We are using WS02 ESB to create cloud app connections to our platform.
Our current issue: If we want to connect to any app (take salesforce as an example), we need the following details:
UserName
Password
Token
As a pre-requisite, the salesforce account should be API enabled.
We thought of using SSO in backend to avoid (3) and (4), but it's not possible with SAML(SSO).We are looking into ways to connect and publish data to salesforce with just Username(1)/Password(2). In this process of evaluation, SSO is one of the options
Any suggestions on how we can get the below details for APPS would be much appreciated!
• How do we get Token
• How we accept only the accounts where API's are enabled.
As far as I understand what you need is to call an SAML SSO secured backend app (i.e :- salesforce)?. If its the case you may use WSO2 Identity server for this purpose.You can obtain tokens from it.Further You can use this guide and this to call SAML secured backends through ESB.
Hope this helps.
You can use ESB Connectors to connect with Salesforce API. You can find Salesforce SOAP connector (which uses the username, password, and security token for authentication), Salesforce REST connector (which uses OAuth protocol) and Salesforce bulk connector (which also uses OAuth protocol) at WSO2 Store.
In WSO2 we have 150+ ESB connectors to communicate with third party API's via ESB. You can download the connector from WSO2 Store and can follow the documentation here. In connectors we have the mechanism to connect the third party API's(For Example In salesforce SOAP based connector we had the username password flow and for Salesforce REST connector we had oAuth 2.0 flow and the username password flow). In all connectors you just call the init method to get the Token to access the API.
Related
I have a blockchain network built using Hyperledger Composer, started the Composer Rest Server and generated Java client code from the Open API spec to consume the REST Api. I have looked at the documentation to enable authentication and multi user mode. I already have authentication in my web application. How would I go about granting access to the user to interact with the blockchain after they sign into my web app?
Thanks.
Can you please tell us what strategy are you using for your web-application authentication?
Recently updated documentation # https://hyperledger.github.io/composer/latest/integrating/enabling-rest-authentication
The REST server uses the open source Passport authentication middleware.
Administrators of the REST server must select Passport strategies to
authenticate clients. Multiple Passport strategies can be selected, allowing
clients of the REST server to select a preferred authentication mechanism.
Passport includes a wide range of strategies (300+ at the time of writing),
including a mix of social media (Google, Facebook, Twitter) and enterprise
(SAML, LDAP) strategies.
You need to configure an appropriate passport-strategy to generate the access_token that will be used by REST API SERVER.
We are implementing RESTful service and the entire backend application using Vert.x. These API's are consumed by a hybrid mobile app (developed using Ionic / angularjs). We are using Keycloak for user management and also authentication and authorization on the app.
My question is, how can I use Keycloak to also protect (authenticate and authorize for the same set of users) my RESTful service access which is implemented using Vert.x. Any example implementation would be very useful.
We wrote a custom Vert.x auth provider using the Keycloak core library to solve this exact problem (the Vert.x JWT library doesn't work with the Keycloak JWT tokens - arguably we should have improved the Vert.x library instead). I'll see if I can get permission to open source the library.
So, if i understand correctly, you need one authentication entry point for user in mobile app and in REST service. If i am right, you can use JWT. When user will authenticate with Keycloak he will receive jwt with roles and user information. This token you can put into request for REST service and your Service will know who is the user and what roles he have. Please see https://jwt.io/
I have a basic question in using WSo2 API manager and WSo2 IS server.
I have a requirement , where I need to Authenticate/Authorize any requests coming to my rest services. When I read documentation on WSo2 website I see that we can achieve this using WSo2 ESB + WSo2 IS server.
But we don't want to use ESB rather than use a Lightweight component like WSo2 API manager + Ws02 IS server to fulfill the
I have gone through this documentation and trying to setup WSO2 as the key manager
https://docs.wso2.com/display/CLUSTER420/Configuring+the+Identity+Server+5.0.0+with+API+Manager+1.9.0
My question is I am going in the right direction ?
Will API manager alone will be sufficient for authentication/authorization
Yes above link will guide you to how to configure the Identity server with API Manager.
API manager will be sufficient for the basic authentication/authorization.but if you want advance options need to configure with the identity Server.(The Identity Server and the solution it provides)
I've been dropped into a hot potato project...an external entity produced a SOA architecture and we need to implement it now.
Using Drupal as a CMS and starting point of the architecture.
Here's what I think we need to do:
Authentication server
People register through the drupal site. We'd like to reuse the identity created for other (future) services, through a REST API
a) Can I add users to WSO2 Identity Server via a (REST) API?
b) Can I query WSO2IS to authenticate users via a (REST) API (creating a SSO env)?
c) Can I create re-usable profiles in WSO2IS, accessible through a (REST) API?
d) Can I authenticate drupal access via WSO2IS through a (REST) API?
e) Can I query the XACML policies via a (REST) API so that access to a requested service can be evaluated?
Other REST APIs we're going to build would use the OAuth functionality of WSO2
The architecture mandates each an authentication, a profiles and a policy (authorization) with XACML (...) module. The alternative is to build it all ourselves but I think we won't have the time for this, but I need to understand if we can do the above mentioned things to make a decision if WSO2IS is a good choice for our needs.
I have read the available documentation, browsed the help system, installed WSO2IS and checked out the interfaces, but couldn't find the responses. The only thing I managed to do is create the OAuth server.
Please find my answers..
a) Yes.. WSO2 Identity Server supports SCIM which is the standard approach for identity provisioning. Also there are web service APIs, that expose user management functions. You can front those web service API using WSO2 APIM and can expose as REST API.
b) Yes.. Apart from REST and web service API, Identity Server supports for authentication methods such as SAML2SSO, OpenID, IWA and so on.
c) Yes.. same as a) you have both options SCIM or Web service API fronted with APIM
d) There is an authentication framework in the WSO2IS, that users can be authenticated with different server.. Basically WSO2IS can act as federated IDP that application knows only to talk to WSO2IS.. WSO2IS can authenticate users from any other IDP, It can be drupal as well
e) Yes.. XACML is supported by WSO2IS... Its PDP API has been exposed via web service API.. but not as a REST API.. but as i mentioned earlier, you can expose it as REST using APIM. However REST support for XACML would be available with the further release
I am trying to setup WSO2 cloud identity server (stratoslive) as the identity provider and salesforce as a service provider. Basically in salesforce I want to leverage the salesforce federated single sign on feature and connect with stratoslive identity server. Will be helpful if anyone can give me a link to follow or can guide me with the steps.
I am relatively new to the identity and access domain and for one of my project I need to setup WSO2 startoslive as identity provider and salesforce as service provider and have to fit in SAML in this process.
Thanks
Indranil
These links should be helpful to implement your use case:
WSO2 SAML Single Sign-On with Google Apps Tutorial
http://wso2.com/library/articles/integrate-google-apps-wso2-cloud-identity/
WSO2 Identity Server Single Sign-On Documentation
http://docs.wso2.org/display/IS450/Managing+Single+Sign-On
Salesforce SAML Single Sign-On Reference
https://help.salesforce.com/apex/HTViewHelpDoc?id=sso_saml.htm&language=en