I was wondering if there is an option for users who want to use the store but have forgotten their password
Currently the WSO2 sign-in page looks like this:
I have set the following in < APIM_HOME >/repository/conf/identity/identity-mgt.properties:
Identity.Listener.Enable=true
Notification.Sending.Enable=true
Notification.Expire.Time=3
Notification.Sending.Internally.Managed=true
UserAccount.Recovery.Enable=true
Captcha.Verification.Internally.Managed=true
I'm assuming the email settings for the same are in < APIM_HOME >/repository/conf/email/email-admin-config.xml
Anyhow, after applying the above settings and restarting the server, the sign-in page remained the same.
Is there some configuration to enable an option on the sign-in page (eg. Forgot password/Reset password)?
Also, are there any additional settings that need to be configured for it to work as expected?
API Manager Store/Publisher UIs do not support this out-of-the-box. But you can achieve this with WSO2 Identity server. (You can use the same identity server, as key manager node of the APIM setup)
Please refer to IS docs. A sample webapp also available here.
Related
I have followed this guide for customizing login pages: https://docs.wso2.com/display/IS500/Customizing+Login+Pages
This is all fine.
I have checked out the code from version 4.3.3 and made local changes to:
https://github.com/wso2/carbon-identity/tree/release-4.3.3/components/identity/org.wso2.carbon.identity.application.authentication.endpoint
When dealing with OpenIDConnect/OAuth2 , there are more pages than just the login.jsp involved e.g the page oauth2_authz.jsp. This is also not a problem when replacing the default authenticationendpoint.war with my modified authenticationendpoint.war.
Problems arise however when trying to separately host the custom authenticationendpoint.war under a different URL.
WSO2 Identity Server is configured with an absolute URL to the AuthenticationEndpoint:
<AuthenticationEndpointURL>http://localhost:9990/login.do</AuthenticationEndpointURL>
And the form of my login.jsp is altered to submit back to the absolute URL for WSO2 Identity Server, instead of the relative URL ../commonauth.
<form action="https://localhost:9443/commonauth"...
The problems I see is that I am correctly redirected to my custom login page, but the authz page (list of Claims and buttons for Approve | Approve Always | Deny) is still the default page hosted inside WSO2.
I want WSO2 Identity Server to use of all my customized pages, not just login.jsp.
These would typically be
oauth2_authz.jsp
oauth2_consent.jsp
oauth2_error.jsp
Can anyone suggest how to accomplish this or point to some documentation about this?
This was addressed in WSO2IS 5.1.0 with IDENTITY-2977. With relevant changes, you can customize samlsso_login, oauth2_authz, oauth2_error and oauth2_consent URLs using configuration available in web.xml file of authenticationendpoint.war. Please refer to relevant section of the web.xml for further details.
I need to add the emailaddress which is stored in LDAP as part of the SAML Response. I read a few articles like http://sureshatt.blogspot.co.uk/2012/11/getting-user-claims-over-saml-sso-token.html
but could not get it working. I am using wso2 IS 5.0 version. Whenever I add the claim on the sp configuration save it and when I go back to the screen I could not find the claims that I added earlier. Please help.
Regards
Jay
In IS 5.0.0, configurations have been changed. Therefore you need to do some more things to return the attribute.
First please go to the user profile of the user and verify whether LDAP attribute is properly displayed there. Then we can sure that claim mappings are fine.
In SAML2 SSO SP configuration you need to enable attribute profile. Tick on Enable Attribute Profile Also make sure to tick on Include Attributes in the Response Always. Then you do not want to send the consumer index in SAML auth request.
Then please go to SP configuration page and configure the attributes (claims) that you want to send to the SP.
It is better, if you can go through this blog, It contains all details how you can configure it with IS 5.0.0
I just have a question regarding to Identity Provider URL.Is it possible if i would like to modify|custom|extend the Identity Provider URL? (localhost:9443/samlsso)
I currently run two SSO (SAML2) enabled apps on my local tomcat on localhost and name app1 and app2. The behavior of the applications is to redirect to login panel when the user is trying to access the applications. Since it is SSO enabled, it redirect to WSO2IS login panel. If both application are not logged in and redirected to the SSO login page of WSO2IS. The first one to login works successfully. Because the first one already logged, the second one doesn't need to be sign on again. But i would like to make the second one must be sign on again because there are 2 different issue name and i intend to use the issue name for the filter or condition
I am using WSO2 identity server 4.6.0
Regards,
The question is bit unclear to me. Is it that you don't want SSO between webapps, but only between webapp and IDP? Then it seems, it's not complete SAML SSO scenario.
Still for the filtering, you may be able to write a 'custom authenticator', implementing the interface 'org.wso2.carbon.core.services.authentication.CarbonServerAuthenticator' and engage it in the flow.
I would like to disable the default wso2 identity server functionality that allows new users to sign themselves up (wso2is user guide description).
Instead, I would only like the administrator to be able to create new users. Is this possible? How do I configure this?
It is possible to disable users from registering themselves on the WSO2 identity server.
The steps to follow for disabling users from self registering can be found here
I have a situation where I need to setup a standalone version of wso2 Identity Server and have that act as the SSO provider into all of the products in Stratos.
Currently I have Stratos Identity Server configured so that I can login via the standalone Identity Server, using admin.
However, if I use another user I either
get a "Authorization Failure"
or cannot login.
First Question
1) I have the same user created in both Identity Server (that is not admin). Why would I get the "Authorization Failure" ?
Second Question
2) Why is it I can not even get to the "Authorization Failure" problem if I have a user created with username in format of user#domain.com ?
UPDATE:
I figured out that if I remove the property tags in user-mgt.xml that reference the usernames with regular expressions I am able to create usernames in the format of name#domain.com. But I am still unable to use that username to login, the error log says that the account has not been activated.
I also created two instances of wso2 identity server and configured them in such a way to test being able to use one to login to the other. I was able to do this by making sure that the same username and password was in both servers list of users. This way I do not get the "Authorization Failure"
The answers I came up with.
1. I need to have the same username and password in each Identity Server.
2. I cannot have format name#domain.com unless I have Multi-tenancy configured. Otherwise wso2 will try to find the ACTIVATE field in the Tenant table and not find it.
UPDATE: I got this installed and configured and it turned out that I now get another error about
Issuer details are not valid. Issuer details should be registered in advance
So my answer turned out not to to be valid.
I wonder why I get this new login failure?
UPDATE RESOLVED!!:
I resolved this problem by downloading just the wso2 stratos IS 1.5.2 package. I installed it. Configured with same configuration I was using before. Now I can login without problems across domains.