I'm trying to implement OAuth2 Authorization Code flow with WSO2 APIM 2.6 but I get a 405 method not allowed. Here is what I did
Intall WSO2 APIM (no WOS2 IS nor IS-KM is in my environment. only APIM is present)
Create a spring boot REST service with #Restcontroller. This leads to base path as http://localhost:8080
Create an API in API publisher. This point to the REST service
As admin create an application in API store and subscribe to the API. The call back URL is simply http://localhost:8080 as shown in the image below
Call the authorize method of WSO2 APIM with the following URL
https://localhost:9443/authorize?response_type=code&redirect_uri=http://localhost:8080&client_id=EaTfmmwQT4fWciN4WnU1YyyYYYsa
When I call this URL, I'm redirected to the login page of WSO2 APIM like below
I just log in with admin/admin
Upon login, I though I'd be redirected to a authorize page, but instead I'm redirected to the following error page
Coul you guyz help me here ?
You are trying with https://localhost:9443/authorize which is wrong. That is why it is redirecting to the carbon console. You can use one of the following URLs.
https://localhost:9443/oauth2/authorize
https://localhost:8243/authorize
This will prompt you to a different login page where you can use your login credentials.
https://docs.wso2.com/display/AM260/Authorization+Code+Grant
Related
i using wso2 to manager my group's api,so i publish my api to wso2 Publisher. My api has its own authentication by send a bearer token.The swagger document have the authorize button ,but when i import my api definition in wso2 Publisher.the authorize button is disappear.
i have these question
1、How should I send the original beaer token?
2、when i use swagger3 definition,it show some error,swaager3 is not supported by the import function?
anyone has suggesstion?
my wso2 version is: WSO2 API-M v4.1.0
WSO2 API Manager does support Swagger2 and Open API Specification (OAS) 3 and above.
And with regard to Bearer tokens in API Manager, you can generate a bearer token using the DevPortal for your APIs. You need to create a new Applicaiton, and subscribe to your API, and then you can generate a new JWT-based bearer token.
Please check this section in detail - https://apim.docs.wso2.com/en/latest/consume/consume-api-overview/
If your backend is OAUth protected you can use Endpoint security to add OAuth configs to generate a backend bearer token when calling the API. Take a look at this document.. Also if you want to import backend certificates to API Manager take a look at this document.
I'm trying to customize the login pages for the dev portal and publisher and I'm referring to the below documentation.
https://apim.docs.wso2.com/en/latest/reference/customize-product/customizations/customizing-login-pages-for-dev-portal-and-publisher/
The 1st step tells to download the Identity Server and in the 2nd step, it says to start up the server using api-manager.sh which could be a mistake.
However, I have the following questions related to the scenario.
In order to customize the login pages in APIM, should I start up the IS as a key manager as well?
Can't we customize the login pages just by using the JSP files readily available in the authentication endpoint in APIM?
I guess the documentation should be updated. You can use the existing jsp files in the authentication endpoint if you use OAuth2/OpenID. If you are using SAML, then you have to use WSO2 IS as the IDP with WSO2 API Manager.
Some samples can be found in [1].
By default API Manager uses OAuth2/OpenID. You can do the service provider configurations in API Manager. OAuth2/OpenID and SAML use the jsp files used in the authentication endpoint.
[1] - https://github.com/wso2/samples-is/tree/master/re-branding-the-default-login-page
I have managed to make a login page that uses the WSO2 authentication, like https://192.168.56.1:9443/store/site/pages/login.jag.
I can login through this using the same credentials that are for WSO2 server.
Question: How do I make it go to my page after I click on sign in?
By default, it takes me to https://192.168.56.1:9443/store
Suppose that I want it to redirect it to https://192.168.56.1:9443/store/site/pages/index.html
I have created an custom authentication endpoint, like https://www.custom-auth.localpc, which is being redirect to by WSO2 when i try to login.
However, when I click in OK and send the POST back to http://localhost:9443/commonauth, WSO2 replies with a 302 that redirects to http://localhost:9443/https://www.custom-auth.localpc?loginStatus=true.
When I checked the console log, I found the following error:
ERROR {org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultRequestCoordinator} - Exception in Authentication Framework
org.wso2.carbon.identity.application.authentication.framework.exception.FrameworkException: No authenticator can handle the request in step : 1
The service provider that requests the login is correctly configured because it works with WSO2 default authentication endpoint.
Any thought on this?
So, the issue was quite simplier that I thought. The redirects from wso2 were more of a misdirection.
So, when submitting the data, the field username and password must be lowercase.
Any issue found with the post data, it redirects with a 302 to the carbon login page.
I think this may happen because of the canHandle() method. you can refer other custom authenticators which are using external endpoint and try these are how handle the request.
I'm trying to achieve SSO among different application. The applications are:
API Manager 1.7.0 Store
API Manager 1.7.0 Publisher
Liferay 6.2
I managed to configure Liferay to login through Identity Server Openid and to configure API Manager to login through Identity Server generated SAML Token as detailed in API Manager documentation.
The SSO is working well between api store and api publisher.
The problem is that I can't achieve SSO between Liferay and API Manager. If I login to liferay with openID and I open the store or publisher URL the user is asked for username and password again.
How can I configure the IS to implement the desired scenario?
Thanks, Paolo
Are you using IS 5.0.0 version? Normally it would create a same session for all the login in IS 5.0.0 version. it means, if you login with OpenID, SAML2 or OAuth2, it does not matter, IS creates a common session for given user. Normally it should not ask the password again. If it is asked, it can be a bug. Can you just check whether there is a cookie called commonauthid in the browser? If you are using some older version of IS, you can enable the this property <AcceptOpenIDLogin>false</AcceptOpenIDLogin> in identity.xml file