I'm using WSO2 IS to enable SSO for a service provider implemented in java. I want to perform logout and return to the home page of my SP but when I logout I get the following error:
POST logout URI does not match with registred callback URI
Any suggestion how to make the right post logout URL. When debbugging the java application i found that the used redirect uri(callback uri) is: http://server:8080/openid/callback but the post logout uri value is: http://server:8080
When you are configuring the service provider in WSO2 IS, you can add multiple callback urls. Refer "Callback Url" section in [1]
In your case adding the callback as:
regexp=(http://server:8080/openid/callback|http://server:8080)
will fix your problem.
Since there is no separate section to configure postlogout url, you have to add it as a callback url.
[1] https://is.docs.wso2.com/en/5.10.0/learn/configuring-oauth2-openid-connect-single-sign-on/#configuring-oauth2-openid-connect-single-sign-on
Related
I am following this cognito add social auth to add google auth into one of my app for testing. Completed all steps as listed, but when I am testing that using this
https://<your_user_pool_domain>/login?response_type=code&client_id=<your_client_id>&redirect_uri=https://www.example.com , I am getting an error
Error 400: redirect_uri_mismatch
The redirect URI in the request, https://xxxx-xxxx.auth.ap-south-1.amazoncognito.com/oauth2/idpresponse, does not match the ones authorized for the OAuth client. To update the authorized redirect URIs, visit:
initially the redirect uri and callback url in cognito app client settings were different but i changed those, also I tried changing my redirect url to simple https://google.com, but still not working. I did some research regarding the same, found out that it might take some time to reflect the changes in google oauth setings, its been 2 hrs since I have changed the same, should I wait or is there some other work around this.
Also, I setup facebook login following same doc, it is working fine.
please help!
In my experience this mismatch refers to the difference between your constructed URL and the setting in Cognito Pool. In the pool config, the redirect_uri is called Callback URL. Make sure those two have the same URL.
You can set it in Cognito UI here: App Integration > App Client Settings > Sign in and sign out URLs > Callback URL(s)
or you can specify the URL(s) in your code if you are using CDK.
new cognito.UserPoolClient({
oAuth: {
callbackUrls: ['https://www.example.com', '<url2>'],
}
...
}
Finally I got the solution, redirect url in google auth credentials needs to be your **domainName+/oauth2/idpresponse** .
its has something to do with your uri, whether in google cloud or cognito ,double check if the uri entered is a match
I am using WSO2-IS 5.3.0. I have configured many service provider and SAML SSO is working as expected. But when it comes to Logout, One functionality is working fine. It means it redirects me to a common logout page after an invaliding session.
Here, I have one case, I have one service provider for it, I need to perform single logout but it should redirect to my custom login page. Though IS providing the option to configure return URL(SLO Response URL) you can see in the below screenshot. I have done that but still its redirects to the common logout page.
Do I need any other configuration too?
You are performing an IdP initiated SLO as per the given request URL. In that case, you can use the returnTo parameter in that request to redirect the response.
So set the SLO response URL to return to URL of the Enable IdP initiated SLO config. Sample request would be as follow.
https://localhost:9443/samlsso?slo=true&spEntityID=travelocity.com&returnTo=https://localhost:8080/avs.com/slo
But, you might have to define the SP specific parameters in the request.
Reference : http://daytodayjava.blogspot.com/2015/08/saml2-idp-initiated-single-logout-with.html
I'm trying to implement OAuth2 Authorization Code flow with WSO2 APIM 2.6 but I get a 405 method not allowed. Here is what I did
Intall WSO2 APIM (no WOS2 IS nor IS-KM is in my environment. only APIM is present)
Create a spring boot REST service with #Restcontroller. This leads to base path as http://localhost:8080
Create an API in API publisher. This point to the REST service
As admin create an application in API store and subscribe to the API. The call back URL is simply http://localhost:8080 as shown in the image below
Call the authorize method of WSO2 APIM with the following URL
https://localhost:9443/authorize?response_type=code&redirect_uri=http://localhost:8080&client_id=EaTfmmwQT4fWciN4WnU1YyyYYYsa
When I call this URL, I'm redirected to the login page of WSO2 APIM like below
I just log in with admin/admin
Upon login, I though I'd be redirected to a authorize page, but instead I'm redirected to the following error page
Coul you guyz help me here ?
You are trying with https://localhost:9443/authorize which is wrong. That is why it is redirecting to the carbon console. You can use one of the following URLs.
https://localhost:9443/oauth2/authorize
https://localhost:8243/authorize
This will prompt you to a different login page where you can use your login credentials.
https://docs.wso2.com/display/AM260/Authorization+Code+Grant
WSO2IS 5.3.0: I have a service provider that is SAML inbound and multi-step local authentication outbound (the first step is BasicAuthenticator, and the second is custom code). I am running into an issue where, if the second step fails, the user goes to a generic "error" screen (this is samlsso_notification.do). I want the user to be redirected BACK to the login page to have to start the auth process over (WITH the error code from my authentication step, which I can't seem to customize in the SAMLResponse). Any advice on how to accomplish this?
If you go inside <product_home>/repository/deployment/server/webapps/authenticationendpoint you will find mapping .jsp for samlsso_notification.do as samlsso_notification.jsp from there you can write jsp redirection to login page. You have stat, statusMessage as context information.
I have created an custom authentication endpoint, like https://www.custom-auth.localpc, which is being redirect to by WSO2 when i try to login.
However, when I click in OK and send the POST back to http://localhost:9443/commonauth, WSO2 replies with a 302 that redirects to http://localhost:9443/https://www.custom-auth.localpc?loginStatus=true.
When I checked the console log, I found the following error:
ERROR {org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultRequestCoordinator} - Exception in Authentication Framework
org.wso2.carbon.identity.application.authentication.framework.exception.FrameworkException: No authenticator can handle the request in step : 1
The service provider that requests the login is correctly configured because it works with WSO2 default authentication endpoint.
Any thought on this?
So, the issue was quite simplier that I thought. The redirects from wso2 were more of a misdirection.
So, when submitting the data, the field username and password must be lowercase.
Any issue found with the post data, it redirects with a 302 to the carbon login page.
I think this may happen because of the canHandle() method. you can refer other custom authenticators which are using external endpoint and try these are how handle the request.