I need to implement email verification for newly registered user accounts in WSO2 Identity Server but I could not find such functionality yet. Is there any feature in the repository that might help me?
This is not yet supported by the WSO2 Identity Server, but will be supported by the new release which is coming soon. Sadly there is no documentation on this yet to give you as a reference. Will update this as soon as a doc is created.
You can follow the following link in order to achieve what you want.
Related
I have a vb project and a WCF service. When I install the project on a different computer every time, how can I verify the identity of each caller without login and I research in microsoft website
https://learn.microsoft.com/en-us/dotnet/framework/wcf/feature-details/service-identity-and-authentication
and I try to set SSL to verity but this way doesn't seem to be getting caller's identity
https://learn.microsoft.com/en-us/dotnet/framework/wcf/feature-details/transport-security-with-certificate-authentication
It any way to get caller identity without login and sample code to refer?
As per your question on SO, I think you should reconsider this. You can't prevent clients from calling your service with the same username and password. So what is your client identity? You can use transport layer security and use certificates as credentials to determine the identity of the caller.
Please refer to the following link.
https://learn.microsoft.com/en-us/dotnet/framework/wcf/feature-details/transport-security-with-certificate-authentication
https://learn.microsoft.com/en-us/dotnet/framework/wcf/feature-details/how-to-use-a-custom-user-name-and-password-validator
https://learn.microsoft.com/en-us/dotnet/framework/wcf/feature-details/authentication-in-wcf
We have a scenario where we have a java web application deployed at a weblogic instance and OBIEE in another. Now, what we want is to authenticate the OBIEE users from using our already existing user base from our webapp database table. I don't have much experience regarding OBIEE or weblogic server administration but by googling a little I have found that OBIEE by default uses the weblogic's embeded LDAP server for authenticating it's users. What we need is a way to configure obiee to use our existing database table users for authentication purpose. How do we achieve this? What are the necessary steps ? Do we need to create a custom weblogic authentication provider for this ? Any guidance is highly appreciated. Thanks in advance.
Database authentication is possible on OBIEE 11.1.1.5 and higher. I asume that you are good on that side.
Oracle documentation is quite good on this topic, you can check detailed scenario here
The basic idea is that you create a SQLAuthenticator that talks between a virtualised identity provider and your database where your users are defined.
It's important to notice that this method works with users/passwords defined in one of your tables and not with database accounts.
Good luck!
#adn.911,
After setting up your db authentication are you facing the login issue only on analytics or even on weblogic console and em?
If you are able to login to weblogic console but not to analytics, try setting the virtualize property to true and reset the BISystemUser password.
I am researching on this topic last weeks and unfortunately I can't figure out. I understand the difference between authentication and authorization.
I will appreciate any guidance on the topic.
What I need as general is to implement single sign on for several web sites which are driven with apis which also should handle authentication. The users should be able to register/login with username/pass or respectively through any third party service like facebook, google+, twitter etc.
In the scenario above what is the better approach? Should I use only identity server, or only authorization server or both?
Thank you in advance.
Start with IdentityServer - this is your identity management system.
AuthorizationServer in addition is a full featured OAuth2 implementation that can use IdentityServer as a user store.
http://leastprivilege.com/2013/06/16/relationship-between-identityserver-and-authorizationserver/
Your scenario is more like Authentication which is confirming the identity of the user. On the other hand Authorization is if a person or if a role can execute some operation.
When Identity Server 3 was launched, it deprecated AS: The Future of AuthorizationServer, because all the AS features ase now included in IS.
I'm evaluating WSO2 Identity Server and WSO2 API Manager.
I registered an API and an application on API Manager. I can call the resources successfully.
I could also add an user into Identity Server and log into that using oAuth authentication.
But, it's not too clear how I can use those two systems together. I would like to use API Manager to expose my API's to some applications. And, I would like to use Identity Server to log the final user. Is that possible? How can I "plug" those two systems?
I am not sure if that's the best way to do that, so, please, advice me.
Thanks
According to my understanding of your use case is you need to expose the API's securely. So you need to used WSO2 Identity Server and WSO2 API Manger. In addition to that you need the best approach for above use case.
With above two product we have below two option.
Configuring WSO2 Identity Server as the Key Manager in WSO2 API
Manager (This link gives a different version combination of both products)
Here we need to add key manger feature to the WSO2 IS.
Configuring the Pre-Packaged Identity Server 5.0.0 with API Manager
1.9.0
In here 1st option have manual configurations. But,2nd option minimized the manual configuration.
The purpose of using the Identity Server is not too clear. Is it to separate the authentication/authorization from the API Manager instance?
By default API Manager is shipped with a Key Management Server component that is responsible for all security and key related operations.This can be configured to authenticate users against a defined user store or multiple user stores. Authorization is based on oAuth 2.0. However, in a production deployment, we recommend that this component is deployed as a separate server instance so that it runs as an external Key Management Server.
This is done by simply using another copy of the API Manager distribution and configuring it as a Key Manager server node.
Hope this helps.
Regards,
Gillian
My understanding is,
if you wanted to use WSO2 API manager (AM) as an API gateway, you don't need a separate IS as AM included an IS engine with security mechanism included such as key manager.
If you need single sign on across all AM components, and you do NOT have other identity provider (IdP), you need a aeparate IS
However, if you do have a separate IdP, you don't need to install an IS server to implement SSO for AM, although the documentation from IS may suggest you do so. For example, a successful SSO implementation has been done with PingFederate/PingIdentity. See How to integrate WSO2 API Manager (AM) 1.10.0 with PingFederate SAML 2.0?
I'm building an Azure-hosted WCF service that I'd like to secure with ACS using credentials stored in an SQL Server database. I've looked at a bunch of ADFS2 examples but have yet to figure out how to do this. I'm sure I'm missing something obvious here so any advice would be greatly appreciated. Thanks...
You should be able to create your own STS, like this:
http://dotnet.dzone.com/news/5-minutes-wif-make-your-aspnet
Just add in the code to look your user up.
This post discusses how to create the federation metadata required to add the STS to the Azure Access Control Service:
WIF manually generate federationmetadata.xml
In your original project, you should then be able to add the Access Control Service as the STS, and if everything is set up correctly, you'll see your new STS.
If you want to use ACS (not clear in your post why you need it though), you need to have your WCF service trust ACS and then configure ACS to trust an STS that can authenticate users agaist SQL. You cannot use ADFS for that as it currently only supports authentication with AD.
Your options are varied, but the simplest would be to create your own STS as Richard mentions, or use one that already does that like StarterSTS or the more moder Identity Server in CodePlex (both open source and contributed by Dominick Baier from Thinktecture).
The question though remains: why you need ACS? The simplest solution would be to have your WCF service trust the (SQL backed) STS directly.
Here are some examples of when ACS would be useful:
You need to trust eventually more than 1 Identity provider
The claims your service expects are not supplied by the identity provider (you need transformation/augmentation of claims).
You need token translation (e.g. SWT -> SAML)