I need to extend org.wso2.carbon.user.mgt.stub.UserAdminStub to contain an additional method which allows me to obtain the AD attributes of other users.
Is it possible to create a custom webservice for Identity Server 4.5. We are not using any other wso2 products. Wso2 IS only will ship with the solution distribution.
Thanks
There is a separate API for user management functions which is called as "RemoteUserStoreManagerService" service. This service exposes all user management function as a web service.... "UserAdmin" is also user management web service that has been implemented specially for WSO2 Carbon UI.
You have methods in the "RemoteUserStoreManagerService" to retrieve AD attributes (user attributes)
Please find the java client from here. There is a readme file also there
Related
I am new to this software. From what I know, the WSO2 Enterprise Integrator is come with Enterprise Service Bus inside it. But the Identity Server (IS) is not bundled with the EI.
For my current and new project, we going to be used both of it inside the architecture. Please see below diagram for more information.
Part of my project architecture
Based on the diagram, when the user is using the portal to login. The EI is serve as the middle-ware between the portal and the IS to connect to the LDAP.
Looking at the documentation, there is way to connect from IS to the other product but not vice-versa.
My question right here is how to allow the ESB to communicate to the IS and return back the message/request to the Portal.
Thank you.
Yoy did not describe your use case what do you want to achieve so I will assume you want to authenticate the portal user or manage users.
WSO2IS (and effectively any wso2 product) exposes admin services, some are common, some specific to the product. The services require basic authentication.
please see https://medium.com/#maheeka/wso2-admin-services-c61b7d856272
Another service to authenticate a user is a token service with password grant (that may be more appropriate to authenticate users and authorize requested scopes)
Just a note:
If you want to use the whole setup only only to authenticate users, then IMHO you rather may use OAuth or SAML with the IS, not passing passwords in ESB
I'm currently building an app that consume data from WSO2AM Restful API. I'm using WSO2AM 2.1.0
From what I see from https://docs.wso2.com/display/AM210/Publisher+APIs, there is no API end point for User Management, and the thing is I need that one.
So after doing some google, I found this https://docs.wso2.com/display/IS530/Managing+Users+and+Roles+with+APIs but in that link it's clearly says that it's for WSO2IS
My questions are:
Is there available user management API for WSO2AM (doesn't matter if it's Restful or SOAP-WSDL)
Is this WSO2IS user management API can be used on the WSO2AM ?
Thank you in advance
All WSO2 products are built on a single platform, therefore components of each product are mixed in other products such as user management component is used by all of the WSO2 products even though it is developed as an identity component. Hence you can use the following steps to access the user management soap service in WSO2 API Manager.
Set the "HideAdminServiceWSDLs" element to "false" in /repository/conf/carbon.xml file.
Restart the API Manager Server.
If you have started the server in default configurations, use the following URL in your browser to see the WSDL of the admin service: https://localhost:9443/services/RemoteUserStoreManagerService?wsdl.
I have a Timesheet Entry application which needs to be exposed as an API which the users shall use for entering their effort time for assigned tasks.I have the following queries:
I have the login authentication created as a restful client which I have published and currently subscribing with JSON message as response.How to open up this service in the UI, so that the user gets the usual page for the authentication.
How to access this API from different user systems?Does the user has to login to the WSO2 Store everytime he wants to use this API?
The WSO2 docs mention to create users and roles, but since there will be around 10K users for this, how to do this to make the user feel that its the same application as before?
Users are not required to log into the store. Only the application developer has access to the store.Application developer gets the consumer key/secret pair from store and embeds it in the web Application.
Application users/subscribers do not need to be aware of the API store. When they use/login to the application, access tokens can be generated using the embedded consumer key/secret pair based on a specific grant type ( Eg: Password) and access the service exposed via the API.
It is not required to create users and roles manually. If there exists a user store , you can integrate it with WSO2 API Manager. [1] explains how to integrate a user store.
You can refer to the sample [2] to get an idea of how this is done in WSO2 API Manager.
This sample demonstrates a scenario where various services of a deployed web application are accessed via APIs created in API Manager.
[1] https://docs.wso2.com/display/AM170/Configuring+User+Stores
[2] https://docs.wso2.com/display/AM170/Invoking+APIs+using+a+Web+App+Deployed+in+WSO2+AS
I am looking for a way to automatically add users to WSO2 API Manager. I have a basic install with the H2 database, but someday I might move to postgres or something like that. What is the best way to add users from say a script?
In Carbon products (APIM, IS), All user store operations can be exposed via web services. External application can use these web services to add/delete/update/get in to user store users and groups. Please note, H2 is not recommended for products`
REST web service according to the SCIM provisioning specification.
SOAP based Web service. You can find more detail from here
I'm currently evaluating WSO2 and if it can fit for my project requirements
I have different mobile applications that will connect to our ESB , all of them will use different LDAP server to authenticate their users against it in order to access the applications, what's the best way to achieve this through WSO2 ESB ,I mean configuring multiple LDAP login services as end point services
I heard terms "user store" and "Identity Server" not sure about them , but I got the feeling that they are used for internal use of WSO2 (Storing users who can access WSO2) not related to what I need
You can use WSO2 Identity server to manage your users. You can use internal (Embedded user store) or External User store such as Active Directory. If you use Identity Server you will be able to inherit its features which you can easily integrate with WSO2 ESB.
These links will be useful for your implementations.
[1] http://wso2.org/project/solutions/identity/3.2.3/docs/user-core/admin_guide.html
[2] http://wso2.org/library/articles/2011/06/securing-web-service-integration