WSO2 APIM unable to create an access token from the store

Question

We have an WSO2 APIM deployment (2.0.0) behind some proxy servers. When creating an application or generating an access token from the store we've got a following exception:

 ERROR {org.wso2.carbon.apimgt.impl.utils.APIUtil} -  Error occurred while executing SubscriberKeyMgtClient. {o
rg.wso2.carbon.apimgt.impl.utils.APIUtil}
java.lang.RuntimeException: Error occurred while calling token endpoint: HTTP error code : 301
        at org.wso2.carbon.apimgt.impl.AMDefaultKeyManagerImpl.getNewApplicationAccessToken(AMDefaultKeyManagerImpl.java:367)
        at org.wso2.carbon.apimgt.impl.workflow.AbstractApplicationRegistrationWorkflowExecutor.dogenerateKeysForApplication(AbstractApplicationRegistra
tionWorkflowExecutor.java:151)
        at org.wso2.carbon.apimgt.impl.workflow.AbstractApplicationRegistrationWorkflowExecutor.generateKeysForApplication(AbstractApplicationRegistrati
onWorkflowExecutor.java:118)
        at org.wso2.carbon.apimgt.impl.workflow.ApplicationRegistrationSimpleWorkflowExecutor.complete(ApplicationRegistrationSimpleWorkflowExecutor.jav
a:78)
        at org.wso2.carbon.apimgt.impl.workflow.ApplicationRegistrationSimpleWorkflowExecutor.execute(ApplicationRegistrationSimpleWorkflowExecutor.java
:54)
        at org.wso2.carbon.apimgt.impl.APIConsumerImpl.requestApprovalForApplicationRegistration(APIConsumerImpl.java:2789)
        at org.wso2.carbon.apimgt.impl.UserAwareAPIConsumer.requestApprovalForApplicationRegistration(UserAwareAPIConsumer.java:36)
        at org.wso2.carbon.apimgt.hostobjects.APIStoreHostObject.jsFunction_getApplicationKey(APIStoreHostObject.java:385)

...
Caused by: java.lang.RuntimeException: Error occurred while calling token endpoint: HTTP error code : 301
            at org.wso2.carbon.apimgt.impl.AMDefaultKeyManagerImpl.getNewApplicationAccessToken(AMDefaultKeyManagerImpl.java:367)
            at org.wso2.carbon.apimgt.impl.workflow.AbstractApplicationRegistrationWorkflowExecutor.dogenerateKeysForApplication(AbstractApplicationRegistra

what I assume is that some of the proxy services (we may have not direct control over) returns HTTP 301 when generating a token.

I wanted to see what URL is really called with what data from AMDefaultKeyManagerImpl and check what is really returned.

I am unable to locate the AMDefaultKeyManagerImpl or APIStoreHostObject neither find what endpoint is really called.

Thank you for any hint / advice

Edit:

I found the implementation here though it's in different package (newer version?).

Endpoint is retrieved here:

String tokenEndpoint = 
ServiceReferenceHolder.getInstance().getAPIMConfiguration()
   .getKeyManagerConfigs().getTokenEndpoint();

though don't know how the endpoint is computed (APIKeyManager section is commented you assuming using the local /self service, it's working on another environment)

The exception is experienced when generating application key or application access token, here is the stacktrace .

I see possible 301 response when a client would call an HTTP endpoint, though I see only https config everywhere

<RevokeAPIURL>https://api.xxxxxx:443/api/revoke</RevokeAPIURL>

where /api is mapped on the proxy server to the axis2 http port if the gateway

Resolution:

The token endpoint is derived from RevokeAPIURL parameter (if a separate KeyManager is not defined, replacing "revoke" with "token" string). The implementation sends a proper HTTP(S) request to the endpoint with the Host header. The issue was on the proxy service configuration routing incorrectly when the host header is used

Answer 1

Make sure you configure revoke url properly in api-manager.xml

<RevokeAPIURL>https://${GATEWAY_SERVER_HOST}:{port}/revoke</RevokeAPIURL>

You can put real values for ${GATEWAY_SERVER_HOST} and {port} .

Answer 2

Follow this blog . Also make sure you don't have any repeated records which violates the constraints. This mostly happens while migrating wso2-am from 1.9.0 to 2.1.0.