I have configured a read-only ldap store for my WSO2 api manager and when trying to hit the /admin portal post configuration I am getting a 403 forbidden error. I changed the default superadmin account to a custom one to map to my ldap directory and am trying to find a way to map my main admin account to be able to login to the admin page (beyond /carbon). Do you know if there is a way to manually map a user to this portal / page or other permission that is needed (since can't login to the page)?
Thanks
Nick
Related
Following the documentation, registered an application with Accounts in any organizational directory. The Tenant where the application resides is in "Default Directory" and has only one user, tiagomartinsperes#gmail.com. Also, the app has user assignment (as pointed out here) set to No
After, created another Tenant (different directory) and invited the external user me#tiagoperes.eu. That's the user I'm getting troubles logging into the previously created app.
Then, enable the OAuth2 support using social_core.backends.azuread.AzureADOAuth2 (from here).
As I try to authenticate now, it works well with tiagomartinsperes#gmail.com but with me#tiagoperes.eu gives the following error
Selected user account does not exist in tenant 'Default Directory' and cannot access the application 'a9a22676-8a1c-4297-95d3-8cd89553220e' in that tenant. The account needs to be added as an external user in the tenant first. Please use a different account.
The problem is the URL the user is redirected to. According to the docs, multi-tenant applications should redirect to https://login.microsoftonline.com/organizations.
As we see in the Python Social Auth AzureADOAuth2 class, the BASE_URL is
BASE_URL = "https://{authority_host}/{tenant_id}"
Since authority_host = "https://login.microsoftonline.com/" and tenant_id="common", we'd get the wrong url.
Changing that and signing in with the same user and now I get a request to add the permissions
Reported that issue here too.
I'm trying to understand if I can be logged in as a user in both the django admin and frontend at same time in development mode. For some reason both won't work.
If I log out of admin I can request data and do some crud operations in the frontend.
If I'm logged in the admin and logged in the frontend all crud like operations receive a 403 error.
I'm using django/backend nuxt/fronend and docker.
What do I need to do in order to have both logged in and working on data?
Is the auth token set in the cookie? Try setting up an alias for localhost so that you can store cookies from 2 "different" hosts.
https://www.techwalla.com/articles/how-to-change-your-local-host-name
So 1 tab localhost:8080 and one tab myfakedomain.com:8080
I am new in Django-rest-framework. I am learning about authentication and permissions. I am getting stuck at one point.
I have created custom permission for selected users. So if some user doesn't have the correct permission for some view class, it returns HTTP status-403. In the browser it has message "403 Forbidden". Instead of this, I want to redirect the user to some other page.
Any help would be appreciated. Thanks
I am very new to wso2. I try to integrate wso2 identity server 5.0 with an external ldap. I configured it according to this : https://docs.wso2.com/display/IS500/Configuring+a+Read-only+LDAP+User+Store
At the end of the link, it says that try to sign in with admin user but how can I authenticate an another user which is available in LDAP? Is it possible to login to the identity server with another ldap user (other than admin).
Thanks
according the configuration how it is described, a new user 'admin' with 'admin' role is added after startup. I assume you want to log on another user. You should be able to authenticate other users as well for other service providers (applications), but not in the management console. For that the admin role is required.
What you can try is to use the 'dashboard' application ( https://your-is-server-hostname:9443/dashboard/ )
Have fun
g.
Since you are configuring a read-only LDAP as the primary user store,
The user that should have admin permissions is required to be stored in the user store when you start the system for the first time. After that you have to give the login permission for all users in the LDAP user store. Login permission defined under admin permissions, which allows users to login to the management console.
Configure----->Users and Roles----->Roles----->Select "Permissions" of "Internal/everyone" or "Internal/your configured application" that you would like to give the permission.
Select "Login".
Update.
For the more details you can refer [1].
[1] https://docs.wso2.com/display/IS500/Role-based+Permissions
I am using SAML SSO to authenticate users coming to my web app. I am using the SAML SSO filter. In the login page of IS(AuthenticationEndpoint/samlsso) can I add a button to visit my web page anonymously without authentication? Who should I do the redirection?
I think you need to add button to login page where you can enter credential to authenticate the user. To get this done you will have to customize authenticationendpoint.war adding new button to the login.jsp page[1] to redirect it to your page.
[1] https://svn.wso2.org/repos/wso2/carbon/platform/branches/turing/components/identity/org.wso2.carbon.identity.application.authentication.endpoint/4.2.2/src/main/webapp/