WSO2 API Manager 2.0.0: Enabling XACML mediator - wso2

I am trying to follow the documentation Enabling Role-Based Access Control Using XACML for WSO2 API Manager 2.0.0.
But adding the features described failed,
complaining: the XACML feature 5.0.7 cannot be installed since 5.2.0 is already installed (although not visible under "installed features"). Adding XACML Mediation fails due to missing dependencies.
Anyone got this working and can share some insight?

Looks like the features in the new p2 repository has conflicts with existing ones. Basically, it's a bug. I reported this here in WSO2 APIM JIRA.
As a workaround, if you only need role based authorization, you can use oAuth2 scope based authorization.

Related

Is multitenancy supported in wso2 identity server v5.11 github releases or do I need a subscription for the same?

I am trying to utilise multitenancy feature in WSO2 by using github releases(https://github.com/wso2/product-is/releases/tag/v5.11.0). I just wanted to understand if there are any limitations for the same between enterprise version downloaded from wso2 site and github releases.
Thanks
WSO2 doesn't have an Enterprise Version of the product. Everybody uses the same base release and if you have a subscription you will be receiving product updates for bug fixes, improvements, security issues etc. Other than that there are no hidden features or limitations in the Opensource version.(Rarely some features are introduced as updates, in these cases you may not receive them) The subscription is for getting updates and getting support from WSO2.
You can read more about WSO2 subscription from here.
Adding to #YCR answer, yes, multi tenancy is supported in IS 5.11.0 and IS 6.0.0 and it was supported throughout IS 5.x series. Please see Tenant Management on WSO2 documentation.

WSO2 IS 5.10 SAML2 Toolkit Missing

I am running WSO2 IS 5.10 on [Linux 4.4.0-176-generic x86_64] and am logged in using the built in admin account. I need to troubleshoot a SAML Request generated from the testing of an IdP and SP that I have setup. I would like to use the SAML2 Toolkit from the Tools tab, but that functionality is missing. I remember this functionality being available in my 5.09 setup. Has this functionality been removed with 5.10 or is there a configuration that needs to be updated to make this available?
Image of carbon UI
You have to add a SAML enabled service provider first in that version in order to use the tool.

How to install federated authenticators in wso2 API manager 2.0?

I am trying to install following feature in wso2 API manager 2.0.
http://xacmlinfo.org/2015/05/13/federated-authenticators-in-wso2-api-manager-wso2apim/
but I am getting error in API manager's console while installations.
It seems the above package is not compatible for 2.0 version.
Please suggest me the exact version of 'Application Authenticator' feature which is compatible with wso2 AM version 2.0.
Thanks in advance
It seems the p2 repos are still not updated with the latest Authenticator versions based on Identity Application Management Server Feature 5.2.0 or above. This will be updated soon with the next release.
However you can use WSO2 IS for this use case. You can configure SSO for APIM with IS using this link . Then you can federate IS for OpenAM with this link . With that you can connect APIM with openAM.
Hope this helps.

Does WSO2 Identity Server 4.6 support obligations?

I believe that support for obligations are included in XACML 3.0, e.g.:
https://docs.wso2.org/display/IS450/Managing+Entitlement#ManagingEntitlement-ImprovementsinObligation
and that WSO2 (4.6) is supposed to support XACML 3.0. However, I haven't been able to find any information on enabling this support in WSO2.
Does anyone know if this is possible?
Thanks,
Jim
Yes. Obligations are supported by WSO2IS. It is basically about the underline XACML engine.. WSO2IS uses Balana XACML engine that supports obligations and advices. You can write a policy with obligations and try out with WSO2 Identity Server.

WSO2 compressing SAML over POST binding

I am trying to register WSO2 as a identity provider for PingOne. After configuring both PingOne and WSO2 PingOne would complain about not being able to process WSO2's SAML response.
After working with Ping technical support, we discovered that the WSO2 compresses SAML when sending it using the SAML POST binding which is a violation of the SAML specification.
I dug around on the web and it seems that the WSO2 team is already aware of this issue and it is fixed in version 4.1.1. Unfortunately, there does not seem to be a 4.1.1 download on the WSO2 page.
If the WSO2 support team monitoring stack overflow could please recommend how I should proceed to work around this issue I would greatly appreciate it.
There was such issue and it has been fixed in 4.5.0. Actually, there was a plan to release 4.1.1. But due to new features, finally it has been renamed as 4.5.0. Please download 4.5.0 from official website http://wso2.com/products/identity-server and try out it.