Monday, December 1, 2014

WSO2 ESB Script Mediator Using JavaScript with a Json payload

Synapse supports Mediators implemented in a variety of scripting languages such as JavaScript, Groovy, or Ruby. For More information on script mediator please refer this link.

This blog post will explain a scenario of using script mediator with a Json payload.

Configure back-end

1. Deploy this webapp in an appserver.

Configure ESB

2. Provide the following api synapse configuration.

<api name="pizzashop" context="/pizzashop">
 <resource methods="GET" uri-template="/api/menu/pizza*">
     <http method="get"
   <log level="full"/>
    <script language="js">var payload = mc.getPayloadJSON();mc.setPayloadJSON(payload);    </script>

Invoking the service

3. Invoke the service

curl -v "http://localhost:8280/pizzashop/api/menu/pizza/all"

You will get all the available pizza list.

Sunday, August 17, 2014

Configure WSO2 carbon with Active Directory as a primary user store and user role mapping

Following are some steps to carry on to configure WSO2 carbon product with an external active directory.

To add as a primary user store

1. Following documentation can be referred.

2. Following is  a sample configuration of the user-mgt.xml. Comment out the default configuration and uncomment the configuration related to Active directory and provide the following configurations.

 <UserStoreManager class="org.wso2.carbon.user.core.ldap.ActiveDirectoryUserStoreManager">

          <Property name="TenantManager">org.wso2.carbon.user.core.tenant.CommonHybridLDAPTenantManager</Property>

          <Property name="defaultRealmName">WSO2.ORG</Property>

          <Property name="Disabled">false</Property>

          <Property name="kdcEnabled">false</Property>

          <Property name="ConnectionURL">ldaps://</Property>

          <Property name="ConnectionName">CN=Administrator,CN=Users,DC=wso2,DC=test</Property>

          <Property name="ConnectionPassword">password</Property>

          <Property name="passwordHashMethod">PLAIN_TEXT</Property>

          <Property name="UserSearchBase">CN=Users,DC=wso2,DC=test</Property>

          <Property name="UserEntryObjectClass">user</Property>

          <Property name="UserNameAttribute">cn</Property>

          <Property name="isADLDSRole">false</Property>

          <Property name="userAccountControl">512</Property>

          <Property name="UserNameListFilter">(objectClass=user)</Property>

          <Property name="UserNameSearchFilter">(&amp;(objectClass=user)(cn=?))</Property>

          <Property name="UsernameJavaRegEx">[a-zA-Z0-9._-|//]{3,30}$</Property>

          <Property name="UsernameJavaScriptRegEx">^[\S]{3,30}$</Property>

          <Property name="PasswordJavaScriptRegEx">^[\S]{5,30}$</Property>

          <Property name="RolenameJavaScriptRegEx">^[\S]{3,30}$</Property>

          <Property name="RolenameJavaRegEx">[a-zA-Z0-9._-|//]{3,30}$</Property>

          <Property name="ReadGroups">true</Property>

          <Property name="WriteGroups">true</Property>

          <Property name="EmptyRolesAllowed">true</Property>

          <Property name="GroupSearchBase">CN=Users,DC=wso2,DC=test</Property>

          <Property name="GroupEntryObjectClass">group</Property>

          <Property name="GroupNameAttribute">cn</Property>

          <Property name="SharedGroupNameAttribute">cn</Property>

          <Property name="SharedGroupSearchBase">ou=SharedGroups,dc=wso2,dc=org</Property>

          <Property name="SharedGroupEntryObjectClass">groups</Property>

          <Property name="SharedTenantNameListFilter">(object=organizationalUnit)</Property>

          <Property name="SharedTenantNameAttribute">ou</Property>

          <Property name="SharedTenantObjectClass">organizationalUnit</Property>

          <Property name="MembershipAttribute">member</Property>

          <Property name="GroupNameListFilter">(objectcategory=group)</Property>

          <Property name="GroupNameSearchFilter">(&amp;(objectClass=group)(cn=?))</Property>

          <Property name="UserRolesCacheEnabled">true</Property>

          <Property name="Referral">follow</Property>

          <Property name="BackLinksEnabled">true</Property>

          <Property name="MaxRoleNameListLength">100</Property>

          <Property name="MaxUserNameListLength">100</Property>

          <Property name="SCIMEnabled">false</Property>


3. If you need to add a user to login initially, you can configure it in the  user-mgt.xml. As an example we are going to create a user called dominoz with the password password#.








