When I'm adding a user to WSO2 EMM, I enter the following attributes: username, first name, last name, email, type and rules.
How can I add more attributes (like company name or phone number) when creating a user?
Is there a way to send these attributes (current and new) to another server?
Thanks in advance.
1) Indeed yes. But you need to change the UI for this. Saving is the same way as we have done for other parameters. This will be saved as a claim in identity server component databases.
2) You will need slight modifications to the code. There is no restriction from doing it. Check jaggeryjs.org and look into XMLHttpRequest section since EMM uses Jaggery.
Related
A recent trend in applications is that users register with a username, even if it's not "unique" by also using a discriminator value: Limnic#4391 for example.
Popular services such as Discord, Rocket League, Battle.net, ... use this. I'm wondering if it's possible to achieve this type of username system in WSO2. All I can find out of the box is to use emails.
To log in to these services, you do indeed use an email, but your shown username is the name with the discriminator. Could this be just email authentication and then claims which contain the discriminator and username?
OOB WSO2 IS does not support this kind a feature, however you can write a customisation to add discrimination value to the username. However, usernames should be unique in the system. So you have to save the username value as it is with the discrimination value. And whenever you get the username value, you have to remove the discrimination value depends on your need.
As you mentioned, other option is to use a different claim to store the user name and discrimination value separately and authenticate using another unique value. (Such as email)
I'm using WSO2 Identity Server 5.3.0 and several LDAP user stores.
I need to integrate AWS as a service provider and WSO2 IS as identity provider.
The situation is: I have lots of users stored in the user stores and some of them have specific roles that should be allowed to login to AWS service. So far I don't have the possibility to alter / update the current user stores.
That's why I'm trying to figure out a way to populate / generate / translate / calculate the value of a claim based on an already stored attribute in the user store.
I have a sort of table with the groups coming from LDAP's memberOf attribute a user could belong to and their equivalences to AWS attributes that should be stored in specific claims in order for AWS to allow that user to enter certain services.
The end user is willing to solve this situation within the WSO2 IS component without altering the stores content.
I'm wondering if the only way to do this is writing a custom User Store Manager or a Custom Claim Handler [1] to deal with this particular situation or there is a more standard way to accomplish this.
I will appreciate any input, thanks in advance
[1] http://pushpalankajaya.blogspot.ca/2014/07/adding-custom-claims-to-saml-response.html
I think Claim Handler is the right place to implement your logic. You can find a sample in https://github.com/mefarazath/CustomClaimHandler
I am using wso2 IS 4.5.0. I recently modified the standard policy editor so as to use a new attribute but the modification doesn't seem to work. Specifically, when I select the attribute and hit Search, the attribute finder returns the message:
No entitlement data finder module is defined for this category
Has anyone an idea on how to resolve this? thanks in advance,
Maria
Yes.... It is the expected behavior with default implementation. Let me explain this further; Attributes are retrieved to this UI page, using an pluggable entitlement data finder modules. These modules can be plugged with WSO2IS. Attribute sources can be from databases, user stores or any... Default implementation is only retrieved roles from WSO2IS user store. But, if you want more to show in this UI, You can do it by extending default implementations. Please find the source fore default implementation from here. This would help you to get some idea.
I have user in wso2 Identity server , say "abcd" (In Primary domain), configured LDAP domain Also. but there is no user with "abcd" as Id.
when I try to login for Wso2 IS management console Initially it will show as Signed-in as:abcd#carbon.super , but after some time it is showing as Signed-in as: LDAP/abcd#carbon.super.
Mostly we saw when we try it from more than one console with same user name.
why this error?, any known bug or feature?, I'm using wso2 IS 4.5.
Actually we are not aware about such issue. Thanks for letting people know about this. Did you experience any issues with the functionalities? Or this is just only show in the UI... AFAIK, this Domain name append to user name, user session contains an some attribute called "DoomainName". I guess, some how this value may have been set in to the session.
I am experiencing a problem with wso2 identity server (version 4.5.0) regarding some new claims (attributes) i have added. Specifically, i have added new attributes in http://wso2.org/claims but when i try to populate the corresponding fields to the user profiles, the following message appears:
Error while updating user profile of User. Error is: One or more attributes you are trying to add/update are not supported by underlying LDAP.
Any ideas?
Thank you in advance.
M
This can be due that, you have add a claim mapping which is not supported by under line user store (LDAP). When you are adding a claim, we need to provide claim mapping attribute. It is the map attribute with your LDAP user store. If there is no such attribute in the LDAP user store, this error can be occur. (Please note claim management component would not add new attribute to user store. It would map with the existing attributes in the LDAP user store)
I just would like to piggyback off of Aslea and Maria answer and add onto them. If you'd like to know what mapped claims you can use, you can find about them in this link. And if you'd like to add custom attributes directly to the LDAP server, please refer to this link.