Redirection after authentication in wso2 api manager - wso2

I have managed to make a login page that uses the WSO2 authentication, like https://192.168.56.1:9443/store/site/pages/login.jag.
I can login through this using the same credentials that are for WSO2 server.
Question: How do I make it go to my page after I click on sign in?
By default, it takes me to https://192.168.56.1:9443/store
Suppose that I want it to redirect it to https://192.168.56.1:9443/store/site/pages/index.html

Related

WSO2 API Manager(wso2am-4.1.0) - Customize Login Pages for Developer Portal and Publisher

I'm trying to customize the login pages for the dev portal and publisher and I'm referring to the below documentation.
https://apim.docs.wso2.com/en/latest/reference/customize-product/customizations/customizing-login-pages-for-dev-portal-and-publisher/
The 1st step tells to download the Identity Server and in the 2nd step, it says to start up the server using api-manager.sh which could be a mistake.
However, I have the following questions related to the scenario.
In order to customize the login pages in APIM, should I start up the IS as a key manager as well?
Can't we customize the login pages just by using the JSP files readily available in the authentication endpoint in APIM?
I guess the documentation should be updated. You can use the existing jsp files in the authentication endpoint if you use OAuth2/OpenID. If you are using SAML, then you have to use WSO2 IS as the IDP with WSO2 API Manager.
Some samples can be found in [1].
By default API Manager uses OAuth2/OpenID. You can do the service provider configurations in API Manager. OAuth2/OpenID and SAML use the jsp files used in the authentication endpoint.
[1] - https://github.com/wso2/samples-is/tree/master/re-branding-the-default-login-page

Authorization Code grant generates 405 in WSO2 APIM

I'm trying to implement OAuth2 Authorization Code flow with WSO2 APIM 2.6 but I get a 405 method not allowed. Here is what I did
Intall WSO2 APIM (no WOS2 IS nor IS-KM is in my environment. only APIM is present)
Create a spring boot REST service with #Restcontroller. This leads to base path as http://localhost:8080
Create an API in API publisher. This point to the REST service
As admin create an application in API store and subscribe to the API. The call back URL is simply http://localhost:8080 as shown in the image below
Call the authorize method of WSO2 APIM with the following URL
https://localhost:9443/authorize?response_type=code&redirect_uri=http://localhost:8080&client_id=EaTfmmwQT4fWciN4WnU1YyyYYYsa
When I call this URL, I'm redirected to the login page of WSO2 APIM like below
I just log in with admin/admin
Upon login, I though I'd be redirected to a authorize page, but instead I'm redirected to the following error page
Coul you guyz help me here ?
You are trying with https://localhost:9443/authorize which is wrong. That is why it is redirecting to the carbon console. You can use one of the following URLs.
https://localhost:9443/oauth2/authorize
https://localhost:8243/authorize
This will prompt you to a different login page where you can use your login credentials.
https://docs.wso2.com/display/AM260/Authorization+Code+Grant

How to use Federation from a User Pool (not from an Identity Pool)!

I'm trying to use Federation from a User Pool. Note, I am not talking about Federated Identity Pool a different concept.
Is there a SignIn API for federated users or is just a hosted UI
Does the app "have to" open a browser on a Sign In URL that looks like https://XXXXXX.au=th.XXXXX.amazoncognito.com/login?response_type=code&client_id=XXXXXXXXX&redirect_uri=XXXXXXX? Can the end-user can stay inside the app, similar to how Google SignIn API on Android works (it pops up a small Google sign in UI, user clicks on their name, you're immediately back inside the app with a token.
How do I launch a browser on that Sign In URL?
How can my app be called back when the user has finished signing in?
Specifically how does my mobile app receive the token from the browser?
Is there a SignIn API for federated users or is just a hosted UI?
As far as I can tell you have to use the hosted UI when you federate a user pool to social IdPs.
How do I launch a browser on that Sign In URL?
This depends on the language and platform obviously, on Android with Xamarin you can use Xamarin.Auth.Presenters.OAuthLoginPresenter.Login() to launch a native browser Chrome at a URL specified by the OAuth2Authenticator you pass in. That OAuth2Authenticator does more than just craft the URL it gives Chrome, its stateful so when you get an answer back in the form of a code or token, you can then call methods on that object to proceed.
How can my app be called back when the user has finished signing in?
Specifically how can the browser redirecting a URL actually redirect you back inside the app. That's done via something called, Deep Links & App Links, here's that concept explained on Android.

Can I redirect away from WSO2 Identity Server Authtication Page

I am using SAML SSO to authenticate users coming to my web app. I am using the SAML SSO filter. In the login page of IS(AuthenticationEndpoint/samlsso) can I add a button to visit my web page anonymously without authentication? Who should I do the redirection?
I think you need to add button to login page where you can enter credential to authenticate the user. To get this done you will have to customize authenticationendpoint.war adding new button to the login.jsp page[1] to redirect it to your page.
[1] https://svn.wso2.org/repos/wso2/carbon/platform/branches/turing/components/identity/org.wso2.carbon.identity.application.authentication.endpoint/4.2.2/src/main/webapp/

Websphere Portal 7 Custom Login Portlet

I want to develop custom form based login portlet because I have to validate the user crendential (username/password) using calling some webservice provided by the customer as he is maintaining the user credential in his side not in the portal side, So that if the webservices returns true then I need to authenticate the user to the Portal and redirect to some specific portal page.
Note: based on the customer request, the user's password is not stored in default portal LDAP which means, I can not use the portal Login service.
How can ask the portal to authenticate some user without passing the password in my custom login portlet?
thanks in advance.
You'll want to look at the WebSphere Application Server Trust Association Interceptor mechanism for what (to the portal and appserver) is password-less authentication.
Here is a post that outlines the steps you'll take. You won't be using WPS mechanisms other than your custom portlet for gathering credentials. The rest uses a common technique in the underlying WebSphere App Server.