I have attempted to migrate our HA configuration of Identity Server from 5.0.0 to 5.1.0 and after the migration my SAML based Service Providers fail.
Users attempting to authenticate for a SAML based SP see
"A Service Provider with the Issuer 'reallyGreatSAMLService' is not registered".
When I attempt to view the SAML configuration in the SP’s setting page, the SAML settings are missing.
When I use the Registry Browser, all SAML entries are missing.
Any suggestion where in my data I should start looking to solve this problem?
This appears to be similar to WSO2IS after upgrading to 5.1.0 SPs is disappering other than it doesn’t explicitly mention SAML.
Thanks,
…pat
Turns out the process I was given to create the new EIS HOME failed to copy the configuration changes for the remote registry.
The migration was looking for '/_system/config/repository/identity/SAMLSSO'
My system was configured for '/_system/asNodes/repository/identity/SAMLSSO'
http://wso2.com/library/tutorials/2010/04/sharing-registry-space-across-multiple-product-instances/#DS_Strategy_B
In repository/conf/registry.xml I changed the configuration as follows -
<mount overwrite="true" path="/_system/config">
<instanceId>instanceid</instanceId>
<!--targetPath>/_system/config</targetPath-->
<targetPath>/_system/asNodes</targetPath>
</mount>
...pat
Related
Should be an easy question ;)
In the WSO 2 Clustering & Deployment Guide, Configuring the Identity Server 5.1.0 as a Key Manager with API Manager 1.10.0, it is recommended to install the pre-packaged WSO2 Identity Server 5.1.0 with the API Manager as most of the configurations already exist in the pre-packaged distribution.
Where can I download this pre-packaged WSO2 Identity Server 5.1.0 ?
In the product page, there is only a Download button with no choice.
Thank you.
You can use this link to download the pre-packaged Identity Server. However the link to download this is available in the guide under the section "Configuring the Identity Server" step 1.
I want to set up WSO2 APIM login with Github.
I have integrated WSO2 IS with APIM and installed WSO2 IS Github authenticator, then followed the user guide Configuring Github Authenticator to set up Github authenticator. It works for the sample app which mentioned in the doc.
However, when I changed SP to APIM, I got
Error 401 : Authorization Required.
The server couldn't verify that you are authorized to access the requested resource.
Also I have read [Article] How To Setup a WSO2 API Manager Store Login with Google, it seems no more special configuration. Bad thing is I cannot connect Google, I cannot test it. :(
How can I fix this? Any suggestion? Thanks you.
This is because the default roles of the user is internal/everyone, We can update the internal/everyone roles permission or change the default roles in user-mgt.xml
<Realm>
<configuration>
.....
<EveryOneRoleName>everyone</EveryOneRoleName> <!--change it-->
</configuration>
</Realm>
and it will work.
Have installed WSO2 IS on Ubuntu 14.04. All seems to be good, apart from when user logs in to dashboard, all the options are blank. I've searched google, but unfortunately no luck.
Dashboard screenshot :
There is no such behavior in IS 5.1.0. when I log in to the dashboard using the link https://localhost:9443/carbon/ I could see everything. Please have a look in to the image.Please refresh and see.
The issue is likely identical to the post (WSO2 V 5.0) regrading missing setup of the host and domain name. It requires adjustment of a few configuration files, as described at the following post: [ here ]
I had the same issue when using WSO2 IS on an internal domain.
Check your browser console and see if you are getting certification errors when you visit the dashboard, if so self sign a certificate with the domain name you are using and add it to the WSO2 keystore.
If remember correctly the certificates that ship with WSO2 IS are set to localhost.
While trying out the new version of WSO2 Identity Server 5.1.0 I'm having problems returning claims in the SAML response. While this worked in WSO2 IS 5.0.0 SP1. I've mapped the required claims and added them to my SP, also I configured the SP to always return the user attributes.
I've configured the SP claim mapping:
My SAML configuration:
Any help is greatly appreciated. I'm getting the feeling this might be a bug.
EDIT: In WSO2 5.1.0 it is required to add the Attribute Consuming Service Index to the SAML Request. In WSO2 5.0.0 SP1 it worked even without setting this value in the SAML Request.
If I got you correctly, You can authenticate from IS without any errors, but didn't get claims on SAML response.
I have tried this with Travelocity sample. It is working as expected. I got the user claims in the SAML response. According to the screen shots that you have attached, you have done the configurations correctly.
Please check & verify that you have values on these mapped claims. If there is no values in user's profile, claims will not be in SAML response.
You can check this with SSO Tracer or SAML Tracer.
I using Identity Server as openid provider.And I add some claims to request,such as "http://axschema.org/contact/email".Then I successfully log in. However, I get null from the response.Why? Please help me.
There bug reported here and here for this behaviour. And, those were fixed and available from next release version of Identity Server 5.1.0.
WSO2 Identity Server 5.1.0 Alpha2 Released and can be downloaded from here