I have tried searching for samples in implementing authentication using WSO2 Identity Server for web API calls residing in other servers but cant seem to find one. I can only find authentications on WSO2 IS API calls. Can you refer some links for examples or tutorials
You can get all the admin APIs using following way.
Start the server using -DosgiConsole flag, i.e. ./wso2server.sh -DosgiConsole or ./wso2server.bat -DosgiConosle
Then after the server start you will get the osgi console. Enter listAdminServices and you will get the list. ex:
osgi> listAdminServices
Admin services deployed on this server:
1. ProvisioningAdminService, ProvisioningAdminService, https://10.150.3.140:9443/services/ProvisioningAdminService/
All the commands such as listAdminServices are listed by typing help from the osgi console.
By default, these admin APIs are hides, you have to enable them. To do that, change <ESB_HOME>/repository/conf/carbon.xml file.
<!-- If this parameter is set, the ?wsdl on an admin service will not give the admin service wsdl. -->
<HideAdminServiceWSDLs>false</HideAdminServiceWSDLs>
Note: All servers expose Web Service APIs which can be used for to gain access to back end functionality.
Related
I'm trying to customize the login pages for the dev portal and publisher and I'm referring to the below documentation.
https://apim.docs.wso2.com/en/latest/reference/customize-product/customizations/customizing-login-pages-for-dev-portal-and-publisher/
The 1st step tells to download the Identity Server and in the 2nd step, it says to start up the server using api-manager.sh which could be a mistake.
However, I have the following questions related to the scenario.
In order to customize the login pages in APIM, should I start up the IS as a key manager as well?
Can't we customize the login pages just by using the JSP files readily available in the authentication endpoint in APIM?
I guess the documentation should be updated. You can use the existing jsp files in the authentication endpoint if you use OAuth2/OpenID. If you are using SAML, then you have to use WSO2 IS as the IDP with WSO2 API Manager.
Some samples can be found in [1].
By default API Manager uses OAuth2/OpenID. You can do the service provider configurations in API Manager. OAuth2/OpenID and SAML use the jsp files used in the authentication endpoint.
[1] - https://github.com/wso2/samples-is/tree/master/re-branding-the-default-login-page
I have various RESTful Web Servicesin App Engine, which are secured Google Account authentication:
<security-constraint>
<web-resource-collection>
<web-resource-name>Authentication required</web-resource-name>
<url-pattern>/api/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>*</role-name>
</auth-constraint>
</security-constraint>
Upon hitting these Web Services via a browser client, I'm redirected to the Google Accounts login screen where I authenticate myself first before proceeding with the REST call.
However I now need to run these web service via a command line scripts as part of automated IC run. Therefore I do not want to be prompted for a browser login every time. Preferably I would like to put the Google username and password in a encrypted file on the IC server and let it call the Web Services without any human intervention. As far as I can see there are several options:
manually logging in via the browser and then saving the access token to be used in the command line script. However when the token expire I would have issues.
obtain a access token via Service Account p12 authentication. This seems to only work for accessing Google APIs such as BigQuery and Cloud Storage, not your own code.
wrap my Web Service within a Remote API which I have yet to experiment with.
Based on my current understanding, it seems there is no way for a Google Account authenticated custom written Web Service to be accessed by a non-human user. Is this correct?
Since you are interested in interacting with RESTful web-services programmatically (without human intervention), we are essentially talking about securing a REST API.
There is a plethora of resources on this matter throughout the internet but the gist of it is:
you should use SSL and sessions or OAuth to secure your endpoints.
Depending on how far you are in the current project, you could consider making use of Cloud Endpoints, there you'll have the option to use OAuth2 (and have DDoS protection), as well.
Hope this helps.
I managed to get this to work in the end by:
Switching off the web.xml security-constraint so that the API doesn't redirect to Google Login.
Modifying my API to take in a Oauth2 token in the Authorization header instead.
Validating the token based on the code sample here: https://github.com/googleplus/gplus-verifytoken-java
I didn't go with Cloud Endpoints, but Jersey + Dropwizard components instead. Dropwizard has built in Oauth2Provider which I simply implemented a Authenticator class and it works.
You can list down all the Admin Services used by WSO2 carbon based products using following steps.
Start the server with OSGI console. Go to the <SERVER_HOME>/bin
using command shell.
i) Eg : Linux
sh wso2server.sh -DosgiConsole
ii) Windows
wso2server.bat -DosgiConsole
After successfully started the server, press enter.
Type listAdminServices and press enter.
Now you should be able to see the list of Admin Service names with endpoint URLS.
Thanks & Regards,
Ajith
You have provided the question and answer both :) However I just like to add more in to this;
If you want to retrieve the WSDLs of admin services of WSO2 Identity Server; Go to CARBON_HOME/repository/conf directory and change the value of the HideAdminServiceWSDLs in carbon.xml file like below and restart the server.
<HideAdminServiceWSDLs>true</HideAdminServiceWSDLs>
to
<HideAdminServiceWSDLs>false</HideAdminServiceWSDLs>
Then you can retrieve the WSDLs by browsing the service by adding "?wsdl" option.
For example, if you can find entitlement service
https://{Hostname}:{port}/services/EntitlementService?wsdl
Does WSO2 ESB support web services for system management?
I want to develop a desktop program to connect to ESB server and do the administration tasks without using web application.
There is already existing services in side the ESB which is also used by the admin GUI.
Step 1: Make admin services WSDL visible by editing carbon XML ({ESB_HOME}/repository/conf/carbon.xml)
<HideAdminServiceWSDLs>false</HideAdminServiceWSDLs>
Step 2: See which services available for you to use by starting ESB with osgiConsole
sh {ESB_HOME}/bin/wso2server.sh -DosgiConsole
Step 3: See the list of services ( you can type this in ESB command window, just type enter you will get osgi command mode )
osgi> listAdminServices
you can see sample java client login to ESB and listing user roles in below link, just refer this for your service implementation. Basically first need to login to ESB before calling any admin service and use login cookie to call other services on next step.
http://blog.facilelogin.com/2011/03/invoking-wso2-carbon-admin-services.html
WSO2 Identity Server : I am new to WSO2 Identity Server. Could somebody help to get list of REST call and soap call supported by WSO2 Identity Server
This blog post has an example of using WSO2-IS APIs.
Take a look at the answer to the following question also. WSO2 identity server api
WSO2 products are manage internally SOAP web services known as admin services. The admin service wsdl as bellow.
https://localhost:9443/services/UserAdmin?wsdl
Note: you cannot view the wsdl of admin service by default due to security reason. Configure the following steps to enable and invoke the admin service wsdl.
Set the <HideAdminServiceWSDLs> element to false in <IS_HOME>/repository/conf/carbon.xml file.
<HideAdminServiceWSDLs>false</HideAdminServiceWSDL>
Restart the server.
Also you can use OSGi console to get the list of SOAP Services exposed in Identity Server and view the available service components details. To enable osgi console doing following steps.
Get osgi console by executing the following command.
<IS_Home>/bin/wso2server.bat –DosgiConsole
After successfully started the server press ‘Enter’ key and osgi>console will be displayed.
To get all admin services that are deployed on this server.
osgi> listAdminServices
List down all hidden services that are deployed on this server.
osgi>listHiddenServices
All services expose Web Service APIs which can be used for to gain access to back end functionality.