ERROR Basic Authentication failure: tenant domain mismatch for user :[email protected] in WSO2 API Manager 4.1.0
I am trying Secure API by BasicAuth in WSO2 API Manager 4.1.0 GA Release.
There is Backend Service which was protected by Basic Auth Mechanism(Username:
[email protected], Password:apimtestpwd), Hosted this backend in WSO2 APIM by follows below mentioned steps.BasicAuth enabled Under
API Configurations section-->Runtimein Publisher
BasicAuth Credentials are provided Under
API Configurations section-->Endpoints
- Published the same and now It's visible in
Devportal. There is no subscription added as this was protected with Basic Authentication
- When I tested via
Try Outorpostmangetting403 ForbiddenERROR as response
{ "code": "900908", "message": "Resource forbidden ", "description": "Resource forbidden " }
Noticed below ERROR Log in wso2carbon.log
[2023-03-30 20:01:49,291] ERROR - BasicAuthAuthenticator Basic Authentication failure: tenant domain mismatch for user :[email protected]
[2023-03-30 20:01:49,291] WARN - APIAuthenticationHandler API authentication failure due to Resource forbidden
PS: User added in wso2 carbon portal under Users and Roles Section.
@Lakshitha suggested added below lines in deployment.toml file
[super_admin]
username = "admin"
password = "admin"
create_admin_account = true
[tenant_mgt]
enable_email_domain= true
[apim.throttling]
#username = "$ref{super_admin.username}@carbon.super"
username = "[email protected]@[email protected]"
[apim.throttling.policy_deploy]
username = "$ref{super_admin.username}@carbon.super"
[apim.throttling.jms]
#username="admin!wso2.com!carbon.super"
username="admin!wso2.com!testdomain.com!carbon.super"
password = "$ref{super_admin.password}"
API Request is not reached to backend URL server. How to resolve this issue?
I think the problem is with the user that you are invoking the API. If you are using email address as username (eg: [email protected]), you have to explicitly enable this (Check this doc). If not, server belives the part after @ as a tenant domain and see for an associated tenant domain.
I think that should be the reason for having this error in the backend.
In your scenario you have basic auth in two layers,
- Backend endpoint security
- API security
You need to have correct username password credentials for the 2.API security part. These username, password pair has to be included in the wso2 userstore and that's how APIM validates the request.
The credentials for 1. Backend security does not have this requirement as the validation is done from the backend. Not from the APIM server.
Edit: You can't use [email protected] to invoke the API exposed via the API Manager. This user is associated with the backend and for Basic auth at the APIM layer, you need to invoke with a user that is already included in the WSO2 userstore.
Once the server validate the authenticity of the user, it pass the request to backend and for this call, server generates a new basic auth header using the configurations that you have set in the endpoint security section ([email protected] and password). In this backend call, API Manager acts as the client and send the request to the backend server using the basic auth credentials.
- Can I use the dashboard the WSO2 DAS from other application java
- Adding HTTP security headers to WSO2 APIM (4.1.0) via deployment.toml config
- Compatibility Issue: WSO2 MI 4.1 with MongoDB Connector v2.0.0 and MongoDB 6.x Driver
- How to Access Fields in application/vnd.oracle.adf.resourceitem+json Response in WSO2 Integration Studio?
- WSO2 Multiple Gateway deployment production/sandbox endpoints
- Is there a way to run three instances of WSO2 AM in one localhost?
- CORS Configuration not working in WSO2 API Manager for Oauth2/token API
- WSO2 - Identity server 6.1.0 - Force user to change his password on first login
- OSGI Bundling issue while upgrading WSO2 APIM 3.2 to 4.3
- WSO2 API Manager 4.2 with AWS ALB : Problems with mTLS Authentication Setup
- WSO2 API Manager (wso2am-4.3.0) - Error When Invoking APIs After Disabling OpenAPI Validations
- WSO2 Kafka Consume messages from topic issue
- WSO2 API Manager (wso2am-4.3.0) - How to Disable OpenAPI Validation When Importing Swaggers?
- "keytool error: java.io.IOException: Invalid keystore format"
- wso2 api manager elk based analytics
- How to enable TLS 1.1 in wso2 APIM 4.2
- WSO2 API Manager (wso2am-2.1.0) - How to implement passwordless authentication using WSO2 APIM and Microsoft Authenticator App?
- WSO2 API Manager (wso2am-2.1.0) - BufferOverflowException
- How to - create api to test simple http backend
- Issue with WSO2 API-Manager 4.3.0: ERR_CONNECTION_RESET at localhost:9443
- Adding advanced UI customizations to WSO2 API-M UIs didn't went well
- WSO2 website access to front site denied and possibility wrong packages or versions
- WSO2 API Manager Integration with Prometheus and Grafana
- Can't Loop over JSON Array from JSON Property in WSO2 ESB
- How to increase CARBON_LOGFILE when building docker image from base image?
- UserNotFound Error for Existing Role in WSO2 IS 7.0.0 XACML Policy
- How to get username of API caller in wso2 apim in Basic Authorization?
- WSO2 calls not showing on fiddler
- What exactly is the difference between "WSO2 API Manager" and "WSO2 Data Analytics Server" and "WSO2 Application Server"?
- How to pass a value from inSequence to outSequence in WSO2 ESB?