I am trying to find out the WSO2 OpenID connect meta data URL.
Something similar to http://< URL >.well-known/openid-configuration.
Could someone tell me that ?
Entity Server supports for the OpenId connect core specification which can be found from here. If you like to try out the openid connect with Identity Server, you can find the sample from here. You can even modify the source and rebuild the web application as you like.
You can check the following link for reference:
https://docs.wso2.com/display/IS500/OpenID+Connect+with+the+WSO2+Identity+Server+and+WSO2+OAuth2+Playground
http://xacmlinfo.org/2015/01/08/openid-connect-identity-server/
Related
I am trying to set up a custom client authenticator in WSO2 Identity Server, I would like to retrieve an access token with client_credentials specifying a specific scope and have a jwt token returned with custom claims inserted. I've tried writing my own Client Authenticator but I'm having some trouble getting the OSGi bundle to pick up correctly during WSO2 startup and all other attempts at customizing the auth flow have failed.
Is there anyone who would be able to point me in the right direction as to where I might find useful information on how to achieve what I'm trying to achieve? TIA.
Using WSO2 Identity Server, you are able to extend the client authentication implementation. You can write your own client authentication mechanism following a specification or any other standard.
Please follow the below doc link to create the custom client Authenticator:
https://is.docs.wso2.com/en/latest/learn/writing-a-new-oauth-client-authenticator/
My team is trying to expose WSO2-IS through a reverse proxy. With our team setup, each new application is exposed under a single context-root, and we're hoping to do the same for wso2.
Using the oauth2/authorize endpoint as an example, we would like to expose the endpoint through our proxy as
https://<domain name>/wso2-is/oauth2/authorize rather than the default
https://<domain name>/oauth2/authorize
It turns out we would need this same configuration for a number of webapps under wso2is, including:
oauth2
oidc
commonauth
logincontext
authorizationendpoint
I've found information online for how to do this with the admin console, but I haven't found any info on how to do it for these public endpoints.
Has anyone been able to accomplish this, or does someone know whether or not WSO2 was built to support this use case?
You can follow the official documentation on Adding a Custom Proxy Path.
My Use case is a very simple one . I want to use WSO2 Identity Server to implement SAML2.0 SSO in our app deployment .
We don't have an external identity provider like facebook or
google , so we want the identity server itself to act like an
identity provider , [Local Authentication ]
We want the authentication for the SP to be done against a local user
store [AD]
The SSO login is going to be IDP initiated.
The login page has to be customized.
I went through the documentation tutorials and while the architecture page does mention that all this is possible , but I could not find any actual tutorial which explains how to do this .
Can someone link me to the tutorial pages which describe how to do this or , provide a rundown of the steps required ?
Yes all of these are possible with WSO2 Identity Server. Unfortunately there isn't any single tutorial/documentation to cover this in single but I can provide you each for every step.
Configuring active directory.
SSO with SAML.
IDP Initiated SSO.
Customizing login page.
And if you need to know about more advance scenarios, please read this article.
I have imported the WSO2 IoT server Connected Cup sample device agent into Eclipse IDE, and when it tries to connect to MQTT broker a MQTTSecurityException is thrown which states that the user name or password in not valid. I see that user name is created from the token attribute in the request, but I don’t know how to support a right one, i.e. one that would be accepted by the OAuth2 service. There isn’t any hint in the documentation on this topic, so I would appreciate any advice.
Also, I would like to take a more deep insight into the VirtualFireAlarm sample code, so please could you tell me where to find the code?
MQTT broker in wso2 IoT Server has a pluggable authentication and authorization, by default it comes with an OAuth based authentication, where it uses an empty password and uses an OAuth token for the username. You can generate a token by following the docs in https://docs.wso2.com/display/AM200/Password+Grant.
Implementation of this extension is explained in https://medium.com/#ayyoobhamza/authentication-and-authorization-extension-for-mqtt-wso2-message-broker-2495fb2fa56e and https://medium.com/#ayyoobhamza/oauth-authentication-and-authorization-with-mqtt-for-iot-devices-a42019187a05
Implementation of the virtual firealarm can be found in https://github.com/wso2/carbon-device-mgt-plugins/tree/master/components/device-types/virtual-fire-alarm-plugin
I'm currently working with WSO2 suite and I've been trying to do an example from wso2 official documentation server, that you can find here. I already configure everything step by step and when i run travelocity application in my localhost it looks like the example says, i click in the link and it redirects me to Identity Server login. I type in user and password, and then it redirects me to travelocity home page, but then i run into this error: SAML 2.0 based Single Sign-On
Error when processing the authentication request!
I check out the debuging log and it says that authentication succeeded and Identity Server sent the response to travelocity.
I have no idea what could be happening, please help me out.
I shared the log files here. My English is bad and i'm new working with WSO2, please be patient with me.
The logs at WSO2 IS side says Signature validation for Authentication Request failed. The possible reason could be that you have not selected the correct certificate alias at WSO2 IS.
To do that, edit your service provider's SAML configuration and update the Certificate Alias with the correct value. In default case it should have the value wso2carbon. In case you have configured it to something else, select the one you have configured.