How should WSO2 Identity Server be configured with Office365 Federated Authentication to access MS Graph API?
I followed the steps in the link below but not clear on how to get the access token to use for MS Graph API.
https://medium.com/#piraveenaparalogarajah/configuring-microsoft-azure-ad-authenticator-as-federated-idp-in-wso2-identity-server-f79f5e1d7222
The Playground2 app returns an ID Token which I tried using to access some endpoints using Postman but I'm getting invalid token.
WSO2 Identity Server can connect to Office365 in several authentication mechanisms. You can refer [1] for more information.
[1] https://is.docs.wso2.com/en/latest/learn/logging-in-to-office365-using-wso2-identity-server/
Related
I use WSO2 API Manager 2.5.0 and authorization code grant for getting access token. But now I need to authenticate my mobile client. I can't keep client secret at mobile client. And I found that authorization code grant support Proof Key for Code Exchange (PKCE) without necessity to send client secret on the second step of the flow (https://www.oauth.com/oauth2-servers/pkce/). But I not found any setting in WSO2 API Manager Store connected with PKCE.
Is authorization code grant using PKCE supported in WSO2 API Manager?
Our app implements OAuth 2.0 code grant flow.
In identity server we use Identity Provider with OAuth2/OpenID Connect federated authenticator Azure AD. Azure AD successfully sends access token from login.microsoftonline.com/.../oauth2/v2.0/token endpoint to identity server's callback uri.
IS replaces this token with own value and sends it back to the application. The problem is we need to use original token from Azure to query MS graph API. So the question is how to force IS to keep original access token or is there any way to fetch it somehow from there?
I am using WSO2 API manager 2.0.0 and WSO2 identity server 5.1.0 to manage my Toolkit REST APIs. Both the servers share an user store and have settings to maintain authentication session. SSO is not configured yet.
Reference:
https://docs.wso2.com/display/IS510/Enabling+Authentication+Session+Persistence
The first step is to authenticate into Toolkit (works) and the next step is to assign location (fails with 401 error). How to maintain a session between the 2 calls?
In WSO2 API Manager, the default authentication mechanism is OAuth2. So you need to send an OAuth2 access token with your REST API calls for authentication.
If you enabled SSO, you get an SAML assertion when you login. Then you can use that assertion to retrieve an access token using the SAML Bearer Grant Type. Documentation can be found here.
I am very new to wso2 API manager. Sometimes an application might need to call a service in another application on behalf of a user. How can we make this in wso2 API manager by configuring Signed JWT Authenticator as like Google OAuth 2.0 Authorization Server?
If user is authenticated by saml2 in the application, then application can get the oauth token using saml token and invoke the apis on behalf of user.
check following links for more detail
1.http://shafreenanfar.blogspot.in/2014/02/exchanging-sml2-token-to-oauth2-token.html
2.http://pushpalankajaya.blogspot.in/2014/01/invoking-apis-using-web-app-with-oauth2.html
It is possible to authenticate users with Facebook account, google account, twitter etc... through Oauth? (In the case of a web application try to access to a protected ressource)
I understood that WSO2 Identity Server can act as an authorization server and provides its own access token but it is possible to authenticate user if facebook or google provide access token after user authorize retrieving its info?
Oauth is supported in identity server, but I doubt if it is necessary to have two of this authentication server together :) ?