WSO2 Identity Server Email OTP using REST API - wso2

We are trying to use WSO2 IS Rest Api for users's authentication. Is there any way to enable email otp with Rest API authentication?

WSO2 does not support REST API based MFA (Email, SMS) as of now, but it's on the roadmap.
https://github.com/wso2/product-is/issues/11549
https://github.com/wso2/product-is/issues/11548
As a community user, you may use https://github.com/wso2-extensions/identity-otp-integration-endpoints. However it is not covered under WSO2 commercial support.

Related

OAuth Endpoint Type in WSO2 API

I have a secured API with OAuth and I have no other authorization mechanism (Basic Auth/ Digest Auth).
Based on article https://apim.docs.wso2.com/en/latest/learn/design-api/endpoints/endpoint-types/:
"You cannot call backend services secured with OAuth through APIs created in the API Publisher. At the moment, you can call only services secured with username/password (Basic Auth/ Digest Auth)."
Are there any plans to implement this feature in WSO2?
Although this feature is not available OOB, you can get this done via a mediation extension. Please check this article [1] where it explains on how to invoke a backend that is secured by OAuth2.
Currently, this feature is under development and will be adding to the product in the next release.
[1] - https://medium.com/#menakajayawardena/wso2-how-to-using-oauth2-protected-back-ends-with-api-manager-5d7e234c61c

How to implement google authenticator for 2 factor authentication with WSO2 identity server 5.7?

I want to use Google Authenticator for 2-factor authentication with WSO2 identity server 5.7.0. The Google Authenticator should provide a One-Time Password which is valid only for a very short duration. Using the email id, password and OTP (generated from Google Authenticator) a user should be allowed to sign in into an application.
I cannot find how to implement google authenticator in the link mentioned below WSO2 Identity Server Authenticators and Connectors Documentation
Can anyone provide some steps in the direction to implement Google Authenticator with WSO2?
Note: I am not referring to using Google as a federated authenticator.
As for me for your use case you don't need google authenticator you need email otp[1]. You can configure your email otp to generate from google. You can enable it as a second factor in authentication. So the first user will login using user name and password then user will be asked for the otp that generated from google. That will be sent to the user email account.
If you want to use the google authenticator to get the otp not the email then you should use wso2 totp. [2]
[1]. https://docs.wso2.com/display/IS570/Configuring+Email+OTP
[2].https://docs.wso2.com/display/ISCONNECTORS/Configuring+TOTP+Authenticator

Workplace custom integration authentication

I try to develop custom workplace widget for sharepoint. But, in documentation, I does not find how to authenticate users! Only with app access_token or impersonate_token, which is not secure...
Here's an endpoint for generate bearer access_token via sso? Or SAML assertion?
No, you can communicate with Workplace via API only using access_token.

WSO2 API Manager end user registration from Mobile(Android and iOS) Application using google or facebook sign-in

We are using WSO2 API Manager 1.10 and WSO2 Identity server 5.1.0 for managing back end REST APIs which will be consumed by Android and iOS application.For a end user(Mobile App user) to access the APIs exposed,process followed is:-
1.User registers to WSO2 IS server using WSO2 SCIM create user API.
2.User request for access token which will be used for accessing the APIs.
We are planning to add Google and facebook sign in feature in our Mobile app which will help end user avoid user creation in WSO2 IS. Does WSO2 API Manager support this sort of implementation? if so,what are the cofiguration changes we need to do to our current setup?
You can achieve this using identity federation. IS will act as key manager as well as it can federate the authentication to facebook/google.
you can find how facebook can be configured to get access token in this blog[1]. Similarly you can add google for federation[2]
[1] http://nuwanzone.blogspot.com/2015/10/getting-access-tokens-for-wso2-api.html
[2] https://docs.wso2.com/display/IS510/Configuring+Google

SAML and OpenID SSO with WSO2 Identity server

I'm trying to achieve SSO among different application. The applications are:
API Manager 1.7.0 Store
API Manager 1.7.0 Publisher
Liferay 6.2
I managed to configure Liferay to login through Identity Server Openid and to configure API Manager to login through Identity Server generated SAML Token as detailed in API Manager documentation.
The SSO is working well between api store and api publisher.
The problem is that I can't achieve SSO between Liferay and API Manager. If I login to liferay with openID and I open the store or publisher URL the user is asked for username and password again.
How can I configure the IS to implement the desired scenario?
Thanks, Paolo
Are you using IS 5.0.0 version? Normally it would create a same session for all the login in IS 5.0.0 version. it means, if you login with OpenID, SAML2 or OAuth2, it does not matter, IS creates a common session for given user. Normally it should not ask the password again. If it is asked, it can be a bug. Can you just check whether there is a cookie called commonauthid in the browser? If you are using some older version of IS, you can enable the this property <AcceptOpenIDLogin>false</AcceptOpenIDLogin> in identity.xml file