WSO2 Identity Server not able to see SAML SSO option under Manage - wso2

I installed WSO2 Identity server and logged in using admin/admin, but under home pane, I am not able to see SAML SSO, OAuth entries under Manage category. Any help will be appreciated. Thanks

Did you try to login as "admin", to create a new role and validate the list of permission settings visible under this role (see icon permissions). A tree with checkboxes should be visible defining the permission level for each role, by this defining the permissions inherited to the account. Once the role is defined, create and add a user account to this role. Logout and login with the new administrator userid and hopefully you will see all options on the menu.

Related

configure list users for service provider WSO2 API Manager

I have installed Wso2 api manager and am trying to set up authentication and authorization via Api manager. I can't figure out how to configure certain users who will be able to login through the app. Currently, all users who are in user story are allowed to login. I need to restrict the ability to login to the app for a certain range of users. How can this be done?
You can achieve this by adding roles to the particular users. Refer to this doc https://apim.docs.wso2.com/en/latest/administer/managing-users-and-roles/managing-user-roles/#managing-user-roles
You need to configure the roles and permissions according to your use case:
Create a role (eg: testRole) and assign required permissions except for the login permission(Admin Permissions > Login) to that role [1].
Create a new user(eg: testUser) and assign the testRole to that user[2].
Now the testUser that you have created has no login permissions to the app.
[1] https://apim.docs.wso2.com/en/latest/administer/managing-users-and-roles/managing-user-roles/#create-user-roles
[2] https://apim.docs.wso2.com/en/latest/administer/managing-users-and-roles/managing-users/#adding-a-new-user

what minimum role and access rights required for sitecore login

I have created new user in sitecore and also created new role with read access for entire content tree But I am not able to login into CMS. I want to know what is the minimum requirement for login user in Access viewer and security editor? If I make it that user as admin then I am able to login.
To enable login, it's the Sitecore Client Users role.
Gives the user minimal access to Sitecore. With this role, the user
can log in to the Sitecore Desktop, but will not have access to any
applications.
All of the other Sitecore client roles are members of the Sitecore
Client Users role, which means that users in any Sitecore client role
are automatically members of the Sitecore Client Users role.
For security I think you will need Sitecore Client Securing.
Gives the user access rights to security features in the Content
Editor and other relevant applications.
This role is intended for users who need to maintain users and access
rights.
All info on the roles can be found here: https://doc.sitecore.net/sitecore_experience_platform/setting_up_and_maintaining/security_and_administration/users_roles_and_domains/the_security_roles

how to customize the privileges to edit entitlement policies based on the role in admin UI?

I wanted to give privileges to few users to edit few entitlement policies in wso2 Identity server.Is it posible to do?
You can control the permission of entitlement policy management of users, but cannot be applied per policy in default WSO2 Identity Server.
In WSO2 Identity server management console, you can add a role with appropriate permissions for managing entitlement policies. Click on 'Add' under 'Users and Roles' and select 'Add New Role'. Give a role name and click next to get the permission tree. You can select permission as shown below,

Disable user account in WSO2 Identity Server

Is it possible to disable a user account in WSO2 Identity Server 5.0 after a certain period of inactivity? Is there any way to implement this using a REST or SAOP API?
i'm new on WSO2 Identity Server, but I would try this way:
Create a scheduled job.
You can implement it as you want or, for example, you can use WSO2 Task Server features.
The scheduled could call a web service, who implements these steps:
read last login timestamp for each user in IS;
calculate difference from last login timestamp e current timestamp;
populate a list of users to disable;
for each user to disable, call the WSO2 Identity Server Admin Services to "disable operation".
I'don't find the "disable operation" implemented in IS, so i think you could realize a DISABLE status creating a role, called "USER_DISABLED", without login permission or try to remove login permission on the original role of the user.
As I said i'm new on WSO2 IS, but i would try this way.
Sorry for my english.
Bye
Vincenzo F.
You cannot directly disable the user account. what you can do is, you can disable user account by changing the permission of the user in the user group. In order to disable the login account You have to add the particular user to that user group. You can un-check it at the user permission tree.
Find the below steps to change the user permission:
Login to WSO2 IS Management Console.
Click on Configure to access the Configure menu.
From the Configure menu, select Users and Roles.
On the User Management page, click on the Roles link.
Locate the role you want to edit, and click on the Permissions link
associated with it.
On the Permissions of the Role page, deselect permissions assigned
to the role using the check-boxes.
finally click on the Update button to save the alterations.

wso2 Identity Server Your account is not active

I am adding test users to Identity Server. I can not login with them because I get an error in the logs that state
Your account is not active
How can I activate these dummy accounts?
Add a user and assign user role(s) (admin/everyone or custom defined role) to the created user. Give necessary Permissions to the user role.
Are you using standalone IS? Can you give exact steps to reproduce the issue.
Thanks
Thilini