I want to setup Identity Server as SSO provider for my DRUPAL website, according to this URL :
https://medium.com/#iwantha/wso2-identity-server-sso-with-drupal-8-4bb8ae915c20
However, when I came to "Configuring Service Provider" section :
My Identity Server gives a blank page for the "Add" button (/carbon/application/add-service-provider.jsp)
Related
Good day. I need help with integration of RazerID into my app as custom OIDC provider in Cognito. I have done all the configurations in the user pool and when I try to log in through Hosted UI it redirects me to Razer page, then I log in, it redirects me back to localhost callback with an error message:
http://localhost:3000/?error_description=invalid_token_signature%3A+Could+not+match+the+desired+key+identifier+within+the+list+of+keys&error=invalid_request
I check the network section I am getting the code and state
Identity Provider Configuration
App Client Settings
RazerID manual: PDF
How can I get the RazerID working properly?
I'm very new in WSO2 AM and I have this scenario:
I create a new tenant on carbon, on that new tenant I create a JDBC userstore, my users are listed in the "Identity > Users and Roles" tab correctly, then I create a new Service Provider with OAuth/OpenID Connect Configuration and grant_type password.
When I want to test my configuration (¿generate a new token?) via Postman > Get New Access Token like the following Image:
When I request the token the answer is
{"error_description":"Users in the tenant domain : carbon.super do
not have access to application
myapplication","error":"invalid_grant"}
I don't understand why it tries to use the carbon.super domain when I'm using my new domain in the Access Token URL.
Searching in Google I found that when I enable my Service Provider like a "SaaS Application" can work, but when I do it the new response is:
{"error_description":"Authentication failed for
nicolas_webfile","error":"invalid_grant"}
I'm using WSO2 API Manager 2.6.0
As you're using API Manager, change the request as below.
URL: http://localhost:8243/token
Username: user#webfile.com
I am new in using wso2 identity server.
My question is:
Step-1: I using travelocity.com application.
Step-2: I have create two identity provider For Gmail and Facebook.
Step-3: Then i have create one Service Provider.
In Service Provider select "Local & Outbound Authentication Configuration".
In "Authentication Type" select "Advanced Configuration" and mapped "Local Authenticators" and "Federated Authenticators".
In Local Authenticators i have select "basic".
In "Federated Authenticators" i have select both "FacebookIDP" and "GmailIDP".
Step 4: But after Authentication from "Facebook" or "Gmail" i have to check that From which Identity Provider i have logged in travelocity.com either by Facebook or Gmail.
So i need their domain-name or anything else which identify whether it was Facebook account or Gmail account by which i logged in travelocity.com.
After authentication how i will find from which domain i got authenticate if both identity provider(Facebook and Gmail) having same email id. Because use of that domain i will check my database is this domain can i have permission or not to authenticate.
So How to get domain name after authentication from Focebook or Gmail account using wso2 identity server?
check Always send back the authenticated list of identity providers from Service provider -> Local & Outbound Authentication Configuration 1. By checking above you will get list of authenticated idps as a JWT in AuthenticatedIdPs param. You can use https://jwt.io/ to decode it. Have a look below sample. Also have a look [2].
{
"iss": "wso2",
"exp": 15526220351213000,
"iat": 1552622035121,
"idps": [
{
"idp": "LOCAL",
"authenticator": "BasicAuthenticator"
}
]
}
1 https://docs.wso2.com/display/IS570/Configuring+Local+and+Outbound+Authentication+for+a+Service+Provider
[2] Return Home Realm Identifier WSO2 Identity Server
SSO established between wso2 identity server and wso2 api manager. Added API_Publisher and API_Store as a service provider in identity server.
Created 2 tenants in Identity server, as citizen.in and business.in and created users under those tenants. When i try to login to API-M Publisher with API-URL/Publisher the page redirects to Identity server for authentication but the authentication fails.
"Login failed! Please recheck the username and password and try again."
Also checked the users in the tenants are showing in OpenLDAP
Looks like you have not enabled SaaS Application option in the service providers you created.
Ref: https://docs.wso2.com/display/AM260/Configuring+Identity+Server+as+IDP+for+SSO
WSO2 IS: 5.0.0 with service pack
documentation: https://docs.wso2.com/display/IS500/Configuring+Single+Sign-On+with+SAML+2.0
I added the travelocity.com service provider according the document.
run http://localhost:8080/travelocity.com and got authentication error. So I tried to check and modify inbound Authentication Configuration > SAML2 Web SSO Configuration, all I see is "Configure" link. Click the link, it shows "New Service Provider" page with "Register" and "Cancel" buttons. If I click Register button, I got duplicate service provider error. Does the UI support modifying SAML2 Web SSO Configuration?
I then deleted the Service Provider and add the travelocity.com service provider from scratch. However, I got duplicate service provider error too when I configure 'SAML2 Web SSO Configuration'
I am stuck. How can I get rid of duplicate service provider error?
Probably, you may have configured an another SAML2 SSO configuration with same issuer name. You can browse the registry and go to the /_system/config/repository/identity/SAMLSSO location and delete the SAML2 SSO configuration that can be found there. Then retry again.
If not, you can try with some other issuer name and see.. As in doc,then you need to provide a new issuer name in the travelocity.com application.
SAML.IssuerID=travelocitynew.com
Then in the SAML2 SSO configuration of the WSO2IS, you can create the configuration with new issuer name which is travelocitynew.com
If you try with fresh WSO2IS SP1, we can not see this issue.
The document missed one step: click 'Update' button to save whole configuration after clicking Register button new SAML2 Web SSO Configuration. Anyway, I believe it still a bug in the web console of WSO2IS.
What I did is to reinstall WSO2IS+service pack from scratch and configure it again.