBUG - MSMPLog [Processor1] Fetched[9] MessageID:urn:uuid:962808ff-19bf-4d86-a4b1-2e7e0b4363ec  
 [2013-07-10 12:40:38,587] DEBUG - MSMPLog [Processor1] Fetched[10] MessageID:urn:uuid:76ad4a31-91f4-4372-a851-2189723c485c


 This log is same in the other ESB node as well. But since both of the ESBs servce one backend service the log there will be like this;

 Value is:2  
 Value is:2  
 Value is:2  
 Value is:1  
 Value is:3  
 Value is:2  
 Value is:1  
 Value is:4  
 Value is:3  
 Value is:1  
 Value is:1  
 Value is:3  
 Value is:4  
 Value is:5  
 Value is:3  
 Value is:5  
 Value is:6  
 Value is:4  
 Value is:6  
 Value is:6  
 Value is:5  
 Value is:7  
 Value is:7  
 Value is:7  
 Value is:6  
 Value is:8  
 Value is:1  
 Value is:3  
 Value is:5  
 Value is:6  
 Value is:2  
 Value is:7  
 Value is:7  
 Value is:8  
 Value is:9  
 Value is:8  
 Value is:9  
 Value is:10  
 Value is:2  
 Value is:10  
 Value is:8  
 Value is:9  
 Value is:8  
 Value is:9  
 Value is:3  
 Value is:10  
 Value is:9  
 Value is:10  
 Value is:4  
 Value is:10  
 Value is:5  
 Value is:6  
 Value is:7  
 Value is:8  
 Value is:9  
 Value is:10  
 Value is:1  
 Value is:4  
 Value is:4  
 Value is:5


Posted by at No comments:

Saturday, July 6, 2013

JMS MapMessage support in WSO2 ESB 4.7.0

A JMS MapMessage is an object which is used to send a set of name value pairs over the jms transport. Now WSO2 ESB supports the jms mapmessage support in version 4.7.0. Let's go through a simple use case in which jms mapmessage can be used with esb.

First you have to configure ESB with a JMS broker. I have been using Apache ActiveMQ here. But you can use either IBM Websphere MQ, MSMQ or even WSO2 Mesage Broker.First get WSO2 ESB 4.7.0 and Apache ActiveMQ 5.8.0 (or lower version)

 Copy the following jars from AMQ_HOME/lib to ESB_HOME/repository/components/lib
  • activemq-broker-5.8.0.jar
  • activemq-client-5.8.0.jar
  • geronimo-j2ee-management_1.1_spec-1.0.1.jar
  • geronimo-jms_1.1_spec-1.1.1.jar
Enable the JMS Transport for ActiveMQ by uncommenting  the transportReceiver for activemq and transportSender for jms configurations found in the ESB_HOME/repository/conf/axis2/axis2.xml

Then you can start the ActiveMQ instance and then the ESB. So that your esb will be connected to ActiveMQ through JMS transport. Then only you can follow up with the mapmessage usage scenario

 Now create a proxy service with the following configurations so that ESB will be creating a JMS endpoint and every request made to that proxy will be stored in a JMS queue. 

<?xml version="1.0" encoding="UTF-8"?>
<proxy xmlns="http://ws.apache.org/ns/synapse"
       name="StockQuoteJMSProducerProxy"
       transports="http"
       statistics="disable"
       trace="disable"
       startOnLoad="true">
   <target>
      <inSequence>
         <property name="OUT_ONLY" value="true"/>
         <send>
            <endpoint>
               <address uri="jms:/SimpleStockQuoteService?transport.jms.ConnectionFactoryJNDIName=QueueConnectionFactory&amp;java.naming.factory.initial=org.apache.activemq.jndi.ActiveMQInitialContextFactory&amp;java.naming.provider.url=tcp://localhost:61616"/>
            </endpoint>
         </send>
      </inSequence>
      <outSequence>
         <send/>
      </outSequence>
   </target>
   <publishWSDL uri="file:repository/samples/resources/proxy/sample_proxy_1.wsdl"/>
   <description/>
</proxy>


This proxy service can be used to implement a jms queue and if another proxy is created as a consumer then the message can be send to an actual SimpleStockQuote service endpoint and get a response. 

But here I am changing the SOAP message content to follows so that the content will be saved in a jms queue as a MapMessage. The content is

<soapenv:Envelope xmlns:soapenv="http://www.w3.org/2003/05/soap-envelope">
<soapenv:Body>
<JMSMap xmlns="http://axis.apache.org/axis2/java/transports/jms/map-payload">
    <price>3.4566</price>
    <quantity>15000</quantity>
    <symbol>MSFT</symbol>
</JMSMap>
</soapenv:Body>
</soapenv:Envelope>

Now if you go to the queue named as StockQuoteJMSConsumerProxy you will see the message has been saved but as a MapMessage with name and value pairs. 














