I use WSO2 as an identity server to log in / log out of an application. To analyze some data, I want to use Grafana's dashboards.
I want to perform OAuth Authentication on grafana using WSO2.
I want to access Grafana using the WSO2 user credentials which I also use to access my application.
Is it possible?
Grafana uses the standard openid connect approch. So you can easily connect Grafana with OAuth/OpenID connect inbound protocol. You can create a OpenID connect App is WSO2 Identity Server side and get client id and secrets and configure them in Grafana side. So you can login to Grafana using WSo2 Identity Server side.
Refer : https://is.docs.wso2.com/en/latest/learn/configuring-oauth2-openid-connect-single-sign-on/
You can find WSO2 Identity Server openID connect endpoints from the discovery endpoint:
https://is.docs.wso2.com/en/latest/learn/openid-connect-discovery/#openid-connect-discovery
Related
I want to connect my Secure rest API to the wso2 API manager. how I can header the Authorization key to the wso2 API manager.
You can enable endpoint security to pass Authentication data to your secured backend. It supports Basic Auth, OAuth, and Digest Auth. Please refer to this.
I am using Wso2 Oauth2 password grant for authenticating the user in my application. I need to implement two factor authentication using sms and email in my existing workflow. I have gone through the Wso2 documentation found authenticator for Email and SMS.
https://docs.wso2.com/display/ISCONNECTORS/Configuring+EmailOTP+Authenticator
https://docs.wso2.com/display/ISCONNECTORS/SMSOTP+Authenticator
But these documentation deals with SAML.
Is there any documentation for Oauth2 workflow or How it can be achieved ?
Need help on this
Thanks
I assume you have configured a service provider with OAuth/OpenID Connect Configuration type in WSO2 Identity Server. You need to do the Local & Outbound Authentication Configuration in this OAuth Service Provider. Hit edit for that SP and expand Local & Outbound Authentication Configuration. Click on Advanced Configuration and do necessary configuration there.
Refer https://docs.wso2.com/display/ISCONNECTORS/Configuring+EmailOTP+Authenticator and follow the steps starting from Step 9 in Configuring the Service Provider section.
I need to run .NET applications in Azure and have them authenticate against my on-premise directory (via PingFederate). It appears that ACS is the only way to do federated authentication from Azure, even though it has been deprecated for over a year. It also seems that ACS does not support OpenID Connect.
So am I correct in thinking it is not possible to do federated authentication via OpenID connect from Azure? And does anyone know when federation with external identity providers will be added to Azure AD?
Federated authentication is supported by Azure AD. Most of our enterprise customers connect their Azure Active Directory to their on-premises directory for federated authentication with Office 365 and other SAAS apps connected with Azure AD.
You can indeed federated your Azure AD with PingFederate and use Azure AD' OpenIDConnect protocol to configure single sign on for your cloud application.
Sign-up for a free trial Azure subscription and create a directory. Use the documentation here (http://msdn.microsoft.com/library/azure/jj673460.aspx) and the following sample app (https://github.com/AzureADSamples/WebApp-OpenIDConnect-DotNet) to connect your app' authentication with your directory using OpenIDConnect.
Then, add a verified domain to your directory and federate it with your PingFederate STS by following the guidance here (http://documentation.pingidentity.com/display/PFS/SSO+to+Office+365+Introduction).
We don't recommend using ACS for this scenario.
Hope this helps.
I would like to implement an architecture based on oAuth2 in which the token is generated by the WSO2 identity server (Auth Server) and the API manager is used as the Gateway (resource server).
I understood it's necessary to change the Identity_Server/repository/conf/carbon.xml and set the value false for the element <HideAdminServiceWSDLs>false</HideAdminServiceWSDLs> in order to enable the admin Service of token validation exposed by the Identity Server. Also I think it's necessary to configure the APIManager.xml to configure the API manager to check the token validation using a service exposed by the identity server.
But unfortunately the specific documentation is not available at https://docs.wso2.org/display/AM140/Configuring+api-manager.xm. Can someone help me understand how to achieve my goal ?
If it's correct to assume what you want is to, secure a exposed rest API with OAuth, using WSO2 IS, then the following link [1] will help you.
But since you are using WSO2 API manager, if there is no other restriction you can simply achieve this token generation functionality from API-manager itself. There is an OathTokenEndPoint exposed by API-M. You can call this endpoint with client-key and secret to get a token.[2]
[1] - http://movingaheadblog.blogspot.com/2014/02/securing-your-web-service-with-oauth2.html
[2] - https://docs.wso2.org/display/IS410/OAuth+2.0+Grant+Types+with+WSO2+API+Manager+Authorization+Code
I have several web services that I want to make available to clients. My clients are split into two groups:
users using a web browser (I serve a web page that uses javascript + AJAX to request data from the web services)
applications (e.g. server app pulling data into a client's system)
1) I can solve the former by exposing my web services to external users using the application server and I can use the identity server to authenticate access (haven't worked how to do this out yet).
2) The latter is nicely satisfied by using the API manager. I can happily tell clients to log in to the API manager and subscribe to APIs. The APIs I create are proxies for the web services mentioned in 1).
I know that an API I create in the API manager can include a username and password for accessing the proxied web service. Is it possible to let an API proxy a web service that is authenticated using the identity manager? Sorry I'm reading documentation and struggling to understand if I can do this. Thanks
". Is it possible to let an API proxy a web service that is
authenticated using the identity manager? "
Currently APIManager supports the service endpoints which are secured using basicauth/usernametoken.
If you use identityserver to secure you service, using any other mechanism, that wont be supported by APIManager.
Stodge,
Default API manager authentication mechanism is Oauth. it uses Oauth token mechanism to authenticate all APIs.
Please refer [1],
Here the authentication component also sits in the AM. This can be delegated to a different AM instance if required.
Hope this helps.
[1] http://docs.wso2.org/wiki/display/AM140/Token+APIs