I noticed that assertion from WSO2 Identity Server have not property SessionNotOnOrAfter in AuthnStatement.
How can I force it to be added?
How #farasath said, this was added in later versions than 5.1.0.
For 5.1.0 workaround can be retrieving expiration time of session from NotOnOrAfter property in Conditions tag in assertion.
Related
After login successfully in WSO2 IS. the system will return a cookie (session) and I don't know We can have api to check valid/invalid session( cookie) or not in WSO2 IS?
As of now (IS 5.1.0), there is no API in the IS side to validate a cookie. But, there are set of session related configurations you can do in the client side such as configuring remember me period, clean up tasks, caching which might be useful to meet your requirement.
If you are using IS 5.0.0 + SP1 refer here for more information.
If you are using IS 5.1.0 refer here.
I have attempted to migrate our HA configuration of Identity Server from 5.0.0 to 5.1.0 and after the migration my SAML based Service Providers fail.
Users attempting to authenticate for a SAML based SP see
"A Service Provider with the Issuer 'reallyGreatSAMLService' is not registered".
When I attempt to view the SAML configuration in the SP’s setting page, the SAML settings are missing.
When I use the Registry Browser, all SAML entries are missing.
Any suggestion where in my data I should start looking to solve this problem?
This appears to be similar to WSO2IS after upgrading to 5.1.0 SPs is disappering other than it doesn’t explicitly mention SAML.
Thanks,
…pat
Turns out the process I was given to create the new EIS HOME failed to copy the configuration changes for the remote registry.
The migration was looking for '/_system/config/repository/identity/SAMLSSO'
My system was configured for '/_system/asNodes/repository/identity/SAMLSSO'
http://wso2.com/library/tutorials/2010/04/sharing-registry-space-across-multiple-product-instances/#DS_Strategy_B
In repository/conf/registry.xml I changed the configuration as follows -
<mount overwrite="true" path="/_system/config">
<instanceId>instanceid</instanceId>
<!--targetPath>/_system/config</targetPath-->
<targetPath>/_system/asNodes</targetPath>
</mount>
...pat
I installed v5.1.0 of wso2 identity server and executed an OpenID Connect flow. Finally, I wanted user profile information to be retrieved from the server (via /oauth2/userinfo endpoint).
In contrast to other mailings, I only receive a one-item-answer { "sub":"admin }. By default, there should also be phone_number, email and others. It used the playground2 application to verify and yes, only { "sub":"admin" } is returned.
I used scope=openid for the authz code request as well as schema=openid in the /userinfo query as in the descriptions.
I tried to set various claims in http://wso2.org/oidc/claim to supported, required, etc. but no change.
How to I configure the server to return more details?
Any ideas?
This seems to be a known issue in Identity Server 5.1.0 and this is reported here. You can follow the discussion and try applying the fixes as patches to identity server. Other wise you can try 5.2.0-M1 or a later version which this issue has been fixed.
While trying out the new version of WSO2 Identity Server 5.1.0 I'm having problems returning claims in the SAML response. While this worked in WSO2 IS 5.0.0 SP1. I've mapped the required claims and added them to my SP, also I configured the SP to always return the user attributes.
I've configured the SP claim mapping:
My SAML configuration:
Any help is greatly appreciated. I'm getting the feeling this might be a bug.
EDIT: In WSO2 5.1.0 it is required to add the Attribute Consuming Service Index to the SAML Request. In WSO2 5.0.0 SP1 it worked even without setting this value in the SAML Request.
If I got you correctly, You can authenticate from IS without any errors, but didn't get claims on SAML response.
I have tried this with Travelocity sample. It is working as expected. I got the user claims in the SAML response. According to the screen shots that you have attached, you have done the configurations correctly.
Please check & verify that you have values on these mapped claims. If there is no values in user's profile, claims will not be in SAML response.
You can check this with SSO Tracer or SAML Tracer.
I using Identity Server as openid provider.And I add some claims to request,such as "http://axschema.org/contact/email".Then I successfully log in. However, I get null from the response.Why? Please help me.
There bug reported here and here for this behaviour. And, those were fixed and available from next release version of Identity Server 5.1.0.
WSO2 Identity Server 5.1.0 Alpha2 Released and can be downloaded from here