Is there any token based Rest API, for authentication using wso2, like openam provides REST API for authentication.
I can see there is available for OAuth token api
https://docs.wso2.com/display/IS450/OAuth+Bearer+Token-based+Authentication+for+SCIM+Endpoints
but for STS, Is there any REST API for example I am login using Username Password and I got security token I can use it session.
I had check saml SSO api example contain servlet , didn t work out for me
I have independent play web applications, my scenario is
web app1 login to wso2 ,
get sso token and saml token
suppose saml token expire in 10 min
web app1 can renew session using sso token,
And then request for a new saml token
Question is
WSO2: how does my app can refresh
login session using some token
If there is any API or using any REST API how this token is managed and re generated if SSO token is expired after some time
Thanks,
Related
I need to expose an api via WSO2 Api-Manager and I want protect my api not with oAuth2 but via SAML autentication, actually I need to use the APi-Manager as SAML SP.
Therefore I need protect the may api and if a user isn't authenticated on SAML IDP presents the SAML IDP login page.
Is it possible do that with WSO2 Api-Manger or the SAML OSS is releated only for Web SSO for /carbon, /pubblish and /store web app?
thank you for the help!
OAuth2 is for authorization. You can use SAML for authentication and use APIM's SAML grant type to get an OAuth2 token using the SAML assertion.
https://docs.wso2.com/display/AM210/SAML+Extension+Grant
I am trying to call the WSO2 IS web service (i.e: getUserProfile) from service provider when we are using SAML2 SSO authentication ,but i am getting un authorized access.
Do we get any token that can be used to call the web service after the initial authentication,without passing the credential or cookies ??
This might be a permission problem. Make sure you have enable login permission for particular user.
Admin services are secured using common types of security protocols such as HTTP basic authentication, WS-Security username token, and session based authentication.
You can use SAML2SSOAuthenticationService.
Please refer the sample How to get a session cookie from a webapp which uses SAML SSO
I am very new to wso2 API manager. Sometimes an application might need to call a service in another application on behalf of a user. How can we make this in wso2 API manager by configuring Signed JWT Authenticator as like Google OAuth 2.0 Authorization Server?
If user is authenticated by saml2 in the application, then application can get the oauth token using saml token and invoke the apis on behalf of user.
check following links for more detail
1.http://shafreenanfar.blogspot.in/2014/02/exchanging-sml2-token-to-oauth2-token.html
2.http://pushpalankajaya.blogspot.in/2014/01/invoking-apis-using-web-app-with-oauth2.html
In my application I am using Federated Authentication in WSO2 Identity Server 5 to authenticate user using social networks. If the application wants to access there APIs how can we get the original tokens given by the authentication providers?
Identity Servers authenticators have necessary token in there execution. We can save these tokens to user claims(attributes) by extending the authenticators. After that we can take out these tokens via the claims and use in our client applications.
Earlier I was in assumption that, WSS4J is not compatible with SAML, but as I see this http://jaminhitchcock.blogspot.in/2014/05/creating-and-validating-saml-assertions.html , I hope to give a try. But I want to use a Identity Provider(WSO2) to generate SAML token. So I should be able to configure WSS4J with a SecurityPolicy.xml file which verifies the token from Identity Provider. Please let me know where can I start looking for it?
Thanks
There are two ways that you can generates SAML tokens with Identity Server.
Use Identity Server as SAML2 SSO IDP that implements SAML2 SSO web browser based profile.
Use Identity Server as STS (Security Token Server) with WS-Trust specification.
I think, It is more likely that you are hoping to use Identity Server as STS. With STS, Identity Serve provides a web service to retrieve SAML tokens. This STS web service can be secured with WS-Security mechanism by default. As an example, you can secure STS service with user name token. Then client needs to send the RST request with user name token. Once user it authenticated, client would be received a SAML token. I think, you can find some information about STS service from here