I'm using this Access SAML Service example as a class mediator to access a SAML secured endpoint web service. This example works fine when run as a standalone Java program with main method.
Here is how I use it from WSO2:
1) Create a HTTPS user name token Custom proxy on top of actual SAML secured web service
2) Create a class mediator of the above example.
3) Access the class mediator class to invoke the endpoint web service.
The class mediator seems to be working fine till it gets SAML token, however the remaining piece of logic of engaging Rampart for the endpoint and applying relevant security for the outgoing soap message doesn't seem to work.
Any pointers in this issue would be useful.
i don't quite understand what the problem is, so what you got so far is something like this: saml2-web-browser-based-sso-wso2-identity-server
And the problem is that you want to get the secure token from the SAMLResponse?.
Related
I am trying to set up a custom client authenticator in WSO2 Identity Server, I would like to retrieve an access token with client_credentials specifying a specific scope and have a jwt token returned with custom claims inserted. I've tried writing my own Client Authenticator but I'm having some trouble getting the OSGi bundle to pick up correctly during WSO2 startup and all other attempts at customizing the auth flow have failed.
Is there anyone who would be able to point me in the right direction as to where I might find useful information on how to achieve what I'm trying to achieve? TIA.
Using WSO2 Identity Server, you are able to extend the client authentication implementation. You can write your own client authentication mechanism following a specification or any other standard.
Please follow the below doc link to create the custom client Authenticator:
https://is.docs.wso2.com/en/latest/learn/writing-a-new-oauth-client-authenticator/
I am working with WSO2, and I need to enrich the JWT Token for every request.
The enrichment need to be done done by an external rest service.
We are using WSO2 2.2
I am trying to enrich the JWT by extending the class "org.wso2.carbon.apimgt.keymgt.token.JWTGenerator"
and by using java HTTPClient librery to work with the rest service.
But it seems not natural to use HTTPClient code inside an apim product.
This is the code that I can use, but it seems that wso2 should be able to give me a better way to connect to an api as a client.
If you want to talk to an external REST service to fetch user claims, I don't see a problem with using an HTTP client. I don't understand why it's not natural to use an HTTP client to call an HTTP service. :)
I am new to WSO2 Identity Server(4.6). I have a use case, where I have a rest service on ESB (WSO2 ESB 4.9). And I would like to give resource level access to various users.
I thought of using WSO2 identity server for authorizing the user and using the token for accessing the rest service. I was going through the playground example, but that is not something I would like to do, where the Authorize service opens the Identity Server Authorization Service. It seems to be sequential, and assumes that the user/resource owner are the same.
I would like to do all that programatically, and just give the aothorization code to the user, and let him call the token service to get the token. Is this possible?
Thank you
You can use the https://localhost:8243/token endpoint for your use case. You can refer to below links for more information
https://docs.wso2.com/display/IS500/OAuth+Token+Revocation+with+WSO2+Identity+Server
https://docs.wso2.com/display/AM190/Token+API
I am using wso2 ESB to secure my service. service is available through wsdl, and this service is insecured. My scenario is as follows: A system expose some apis or services, and they are insecured. I want to create proxy services to these services. If client invokes the proxy service, ESB should first check if the request contains the session ID, if yes, client can invoke the backend service. if no, client is redirect to a log in page. I think ESB can do this by adding a session ID or user ID header to the request, but I am lack of docs. can someone help?
and I have read [1], and conclude ESB will meet my demand.
[1] http://www.ws02.net/library/knowledge-base/convert-http-basic-authentication-ws-security-username-token/
I think you are expecting a custom header field from user request. Since you are creating proxies with the associated WSDL, you can add SOAP Header requirement in your wsdl and associate that WSDL to the proxy (using publishWSDL option). So, when user send request to your proxy he might need to add that particular header.
Other routing logic you can handle within proxy configuration
I have the two applications that both support SAML2 SSO using WSO2 Identity Server. During application bootstrap (when still no user request is processed) i need one of the applications to get information from the other using REST call. However this REST call should provide a SAML token for security purposes. I need a way to remotely get SAML2 token and use it for REST calls. I have read a post about rest sts client without esb however i can't find a sample code on how to get a SAML token for my REST calls. What is the way to obtain such SAML token? Is there sample source code?
You can follow this blog [1] get passive STS sample. But if you are using WSO2 Identity server 5.0 user interface bit different than in this blog.
[1] http://dulanja.blogspot.com/2013/09/passive-sts-java-sample-with-wso2.html