I have a basic question in using WSo2 API manager and WSo2 IS server.
I have a requirement , where I need to Authenticate/Authorize any requests coming to my rest services. When I read documentation on WSo2 website I see that we can achieve this using WSo2 ESB + WSo2 IS server.
But we don't want to use ESB rather than use a Lightweight component like WSo2 API manager + Ws02 IS server to fulfill the
I have gone through this documentation and trying to setup WSO2 as the key manager
https://docs.wso2.com/display/CLUSTER420/Configuring+the+Identity+Server+5.0.0+with+API+Manager+1.9.0
My question is I am going in the right direction ?
Will API manager alone will be sufficient for authentication/authorization
Yes above link will guide you to how to configure the Identity server with API Manager.
API manager will be sufficient for the basic authentication/authorization.but if you want advance options need to configure with the identity Server.(The Identity Server and the solution it provides)
Related
I have to create a client application that uses OAuth2 and a REST service. I confirmed that the REST service I can achieve it only by WSO2 ESB? WSO2 IS does not provide any REST service without using other platforms carbon?
There are some rest webservices for oauth2, check https://localhost:9443/oauth2/token
and the associated doc
https://docs.wso2.com/display/IS520/Resource+Owner+Password+Credentials+Grant
We are using WS02 ESB to create cloud app connections to our platform.
Our current issue: If we want to connect to any app (take salesforce as an example), we need the following details:
UserName
Password
Token
As a pre-requisite, the salesforce account should be API enabled.
We thought of using SSO in backend to avoid (3) and (4), but it's not possible with SAML(SSO).We are looking into ways to connect and publish data to salesforce with just Username(1)/Password(2). In this process of evaluation, SSO is one of the options
Any suggestions on how we can get the below details for APPS would be much appreciated!
• How do we get Token
• How we accept only the accounts where API's are enabled.
As far as I understand what you need is to call an SAML SSO secured backend app (i.e :- salesforce)?. If its the case you may use WSO2 Identity server for this purpose.You can obtain tokens from it.Further You can use this guide and this to call SAML secured backends through ESB.
Hope this helps.
You can use ESB Connectors to connect with Salesforce API. You can find Salesforce SOAP connector (which uses the username, password, and security token for authentication), Salesforce REST connector (which uses OAuth protocol) and Salesforce bulk connector (which also uses OAuth protocol) at WSO2 Store.
In WSO2 we have 150+ ESB connectors to communicate with third party API's via ESB. You can download the connector from WSO2 Store and can follow the documentation here. In connectors we have the mechanism to connect the third party API's(For Example In salesforce SOAP based connector we had the username password flow and for Salesforce REST connector we had oAuth 2.0 flow and the username password flow). In all connectors you just call the init method to get the Token to access the API.
Friends,
Recently I have created one web-services application using spring-boot and now its having few unsecured entry points. (This is a pure rest based application having only rest entry points doesn't have any UI components).
Now I would like to add CAS client with this application for securing the rest entry points.
My CAS server is ready and its up and running. And I have configured CAS Rest protocol as well in my cas server to access TGT/ST through rest call and I'm in the planning of using only the rest call rather than using login pages.
So, when an user tries to access my rest application, I'm going to call CAS rest entry points internally (by using restTemplate) to validate user credentials and generating TGT and ST.
Available CAS entry points are (from jasig reference docs),
POST /cas/v1/tickets HTTP/1.0
username=battags&password=password&additionalParam1=paramvalue
POST /cas/v1/tickets/{TGT id} HTTP/1.0
service={form encoded parameter for the service url}
DELETE /cas/v1/tickets/TGT-fdsjfsdfjkalfewrihfdhfaie HTTP/1.0
I think, I'm little clear on this part. Please correct me if I'm wrong.
And now my query here is, what should I do to add a ST ticket validator in my spring boot application? Do I need to add any filters using spring-security? Or do I need to call any other rest api for validating the ST? Please guide me to proceed further.
You can use existing Spring boot cas starter:
cas security spring boot starter
cas client autoconfig support
That will configure for you and magically your spring boot app with CAS authentication (and thus your application will be able to read ST or PT without effort).
I'm author of cas security spring boot starter, so I won't influence your choice but main difference from that project and cas client autoconfig support developed by Unicon is about Spring security integration.
Indeed cas security spring boot starter is fully compliant with spring security, thus you will be able to use any feature you know from spring security. Whereas cas client autoconfig support will instantiate and configure Apereo (Jasig) filters that is not designed to work out of box with Spring security.
You don't need a service ticket unless you want to call another service from your web service. Validating the received credentials via the CAS REST API is enough.
If you are looking for a security library to protect your web service via the CAS REST API, you should give a try to: https://github.com/pac4j/spring-webmvc-pac4j and especially this configuration: https://github.com/pac4j/spring-webmvc-pac4j-demo/blob/master/src/main/webapp/WEB-INF/demo-servlet.xml#L74
What's the appropriate way to extend a Balana-OpenAZ based PEP to send XACML3 decision requests to a remote WSO2 Identity Server PDP?
You want to send XACML decision request from PEP to Identity Server PDP. Still Identity Server only supports SOAP based web service API, Thrift based API and WS-XACML. Therefore i guess, best way to start is using SOAP based web service API. You can find sample java based client from here to write a extension for Balana-OpenAZ PEP.
I am trying to setup WSO2 cloud identity server (stratoslive) as the identity provider and salesforce as a service provider. Basically in salesforce I want to leverage the salesforce federated single sign on feature and connect with stratoslive identity server. Will be helpful if anyone can give me a link to follow or can guide me with the steps.
I am relatively new to the identity and access domain and for one of my project I need to setup WSO2 startoslive as identity provider and salesforce as service provider and have to fit in SAML in this process.
Thanks
Indranil
These links should be helpful to implement your use case:
WSO2 SAML Single Sign-On with Google Apps Tutorial
http://wso2.com/library/articles/integrate-google-apps-wso2-cloud-identity/
WSO2 Identity Server Single Sign-On Documentation
http://docs.wso2.org/display/IS450/Managing+Single+Sign-On
Salesforce SAML Single Sign-On Reference
https://help.salesforce.com/apex/HTViewHelpDoc?id=sso_saml.htm&language=en