Posted by



at





No comments:
  


































          

        

          

        

Tuesday, July 2, 2013


          

        









SSL Tunneling support in WSO2 ESB 4.7.0 with Passthrough HTTP transport












With this configurations HTTPS requests sent by ESB will be tunneled through the http port of the backend proxy.



The backend proxy used here is Squid proxy server.



Steps to install Squid in Ubuntu 12.04:



1. Installation


    

  • sudo apt-get install squid
    • 




2. Configuration


    

  • Navigate to /etc/squid3 (u need sudo access)
    • 

  • Backup the squid.conf 
    • 

  • Do the following changes to the squid.conf
    • 

  • Change the port to whichever the port you want
    • 



http_port 8888


    

  • Change the host name
    • 



visible_hostname localhost


    

  • You can restrict the access of the proxy with a set of hostnames or within a configured time frame using the following properties 
    • 





acl allowed_network src 10.100.3.0/100
acl allowed_hours time M T W T F 9:00-17:00


http_access allow allowed_network allowed_hours 





3. After the changes you can restart the server 


sudo /etc/init.d/squid restart



4. Let's configure the ESB



Backup the axis2.xml in {ESB_HOME}/repository/conf/axis2 directory. Copy the axis2_pt.xml as axis2.xml



Add the following configurations to the transportSender configurations;

1. PassThroughHttpSender, PassThroughHttpSSLSender if you are using passthrough transport or

2. HttpCoreNIOSender and HttpCoreNIOSSLSender if you are using nio transport




<parameter name="http.proxyHost" locked="false">localhost</parameter> //IP of the backend proxy


<parameter name="http.proxyPort" locked="false">8888</parameter> //http port of the backend proxy




<parameter name="HostnameVerifier">AllowAll</parameter>



Deploy SimpleStockQuoteService in the axis2Server in the {ESB_HOME}/samples



Create a proxy in ESB




<proxy xmlns="http://ws.apache.org/ns/synapse" name="StockQuoteProxy" transports="https,http" statistics="disable" trace="disable" startOnLoad="true">
   <target>
      <outSequence>
         <send/>
      </outSequence>
      <endpoint>
         <address uri="http://localhost:9000/services/SimpleStockQuoteService"/>
      </endpoint>
   </target>
   <publishWSDL uri="file:repository/samples/resources/proxy/sample_proxy_1.wsdl"/>
   <description></description>
</proxy>
                                





Now invoke the ESB proxy service with soap-ui



You may watch the logs of the squid server with




sudo tail -f /var/log/squid3/access.log


















Posted by



at





1 comment:
  


































          

        

          

        

Thursday, January 17, 2013


          

        









WSO2 ESB class mediator to check the SSL Certificate Properties










You need to start ESB with Mutual SSL Enabled with the configuration change in axis2.xml



Use the following class mediator inside a proxy service.



When the proxy service is invoked with the SSL Client you will see the ssl.client.auth.cert.X509 object id will be logged.



Debug through it so that you can find the SSL properties in the message context.



Code:


 package org.wso2.carbon.mediator;  
 import org.apache.synapse.MessageContext;  
 import org.apache.synapse.core.axis2.Axis2MessageContext;  
 import org.apache.synapse.mediators.AbstractMediator;  
 public class SynapseMessageContextMediator extends AbstractMediator {  
  public boolean mediate(MessageContext msgCtx) {  
    org.apache.axis2.context.MessageContext axis2MessageCtx =  
               ((Axis2MessageContext) msgCtx).getAxis2MessageContext();  
    if (axis2MessageCtx.getMessageID() != null) {  
      log.info("Cert: " + axis2MessageCtx.getProperty("ssl.client.auth.cert.X509"));  
    }  
    return true;  
  }  
 }  




The IntelliJ IDEA project for this class mediator can be found here.




https://svn.wso2.org/repos/wso2/people/chamaraa/SynapseMessageContextMediator



A sample proxy service that uses this class mediator will be like;




 <?xml version="1.0" encoding="UTF-8"?>  
 <proxy xmlns="http://ws.apache.org/ns/synapse"  
     name="echoProxy"  
     transports="https http"  
     startOnLoad="true"  
     trace="disable">  
   <description/>  
   <target>  
    <endpoint>  
      <address uri="http://192.168.71.1:8280/services/echo/"/>  
    </endpoint>  
    <inSequence>  
      <class name="org.wso2.carbon.mediator.SynapseMessageContextMediator"/>  
    </inSequence>  
    <outSequence>  
      <send/>  
    </outSequence>  
   </target>  
 </proxy>  




To invoke the proxy service you have to use a Mutual SSL java client. 









