On sign up into WSO2 store, a default app is created for the user. How can we restrict it? Also, can we limit the number of applications, the new users can create in the store? Thanks!
You cannot restrict the default application and the number of applications that can be created. But if you use a Store custom theme, you can hide the default app in Store if required. https://docs.wso2.com/display/AM260/Customizing+the+API+Store
Related
How can i change these hardcoded ID's CLIENT_ID,CLIENT_SECRET,TENANT_ID in settings.py depending upon the tenants logged in users
I had implemented django SSO using django_auth_adfs. How can i change these ID's value dynamically based on individual users of each tenant logged in
Try using this package django-extra-settings, it will allow you to separate settings per tenant.
i suggest adding a signal to Client model, that sets those settings after client schema/database is created (make sure you are changing the correct schema/database).
I am creating a flask app to be used internally in my company. I would like to restrict what a user can do it based on its login ID. I read a lot about using LDAP3 but I don't think I can do what want which send the login ID to the server. There I would have a table which will register which part of the system has the permition to edit. If it try to change somenthing not permited the app will retrieve a warning message.
I won't to do that to avoid having to create a separate login functionality just for this app. I read that I should use AD authentication but I am not very familiarized with that and I would also like to avoid having to ask our IT department to create user groups there for each part of my system.
I know that I can do that using ASP .NET (at least I did once).
Any guidance will be apreciated.
I think you are looking for Role-based Authorization.
In order to use this functionality you will need to implement roles on your model file per the Data-models documentation.
This will allow you to assign users a role when they are created, and you can use a decorator on your routes to 'require' the user to have the role you want them to have before they access the endpoint.
I'm using WSO2 Identity Server 5.3.0 and several LDAP user stores.
I need to integrate AWS as a service provider and WSO2 IS as identity provider.
The situation is: I have lots of users stored in the user stores and some of them have specific roles that should be allowed to login to AWS service. So far I don't have the possibility to alter / update the current user stores.
That's why I'm trying to figure out a way to populate / generate / translate / calculate the value of a claim based on an already stored attribute in the user store.
I have a sort of table with the groups coming from LDAP's memberOf attribute a user could belong to and their equivalences to AWS attributes that should be stored in specific claims in order for AWS to allow that user to enter certain services.
The end user is willing to solve this situation within the WSO2 IS component without altering the stores content.
I'm wondering if the only way to do this is writing a custom User Store Manager or a Custom Claim Handler [1] to deal with this particular situation or there is a more standard way to accomplish this.
I will appreciate any input, thanks in advance
[1] http://pushpalankajaya.blogspot.ca/2014/07/adding-custom-claims-to-saml-response.html
I think Claim Handler is the right place to implement your logic. You can find a sample in https://github.com/mefarazath/CustomClaimHandler
Is possible to set a Service Provider to use a specific user store?
Ex.: I have a secondary user store, foo.com that uses JDBC, and other secondary user store, foo.net that uses LDAP.
I have two service providers, I want tha first SP called mobile uses the foo.com user store only to authenticate via oauth2, and the other SP foo.net uses the foo.net user store.
Thats is possible?
Thank you.
This is really what I want to know. Multiple tenant is a solution. Make this two service providers belong to different tenants.Then service providers can use different user store.
However, I think there should be other solutions.
For authenticate functionality you don't have to bind Service Provider with specific User store. In mobile application scenario it will recursively go through all user stores and user will be authenticated against foo.com user store. In order to provide comprehensive answer can please provide what are the protocols you are using in both service providers like in first SP oauth, saml and second SP saml, scim.
I need to add new user in Wso2 CEP (3.1.0) and I know that is possible by "clicking" few steps in console (example from documentation). I wonder if it possible to add new user without login into console, but connect to H2 database and insert user there?
I know that new user is save into "UM_USER" table.
Maybe someone knows what class write user into H2, how passowrd is enrcypted and what is "UM_SALT_VALUE" and why I need it?
If all you want is to manage users programmatically, a better way rather than trying to modify H2 DB is to do it through the relevant admin service. This way you don't have to bother about the underlying user-store or the salt values used for hashing passwords etc.
In Carbon-based products, most of the configurations done through the web console can be done programmatically by calling the relevant admin web service, such as user management, adding/managing deployment artifacts etc.
So for you use case, you can use the User Management admin service at:
https://localhost:9443/services/UserAdmin?wsdl
Note that in order to access this wsdl, you should make these admin service wsdl's visible by editing <CEP>/repository/conf/carbon.xml and restart the server.
<HideAdminServiceWSDLs>false</HideAdminServiceWSDLs>