in former versions of WSO2 Enterprise Integrator we could manage lists of roles by users via the manager web console.
With WSO2 EI-7 micro-integrator and wso2mi-dashboard I find no means to manage any roles. All we can do is manage users, not a word about roles. So what ?
Thanks,
Bernard
Related
I am just starting to use GCP and I have some questions about the service accounts.
Say there is a team of like 4 remotely located developers and we all want to use the python API to access GCP to launch instances and run stuff on them. My question is should every user get their own service account and keys or should one service account be shared by all? What is the intended use case here?
Google Cloud Service Accounts provide both identity and authorization to Google Cloud.
They are similar to user accounts. If you would like to do auditing or logging of actions with service accounts, you will want to use separate service accounts per user.
Service accounts are typically used for software applications to authorize their actions with the Google Cloud APIs. Service Accounts are using to issue OAuth 2.0 Access Tokens and optionally OIDC Identity Tokens. These tokens are what provides your application with authorization in Google Cloud.
My question is should every user get their own service account and
keys or should one service account be shared by all?
Yes, you should issue separate service account JSON key files to each developer. In the same way that you would not share usernames and passwords for computer systems, you would not share service accounts.
I have written a bunch of articles on Google Cloud Service Accounts that might help you understand how to configure and use them:
Google Cloud Service Accounts
I wanted to know the Azure service which is same as AWS service known as AWS Organizations where we can create sub-accounts with subsequent roles, which can be accessed using the SWITCH ROLE functionality in AWS.
Here is the screenshot:
There are 2 answers to this.
There is no such a service
Azure is using tenants and subscriptions for logical grouping. You can switch between tenants, but you cannot unite them. However, if you use subscriptions inside tenants you can use tenant as the central object to control everything under this same tenant.
Does anybody knows how can I use WSO2 IS Roles or AD groups (throught WSO2 IS) to map AWS ARNs?
https://medium.com/#gayanmadusanka_80721/login-to-aws-console-from-wso2-identity-server-cb05d4d12ff5
I would like to use active directory groups or WSO2 IS roles instead of using mapping claims individually on each user.
we trying to add structure for SSO using WSO2, In WSO2 we need to create general Roles and connect this roles with Service provider (Please note service provider doesn't has custom roles so connection will be on service provider level with WSO2 general roles) , in WSO2 we found way to mapping SP roles with WSO2 roles but that not help us, and ,the structure in image below :
Beleive you are saying that your SP application does not persist or maintain the roles, rather you want WSO2 server to do so.
And you want to control authorization based on the availability of these roles for an user.
In that case, WSO2 server has no value nor need to know of the permissions you've assigned to these roles. You just define all the roles you want in the WSO2 server. Then (given that you use Oauth) by using scopes (mapped against each or multiple roles) to define access levels, you can issue access tokens to the users with the relevant scopes (defines access levels) after checking for the roles assigned to them.
On the resource server, it can validate the scopes of the provided access token against the Identity Server and grant or deny resource availability.
Cheers
I am very interested in using the WSO Identity server platform module as part of a tenant based SaaS platform.
Looking at the docs the WSO identity server module seems to have two logical tiers of users: a 'super tenant' user tier for sys admin stuff, and 'tenant' level users.
For our platform design we have the concept of 'tenant groups'. Where a 'tenant group' is a logical grouping of tenants. For, example 'tenant group' 'ACME' would be a logical grouping of tenants 'ACME UK', 'ACME USA', and 'ACME Japan'.
For this model we want a third 'tenant group' tier of users -a hybrid of the 'super tenant' user where a 'tenant group' user would have sys admin rights over just the tenants in their group.
Is it possible to adapt the WSO IS functionality to deliver this? If so, how?
Currently WSO2 provides multi tenancy feature. Super Tenant has the management permission of tenants.
Meantime you can also create roles depends on the permission for a particular tenant. You can have different roles to cater your requirement. Please read this document for more information on role management.