wso2-extensions / apim-km-okta Goto Github PK

Description:
Hi Team,
I have successfully configured Octa as my Key Manager. Right now I have both Octa and Resident Key manager enabled. In the store portal, I am able to allow the subscriber to test their API with the resident key manager keys. Ideally I would like to disable the Resident Key manager and allow the users to test their API subscription with Key cloak Key manager. But the try out test console is saying, it can allow only the resident key manager for testing. Is there a work around to allow the subscribers to test their subscription with Key cloak Key manager?

I am seeing the below message on the developer portal while try to test the API if I disable the resident key manager
"Try it console is only accessible via the default key manager. But the default key manager is disabled at the moment."

How do I make the Octa as default key manager?

Suggested Labels:
WSO2 APIM

Suggested Assignees:

Affected Product Version:
WSO2 APIM 4.0.0

OS, DB, other environment details and versions:

Steps to reproduce:

1. Install WSO2 APIM 4.0.0
2. Configure Octa as a Key Manager
3. Disable resident key manager in WSO2 Admin portal
4. Go to to try out page on WSO2 Dev Portal

Related Issues:

Same issue has been observed for all other Key manager.

Description:
Right now, when a user have to generate a new token, all the parameters should be copied from Okta and paste into the form. Since we do know that we're talking to Okta, I think we can provide a drop down with all possible options. Make it easier for end users to select different token types and generate tokens.

Also we can do some validation to make sure users cannot make mistakes. For example, right now when I'm trying to generate a token using client_credentials grant, and provide scope as profile, it gives me following error,

[2019-10-09 14:56:16,647] ERROR - OktaOAuthClient Failed to get accessToken for Consumer Key 0oa1ju03vwiCioUOP357. Response: {"error_description":"Cannot request 'openid' scopes using client credentials.","error":"invalid_scope"}

This error is only visible if you enable debug logs. If you don't enable debug logs it's not possible to see these errors and the UI will not display anything.

Affected Product Version:
OKTA-OAuth-Client-1.0.3-SNAPSHOT.jar (from master)

Description:
Adding an OKTA Key manager is throwing errors in carbon log

Affected Product Version:
APIM 3.2.0
apim-km-okta - 3.0.5

OS, DB, other environment details and versions:
Windows
Installed using zip.

Steps to reproduce:

1. Install wso2 apim 3.2.0 using zip.
2. Enable debug logs for apimgmt.
3. Start the wso2 apim using bat script.
4. Go to admin console, add a new Key manager of type OKTA. Input valid required fields.
5. After add, refer the carbon logs, wso2 reports JSON mal formed errors for following OKTA URLS.

https://dev-************.okta.com/oauth2/default/v1/authorize
https://dev-************.okta.com/oauth2/default/v1/introspect
https://dev-************.okta.com/oauth2/default/v1/keys
https://dev-************.okta.com/
https://dev-************.okta.com/oauth2/default/v1/revoke

TID: [-1234] [api/am/admin] [2021-04-17 12:19:33,946] DEBUG {org.wso2.carbon.apimgt.impl.APIAdminImpl} - Error while parsing element https://dev-************.okta.com/oauth2/default/v1/revoke com.google.gson.JsonSyntaxException: com.google.gson.stream.MalformedJsonException: Use JsonReader.setLenient(true) to accept malformed JSON at line 1 column 7 path $

wso2-carbon.log

Description:

See below screenshot,

Description:

After configuring Okta as KM extension, when you navigate to Manage Alerts, UI items shows up as null. Screenshot below,