Posted by



at





1 comment:
  


































          

        

          

        

Friday, January 11, 2013


          

        









How to use WSO2 IS SCIM service through WSO2 ESB










1. WSO2 IS has the SCIM protocol support which is an Open Standard for Identity Provisioning.

More info in: http://hasini-gunasinghe.blogspot.com/2012/11/wso2-identity-server-as-scim-service.html



2. The service endpoint is

https://localhost:9443/wso2/scim/Users  

when IS is started with default ports.



3. This service can be used through an API through WSO2 ESB

ESB configuration:

<api xmlns="http://ws.apache.org/ns/synapse" name="scim" context="/scim">
   <resource methods="POST GET DELETE PUT">
      <inSequence>
         <send>
            <endpoint>
               <address uri="https://localhost:9443/wso2/scim/Users"/>
            </endpoint>
         </send>
      </inSequence>
      <outSequence>
         <send/>
      </outSequence>
   </resource>
</api>



4. The service can then be used with following curl usage commands:



Add user:

curl -v -k --user admin:admin --data "{"schemas":[],"name":{"familyName":"Anthony","givenName":"Mark"},"userName":"mark","password":"mark123","email":"paul@home.com"}" --header "Content-Type:application/json" http://192.168.71.1:8281/scim



Response is:

* About to connect() to 192.168.71.1 port 8281 (#0)
*   Trying 192.168.71.1... connected
* Connected to 192.168.71.1 (192.168.71.1) port 8281 (#0)
* Server auth using Basic with user 'admin'
> POST /scim HTTP/1.1
> Authorization: Basic YWRtaW46YWRtaW4=
> User-Agent: curl/7.21.0 (x86_64-pc-linux-gnu) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3.4 libidn/1.18
> Host: 192.168.71.1:8281
> Accept: */*
> Content-Type:application/json
> Content-Length: 104
> 
< HTTP/1.1 201 Created
< Content-Type: application/json; charset=UTF-8
< Location: https://chamaraa-TECRA-WSO2.local:8281/wso2/scim/Users/629d21a3-f0b4-4536-a11f-d5f906c8e327
< Server: WSO2 Carbon Server
< Date: Fri, 11 Jan 2013 09:22:09 GMT
< Transfer-Encoding: chunked
< 
* Connection #0 to host 192.168.71.1 left intact
* Closing connection #0
{"id":"629d21a3-f0b4-4536-a11f-d5f906c8e327","schemas":"urn:scim:schemas:core:1.0","name":{"familyName":"Anthony","givenName":"Mark"},"userName":"mark","meta":{"lastModified":"2013-01-11T14:52:09","location":"https:\/\/localhost:9443\/wso2\/scim\/Users\/629d21a3-f0b4-4536-a11f-d5f906c8e327","created":"2013-01-11T14:52:09"}}



This id can then be used to retrieve the user:

curl -v -k --user admin:admin http://192.168.71.1:8281/scim/629d21a3-f0b4-4536-a11f-d5f906c8e327



The result again is:


* About to connect() to 192.168.71.1 port 8281 (#0)
*   Trying 192.168.71.1... connected
* Connected to 192.168.71.1 (192.168.71.1) port 8281 (#0)
* Server auth using Basic with user 'admin'
> GET /scim/629d21a3-f0b4-4536-a11f-d5f906c8e327 HTTP/1.1
> Authorization: Basic YWRtaW46YWRtaW4=
> User-Agent: curl/7.21.0 (x86_64-pc-linux-gnu) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3.4 libidn/1.18
> Host: 192.168.71.1:8281
> Accept: */*
> 
< HTTP/1.1 200 OK
< Content-Type: application/json; charset=UTF-8
< Cache-Control: private
< Expires: Thu, 01 Jan 1970 05:30:00 IST
< Server: WSO2 Carbon Server
< Date: Fri, 11 Jan 2013 09:24:02 GMT
< Transfer-Encoding: chunked
< 
* Connection #0 to host 192.168.71.1 left intact
* Closing connection #0
{"id":"629d21a3-f0b4-4536-a11f-d5f906c8e327","schemas":"urn:scim:schemas:core:1.0","name":{"familyName":"Anthony","givenName":"Mark"},"userName":"mark","meta":{"lastModified":"2013-01-11T14:52:09","created":"2013-01-11T14:52:09","location":"https:\/\/localhost:9443\/wso2\/scim\/Users\/629d21a3-f0b4-4536-a11f-d5f906c8e327"}}









Posted by



at





No comments:
  


































        

      









Subscribe to:
Posts (Atom)