I am new to wso2 and its very confusing. I'm developing a web application using authorization Provider: WSO2 Identity Server (IS)
I am looking for minimum configuration on the wso2 side so the simple way is to use SOAP call AuthenticationAdmin services https://host:port/services/AuthenticationAdmin?wsdl
I couldn't find much about the interaction between the authorization server and the resource server and how should it look like.
How to configure spring-security, maybe there is some sample I can look at
You can find more information about the concepts of the OAuth here. You find how to work with OAuth in WSO2 IS also. You can also refer to the white paper
Here is a blog about how to secure Spring Boot based web application using OpenID Connect. This blog includes a sample
Related
I'm looking into securing both my Web Application and Web API running on Azure, using Azure Managed Service Identities.
However, I am wondering if the On-behalf-of authentication flow works in this case?
I can't find any clear documentation on either answer.
OBO using managed identities is not supported.
Anyone implemented SAML SSO authentication using Apache camel? I need sample authentication code for same in Apache camel.I checked in that camel site but didn't find any useful information
Read the section on Spring Security integration, you need to implement the AuthorizationPolicy using camel-spring-security module. The Spring Security SAML project on GitHub have a sample application.
I am trying to implement Wso2 identity server's XACML based access control with the JAVA MVC application.
Use Case : User logs in and view only selected pages/menus(and also the action on these page ex.view,post,delete etc.) defined in the XACML policy.
What I have checked in WSO2 IS XACML will return Permit/Deny/NotApplicable for particular resource.
So just want to know is this use case's solution is possible with the Wso2 IS XACML and how.
Please help.
Thanks
This is totally possible. There are two ways you can achieve this.
Using WSO2 Identity Server as the entitlement engine
With this option. You can create and manage policies using WSO2 Identity Server provided policy editor. You can manage the lifecycle of policies (publish/unpublish) etc.
Then you can consume the SOAP Entitlement Service provided by Identity Server from your application. With IS 5.3.0 we provide a REST service for XACML as well.
Read more about these in [1], [2]
Using WSO2 Balana entitlement Engine.
Balana is WSO2's open source implementation of XACML. WSO2 Identity Server internally uses this library/engine for Entitlement. You can use this library directly in you application to achieve you use case. In fact, part of the use case is available as a sample in Balana. This sample explain how Balana could be used to filter resources in a web page based on user(or his role). Read more about the sample here.
I am new to wso2 environment. I am doing a sample application for authentication and authorization using wso2 technologies. On http://wso2.com/library/articles/, i found same sample application but these sample application are based on older version of wso2 software.
I am using XACML-3.0, wso2is-5.1, wso2esb-4.9 and wso2as-5.3 for my application. I am getting mainly configuration problem.
If anyone have sample application or know link, where i can get, Please let me know.
Thanks
You can use Balana the XACML engine that is used by WSO2 Identity server internally. You can use Balana as a java library in your applications for XACML based access control. We have a few code samples[1] that you can have a look at.
The other option is to use the entitlement service provided by WSO2 Identity Server. So basically you need a PEP client to send XACML requests to the entitlement service and get the response from the server. Please have a look at [2] for details on how to achieve this.
[1] https://github.com/wso2/balana/tree/master/modules/balana-samples
[2] http://xacmlinfo.org/2012/06/14/pep-client-for-wso2is-pdp/
I have a WCF web service application built and tested on IIS7. Regarding authentication I wanted to implement a sql server hosted userd id and password authentication for consumers accessing the operations in the web service. However I was told that my company policy dictates that I implement SAML into my web service. That means any client that is accessing my web service operations need to be authenticated using SAML 2.0. I am not familiar with SAML but like to know and get started on how to implement it within my web serivice. I keep hearing two terms - Service Provider and Identity Provider, based on definitions on the web, I am assuming the service provider is my web service. identity provider is where the user authenticates to and the identity provider provides a assertion to my web service and then I let the client access the operations. I understand the theory but not sure how to put into practical implementation. Clients accessing my web service are not internal , i.e. they are external (extranet clients), so in this case what will be the identity provider and how do I add code to my web serice to make it a service provider?
I hope you understand my dilemma, can anyone explain the approach I need to take and any samples or tutorials that help me complete the web service is greatly appreciated.
I think SAML 2.0 is not provided by standard WCF. To make it work you must combine WCF with WIF (Windows identity foundation). Here you have very complex example of usage WCF with WIF and claim based authorization. The example uses SAML 1.1 but it is only configuration change to make it work with SAML 2.0.
Your problem is generally called Federated authentication or Federated identity where user authenticates against STS (service token service) and it receives security token (it can be for example SAML token). Than the client calls real service (RP - relaying party) where it passes its security token. So what are you going to build? If your company policy demands SAML usage they most probably already have STS and you just need to authenticate clients by SAML tokens as mentioned in the article.
Since 2011, support for Claims-Aware WCF Services has apparently improved with the release of .NET 4.5. I'll copy info from that article in case it ever changes, but as of the time of this answer, the process appeared to be as simple as:
Adding a reference to WIF (Microsoft.IdentityModel.dll) in your WCF Service project. Since this is delivered with .NET 4.5, I do not believe a NuGet package is necessary.
Use the following code sample to create a self-hosted Claims-Aware service:
var host = new ServiceHost(typeof(ClaimsAwareWebService), new Uri("myUri"));
FederatedServiceCredentials.ConfigureServiceHost(host);
host.Open();
Set your WCF service to use the federatedServiceHostConfiguration Behavior Extension.