I am experimenting with WSO2 API Manager and would like to integrate the embedded WSO2 Identity Server with our institutions existing CAS framework. Is it possible to have the WSO2 Identity Server redirect logins to our CAS login page and use the CAS ticket in place of username/password?
This explains how to use WSO2 IS as identity server for WSO2 products such as WSO2 AS, ESB etc.
You can configure your CAS instead of WSO2 IS in the very much similar way.
Related
I have used WSO2 APP Manager to publish my web applications with Identity server 5.3.0 as the Identity Provider. I have configured SSO and SLO using three service providers. I'm using simpleSAMLphp with my web apps. SSO function works fine in my system but single logout is not working properly. I have configured this using the following document.
https://docs.wso2.com/display/IS500/SAML2+IdP+with+SimpleSAMLphp+Service+Provider
Can someone advice me regarding this issue.
Please see WSO2 IS Single Logout partially working
Indeed WSO2 IS uses "backend channel" for SLO requests when logging out from multiple service providers (at least it was that way up to version 5.2.0), I don't believe it was changed/fixed in 5.3.0
When walking through the code of WSO2 identity server 5.x, I can find a samlsso authenticator in application-authenticator and another one in carbon-authenticator. Same is true for IWA.
What is the difference between these? Which one is used when? Or is one of them obsolete?
Application Authenticators are used to authenticate users to the external apps (service providers) using WSO2 products.
Carbon authenticators are used to authenticate users to the admin console of that particular server.
A few days ago, I started to work with WSO2 Identity Server in my project as an authorization server in my architecture, I found that it can be interfaced with an external data source like LDAP, then I can use the enterprise LDAP instead re-create all users and roles in WSO2 IS.
My question is about authentication on WSO2 IS, when the user authenticates on WSO2 IS and approves access normally this is done by HTTPS protocol.
I don't know if it's possible to use another authentication protocol like Kerberos or Radius to connect to WSO2 IS?
by default the WSO2 IS on the frontend supports OAuth 2.0, SAML 2.0, OpenID and WS-Trust STS protocol. They are indeed all based on the HTTPS. Next to that you may use Kerberos KDC.
For Kerberos configuration you may check this article. http://wso2.com/library/articles/2012/07/kerberos-authentication-using-wso2-products/
g.
WSO2IS has the kerberos support [1]. But it doesn't support RADIUS yet.
[1] https://docs.wso2.com/display/IS500/Kerberos+Security
I am new to this wso2 evaluating wso2,
I am using Identity Server I have web application , want to apply web SSO feature using WSo2, I had check there are soap web service present in wso2 for UserAdmin,
https://server-info:9443/services/UserAdmin.UserAdminHttpsSoap12Endpoint/ using soap client for test , for dev have to write java client for request
but did not find any web services related WEB SSO for example I require authentication web service which will accept Username/password return some token information and using that token I can store in session for single sign out
Is there any web service/ API in wso2 provide authentication? or what is best approach for implement SSO using wso2 for web applications.
Thanks
If you are looking for SSO with WSO2IS, WSO2IS supports several standard ways to achieve it. They are,
SAML2 SSO
OpenId Connect
OpenId
Passive STS (for windows based applications)
From above, most popular way is to use SAML2 SSO or Openid connect. Your web application also must support to talk with WSO2IS using above standards. Say, if you need to achieve SSO using SAML2 SSO. You application needs to send the SAML2 Request and process the SAML2 Response in standard way as mentioned in SAML2 SSO spec. You can find a sample web application that has been implemented to work with WSO2IS from here. This blog contains all configuration details that you need to do in WSO2IS side as well. You can even use the sample web application with other SAML2 IDP as sample web application is talking in standard way. Also. if you are looking for Openid connect, you can find another sample web application from here with config details. I hope this would be a good starting points for you.
I am trying to use wso2 ESB server as a PEP, I already have wso2 identity server acting as the PDP and an application hosted on wso2 Application server. I have uploaded policies into identity server and I was wondering if there any tutorials out there that both show and explain how to make this happen. I have tried the blog http://wso2.org/library/articles/2011/08/finegrained-authorization-restful-services-xacml but it has not worked. any direction on how to turn esb into a pep would be appreciated
You can use wso2 esb Entitlement mediator. Have a look at following guide which explains how we can add fine grained authorization to proxy services.
http://docs.wso2.org/wiki/display/IS400/Adding+Fine-grained+Authorization+for+Proxy+Services+in+ESB