• Home
  • XACML
    • XACML Policy Editors
    • XACML Samples
    • XACML Performance
    • XACML Discussions
    • Balana
  • SAML2
  • OAuth2
  • OpenID-Connect
  • SCIM
  • WS-Security
  • User Management
  • KeyStore Management
  • Patterns
  • WSO2
    • WSO2IS
    • WSO2APIM
    • WSO2ESB
    • WSO2 Extension
    • Load Balance
    • Clustering
    • Multitenancy
  • Shibboleth
  • Contact Us

Different Authentication Mechanism for WSO2 Carbon Management Console and Admin Service APIs

Users can login to WSO2 Carbon management console by providing username/password. Also external system can access admin services of Carbon server by providing username/password. Is there any ways to extend the default authentication mechanism ? Yes. WSO2 Carbon product provides an authentication framework that can be used to extend the different authentication mechanism. By default WSO2 Carbon product is shipped with several authenticators. Some authenitcators only use for access the admin service APIs. Some are only for access management console login…..  You can find more details about WSO2 Authentication framework from here

Following are currently available authenticators

IWA Authenticator  :  Once user is login in to the windows server machine using windows authentication,  User can seamlessly login to the WSO2 Carbon management console. WSO2 Carbon product must be configured with AD

SAML2 SSO Authenticator  :  Once user tries to access WSO2 Carbon management console, user would be redirected to configured IDP.  User only provides credentials to the IDP and would be able to login to Carbon management console seamlessly. But here,  IDP and WSO2 Carbon product must have the same user for authorization purpose. Therefore sometime, same user store can be shared with IDP and Carbon products.

WebSeal Authenticator   :   User has already login to WebSeal server,  when user tried to login to  Carbon management console.  User can login seamlessly. But here,  IDP and WSO2 Carbon product must have the same user for authorization purpose

Mutual SSL  :  This is not used to login to  management console.  But this is used to access Admin service APIs of Carbon server.

Also You can write your own authenticator and plug it with WSO2 carbon product.  Sometime you may need to modify the existing authenticators according to your requirement. As an example, SAML2 SSO authenticator has not been implemented to support all optional requirements in SAML2 SSO profile. But if your IDP consider some of these optional requirements as mandatory requirements, then you may need to modify them. Let see how we can achieve those.

Modifying the current authenticators

1. You may need to modify the source and build the source and patch the Carbon server. You need to find out the correct version of the source that you need to patch. Please check the version in the Carbon distribution and the you can SVN  checkout the source corresponding to exact version.

2. Modify the source and Build it using Maven 3.0

3. Copy and Replace the default jar file which can be found at <CARBON_HOME>/repository/components/plugins directory.

Or less, You can install the modified jar file as a patch

3. Create a directory called “patchXXXX” under <CARBON_HOME>/repository/components/patches directory. ( X is an integer which is such that    -1 < X < 10   But XXXX value can not be the 0000) And Copy modified jar file in to this directory.

4. Restart the server.

Configure new Authenticator

There can be two reasons to configure new authenitcator…

  • You can implement a new authenticator from scratch.
  • You can modify the available authenticators and configure it as new authenticator. You can fork the source of current authenticator and can create new authenticator… Here It is importance this  you need to configure a new name for your authenticator to avoid the confusion.

You can deploy and configure authenticator in following manner…

1. Copy authenticator related bundles in to <CARBON_HOME>/repository/components/dropins directory

2. Configure new authenticator using authenticators.xml file which can be found at <CARBON_HOME>/repository/conf/security directory.

<Authenticator name="CustomAuthenticator" disabled="false">
<Priority>20</Priority>
<Config>
<Parameter name="param1">value1</Parameter>
<Parameter name="param2">value2</Parameter>
</Config>
</Authenticator>

3. Restart the Server.

Hope this would help you….

Related posts:

  1. Understanding the Admin Services in WSO2 Carbon Products
  2. Remote user management feature in WSO2 Carbon products.
  3. User Role management with WSO2 Identity Server APIs
  4. JAX-WS client for WSO2 Admin service.
Discuss this article on Stack Overflow
Tags: Authentication, Carbon, Login, WSO2, WSO2IS
◀ Securing a Proxy Service in WSO2 ESB -1 ( Using Hash passwords In Username Token)
How to Invoke Username Token Secured Backend Service using WSO2ESB ▶

Related Posts (YARPP)

  1. SSL profiles in WSO2 ESB
  2. How Install PostgreSQL database in Ubuntu
  3. How to Deploy Axis2 services in WSO2 BPS
  4. Configure WSO2 Identity Server as SAML2 SSO IDP

Recent Posts

  • Exchanging An OAuth2 Access token for An OpenAM Cookie (Cookie base OAuth2 grant)
  • How to renew self signed certificate keeping old private key
  • JIT provisioning & user association with WSO2IS
  • Mutual SSL (X.509 Certificate) grant type for OAuth2
  • Service provider grouping with WSO2 Identity Server
  • Custom authenticator for WSO2 Identity Server (WSO2IS) SSO login
  • How to configure session time out in WSO2 Identity Server (WSO2IS)
  • Deployment pattern of WSO2 Identity Server in production
  • Resolving ERR_SSL_WEAK_EPHEMERAL_DH_KEY error in WSO2 Products (Server has a weak ephemeral Dillie-Heffman public key).
  • Custom notification module for account management in WSO2 Identity Server (WSO2IS)
  • Configure Multiple Federated Identity Providers with WSO2 Identity Server (WSO2IS).
  • Configure KeyStore (JKS) files in WSO2 products in Production
  • Secure WSO2 ESB proxy service with HTTP Basic Authentication.
  • How to enable Hash Passwords in OpenLDAP
  • How to Install OpenLDAP server
  • User Password Hashing with WSO2 Identity Server (WSO2IS)
  • Securing APIs using Mutual SSL with WSO2 API Manager.
  • Federated authenticators in WSO2 API Manager - WSO2APIM
  • [Federated Authentication] Integration OpenAM with WSO2IS using Openid-Connect
  • Openid-connect support with OpenAM
  • Granting different access tokens for each APIs in WSO2 APIM using OAuth2 Scopes
  • Federated Authentication for granting OAuth2 Access token with WSO2 API Manager (APIM)
  • SAML2 Signature validation tool for SAML2 Response and Assertion
  • Validate and Process JWT tokens with Java
  • Customizing SAML2 Response and SAML2 Assertion in WSO2

Like SOA Security

Like SOA Security

Tags

Admin Services Balana Cluster Clustering Custom Customizing Entitlement Federated Authentication Federation Pattern grant_type Hash Password Identity Server JKS KeyStore LDAP Load balance Load Balancer Login MDF Mutual SSL OAuth2 OpenAM Openid-Connent Open source PAP PDP PEP PIP Policy Editor Proxy Server SAML SAML2 SSL SSO User Management Username Token WS-Security WSO2 WSO2 Extension WSO2APIM WSO2ESB WSO2IS XACML XACML 3.0 XACML Sample

Subscribe to Blog via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 53 other subscribers

Asteroid Theme