Unable to get OpenID based SSO using WSO2 identity server. I have followed a Blog post given by the Suresh Aththanayaka, but after entering https://localhost:9443/openid/admin as your OpenID identifier. It will not redirecting to the Identity Server page. It shows a blank page.
Please help me.
I think issue in your client application.
I tried it in WSO2 Identity server 4.6.0 [1] it works fine for me.
Please find the latest sample here[2]
[1] http://wso2.com/products/identity-server/
[2] https://svn.wso2.org/repos/wso2/carbon/platform/branches/turing/products/is/4.6.0/modules/samples/openid/
Related
I have a Docebo LMS system, I have created SAML SSO for this system through okta, I am trying to use opensource IDP which is WSO2, I am using it in localhost server. I have created IDP that I will be using it to provide the identity authentication through the docs provided in WSO2. The problem that I am not able to see the login page. It's showing me these 3 lines:
enter image description here
I have Docebo as staging system which is uploaded Docebo SAAS server.
Any help regards this issue. ?!
My Use case is a very simple one . I want to use WSO2 Identity Server to implement SAML2.0 SSO in our app deployment .
We don't have an external identity provider like facebook or
google , so we want the identity server itself to act like an
identity provider , [Local Authentication ]
We want the authentication for the SP to be done against a local user
store [AD]
The SSO login is going to be IDP initiated.
The login page has to be customized.
I went through the documentation tutorials and while the architecture page does mention that all this is possible , but I could not find any actual tutorial which explains how to do this .
Can someone link me to the tutorial pages which describe how to do this or , provide a rundown of the steps required ?
Yes all of these are possible with WSO2 Identity Server. Unfortunately there isn't any single tutorial/documentation to cover this in single but I can provide you each for every step.
Configuring active directory.
SSO with SAML.
IDP Initiated SSO.
Customizing login page.
And if you need to know about more advance scenarios, please read this article.
How to integrate WSO2 am 1.10.0 with PingFederate SAML 2.0? Any instructions?
From WSO2 web site, I only saw docs on how to set up SSO among WSO2 products: https://docs.wso2.com/display/AM1100/Configuring+Single+Sign-on+with+SAML2 . But I did not see documentation on how to enable WSO2 AM 1.10.0 with external identity providers such as PingFederate via SAML2.
Any help is appreciated.
*** UPDATE:
I followed the instructions here https://docs.wso2.com/display/AM1100/Configuring+Single+Sign-on+with+SAML2 - just assuming WSO2 IS as PingIdentity. For the mojority part it's working, but I cannot generate keys when subscribing to an API. It says "invalid credentials" even if I have logged into applications and subscriptions and can create applications from /store UI.
I can confirm that this can be done without adding a separate wso2 IS server into the picture. I fixed several issues (Cannot generate keys, cannot publish APIs, etc..) by: What I did to fix the issue was to 1) add admin user inside ApiKeyValidaor in api-manager.xml also into admin user via management console and into user-mgt.xml; 2) Inside api-manager.xml:
Change the following:
https://${carbon.local.ip}:${mgt.transport.https.port}${carbon.context}/services/
to: https://[FQDN_OF_HOST}:${mgt.transport.https.port}${carbon.context}/services/
Reason is my server certificate only recorded the domain name, not ip address.
The solution was also mentioned here: wso2 am 1.10.0 API Store: "Error occurred while executing the action generateApplicationKey" with " Invalid credentials provided."
Basically, you can do this by adding PingFederate as an IDP in WSO2 AM and configuring federated SAML SSO configurations. An example of how to achieve this with Shibboleth is given in [1]. You can follow the same steps to do any configurations according to your requirement.
Refer [2] for configuring SAML SSO Federated authenticator in general
[1] https://docs.wso2.com/display/IS510/How+To%3A+Configure+Shibboleth+IdP+as+a+Trusted+Identity+Provider
[2] https://docs.wso2.com/display/IS510/Configuring+SAML+2.0+Web+SSO
I'm currently working with WSO2 suite and I've been trying to do an example from wso2 official documentation server, that you can find here. I already configure everything step by step and when i run travelocity application in my localhost it looks like the example says, i click in the link and it redirects me to Identity Server login. I type in user and password, and then it redirects me to travelocity home page, but then i run into this error: SAML 2.0 based Single Sign-On
Error when processing the authentication request!
I check out the debuging log and it says that authentication succeeded and Identity Server sent the response to travelocity.
I have no idea what could be happening, please help me out.
I shared the log files here. My English is bad and i'm new working with WSO2, please be patient with me.
The logs at WSO2 IS side says Signature validation for Authentication Request failed. The possible reason could be that you have not selected the correct certificate alias at WSO2 IS.
To do that, edit your service provider's SAML configuration and update the Certificate Alias with the correct value. In default case it should have the value wso2carbon. In case you have configured it to something else, select the one you have configured.
I am trying to use wso2 ESB server as a PEP, I already have wso2 identity server acting as the PDP and an application hosted on wso2 Application server. I have uploaded policies into identity server and I was wondering if there any tutorials out there that both show and explain how to make this happen. I have tried the blog http://wso2.org/library/articles/2011/08/finegrained-authorization-restful-services-xacml but it has not worked. any direction on how to turn esb into a pep would be appreciated
You can use wso2 esb Entitlement mediator. Have a look at following guide which explains how we can add fine grained authorization to proxy services.
http://docs.wso2.org/wiki/display/IS400/Adding+Fine-grained+Authorization+for+Proxy+Services+in+ESB