I have a Docebo LMS system, I have created SAML SSO for this system through okta, I am trying to use opensource IDP which is WSO2, I am using it in localhost server. I have created IDP that I will be using it to provide the identity authentication through the docs provided in WSO2. The problem that I am not able to see the login page. It's showing me these 3 lines:
enter image description here
I have Docebo as staging system which is uploaded Docebo SAAS server.
Any help regards this issue. ?!
Related
I'm trying to customize the login pages for the dev portal and publisher and I'm referring to the below documentation.
https://apim.docs.wso2.com/en/latest/reference/customize-product/customizations/customizing-login-pages-for-dev-portal-and-publisher/
The 1st step tells to download the Identity Server and in the 2nd step, it says to start up the server using api-manager.sh which could be a mistake.
However, I have the following questions related to the scenario.
In order to customize the login pages in APIM, should I start up the IS as a key manager as well?
Can't we customize the login pages just by using the JSP files readily available in the authentication endpoint in APIM?
I guess the documentation should be updated. You can use the existing jsp files in the authentication endpoint if you use OAuth2/OpenID. If you are using SAML, then you have to use WSO2 IS as the IDP with WSO2 API Manager.
Some samples can be found in [1].
By default API Manager uses OAuth2/OpenID. You can do the service provider configurations in API Manager. OAuth2/OpenID and SAML use the jsp files used in the authentication endpoint.
[1] - https://github.com/wso2/samples-is/tree/master/re-branding-the-default-login-page
My Use case is a very simple one . I want to use WSO2 Identity Server to implement SAML2.0 SSO in our app deployment .
We don't have an external identity provider like facebook or
google , so we want the identity server itself to act like an
identity provider , [Local Authentication ]
We want the authentication for the SP to be done against a local user
store [AD]
The SSO login is going to be IDP initiated.
The login page has to be customized.
I went through the documentation tutorials and while the architecture page does mention that all this is possible , but I could not find any actual tutorial which explains how to do this .
Can someone link me to the tutorial pages which describe how to do this or , provide a rundown of the steps required ?
Yes all of these are possible with WSO2 Identity Server. Unfortunately there isn't any single tutorial/documentation to cover this in single but I can provide you each for every step.
Configuring active directory.
SSO with SAML.
IDP Initiated SSO.
Customizing login page.
And if you need to know about more advance scenarios, please read this article.
How to integrate WSO2 am 1.10.0 with PingFederate SAML 2.0? Any instructions?
From WSO2 web site, I only saw docs on how to set up SSO among WSO2 products: https://docs.wso2.com/display/AM1100/Configuring+Single+Sign-on+with+SAML2 . But I did not see documentation on how to enable WSO2 AM 1.10.0 with external identity providers such as PingFederate via SAML2.
Any help is appreciated.
*** UPDATE:
I followed the instructions here https://docs.wso2.com/display/AM1100/Configuring+Single+Sign-on+with+SAML2 - just assuming WSO2 IS as PingIdentity. For the mojority part it's working, but I cannot generate keys when subscribing to an API. It says "invalid credentials" even if I have logged into applications and subscriptions and can create applications from /store UI.
I can confirm that this can be done without adding a separate wso2 IS server into the picture. I fixed several issues (Cannot generate keys, cannot publish APIs, etc..) by: What I did to fix the issue was to 1) add admin user inside ApiKeyValidaor in api-manager.xml also into admin user via management console and into user-mgt.xml; 2) Inside api-manager.xml:
Change the following:
https://${carbon.local.ip}:${mgt.transport.https.port}${carbon.context}/services/
to: https://[FQDN_OF_HOST}:${mgt.transport.https.port}${carbon.context}/services/
Reason is my server certificate only recorded the domain name, not ip address.
The solution was also mentioned here: wso2 am 1.10.0 API Store: "Error occurred while executing the action generateApplicationKey" with " Invalid credentials provided."
Basically, you can do this by adding PingFederate as an IDP in WSO2 AM and configuring federated SAML SSO configurations. An example of how to achieve this with Shibboleth is given in [1]. You can follow the same steps to do any configurations according to your requirement.
Refer [2] for configuring SAML SSO Federated authenticator in general
[1] https://docs.wso2.com/display/IS510/How+To%3A+Configure+Shibboleth+IdP+as+a+Trusted+Identity+Provider
[2] https://docs.wso2.com/display/IS510/Configuring+SAML+2.0+Web+SSO
we are using WSO2 Identity Server As an IDP. we have registered our application www.abcdefg.com as a Service Provider. Now when we access the www.abcdefg.com in any browser, IDP is giving us the page to enter the credentials to authenticate into www.abcdefg.com.
Now what we are looking for is, do we have any WSO2 Product where we can see how many users were authenticated into www.abcdefg.com? or can we achieve this in WSO2 Identity Server Product.
This is a feature planned for an upcoming Identity Server release and is currently under development. See the mail "[Architecture] Security Analytics" at architecture#wso2.org mailing list for more details if you are interested :)
I'm trying to achieve SSO among different application. The applications are:
API Manager 1.7.0 Store
API Manager 1.7.0 Publisher
Liferay 6.2
I managed to configure Liferay to login through Identity Server Openid and to configure API Manager to login through Identity Server generated SAML Token as detailed in API Manager documentation.
The SSO is working well between api store and api publisher.
The problem is that I can't achieve SSO between Liferay and API Manager. If I login to liferay with openID and I open the store or publisher URL the user is asked for username and password again.
How can I configure the IS to implement the desired scenario?
Thanks, Paolo
Are you using IS 5.0.0 version? Normally it would create a same session for all the login in IS 5.0.0 version. it means, if you login with OpenID, SAML2 or OAuth2, it does not matter, IS creates a common session for given user. Normally it should not ask the password again. If it is asked, it can be a bug. Can you just check whether there is a cookie called commonauthid in the browser? If you are using some older version of IS, you can enable the this property <AcceptOpenIDLogin>false</AcceptOpenIDLogin> in identity.xml file