I am working with WSO2 Identity Server 5.0.0 and tried a client library (oxRay) to utilize its OpenID Connect capabilities.
However, it seems that the request to the discovery URL https://myserver/.well-known/openid-configuration doesn't return anything reasonable. So the OIDC client fails to work properly.
Is Identity Server supporting OIDC discovery or did I miss something in the configuration?
WSO2 Identity Server does not support OIDC Discovery at the current releases.
WSO2 Identity Server 5.3.0 does support OpenID Connect Discovery.
From the release notes (emphasis mine):
OAuth 2.0/Open ID Connect Enhancements:
Open ID Connect Dynamic Client Registration. For more information, see OpenID Connect Dynamic Client Registration.
OAuth 2.0 Token Introspection. For more information, see Invoke the OAuth Introspection Endpoint.
Open ID Connect Discovery support. For more information, see the Open ID Connect specification.
However, I do seem to have run into an issue when trying to use it.
Related
How do I upload the API I created in WSO2 Integration Studio installed on my own computer to the WSO2 API Manager on the remote server.
From the Add new server menu, I clicked the WSO2 Remote Server option under WSO2 and entered the host and server URL information, but it did not publish. When I examined WSO2's own documents, I could not find detailed resources about connecting to a remote server and publishing.
Can you help with this?
Can you add your integration studio version and WSO2 Api Manager version?
You can try this documentation https://apim.docs.wso2.com/en/latest/integrate/develop/working-with-service-catalog/
You can register the service in the service catelog as below.
Start the WSO2 Micro Integrator pointing to API Manager.
You should have the carbon app of that particular service in the Micro Integrator.
When Micro Integrator starts it registers the available services in the API Manager.
From logging into the APIM publisher you can create an API.
Instructions are available here - https://apim.docs.wso2.com/en/latest/integrate/develop/working-with-service-catalog/
How to connect a server that run wso2 API manager to show statics on a server that run wso2 analytics that actually exist on differnt servers with different IP.
I am using version 3.2.0
You can follow the documentation and configure analytics for APIM 3.2.0.
In the configurations, instead of using localhost, use the IP address of the analytics server.
https://apim.docs.wso2.com/en/3.2.0/learn/analytics/configuring-apim-analytics/#configuring-apim-analytics
I've installed WSO2 Api Manager 4.0.0 on internal server and I have no idea how to tell it to use proxy server to connect to Choreo analytics.
I see following error in the log:
:Provided authentication endpoint https://analytics-event-auth.choreo.dev/auth/v1 is not reachable.
I've tried to set http_proxy, https_proxy, HTTP_PROXY and HTTPS_PROXY environment variables with flag java.net.useSystemProxies=true to api_manager.sh but they seem to not work and I don't see any traffic coming from this server through proxy.
Adding java flags http.proxyHost and http.proxyPort didn't helped too.
If I start it from server with internet access then it works just fine with Choreo.
Is there any way to set the proxy for APIM?
WSO2 API Manager's gateway component talks to an API in the Analytics cloud in order to fetch required credentials to publish events to the cloud. The failure that you have pointed out occurs at the point of talking to this API. It appears that proxy settings have not been configured for this particular HTTP client. Please see here.
Event publishing is the next step and uses AMQP protocol. Therefore I think it would not go through the HTTP/S proxy. However, if the gateway has no access to the internet, this step will fail again regardless of the API call is fixed to honour the proxy settings.
Currently, analytics does not have the support to publish events through a proxy. It seems that in order to honour proxy settings in event publishing, the protocol needs to be changed to Websocket.
I want to connect WSO2 IOT Server to WSO2 IS Server for user authorization. Is there any way to connect WSO2 IOT Server to WSO2 IS Server.
You can use the IS as a key manager by following the docs https://docs.wso2.com/display/CLUSTER44x/Configuring+the+Identity+Server+5.2.0+as+a+Key+Manager+with+API+Manager+2.0.0
In addition to above there are few IoT related feature that needs to be installed in the IS[1]
[1] https://github.com/wso2/carbon-device-mgt/tree/master/features/oauth-extensions
In our project, Client has their own KDC server and client want our WSO2 should talk to client KDC for authentication. I know that how to enable kerberos in WSO2 but I am not able to established connection between our WSO2 to client KDC server(In short, i want to connect WSO2 identity server to external KDC server).
We do not support this in the currently released versions of the WSO2 Identity Server. However, we have successfully done an implementation of authentication with an external KDC for Identity Server 5.3.0 release.
You might be able to test this with the next milestone release of Identity Server.