SSO using Facebook - wso2

I’ve configured SSO using JDBC user store for: my application, API Store and API Publisher. When I log in to my application and move to API Store or API Publisher, then I am automatically logged in.
I added Facebook to be the additional Identity Provider according to the documentation: https://docs.wso2.com/display/IS570/Configuring+Facebook.
I can log in on my website using Facebook data, however I am not logged in when I move to API Store or API Publisher. I have to click log in and provide data once again in API Store/Publisher.
Is there a possibility to have logging in via Facebook work the same as using JDBC user store?
I'm using WSO2 IS 5.7.0 and API Manager 2.6.0
Thanks.

Related

How to change api provider in wso2 api manager?

I am using wso2 apim 4.0.0. Some dozen of apis are deployed and published on it by admin user. Consequently the provider of those apis is admin(in wso2 db). The question that I would like to ask is if it possible to change api provider to another user. If it is then how to do that?
I tried to change it directly in wso2am_db (wso2 api manager database), but haven't succeeded.
this is not possible. Provider is user who created api. You can log in like admin, delete your api. Log in(in publisher or restfull api) like a different user and then create/deploy your api.
The API Provider will always be the user who creates the API. Directly updating the tables may result in data inconsistency. If you want to show it as owned by a different user in Developer Portal, you can add that user as Business Owner of the API, under Business Info.

How to ADD an API on WSO2 API Manager 3.1.0?

I'm trying to create a API from my ERP into WSO2 API Manager ,to access API without use API Manager I need to use a NTLM credential. I want to publish this API into API Manager, but when I trying to create and Publish , I cannot add that credentials and api does not work. where do I submit those credentials?
As you can see on this picture, I'm getting unauthorize.
API Manager Error
WSO2 API Manager v3.1.0 supports basic auth, digest auth, and mutual ssl for backend security. If you want NTLM, then you can use a class mediator. https://medium.com/#nipunadilhara/ntlm-authentication-for-wso2-esb-v6-2-0-9584c3e6713

SLO with WSO2 IS

I use APIManager 2.6.0 and IS 5.7.0. I configured SSO for api store and publisher using OAuth2.0 using this doc https://docs.wso2.com/display/AM260/Configuring+Single+Sign-on+with+OpenID+Connect.
I have a problem with SLO. When I log out in api publisher and then switch to api store then I'm logged out in api publisher but i'm still logged in api store.
Is it possible to configure SLO in the way that when I log out in one of the products then I'm logged out in all pages?
In OIDC there are three mechanisms to handle logout. OIDC Session management, OIDC back channel logout, OIDC front channel logout are them, out of these three WSO2 Identity Server supports OIDC session management [1]. But still the limitation is api store and publisher has not been written in a way to support OIDC Session management. Due to above reason its not possible to achieve your requirement.
[1] https://docs.wso2.com/display/IS570/Session+Management+with+Playground

How to authenication and Authorize End application users in wso2 api manager?

I wanted to do some POC for wso2 API manager where API Manager will expose login and registration url which will be called by UI layer but wanted to handle end user authorization and authentication
in API manager layer and don't want to handle this in database how can I do this i don't to use Identity server also.
I have gone through password grant_type tutorial and we can use this but how the authorization is going to performed?
Do we need to maintain user details in separate database or in identity server? if yes how this is going to happen.
I have gone through below questions but didn't get exact solution, please help me on this.
authorize user in wso2 api manager
wso2 api manager end-user
Thanks
how can I do this i don't to use Identity server also
By default you should be using the provided OAuth2 endpoints to authorize the users. However - the API Manager itselfs doesn't support self-registration and account verification.
I'd suggest to configure a WSO2 Identity Server as an APIM Key manager.
The WSO2IS has capability for self-registration and account verification.
The application or users will authenticate against the WSO2IS and the returned token will be valid for APIM (as the KeyManager shares the database with tokens).

WSO2 API Manager authentication through single page app

I am new to WSO2 API Manager. I have installed it to proxy my REST endpoints and to do access management via oAuth2.
Great! I managed to get access to my backend REST implementation through the oAuth2 process of API Manager (via API console). Now I want to setup the complete roundtrip starting from a user authentication process where identity is verified with corresponding roles. So...
Next I want to create a single page app and bring an authentication step by either redirect the user to a login page (authentication service) or let the user interact with single app page directly and let the single app page do the login to some authentication service.
Question:
Can I use the Key Manager component of the API Manager to handle user authentication (oAuth2 based) or do I need to install the WSO2 Identity Server to handle the authentication?
I see that WSO2 API Manager can host Users and Roles, a User Store and an endpoint to handle (authz) token requests, but can it also handle a login (authentication) request from my single app?
You can use APIM with OAuth2 Authorization code grant type. See this sample in identity server docs, but use below endpoints of APIM instead of IS endpoints.
https://localhost:8243/authorize
https://localhost:8243/token