I used wso2 identity server with multi JDBCUserStore.
Is it possible to define a user who will only be able to manage the users of a single user JDBCUserStore.
Related
I am pretty new to the WSO2 IS and my object is to understand how ( whether its possible ) to enable simultaneous login of 2 different service provider applications.
For instance : token from one service provider is to be accessed and used to login to the other app.
Any help on this topic is appreciated.
how ( whether its possible ) to enable simultaneous login of 2 different service provider applications.
From this question, I understand that you want to try Single Sign on with Identity server. WSO2 Identity Server enables users to access multiple applications using the same set of credentials. For an example, if users log into application A, they would automatically have access to application B as well for the duration of that session without having to re-enter their credentials. WSO2IS provides the capability for SSO using different protocols such as OpenIDConnect, SAML, etc.
If this is your requirement, you can refer to this doc to know about Single sign-on. If you use OAuth apps you can get access tokens. Refer to this doc to know about SSO with OpenID Connect.
I am making a RemoteRegistry connection to a WSO2 server as user admin, but I am in need of being able to create registry resources as a different user (so the owner of the resource is not admin but another existing user). Is it possible to impersonate another user, or obtain a Registry instance for another user?
This is possible for code that runs inside the WSO2 (for example, code deployed in the built-in Tomcat instance that WSO2 itself runs on), but this particular requirement is for code that accesses the WSO2 server remotely via external APIs, rather than directly from within.
The WSO2 server in question is a WSO2 Identity Server v5.x that also includes functionality from WSO2 Governance Registry.
I am new to WSO2 API Manager. I have installed it to proxy my REST endpoints and to do access management via oAuth2.
Great! I managed to get access to my backend REST implementation through the oAuth2 process of API Manager (via API console). Now I want to setup the complete roundtrip starting from a user authentication process where identity is verified with corresponding roles. So...
Next I want to create a single page app and bring an authentication step by either redirect the user to a login page (authentication service) or let the user interact with single app page directly and let the single app page do the login to some authentication service.
Question:
Can I use the Key Manager component of the API Manager to handle user authentication (oAuth2 based) or do I need to install the WSO2 Identity Server to handle the authentication?
I see that WSO2 API Manager can host Users and Roles, a User Store and an endpoint to handle (authz) token requests, but can it also handle a login (authentication) request from my single app?
You can use APIM with OAuth2 Authorization code grant type. See this sample in identity server docs, but use below endpoints of APIM instead of IS endpoints.
https://localhost:8243/authorize
https://localhost:8243/token
We are using the WSO2 Identity Server SOAP API to add users. Is there way to add a user without specifying a password in the SOAP Envelope?
Users can login to WSO2 Carbon management console by providing username/password. Also external system can access admin services of Carbon server by providing username/password.
Is there any ways to extend the default authentication mechanism ?
Yes. WSO2 Carbon product provides an authentication framework that can be used to extend the different authentication mechanism. By default WSO2 Carbon product is shipped with several authenticators. Some authenitcators only use for access the admin service APIs. Some are only for access management console login….. You can find more details about WSO2 Authentication framework from here
Following are currently available authenticators
IWA Authenticator : Once user is login in to the windows server machine using windows authentication, User can seamlessly login to the WSO2 Carbon management console. WSO2 Carbon product must be configured with AD
SAML2 SSO Authenticator : Once user tries to access WSO2 Carbon management console, user would be redirected to configured IDP. User only provides credentials to the IDP and would be able to login to Carbon management console seamlessly. But here, IDP and WSO2 Carbon product must have the same user for authorization purpose. Therefore sometime, same user store can be shared with IDP and Carbon products.
WebSeal Authenticator : User has already login to WebSeal server, when user tried to login to Carbon management console. User can login seamlessly. But here, IDP and WSO2 Carbon product must have the same user for authorization purpose
Mutual SSL : This is not used to login to management console. But this is used to access Admin service APIs of Carbon server.
For more details, check here
We want to connect WSO2 API Manager to WSO2 Identity server for application key management, so in other words we don't want to use the embedded key management that comes with API Manager, how can we achieve that?
IS is used as Oauth provider, but if we think about key management part, we have no of operations managed by APIM, to restrict /allow token accesses..
So, if you want to use IS as keymanagement server, you need to install APIM key-management related features in IS and in the api-mgt.xml,you have to provide IS server URL/credentials under APIKeymanagment section.