OpenAM provides a set of REST APIs to authenticate the users with username/password & validates the authenticated user’s sessions. Assume that there is an application which has been implemented to authenticate its end users by calling REST API of the OpenAM. As an example in following HTTP POST request must be sent to OpenAM for […]
Category: OAuth2
OAuth2.0
We have already discussed on implementing custom grant types for OAuth2 in this blog post. Today, we are going to implement a Mutual SSL (X.509 certificate) based grant type for WSO2IS/APIM Following must be noted. Mutual SSL is handled at transport level. OAuth2 Grant handler has no any idea on the mutual SSL. Once mutual SSL […]
In my previous blog post, we went through how you can configure the SAML2 SSO web application with Identity Server. Users authenticate to Identity Server by proving username/password. These username/password must be authenticated with the enterprise user store that is deployed with Identity Server. Therefore; only the user who are in the enterprise user store […]
In my previous blog, we tried out the openid connect support in WSO2IS. Now lets try out with OpenAM. As OpenAM supports password grant type with openid connect, we are just going to try with it now. Step 1. Deploy OpenAM and Start OpenAM server. Please find important guidelines on deploying OpenAM in Apache Tomcat […]
When you are using WSO2 APIM, application can subscribe for multiple APIs which are available in the API Store. End users can grant access tokens for the application. By default, these access tokens can be used to access all the APIs which are subscribed by the application. Simply, granted access token can be used to […]
WSO2 API Manager supports for both authorization code and implicit grant types. When Access tokens are granted using above grant types, end user must be authenticated to API manager (Actually Key manager) by providing their credentials. It means that end user must be in the user store that is connected to the API Manager (Key […]
Lets see how we can process and validate the JWT token using simple java code. We have generated a sample JWT token from WSO2IS.. You can find it in following eyJ0eXAiOiJKV1QiLCJhbGciOiJTSEEyNTZ3aXRoUlNBIiwieDV0IjoiTm1KbU9HVXhNelpsWWpNMlpEUmhOVFpsWVRBMVl6ZGhaVFJpT1dFME5XSTJNMkptT1RjMVpBIn0.eyJpc3MiOiJodHRwOi8vd3NvMi5vcmcvZ2F0ZXdheSIsImV4cCI6MTQyNjczODI1MDkzNSwiaHR0cDovL3dzbzIub3JnL2dhdGV3YXkvc3Vic2NyaWJlciI6ImFkbWluIiwiaHR0cDovL3dzbzIub3JnL2dhdGV3YXkvYXBwbGljYXRpb25uYW1lIjoiT3BlbmlkQ29ubmVjdCIsImh0dHA6Ly93c28yLm9yZy9nYXRld2F5L2VuZHVzZXIiOiJhc2VsYUBjYXJib24uc3VwZXIiLCAiaHR0cDovL3dzbzIub3JnL2NsYWltcy9jb3VudHJ5IjoiVW5pdGVkIFN0YXRlcyIsICJodHRwOi8vd3NvMi5vcmcvY2xhaW1zL2VtYWlsYWRkcmVzcyI6ImFzZWxhQHNvYXNlY3VyaXR5Lm9yZyIsICJodHRwOi8vd3NvMi5vcmcvY2xhaW1zL2Z1bGxuYW1lIjoiYXNlbGEiLCAiaHR0cDovL3dzbzIub3JnL2NsYWltcy9naXZlbm5hbWUiOiJBc2VsYSIsICJodHRwOi8vd3NvMi5vcmcvY2xhaW1zL2xhc3RuYW1lIjoiUGF0aGJlcml5YSIsICJodHRwOi8vd3NvMi5vcmcvY2xhaW1zL29yZ2FuaXphdGlvbiI6InNvYXNlY3VyaXR5Lm9yZyIsICJodHRwOi8vd3NvMi5vcmcvY2xhaW1zL3JvbGUiOiJJbnRlcm5hbC9ldmVyeW9uZSIsICJodHRwOi8vd3NvMi5vcmcvY2xhaW1zL3Nob3ciOiJVbml0ZWQgU3RhdGVzIiwgImh0dHA6Ly93c28yLm9yZy9jbGFpbXMvc3R1ZGlvIjoiQXNlbGEiLCAiaHR0cDovL3dzbzIub3JnL2NsYWltcy90ZWxlcGhvbmUiOiIrOTQ3Nzc2MjU5MzMifQ.d57VGVAhZmTpIMl8hiIUO8D7hAZl-bZm5TnDW9si3qnHFliMHsxlE6HJ7bSjmoobIgdqJ7xToWtOm2orrQKFxzF4xxkpNeU1-qGFoG6-IyRF-JAJao0xq6WIGk8fR2BSN_zxsNbR84-3FMWd6mljPnImWYLe_8mOBFyDcsuDCkk It has been signed using RS256 (RSA algorithm using SHA-256). WSO2IS uses its primary keystore to sign the JWT token. By default […]
According to the OpenId Connect specification, It is recommended to use authorization code and implicit grant types for OpenId Connect requests. But it is not mentioned that other grant types can not be used. Therefore you can use any other grant types for OpenId Connect authentication request. Some OAuth2 Authorization server supports for password grant […]
OAuth 2.0 Authorization servers support for four main grant types according to the specification. Also it has given the flexibility to support any custom grant types. Today, I am going to implement a custom grant type for OAuth 2.0 Authorization server. Also we are going to see how we can extend the behavior of default […]
SAML2 Bearer grant type is one of the popular profile in OAuth 2.0. Once end user login in to a web application using SAML2 SSO and if web application needs to call an OAuth secured API behalf of the user, SAML2 Bearer grant type would be the ideal way to do it. With this profile, […]