WSO2 IS How to get oauth2 token using the user certificate - wso2

I need to obtain oauth2 token using the user certificate in WSO2 IS 5.9, where I have an OAuth2 SP configured. Is it possible to obtain a oauth2 token just with the certificate and using no password?
Cheers

Use the X509 authenticator as described in this documentation. Then you can use this authenticator in your Service Provider's Local and Outbound Authentication configurations.

Related

Federated Authentication check box for service provider disabled\grayed out

I created an external Identity provider in the wso2 identity server carbon console under Identity Providers. I want to add this identity provider to my Service provider API_PUBLISHER in wso2 identity server carbon console.
But I see the option Federated Authentication disabled under Local & Outbound Authentication Configuration for the service provider. All other options (Default,Local Authentication and Advanced Authentication) are enabled
You need to configure a federated authenticator for the external identity provider.
When you created an external identity provider, it needs a defined method to communicate with an actual identity provider like google. Federated authenticators are used for that purpose. Once you configured a federated authenticator for your external IDP, wso2is will allow you to use the external IDP with your service provider.
wso2is supports federated authentication with many popular IDPs including Google, Facebook. It also lets you configure any OAuth2, SAML and WS-Fed based IDP as well.

WSO2 Identity Server - IDP Federation with OpenID - Trace and Log Feature?

What are the debug options available at the WSO2 Identity server to trace the Identity Federation (outbound) using OpenID protocol? Are there parameters available at the log4j.properties, or service configurations that enables tracing under WSO2 Rel 5.1?
Even when the Identity Provider is configured to run with a federated lookup connecting to a remote Idp, the server is only validating locally registered accounts. Having a debug trace feature inside the server would be helpful to track the message routing and flow.
Configuration Details for Outbound Identity Federation:
Identity Provider Name: extbasicws01_openid
Display Name: extbasicws01_openid
Description: OpenID real for SSO
Federated Authenticators - OpenID Configuration
Federation Hub Identity Provider: checked
Home Realm Identifier: travelocity.com
Certificate: Public key PEM downloaded from central IdP
Alias (default URL):
Enabled OpenID - checked
Default - Specifies if OpenD is the default
OpenID server URL: central IDP URL
User ID found in 'claimed_id' - checked
Additional Query Parameters - blank
Any update on this topic? Still watching for a trace option to better track the federated mode in outbound connections, specially when using the OpenID standard. Currently testing with the Travelocity.com client and openid login. Local authentication with WSO2 Identities are answering, but outbound authentications are not sending a redirect to the external IdP. Any hints how to update the WSO2 Identity provider configuration to activate the federated mode with OpenID?
You can add the following in the {IS_HOME}/repository/conf/log4j.properties file to enable debug logs for OpenID.
log4j.logger.org.wso2.carbon.identity.application.authenticator.openid=DEBUG

WSO2 Identity Server - Federated SAML using WSO2 as Proxy Server?

Could you please clarify if there is a chance to interconnect a WSO2 Identity Server with an existing corporate IdP using the SAML as federated connection mechanism. What exactly needs to be configured to unify the realm and proxy the authentication with the external IDP?
Thanks in advance for your support.
If you use WSO2 IS as a proxy or a federation bus, then you need to register your IDP and Service provider in WSO2 IS and in your IDP you should register WSO2 IS as a service provider.
If you use WSO2 IS as your service provider, you need to register your existing IDP in WSO2 IS as IDP and WSO2 as service provider in you IDP side.
You can follow this document for more information.
Thanks!

SAML Identity Provider with a WS-Federation Service Provider

How easy or difficult it is for a SAML Identity Provider to work with a WS-Federation Service Provider? Are there tools that will allow a SAML IDp to work with any Service Provider despite the technology used?
Which side will have the most effort?
Thank you!
If each IDP only supports that protocol, then no.
Most IDP e.g. ADFS support both so can act as a bridge.
Update:
ADFS sits in the middle as a broker. It can talk SAML to SAML sites and WS-Fed to WS-Fed sites.
So you now have three STS: SAML, WS-Fed and ADFS. ADFS essentially translates between the two.
The only "tools" that are available are the stacks for SAML and WS-Fed e.g.
WIF for WS-Fed
SAML : SAML connectivity / toolkit

SAML IDP and SP at the same time with IS 4.6.0

Can I configure WSO2 Identity Server 4.6.0 as an IDP for my own SAML applications and, at the same time, configure IS as a SAML service provider to an external IDP?
I would like to achieve the following:
user access my own SAML SP, which sends an AuthnRequest to my local WSO2 IDP, which in turn forwards the user to the external IDP for authentication. And after authentication with the external IDP returns to my own SAML SP application.
The scenario seems only possible with WSO2 IS 5.0.0 and the new "identity bus" feature.