I need to add one parameter to redirect. When authentication fails WSO2 redirects to login page with &authFailure=true&authFailureMsg=login.fail.message request parameters.
I could not add some additional parameter to it by changing org.wso2.carbon.identity.application.authenticator.basicauth.BasicaAuthenticator class messages.
Are there any ways of doing it?
Also, in a very easy way, can be modified the login.jsp file located on:
<WSO2_APIM_HOME>/repository/deployment/server/webapps/authenticationendpoint/login.jsp
and you can do it without build any custom authenticator and redeployment. It is hot deploy.
It is also important to modify this file carefully, as it is used by all login flows on the platform
I could not change BasicAuthenticator.class. Added additional parameters by registering my LocalBasicAuthenticator where functions are the same as BasicAuthenticator but you can add query params and modify it. Then replace jar in components/dropins and change local authentication in your Service Provider.
Related
I’m trying to migrate an authorization request into the authorization at the Postman collection level. The request body has an additional parameter for account_id that needs to be passed.
I’m unable to find a way to pass this additional parameter when using Oauth 2.0 client credentials flow. Is there a way to include this?
You're trying to add a new header. I don't think this is supported on the collection level, but a workaround is to use a pre-request script on the collection level:
const Header = require('postman-collection').Header
pm.request.headers.add(new Header(`account_id:${pm.environment.get('et_mid')}`))
I have an API that I have setup in WSO2's API Manager Publisher tool. All the calls work fine when called correctly with an Access Token.
But I have one url that I want anyone to be able to call. (It is a customized Swagger UI page (different from the one built into the WSO2 tooling).)
To do this I add the Swagger UI url as a resource. But when I go there it says:
Required OAuth credentials not provided. Make sure your API invocation call has a header: 'Authorization : Bearer ACCESS_TOKEN'
Generally, I really like this default. (I want all my other API resources to require an Access Token.) But for this one I don't have an access token and don't expect to.)
Is it possible to publish one resource and not need any authentication?
Also it can be done in 2.x versions of API Manager through disabling for each endpoint the security in publisher tool. In manage tab, resources section, for each resource/endpoint set the value x-auth-type to "None". Default value is "Application & Application User". This disable security and then authentication required for accesing to the selected API resources.
This can be done as mentioned in https://stackoverflow.com/a/61133046/3176125
Basically you can turn off for one of the resources while you allow security for the rest of the resources.
I am trying to develop an application that should eventually replace an existing (non-Ember) one and provide additional functionality.
For a start, for anything not yet implemented in the new app, I want to redirect users to the existing one, using the latter's single-sign-on capability. The workflow I imagined is this:
User logged in to new (Ember) app clicks link or button there
New app makes an API call to an endpoint that returns an SSO token
New app generated link including SSO token, opens it (in new or same window)
I use ember-simple-auth to authenticate the user for API calls that return user-specific information, using a JSON web token that contains the user id.
For step 2 above I would need to include that token in the API call, but I am at loss how, and even where to implement the call. Do I need an Ember.Route for this (where I could throw in the AuthenticatedRouteMixin)? I would not consider the SSO token to be part of my model, so that does not seem right. Can I get the session's token somehow and include it in a direct ajax call? Should I?
ember-simple-auth provides the SessionService where you can access that information.
My recommendation is to use ember-ajax to make the actual request, and override the ajax service to call the session services authorize method.
Then you need to implement your authorizer to authorize that request.
The detail implementation depends on your authorizer and how you want to include the token in your request. As header, query param, or in the body.
I have created a Rest service. In this service I want to know which client is calling the service. Is there any method to check the properties or information of the client.
I don't know what you exactly mean by "which client". I see two things:
The terminal kind. This can be known using the User-Agent header if set.
The authenticated user using the Authorization header. The content in this header allows to get the corresponding user. This allows to authenticate requests. In this case, this link could help you: https://templth.wordpress.com/2015/01/05/implementing-authentication-with-tokens-for-restful-applications/.
Hope it helps you,
Thierry
Is there a way to dynamically set the endpoints in WSO2 API Manager to something other than the configured production and sandbox URLs? In my case, I want to route based on an incoming header value; resulting in something like:
https://my_dynamically_determined_subdomain.my_static_domain.com
I tried doing this with a custom handler class that writes my desired URL to the "To" header, but that doesn't seem to affect the routing.
Is there another way to accomplish this?
Your approach seems to be good. You can set "To" header dynamically. But you have to use a Default Endpoint, instead of a HTTP Endpoint. Default Endpoint will send the message to the URL found in "To" header. Please modify your inSequence of the API Configuration (found in $AM_HOME/repository/deployment/server/synapse-configs/default/api/your-api.xml) to replace the HTTP endpoint with a Default endpoint, as shown below.
If you want to do this to all of your APIs, then you can edit velocity_templates.xml so that all the APIs will be published with default endpoints automatically. Please refer this doc for more details on this. It is worth to have a look at this blog post which is discussing a similar pattern what you are trying to do.