          <EveryOneRoleName>everyone</EveryOneRoleName> <!-- By default users in this role sees the registry root -->

          <Property name="dataSource">jdbc/WSO2CarbonDB</Property>


4. If you need to add  the user “dominoz” under the  wso2.test tree structure, you should configure the following attribute.

<Property name="UserSearchBase">CN=Users,DC=wso2,DC=test</Property>

5. Following is a screenshot of the  Active directory configured with the user “dominoz”.

screen.pngFigure 1 : AD added initial user

6. Now your initial user is created  once you have started the setup.

7. Now you can login to carbon console as below providing the initial user credentials.
Username : dominoz           Password : password#

Figure 2 : Carbon login page

8. Then you can create a role  with the preferred  permission or update the permission in  a role which is already created.  The newly created role will be created in the  tree structure defined in the following attribute.

<Property name="GroupSearchBase">CN=Users,DC=wso2,DC=test</Property>

9. Click on the Configure -> Users  and Roles -> Roles -> Add New roles.   Select the Domain and provide the role name.
When you click on the roles, existing roles  in the given tree structure, will be displayed.

Figure 3 : Adding a role

10. Click next and the provide the required permission by selecting them.

Figure 4 : Configure permission

11. Then select the users you  need to add to the relevant role. You can search the users from the search function. All the existing users in the t configured tree structure will be displayed.

Figure 5 : add users to the role

12. Once you click on finish  the particular role should be added in the configured tree structure of the active directory.  following is a screenshot of the added role.
E.g., CN=Users,DC=wso2,DC=test

Figure 6 : Added role in the AD

13. Same as above, any other users can also be added  in the same manner into the given tree structure of the active directory.

Sunday, May 25, 2014

Configuring Salesforce outbound provisioning with WSO2 IS

Provisioning is a simple way to provision users in to different domains with new Identity Provisioning framework.
This example is explained how to configure Salesforce as the Identity Provider to provision the users from WSO2 Identity Server.

Configure Salesforce :

  • Following is a screenshot of a connected app created to configure WSO2 IS.
Figure 1 : Connected App

  • Once you create the connected app, you will be getting the Consumer Key and the Consumer Secret of the app.
Figure 2 : keys

  • Next you should select the your connected app to the profile you are going to use to assign when you add users in to Salesforce.
  • This can be viewed in the Manage Profile sections in the setup page. When you click on that, it will list down the existing profiles.
Figure 3 : Profiles

  • As an example, if we are going to use the profile “Chatter Free User” click on edit mode and select the connected app you created to configure with WSO2 IS as given in the following screen.
Figure 4 : Profile and select the connected app 

  • Now we have done the required configurations needed in Salesforce side.

Configure WSO2 IS :

  • This feature is introduced with WSO2 IS 5.0.0.
  • Salesforce user login is an email address. Therefore you need to configure WSO2 IS to enable email address for user login. In order to do that follow the below steps :
If the user store is MySQL :

  • Step1 : Open carbon.xml in IS_HOME/repository/conf and uncomment

  • Step2 : Open user-mgt.xml in IS_HOME/repository/conf and uncomment JDBC configurations org.wso2.carbon.user.core.jdbc.JDBCUserStoreManager And Comment default LDAP user store manager configurations.

  • Step3 : Please add following property under folowing configuration.  

 <Property name="UsernameWithEmailJavaScriptRegEx">^[_A-Za-z0-9-\+]+(\.[_A-Za-z0-9-]+)*@[A-Za-z0-9-]+(\.[A-Za-z0-9]+)*(\.[A-Za-z]{2,})$</Property>  

* Using above property, you can change the pattern of your email address.

  • Step4 : Restart the server

Configure Identity Provider in WSO2 IS :

  • Now you have to first register Salesforce as an Identity provider. In order to d that install WSO2 server and start it up. Then when you go to home page, click on the Add Identity provider and register identity provider and save it. E.g.,”
  • Then you click on the the IDP and provide the basic information as given in the following image.
Figure 5 : Create IDP in WSO2 IS

  • Then you have to fill in the basic information as given in the screenshot.
Figure 6 :  Basic Information - Claims

  • Claim mapping should be done for the following mandatory fields. Alias, Email, EmailEncodingKey, LanguageLocaleKey, LastName, LocaleSidKey, ProfileId, TimeZoneSidKey, Username
  • Advance configurations can be filled in as follows.
Figure 7 : Advance Configurations

