I am trying to integrate WSO2 Identity Server with a Mock SAML2 Identity Provider.
Currently the Mock SAML 2.0 Identity Provider only support SAML Artifact binding.
I have configured a federated SAML 2.0 Web SSO base on the guide found from this link:
https://is.docs.wso2.com/en/latest/learn/configuring-saml-2.0-web-sso/
The WSO2is as Service provider is able to redirect the user to the Mock SAML 2.0 Identity provider and after successful authentication with the Mock SAML 2.0 Identity Server, the Mock SAML 2.0 Identity Server need to redirect to a endpoint at WSO2is with the "?SAMLart=" support.
After looking around, the default https://localhost:9443/acs does not support "?SAMLart=".
May I ask does wso2is support this type of setup?
Thank You.
Related
I have setup an environment with WSO2 Identity Server(wso2is-km-5.9.0) on Node 1 and WSO2 Api Manager(wso2am-3.0.0) on Node 2 where Node 1 serves all token related requests.
And my aim is to acheive SSO between all service providers that I on-board to this setup, but in WSO2 API manager(3.0.0) the publisher and devportal are by default SAML integrated with API- manager.
How do I change SSO login of Devportal and Publisher from API-manager to Identity-Server, as the Publisher and Devportal are now using token issued by API-manager and the Service Providers are using token issued by Identity server, therefore SSO is not happening between these entities.
To achieve SSO between saml apps in APIM, you can configure IS as a federated IDP in APIM and do SSO with Identity Server.
Please refer to this document to configure Identity Server as an IDP for SSO https://apim.docs.wso2.com/en/latest/Learn/Extensions/SAML2SSO/configuring-identity-server-as-idp-for-sso/
i m new learner for wso2
wso2 - oauth, user Management and my other service available in predix.
so i have used wso2 identity server for oauth and user management.
Problem :
1) how to integrate predix(idp)
2) how to used this things using REST API
For your first question, I understood that you need to integrate the mentioned Idp as federated Identity Provider in WSO2 Identity Server. Doc - https://docs.wso2.com/display/IS570/Configuring+Federated+Authentication guides the steps to configure federated authentication.
Currently, WSO2 IS don't have a build in authenticator for the Prefix. But as the Prefix support OIDC flow, you should be able to WSO2 OIDC federated authenticator. Steps can be found here
I haven't got the chance to test with Prefix. But it needs to work
I need to expose an api via WSO2 Api-Manager and I want protect my api not with oAuth2 but via SAML autentication, actually I need to use the APi-Manager as SAML SP.
Therefore I need protect the may api and if a user isn't authenticated on SAML IDP presents the SAML IDP login page.
Is it possible do that with WSO2 Api-Manger or the SAML OSS is releated only for Web SSO for /carbon, /pubblish and /store web app?
thank you for the help!
OAuth2 is for authorization. You can use SAML for authentication and use APIM's SAML grant type to get an OAuth2 token using the SAML assertion.
https://docs.wso2.com/display/AM210/SAML+Extension+Grant
I am new to WSO2 API Manager and Identity Server. I have one requirement - to use customized OAUTH2.0 in WSO2 IS with WSO2 API Manager. Could you please let me know If there are any samples or examples for this requirement.
You can register your custom Oauth Provider as IDP in WSO2 Identity Server. You can refere this blog [Federated Authentication] OpenID-Connect IDP with WSO2 Identity Server on how to do that.
WSO2 API Manager don't support this. So, You have to combine WSO2 Identity Server with API Manager (Identity Server as Key Manager with API Manager).
Does WSO2 support a use case wherein its a SAML service provider instead of being an Identity provider?
I want to do a sample use case where wso2 is the identity provider and another instance that is a service provider. Is it possible to use wso2 as a service provider.
Yes.. It is possible, Because WSO2 Carbon product has an authentication framework that we can plug any authenticators. There is SAML2 SSO authenticator (Relying part) that can be plugged with Carbon server. You can find more details about it from WSO2 documentation from here