In my previous posts, we tried the federation authentication with WSO2IS and other third party identity provider such as Salesforce, Google IDP, Shibboleth and so on. You can find them from here In this post, we are trying to understand,, how to configure multiple federated IDPs with given service provider. Let assume that we have already […]
Lets discuss; How you can properly configure KeyStores in WSO2 products. There are two main keystores in all products which are, In 4.2.X products Primary KeyStore which is used for SSL Registry KeyStore which is used for Data encryption and decryption. You can find that both KeyStore configurations in the /repository/conf/carbon.xml file. By default; same […]
Lets how we can secure a WSO2ESB proxy service using HTTP Basic Authentication. Step 1. Creates a simple proxy service in WSO2ESB. Here i am using the same “echo” service in same WSO2ESB as the BE service. If not, you can start new WSO2ESB instance and use “echo” service as your BE service. Simple flow […]
By default; OpenLDAP does not hash the password by itself. If LDAP client sends a plain text value for userPassword in normal add/modify LDAP operation, OpenLDAP stores the userPassword as base64 encoded plain text value. Therefore; this value can be easily base64 decoded and can be retrieved the plain text password. So, LDAP client must hash the password […]
In this blog post, I would like to share how OpenLDAP can be installed. Step 1. Download latest openldap version from here You can use wget. >wget ftp://ftp.openldap.org/pub/OpenLDAP/openldap-release/openldap-2.4.40.tgz Step 2. Extract and Run configure >tar -zxvf db-4.8.30.NC.tar.gz > ./configure -enable-ppolicy –with-tls=openssl You can also just run the ./configure command. But in above, It is asked to […]
If you are storing end user passwords, It must be stored as hashed value.. not as encrypted or plain text. Because; once it is stored as hashed, it is hard to find the actual password out of it. So, it is guarantee more security for your end users. Let see how we can properly configure […]
WSO2 API Manager is using OAuth2 for securing the APIs which are exposed by it. Currently API Manager implementation is tightly bound with the OAuth2. However, there is some way in APIM that we can write our own authentication mechanism for APIs instead of using OAuth2. But it is normally not recommended as some other functions such […]
In this blog, we discussed, how we can use WSO2 API Manager with federated authentication for granting an access tokens. But, API manger is not shipped with all the federated authenticators (which are available in the WSO2IS) by default. Therefore you need to install these authenticators in to the API Manager. In a distributed setup, you […]
In my previous blog post, we went through how you can configure the SAML2 SSO web application with Identity Server. Users authenticate to Identity Server by proving username/password. These username/password must be authenticated with the enterprise user store that is deployed with Identity Server. Therefore; only the user who are in the enterprise user store […]
In my previous blog, we tried out the openid connect support in WSO2IS. Now lets try out with OpenAM. As OpenAM supports password grant type with openid connect, we are just going to try with it now. Step 1. Deploy OpenAM and Start OpenAM server. Please find important guidelines on deploying OpenAM in Apache Tomcat […]