I am currently using stream processor and was exploring to use oauth2 authorization while creating siddhi apps
Basically, WSO2 Identity Server can act a Identity provider for authorization for stream processor.
Is there any provision present currently in 4.3.0 SP version.
Thanks
Yes, you have to use External IDP client https://docs.wso2.com/display/SP430/User+Management+via+the+IdP+Client+Interface#UserManagementviatheIdPClientInterface-ExternalIdPClient
Related
We are currently have 2.6.0 wso2 api manager and we hace a requirements to add multi factor authentication for our wso2 api manager.I have got the steps to add multi factor authentication for wso2 identity server from the official documentstion(given link below).Can u clarify if the steps are same for both identity server and api manager. Can u also clarify whether we can implement this steps in 2.6.0 version wso2 api manager.
I have referred the below link for enabling MFA
https://is.docs.wso2.com/en/latest/learn/configuring-sms-otp/
As out-of-the-box, the WSO2 API Manager doesn't support full-fledged Identity capabilities. Therefore, if you want to secure your Portals with MFA, it is recommended to configure an Identity Server as Key Manager with WSO2 API Manager.
Follow this documentation to configure WSO2 Identity Server as Key Manager with WSO2 API Manager v2.6.0.
Can WSO2 API Manager be used with a separate Identity Server as IdP, without sharing the database? All documentation and tutorials point to a special version of IS and sharing the database, and I'd like to avoid that.
You can configure WSO2 API Manager with an external IDP without using WSO2 IS. I think this blog will be helpful for you. In this blog, Keycloak has been used as the federated IDP for SSO.
Thanks.
Yes, you can configure IS as federated Identity Provider. This blog has steps to configure WSO2 IS as federated IdP for API Manager.
i m new learner for wso2
wso2 - oauth, user Management and my other service available in predix.
so i have used wso2 identity server for oauth and user management.
Problem :
1) how to integrate predix(idp)
2) how to used this things using REST API
For your first question, I understood that you need to integrate the mentioned Idp as federated Identity Provider in WSO2 Identity Server. Doc - https://docs.wso2.com/display/IS570/Configuring+Federated+Authentication guides the steps to configure federated authentication.
Currently, WSO2 IS don't have a build in authenticator for the Prefix. But as the Prefix support OIDC flow, you should be able to WSO2 OIDC federated authenticator. Steps can be found here
I haven't got the chance to test with Prefix. But it needs to work
I am trying to use wso2 identification server as authorization center:
there are several system, they share same user information
I want them to utilize identification server to perform authentication and authorization
In current research, I have found the API which I can use to perform authentication, and also soap api to perform user/group/permission management soap api
But I could not find the api which I can use to perform authorization request? So far those code are written in AuthrozationMgrJDBCImpl, there is no soap API expose those API.
Is there anybody know such API?
Yes.. WSO2 Identity Server can be used as centralized authorization management. There are two approaches
Use XACML capabilities of the WSO2IS. This is the standard way. WSO2IS can act as XACML PDP. You can create policies for different appolications. PDP is exposed as web service API, Application can call this web service API to receive authorization decision based on the policies. You can see the WSDL by pointing to https://localhost:9443/services/EntitlementService?wsdl. You can find more details on XACML and WSO2IS from here.
Use "AuthorizationAdminService" services. This is a custom way that you have referred. WSO2IS stores permission data in its own database and manage it through JDBCAuthorizationManager. However it only supports for RBAC. (in XACML you can use ABAC). you can see the WSDL by pointing to https://localhost:9443/services/AuthorizationAdminService?wsdl.
Note : You can see the WSDL of this service. But it is not exposed by default. Please go through this OS question. Also "AuthorizationAdminService" service available only after WSO2IS 450 version.
Does WSO2 support a use case wherein its a SAML service provider instead of being an Identity provider?
I want to do a sample use case where wso2 is the identity provider and another instance that is a service provider. Is it possible to use wso2 as a service provider.
Yes.. It is possible, Because WSO2 Carbon product has an authentication framework that we can plug any authenticators. There is SAML2 SSO authenticator (Relying part) that can be plugged with Carbon server. You can find more details about it from WSO2 documentation from here