How do I configure Apache NiFi to use SSO in wso2 IS? I already have a password authentication enabled independently for NiFi. Now I am trying to integrate WSO2 IS for SSO. Couldn't find much help in the help pages.
You can use the following guide to create a OIDC servive provider in IS for Nifi. https://is.docs.wso2.com/en/latest/guides/login/sso-for-oidc/
I was able to find a resource for Nifi which integrates with Google through OIDC. https://bryanbende.com/development/2017/10/03/apache-nifi-openid-connect
You can use both resources to configure Nifi to use SSO with WSO2 IS.
Related
I have integrated NiFi with Apache Knox but I'm not getting how to integrate NiFi with WSO2 IS using SAML2. How can I integrate Apache NiFi with WSO2 Identity server using SAML for SSO.
In Nifi now we can configure SAML. Found a resource related to this.
To quote from the resource:
In order to perform any type of authentication, we first need a secured NiFi instance. There are already many posts that cover this topic, so the starting point will be assuming that you can configure NiFi with a keystore, truststore, and https host/port.
It seems like, NiFi doesn't support SAML authentication. But support the OIDC flow. Refer to this
So to integrate with WSO2 IS, you can create a service provider with OAuth in WSO2 IS side and set up with the NiFi. You can also refer to this, which explains how to integrate the OIDC with NiFi using google as an example. Here only different with the WSO2 is how the OAuth application is created.
Can WSO2 API Manager be used with a separate Identity Server as IdP, without sharing the database? All documentation and tutorials point to a special version of IS and sharing the database, and I'd like to avoid that.
You can configure WSO2 API Manager with an external IDP without using WSO2 IS. I think this blog will be helpful for you. In this blog, Keycloak has been used as the federated IDP for SSO.
Thanks.
Yes, you can configure IS as federated Identity Provider. This blog has steps to configure WSO2 IS as federated IdP for API Manager.
I am trying to implement SAML Extension Grant by following the instructions in https://apim.docs.wso2.com/en/latest/Learn/APISecurity/OAuth2/GrantTypes/saml-extension-grant/ but got a blank screen when I tried to configure the service provider:
Sign into the Management Console
Select Service Providers > Add
After I registered the service provider, click Inbound Authentication Configuration > SAML2 Web SSO Configuration.
Click Configure. A blank screen appears.
There is already a similar issue reported in APIM 3.0.0. Please refer to the git issue here
Inbound SAML2 Web SSO Authentication will not work in APIM OOTB as the relevant Identity feature is not available. If you need to use this, you need to use WSO2 IS or WSO2 IS-KM.
We're attempting to configure a relatively complicated WSO2 setup in which Identity Server (5.7.0 with KM) authenticates through an OAuth Service Provider, uses the token to secure API Manager (2.6.0) Endpoints, which then cycles through the Enterprise Integrator (6.5.0).
I've followed the steps to configure IS as the Key Manager (https://docs.wso2.com/display/AM260/Configuring+WSO2+Identity+Server+as+a+Key+Manager). This appears to be working, as I can see users in APIM that were configured in IS.
The problem is in the application. In IS I've created an OAuth POC that federates to another authentication provider. I want APIM to understand that application, and be able to use it to subscribe to APIs through the store for users that IS has given roles to. The application doesn't appear in APIM's applications, and I can't figure out how to link the two. I'd like for APIM to understand the token, figure out that it's for the OAuth POC in IS, and then if the user has that role, let them in, else return a 401 or something equivalent. Haven't been able to find someone else with a tutorial or guidance on this setup specifically.
Linking an Oauth2 provider from IS to an APIM application is called by WSO2 as "Out-of-Band provisioning". This guide may bring you a step further in your POC: https://docs.wso2.com/display/AM260/Provisioning+Out-of-Band+OAuth+Clients
i m new learner for wso2
wso2 - oauth, user Management and my other service available in predix.
so i have used wso2 identity server for oauth and user management.
Problem :
1) how to integrate predix(idp)
2) how to used this things using REST API
For your first question, I understood that you need to integrate the mentioned Idp as federated Identity Provider in WSO2 Identity Server. Doc - https://docs.wso2.com/display/IS570/Configuring+Federated+Authentication guides the steps to configure federated authentication.
Currently, WSO2 IS don't have a build in authenticator for the Prefix. But as the Prefix support OIDC flow, you should be able to WSO2 OIDC federated authenticator. Steps can be found here
I haven't got the chance to test with Prefix. But it needs to work