I using Identity Server as openid provider.And I add some claims to request,such as "http://axschema.org/contact/email".Then I successfully log in. However, I get null from the response.Why? Please help me.
There bug reported here and here for this behaviour. And, those were fixed and available from next release version of Identity Server 5.1.0.
WSO2 Identity Server 5.1.0 Alpha2 Released and can be downloaded from here
Related
I have used WSO2 APP Manager to publish my web applications with Identity server 5.3.0 as the Identity Provider. I have configured SSO and SLO using three service providers. I'm using simpleSAMLphp with my web apps. SSO function works fine in my system but single logout is not working properly. I have configured this using the following document.
https://docs.wso2.com/display/IS500/SAML2+IdP+with+SimpleSAMLphp+Service+Provider
Can someone advice me regarding this issue.
Please see WSO2 IS Single Logout partially working
Indeed WSO2 IS uses "backend channel" for SLO requests when logging out from multiple service providers (at least it was that way up to version 5.2.0), I don't believe it was changed/fixed in 5.3.0
I have attempted to migrate our HA configuration of Identity Server from 5.0.0 to 5.1.0 and after the migration my SAML based Service Providers fail.
Users attempting to authenticate for a SAML based SP see
"A Service Provider with the Issuer 'reallyGreatSAMLService' is not registered".
When I attempt to view the SAML configuration in the SP’s setting page, the SAML settings are missing.
When I use the Registry Browser, all SAML entries are missing.
Any suggestion where in my data I should start looking to solve this problem?
This appears to be similar to WSO2IS after upgrading to 5.1.0 SPs is disappering other than it doesn’t explicitly mention SAML.
Thanks,
…pat
Turns out the process I was given to create the new EIS HOME failed to copy the configuration changes for the remote registry.
The migration was looking for '/_system/config/repository/identity/SAMLSSO'
My system was configured for '/_system/asNodes/repository/identity/SAMLSSO'
http://wso2.com/library/tutorials/2010/04/sharing-registry-space-across-multiple-product-instances/#DS_Strategy_B
In repository/conf/registry.xml I changed the configuration as follows -
<mount overwrite="true" path="/_system/config">
<instanceId>instanceid</instanceId>
<!--targetPath>/_system/config</targetPath-->
<targetPath>/_system/asNodes</targetPath>
</mount>
...pat
Should be an easy question ;)
In the WSO 2 Clustering & Deployment Guide, Configuring the Identity Server 5.1.0 as a Key Manager with API Manager 1.10.0, it is recommended to install the pre-packaged WSO2 Identity Server 5.1.0 with the API Manager as most of the configurations already exist in the pre-packaged distribution.
Where can I download this pre-packaged WSO2 Identity Server 5.1.0 ?
In the product page, there is only a Download button with no choice.
Thank you.
You can use this link to download the pre-packaged Identity Server. However the link to download this is available in the guide under the section "Configuring the Identity Server" step 1.
I installed v5.1.0 of wso2 identity server and executed an OpenID Connect flow. Finally, I wanted user profile information to be retrieved from the server (via /oauth2/userinfo endpoint).
In contrast to other mailings, I only receive a one-item-answer { "sub":"admin }. By default, there should also be phone_number, email and others. It used the playground2 application to verify and yes, only { "sub":"admin" } is returned.
I used scope=openid for the authz code request as well as schema=openid in the /userinfo query as in the descriptions.
I tried to set various claims in http://wso2.org/oidc/claim to supported, required, etc. but no change.
How to I configure the server to return more details?
Any ideas?
This seems to be a known issue in Identity Server 5.1.0 and this is reported here. You can follow the discussion and try applying the fixes as patches to identity server. Other wise you can try 5.2.0-M1 or a later version which this issue has been fixed.
While trying out the new version of WSO2 Identity Server 5.1.0 I'm having problems returning claims in the SAML response. While this worked in WSO2 IS 5.0.0 SP1. I've mapped the required claims and added them to my SP, also I configured the SP to always return the user attributes.
I've configured the SP claim mapping:
My SAML configuration:
Any help is greatly appreciated. I'm getting the feeling this might be a bug.
EDIT: In WSO2 5.1.0 it is required to add the Attribute Consuming Service Index to the SAML Request. In WSO2 5.0.0 SP1 it worked even without setting this value in the SAML Request.
If I got you correctly, You can authenticate from IS without any errors, but didn't get claims on SAML response.
I have tried this with Travelocity sample. It is working as expected. I got the user claims in the SAML response. According to the screen shots that you have attached, you have done the configurations correctly.
Please check & verify that you have values on these mapped claims. If there is no values in user's profile, claims will not be in SAML response.
You can check this with SSO Tracer or SAML Tracer.