OpenAM provides a set of REST APIs to authenticate the users with username/password & validates the authenticated user’s sessions. Assume that there is an application which has been implemented to authenticate its end users by calling REST API of the OpenAM. As an example in following HTTP POST request must be sent to OpenAM for […]
Category: WSO2IS
WSO2 Identity Server
We have already discussed on implementing custom grant types for OAuth2 in this blog post. Today, we are going to implement a Mutual SSL (X.509 certificate) based grant type for WSO2IS/APIM Following must be noted. Mutual SSL is handled at transport level. OAuth2 Grant handler has no any idea on the mutual SSL. Once mutual SSL […]
When WSO2IS is used as SSO IDP, end user (single browser agent) can have only one SSO session with WSO2IS. This session can not be based on the service provider or tenant domain or any other parameter. It means that once end user is authenticated to WSO2IS using given SP, All other SPs which are […]
In SSO login, you can plug different custom authenticators in to the WSO2IS. There are two major types. One is local authenticators and other one is Federated Authenticators. Federated authenticators are needed when you need to provide browser based redirections to another IDP. As an example Salesforce, Google, Facebook IDPs. (More details from here) In […]
I have seen many queries on configuring SSO session time out in WSO2IS. First, you need to understand that WSO2IS creates separate SSO session for SSO login and it is different from the session which is created when you are login to WSO2IS management console. Let see how you can configure the SSO session time […]
WSO2IS supports for account recovery/validation using identity management features. By default; it is supported to send the user notifications using emails. WSO2IS contains an email sending module with WSO2IS which is based on Axis2. But, you can configure any other notification modules with WSO2IS or extend the existing email sending module. This blog post describes […]
In my previous posts, we tried the federation authentication with WSO2IS and other third party identity provider such as Salesforce, Google IDP, Shibboleth and so on. You can find them from here In this post, we are trying to understand,, how to configure multiple federated IDPs with given service provider. Let assume that we have already […]
If you are storing end user passwords, It must be stored as hashed value.. not as encrypted or plain text. Because; once it is stored as hashed, it is hard to find the actual password out of it. So, it is guarantee more security for your end users. Let see how we can properly configure […]
In my previous blog post, we went through how you can configure the SAML2 SSO web application with Identity Server. Users authenticate to Identity Server by proving username/password. These username/password must be authenticated with the enterprise user store that is deployed with Identity Server. Therefore; only the user who are in the enterprise user store […]
WSO2IS provides extensions to customize the SAML2 response and Assertion that is generated with SAML2 SSO web browser profile. You can find more on SAML2 SSO with WSO2IS from here as well. Lets go through quick to on customizing SAML2 Response and Assertion. Step 1. First, you need to implement a new SAML2 Response or […]