Securing a thrift web service using wso2 Identity server - wso2

How can I secure a thrift service using Identity server and then authenticate a user using RemoteUserStoreManagerServiceStub. After authenticating a user i wish to use the given session id for corresponding access.
Thanks

Please note, only the EntitlementService of WSO2IS has been exposed using thrift. All others are exposed with as SOAP services. EntitlementService Thrift service is already secured with username/password. First you need to authenticate using thrift authenticator and call the EntitlementService Thrift service. You can find sample client code from here

Related

WSO2 Identity Server - Federated SAML using WSO2 as Proxy Server?

Could you please clarify if there is a chance to interconnect a WSO2 Identity Server with an existing corporate IdP using the SAML as federated connection mechanism. What exactly needs to be configured to unify the realm and proxy the authentication with the external IDP?
Thanks in advance for your support.
If you use WSO2 IS as a proxy or a federation bus, then you need to register your IDP and Service provider in WSO2 IS and in your IDP you should register WSO2 IS as a service provider.
If you use WSO2 IS as your service provider, you need to register your existing IDP in WSO2 IS as IDP and WSO2 as service provider in you IDP side.
You can follow this document for more information.
Thanks!

Where are WSO2 SOAP APIs / WSDL?

I've been reading everywhere including here and here that WSO2 provided SOAP APIs for its services. My question is where are they? How can I locate them? For example, if there's a XACML API provided by WSO2, how can I find it.
What I understand about the WSO2 platform is that ESB, STS, DSS, IS are all services. To expose their functionalities, you have to write out standard XML, then import it into the WSO2 backend. After this, a WSDL is generated which can be used by a client. Am I right?
If not, then I have simple questions;
What is the endpoint or service url for all IS services?
What is the endpoint or service url for all ESB services?
What is the endpoint or service url for all STS services?
What is the endpoint or service url for all DSS services?
Thanks for explaining.
WSO2 uses Admin services and by default they are not exposed to outside and exposed over https.
You can view the list of services available by by referring this thread.
Another sample on using an Admin service is available here.
Sample developed to create proxy services using Proxy admin service is available here

WSO2 ESB: Usage of https client certificate in mediation

I was planning the following setup:
A proxy service in WSO2 ESB that interacts with a backend service via JMS.
Proxy service clients connects to the WSO2 ESB using https with mutual authentication.
Within the proxy service mediators, information from the client's certificate are needed.
Is there some way the client certificate could be made available to mediators?
You do not need to provide client certificates provided at mediator level. Medeators are put together in a pipes & filter chain, and it is the endpoint at the end that connects to the back-end and it is at the endpoint level, you have to secure it. The blog post on How to invoke secured backend service using WSO2 ESB shows how to ahcive this.
First you have to enable mutual authentication in WSO2 ESB.If you do not know how to do that please refer Enable Mutual SSL for Proxy services in WSO2ESB.Then refer following block post to know how to get client's certificate in class mediator

How to Secure the EJB3.0 Stateless Session Bean Web Services

I exposing EJB3.0 stateless session bean as web service using JAX-WS annotations and right now I'm using JBOSS5.1.0 GA as application server and JBOSSWS is generating the WSDL for me when I deploy the EAR.
Now I want to secure the web services by providing authentication and encryption-decryption on the SOAP messages. How do I can achieve that, Is there any annotations available for both in JAX-WS (or) can I achieve by doing any configuration at EJB level. I do not want to do secure web services with respect to JBOSS, because I want to deploy the same EAR in different application as well.
So please help me to build the generic EJB3.0 web services bean with the security implementation ., Thanks a lot in advance
Concerning SOAP WebServices, you can a lot of posts in this forum related to your question. In particular in User authenticate in SOAP I've mentioned that there several ways to authenticate the client.
Supposing that you want to authenticate the client by X.509 certificate. Then:
For JBossWS refer WS-SecurityOptions – X509 Certificate Token
For Metro/JAX-WS services refer Using JAX-WS-Based Web Services with SSL
For Apache CXF refer WS-Security
For Spring Security refer Spring Security With X.509 Certificate

.asmx web services with ssl

Are there any special configuration settings you have to do to make a web service work with SSL?
Is there a way to force the service methods to authenticate using a username/password like I can do with a WCF service?
No. SSL support provided by web server (IIS).
Yes. Just configure authentication through web.config