We are using WSO2 identity server for identity management for the APIs published on WSO2 API Manager.We have used sample web application(InfoRecoverySample) for recovering account information as suggested in (https://docs.wso2.com/display/IS530/Configuring+Sample+Application+for+Identity+Management).This application has been hosted on a different tomcat server instead of on the same server as WSO2 Identity server. How do we specify the trustStore absolute resource path for trustStorePath in cofiguration?
We have copied the wsocarbon.jks from identity server and pasted in the server where InfoRecoverySample is hosted by providing its absolute path, but in browser we are unable to fetch the CAPTCHA image provided by WSO2 Identity server.
Related
I have created https based api in one of the wso2 esb 5.0.0 server, so now I want to call this https api from another wso2 esb 5.0.0.server. But I am getting SSL certificate error when calling https api from another wso2 esb server.
I have tried after importing localhost and wso2carbon certificates into client trust store and also wso2carbon key stores but no luck.
Does anyone tried ?
I'm using WSO2 Identity Server 5.1.0. i want control session timeout with configure session timeout for each service provider not only for all service providers over identity server.
exist any solution or idea that it can satisfied my problem?
Service Provider's session should be managed by Service Provider itself. WSO2 Identity Server (or any other Identity Provider) doesn't have any control over Service Providers' sessions (and their timeouts). Each SP must handle their session timeouts and request the authentication from IdP.
Only thing WSO2 Identity Server have the control is the session user-agent (browser) has with Identity Server itself. In case you need to configure that, you can refer this doc. But as said above, it will be applicable to Identity Server Session only.
I have a web service hosted in a JBoss AS. Add a app running on Google App Engine. Now I want to access my web service hosted in JBoss AS only by my App Engine app and I want to restrict others from accessing my web service. How can I do that? Please help.
Use the AppEngine URL Fetch Service to call your JBoss web services from your AppEngine app. Use the HTTPS option to secure the network connection. Furthermore create request headers and payload such as to satisfy whatever JBoss security requirements you can establish between JBoss and AppEngine (for example client user authentication).
I've read source code of wso2 greg, and find that there is a tomcat embedded in it, and there are two connectors: http with port 9763 and https with port 9443. But when I type the url [http://localhost:9763/carbon] in browser, it redirect to https automatically. While I can't find the related source code about the redirecting.
Can anybody help?
thx
The Management Console (UI) of all WSO2 Carbon based products communicate with backend web service called AdminService. These services are secured and that's why it can be accessed only through https.
More info - http://charithaka.blogspot.com/2013/06/invoking-wso2-carbon-admin-services.html
Scenario:
A client calls WebService A on the LAN. WebService A is running under an App Pool with Identity "Network Service".
WebService A does some work, prepares to call WebService B.
WebService B requires a client cert (*.cer) and SSL.
WebService A is on a dedicated Windows 2003 server.
Everything works in the Dev environment as it should (but the developer with Administrator privileges is always logged on locally (no surprise!).
The certificates are stored on disk at C:\MyCertificates\
The certificate is being applied at runtime successfully in Dev with this snippet: myWebService.ClientCertificates.Add(new X509Certificate.CreateFromCertFile(certPath));
Problem:
WebService A is calling WebService B, and the returned exception is:
The request failed with HTTP status
403: Forbidden
This really means that the certificate was not sent in the request to WebService B.
I am under the assumption that installing this cert into the browser is not a solution. The browser settings typically are per-user, and I need to give the certificate to the user whose credentials the web service is running under. (e.g. Network Service, System, or whatever is in the IIS AppPool settings).
Question: How can I grant access or association to my certificate living at the specified directory location to the Network Service or other non-user account?
This Microsoft knowledgebase article may be of use:
How to call a Web service by using a client certificate for authentication in an ASP.NET Web application (MS KB901183)
Your web service 'A' would effectively be the ASP.NET application calling the web service as described in the article.