  • Then click on the Outbound provisioning Connectors section and configure for Saleforce as below :
Figure 8 : Configure Salesforce Connector

  • Values :
      - API version : Salesforce API version
      - Domain Name : Your developer environment domain URL
      - Client ID : Client ID got from the Connected app which is created
      - Client Secret : Client secret got from the Connected app created
      - username : Username of your salesforce developer account 
      - password : This should be the password followed by the security token received by the email.
E.g., <password><security token> (passwordJYn8OLa9pC8CbQWrepGQpxxcu)

Configure Service Provider in WSO2 IS :

  • If you are going to use WSO2 IS user management console to add users, you can configure the resident service provider as the service provider in WSO2 IS. Following is an illustration.
Figure 9 : Configure Resident Service Provider

  • Select the IDP configured and select the salesforce as the connector from the drop down and save it.

Add users in WSO2 IS :

  • This is the normal process of adding users through WSO2 IS administration UI. user should provide an email address as the username.
  • Create a user via UI and check whether the user is provisioned to Salesforce as follows. You will be able to see the users added.
Figure 10 : Provisioned users in salesforce

Via SCIM and Ouath bearer token:

  • If you are going to add users via SCIM and Oauth you will need to add a service provider in WSO2 IS and configure it for the added IDP and Salesforce connector as below.
Figure 11 : Configure Service provider for SCIM and Ouath bearer token

  • If you use SCIM you have to select the correct User Store Domain under Resident IDP -> Inbound Provisioning Configuration
  • Sample Requests :

Add User Via SCIM :

 curl -v -k --header "Content-Type:application/json" --user --data '{"schemas":     ["urn:scim:schemas:core:1.0"],"userName":"","password":"ush     anisf25","name":{"familyName":"Ushanisf24"},"emails":     [""],"entitlements":     [{"value":"00e90000001STRnAAO","display":"ChatterFreeUser"}]}' https://localhost:9463/wso2/scim/Users  

Via bearer token

 curl -v -k --header "Content-Type:application/json" --header 'Authorization: Bearer c648fcae8b7b75e7b3287e31d5886e3' --data '{"schemas":     ["urn:scim:schemas:core:1.0"],"userName":"", "password":"ushani0012", "na     me":{"familyName":"Ushani12"},"emails":     [""],"entitlements":     [{"value":"00e90000001P171","display":"ChatterFreeUser"}]}' https://localhost:9463/wso2/scim/Users  

Monday, March 17, 2014

How to read multiple values in a single cell of .csv in Jmeter

In this blog post it is explained how to read a value from a .csv file via jmeter.

You have to follow the exact steps given in the blog post.

  • Apart form that, assume you have your csv file in the following format in the first cell it self and you need to read multiple values:


  • In Jmeter, you should right click on Thread Group and select Add --> Config Element ---> CSV Data Set Config.

  • Then provide the following information.

File Encoding = 
Variable Names = username,password,email,firstname,lastname,tenantDomainName
Delimiter = ,        // this is to delimit entries in list, not variables
  • My sample call to create tenant will be written as follows :

 <soapenv:Envelope xmlns:soapenv="" xmlns:ser="" xmlns:xsd="">  

Thursday, February 20, 2014

OAuth Authorization grant type behaviour with WSO2 API Manager (APIM)

For more information on OAUTH2 refer this presentation.

Authorization Grant types :

There are 4 Authorization grant types in OAuth.

How is this interpreted in APIM?

    * Authorization code
    * Implicit
    * Resource owner password credentials
    * Client credentials

(Resource :  WSO2 OAuth 2.0 The Path to Heaven from Hell presentation)

In the following types Resource owner does not grant the authorization.
    * Resource owner password credentials 
    * Client credentials

There for Step B and C (Authorization grant) will be omitted when there is a high degree of trust between client and resource owner. So the user will be able to receive the access token without the Authorization grant.

But Authorization grant is being used during the other 2 types which are,
  * Authorization code
  * Implicit.

If you use CURL or Advance rest cient, this step will not be visible since the authorization server must return a 302 redirection back to the client with an Location header pointing to the URL of user consent page. So you have to use an app which will return 302 redirection.

