I have several different WSO2 Identity servers with different store of users in several companies. I can't remove them or make only one instead of them.
Now I need to make main WSO2IS server that would be integrate all of them to one. So users of one of source IS can be auth by there server and by main server.
How I can do this task?
I found next link with same information:
https://docs.wso2.com/display/IS510/Login+to+the+Identity+Server+Using+Another+Identity+Server+-+SAML2
Thank you farasath for comment.
Related
WSO2 reached out to me in Twitter and told me to put a question here if I had one.
My client wants to customize (for now it only means changing the layout of things) the API Publisher and API Store from a WSO2 API Manager 2.0.0.
Since I know that inevitably we will get to the point where the changes are going to be profound and require external libraries for new functionality (we have a library of AngularJS code which I know they will want to use), I want to know:
What is the official, recommended way to customize and extend the web applications for the API Store and the API Publisher? I need to have version control, unit testing, etc.
Is there a way to move these web apps out of the APIM server and into their own server? All our UI applications are hosted in a specific server.
Realistically, how much change can I introduce before make making an awful mess?
Thank you.
You can create new themes and subthemes for API publisher and store UIs. You can refer docs here.
Please note that publisher and store apps are written in Jaggery. You need a Jaggery server to host Jaggery apps.
If you want to add more functionality to the UI, you can either write jaggery, or you'll have to write your own web application (maybe with AngularJS or any other). In that case, you can use APIM REST APIs to talk to APIM backend.
I have developed a REST web service using JAX-RS, hosted on Apache Tomcat server. I used Eclipse for developing this and hosted on a Windows 7 Enterprise machine. Now I need to provide Kerberos Authentication to access my service from any client (for example SoapUI). I have tried to get information from many sites but, all I get is configurations on linux machines.
I'm a newbie to the security concepts and authentication mechanisms and architectures, I would appreciate a good detailed explanation.
Here is a good description of how to integrate Tomcat with Windows authentication:
https://tomcat.apache.org/tomcat-7.0-doc/windows-auth-howto.html
Please note that there might be 2 separate things you might want, I'm not sure which one you are looking for.
Authenticate transparently with the Kerberos tickets the user already has.
Authenticate with username+password always, using MS AD to check them.
The first is always transparent, meaning the user does not have to enter username+password again. In the second one she obviously has to.
If you are looking for other services (like SoapUI) to access your services with Kerberos tickets, then those services would need to get a ticket themselves. If you just want those services to use username+password (instead of Kerberos), then you don't need a ticket of course.
Edit after clarification: Using username+password from a windows domain actually does not involve Kerberos at all. It is using LDAP to authenticate, which maps to JNDI in Java. There is a JNDIRealm in Tomcat to set it up, described here:
https://tomcat.apache.org/tomcat-7.0-doc/realm-howto.html#JNDIRealm
Update: I need more investigation to be able to ask.
I have a server that handles all my requests to Facebook on behalf of mobile clients. To secure the access_token from the Facebook user, Facebook recommends using appsecret_proof. I have more then one app.
Question: is it possible to get a appsecret_proof that covers all apps. Kind of like token_for_business is covering ids?
Update: I need more investigation to be able to ask.
appsecret_proof includes the App Secret, so of course you need a new appsecret_proof for every single App. Not sure why you would try using the same one for different Apps though, token_for_business is for something completely different: to identify a User between different Apps.
We would like to have a single WSO2 Identity Server (4.5.0) serve many different applications.
However, we cannot give the admin password (listed in user-mgt.xml) to all these dev teams.
But these dev teams will need to write software that will be calling the PDP/PIP WSO2 APIs.
So, we must have separate accounts for each dev team. We want these LDAP accounts in a single 'admin' LDAP group. And we want them to connect and execute these WSO2 APIs with these accounts.
Is that possible? Let me know if that does not make sense.
Yes, this is possible. You can configure different roles with different permission levels and assign each user to each of these roles. Following document will help you.
[1] - http://docs.wso2.com/display/IS450/Configuring+Roles
Thanks,
Pushpalanka
I am new to developing web services using java. I have an academic project where I need to do dynamic service composition. For that I can't directly create a service-client for a particular service because if I do so then that client will call that particular service only. Client need to search various web services and then out of those services select any one at run time and also call that service at run time.
I was able to develop the web service(JAX-WS) using Eclipse(indigo), I also created the client for that web service and every thing is working fine. Now my problem is that while creating the client I am hard coding the client to call that particular web service only(since I am creating the client using the WSDL file of the service). However I actually need to call any one of the searched service, but for that I need to publish the service some where then discover it and then call it.
I tried publishing the service to juddiv3. But on juddiv3 I could only publish the sample service supplied with the juddiv3. When I try to publish service created by me then it is not getting displayed in the group of published services.
Is there any other UDDI server which I could install on my local machine and then publish and discover the service from that. Also I was not able to figure out how to create a client that will modify itself at run time to call any one service out of various searched services.
Kindly provide the necessary steps and code.
Thanks
You can use jUDDI (http://juddi.apache.org/ ).
juddi is based on UDDI v2.0, v 3.0 .
Here, you can publish as well as discover your web service.
For integration, you have to make some application which integrates with jUDDI.
But I think for your academic project, and for your purpose, jUDDI is best suitable! ( :) )
jUDDI has a boat load of examples in the source code trunk. You may want to check them out. It's difficult to guess what the problem is from the little information you've provided. Consider contacting the jUDDI team for further assistance. http://svn.apache.org/repos/asf/juddi/trunk/juddi-examples/. There's also additional document for working with UDDI in the jUDDI user's guide, which is at the jUDDI web site
You cannot directly publish on jUDDI. You need to create publisher entities in jUDDI server also. You'll find Rename4Sales and Rename4Marketing examples in 'Classes' folder in the standalone server's juddi application. Use these XMLs as your basis and create your own entity. You also need to configure the server's login credentials.
I suggest you follow the tutorials on jUDDI blog.