I have been trying to set up STS for my wso2 is, but the request it sends is 1.1, and I need SAML 2.0 I cant find anywhere where I can change this configuration.
I need this to be SAML 2.0. Is there a setting I am missing?
This is what I see in SAML tracer:
SAML 1.1 / SAML 2.0 token type is not based on any config on WSO2 IS side. Both are supported by default and the response token type is decided based on the type of token defined in the RST (Request Security Token)
Refer: https://is.docs.wso2.com/en/latest/learn/ws-trust/
Both SAML 1.1 and SAML 2.0 token types are supported by default. The
issued token type is decided based on the type of token defined in the
RST (Request Security Token)
You have added the response, in the above-attached image. So first verify the token type of the RST.
Related
i using wso2 to manager my group's api,so i publish my api to wso2 Publisher. My api has its own authentication by send a bearer token.The swagger document have the authorize button ,but when i import my api definition in wso2 Publisher.the authorize button is disappear.
i have these question
1、How should I send the original beaer token?
2、when i use swagger3 definition,it show some error,swaager3 is not supported by the import function?
anyone has suggesstion?
my wso2 version is: WSO2 API-M v4.1.0
WSO2 API Manager does support Swagger2 and Open API Specification (OAS) 3 and above.
And with regard to Bearer tokens in API Manager, you can generate a bearer token using the DevPortal for your APIs. You need to create a new Applicaiton, and subscribe to your API, and then you can generate a new JWT-based bearer token.
Please check this section in detail - https://apim.docs.wso2.com/en/latest/consume/consume-api-overview/
If your backend is OAUth protected you can use Endpoint security to add OAuth configs to generate a backend bearer token when calling the API. Take a look at this document.. Also if you want to import backend certificates to API Manager take a look at this document.
WSO2 version: WSO2IS-5.7.0
I am doing proof of concept on WSO2 identity server and my goal is to achieve single sign on for the applications.
I generated the JWT token from WSO2 using OAUTH2 token API.
I used the revoke API to revoke the token and i got 200 response.
Again i invoked introspect token API and i got response as active:true but i suppose to get active:false.
This is a known issue in WSO2 Identity Server 5.7.0. It has been reported here and will be fixed in 5.8.0 GA release.
I'm trying out the SimpleSAMLphp sample app with WSO2 Identity Server as the Identity Provider. I can successfully login and logout. The SAML assertion and the response is signed.
I want to know how to validate the (response and assertion) signature in the client application using SimpleSAMLphp.
When acting as Service Provider (SP), SimpleSAMLphp will always validate response signature by default, so you don't have to do it yourself. This is mandated by 'saml2int', so I guess it conforms to that (in SAML2Core it is only recommended).
You can check relevant SSP code which initiates the check and the
signature check itself.
I'm trying to implement OpenId Connect in an SPA application with WSO2 Identity Server 5.0.0. I'm trying to use Implicit Flow but I always received an error from the identity server.
GET Request:
https://idserver:9443/oauth2/authorize?response_type=id_token&
client_id=abcd&
redirect_uri=https%3A%2F%2Flocalhost%3A44326%2F
Error Response:
invalid_request, Invalid response_type parameter value
Is response_type=id_token supported?
With WSO2 Identity Server 5.0.0 OpenID Connect "id_token" response type is not implemented. The "Implicit" settings in the configuration only work for OAuth 2.0 "token" response type. You might wait until 5.1.0 or take the pain of implementing a patch for it.
I want to use WSO2 Identity Server as an IDP but partner would like the assertion to be returned as a cookie. Is this possible with WSO2 ID Server?
TIA
According to the SAML2 SSO web browser specification, IDP (WSO2IS) return SAML response as HTTP POST (body). if you want to return it as a cookie from WSOIS (It means assertion in the HTTP Header), it is not possible with default behavior. IMO, there may be work around that can be done... One is that, we can register a new servlet with WSO2IS (custom servlet). Then WSO2IS do post the SAML response to that custom servlet. Inside custom servlet, we can extract the SAML response from post request. And then SAML assertion can be extracted from response and we can add this assertion in to HTTP header using the custom servlet. Finally, WSO2IS would return a SAML assertion in HTTP header... likewise we can customize the default behavior easily. However, could you, please elaborate what is the actual use case?