That is whay when we use a command like below, we just get the access token at once.


curl -v -k -X POST -H "Authorization: Basic MmdTYmc5NlBIc3hQcWZHT2lZWW1oSm9va2k4YTo0bEREM2M3TmNSWWZtaEZDZGlhVVdoQ3NEbE1h" -H "Content-Type: application/x-www-form-urlencoded;charset=UTF-8" -d "grant_type=password&username=admin&password=admin" http://localhost:8280/token/

This is explained in [1] and [2]


Thursday, January 30, 2014

Writing a simple Integration BPEL test case for WSO2 BPS

I assume the user has an idea about WSO2 BPS product. You can refer more information on :

Following are the steps to write a simple test case for a simple bpel process.

As an example is being used to write a test case.

In this example assign activity of BPEL will be used. 2 values will be added and the input will be the result.

Since this is a Basic bpel activity, we will be including our test case inside,


Steps :

1. First of all we should include our artifact inside the
/home/../turing/products/bps/3.2.0/modules/integration/org.wso2.bps.bpel.taftests/src/test/resources/artifacts/bpel folder.

2. Since its a Basic activity test case, I will be adding it under in /home/../turing/products/bps/3.2.0/modules/integration/org.wso2.bps.bpel.taftests/src/test/java/org/wso2/carbon/bps/bpelactivities/

 public class BPELBasicActivitiesTest extends BPSMasterTest {  
 //Extends the Test class  
   private static final Log log = LogFactory.getLog(BPELBasicActivitiesTest.class);  
   BpelPackageManagementClient bpelPackageManagementClient;  
   RequestSender requestSender;  
   public void setEnvironment() throws LoginAuthenticationExceptionException, RemoteException {  
     bpelPackageManagementClient = new BpelPackageManagementClient(backEndUrl, sessionCookie);  
 //Pass the Service endpoint and session cookie  
     requestSender = new RequestSender();  

Above section will be available already since there were already written test cases.

(I assume it was being explained during the automation training. )

4. To set the environment with we should provide the name of it to upload.

   @BeforeClass(alwaysRun = true)  
   public void deployArtifact()  
       throws Exception {  

5. Following is the added test case.

  @Test(groups = {"wso2.bps", "wso2.bps.bpelactivities"}, description = "Adder Process case")  
   public void adderProcess() throws InterruptedException, RemoteException, PackageManagementException, MalformedURLException, XMLStreamException {  
     String payLoad = " <p:AdderProcessRequest xmlns:p=\"\">\n" +  
         "   <!--Exactly 1 occurrence--><p:a>1</p:a>\n" +  
         "   <!--Exactly 1 occurrence--><p:b>2</p:b>  "  +  
         "  </p:AdderProcessRequest>";  
     String operation = "process";  
     String serviceName = "AdderProcessService";  
     String expectedResult = "3";  
     requestSender.assertRequest(backEndUrl + serviceName, operation, payLoad,  
         1, expectedResult, true);  

6. You can undeploy the uploaded zip file,

   @AfterClass(alwaysRun = true)  
   public void removeArtifacts()  
       throws PackageManagementException, InterruptedException, RemoteException,  
       LogoutAuthenticationExceptionException {  

Explanation :

1. public void adderProcess() throws InterruptedException, RemoteException, PackageManagementException, MalformedURLException, XMLStreamException {

This above is the method written for adderProcess()

String payLoad = " <p:AdderProcessRequest xmlns:p=\"\">\n" +
               "      <!--Exactly 1 occurrence--><p:a>1</p:a>\n" +
               "      <!--Exactly 1 occurrence--><p:b>2</p:b>   "   +
               "   </p:AdderProcessRequest>";

      String operation = "process";
       String serviceName = "AdderProcessService";
         String expectedResult = "3";
Above is the variable assignment.

payLoad is what we get from try it tool when you deploy the adderProcess in a BPS distribution. 
operation  can be checked by the wsdl of adderProcess when you deploy it in a BPS distribution. E.g., <operation name="process">

serviceName this can also be checked by the wsdl of adderProcess when you deploy it in a BPS distribution. E.g., <service name="AdderProcessService">

3.     requestSender.assertRequest(backEndUrl + serviceName, operation, payLoad,
               1, expectedResult, true);
The above is the request to be sent and assertRequest method is called.
Definition would be :

public void assertRequest(java.lang.String eprUrl, java.lang.String operation, java.lang.String payload, int numberOfInstances, java.lang.String expectedException, boolean twoWay) throws, org.apache.axis2.AxisFault { }

backEndUrl  : This is the BPS backend URL