OpenAM provides a set of REST APIs to authenticate the users with username/password & validates the authenticated user’s sessions. Assume that there is an application which has been implemented to authenticate its end users by calling REST API of the OpenAM. As an example in following HTTP POST request must be sent to OpenAM for […]
Tag: WSO2
Federated users can be provisioned to WSO2IS local user store using JIT provisioning. But; WSO2IS can not enforce end users to enter new attributes for provisioning. But; WSO2IS 5.3.0 contains new feature which end user’s can fill out the mandatory attributes for given service provider. Assume that federated IDP or local IDP does not contain […]
We have already discussed on implementing custom grant types for OAuth2 in this blog post. Today, we are going to implement a Mutual SSL (X.509 certificate) based grant type for WSO2IS/APIM Following must be noted. Mutual SSL is handled at transport level. OAuth2 Grant handler has no any idea on the mutual SSL. Once mutual SSL […]
I have seen many queries on configuring SSO session time out in WSO2IS. First, you need to understand that WSO2IS creates separate SSO session for SSO login and it is different from the session which is created when you are login to WSO2IS management console. Let see how you can configure the SSO session time […]
In my previous blog post, we understood how to deploy in WSO2IS with proxy server or load balancer. But it is about a basic deployment. When it comes to the real production. Lets try to understand the most common deployment pattern. Followings are the important points to consider when it comes to the production deployment. […]
With latest browsers (Firefox v39.0, Chrome v45.0) you would probably be hit by following issue due to use of weak DHE ciphers for SSL communication in the WSO2 products. To resolve this issue, you have following three options. Option 1. You need to disable the all DHE cipher which is used. So; you can configure […]
WSO2IS supports for account recovery/validation using identity management features. By default; it is supported to send the user notifications using emails. WSO2IS contains an email sending module with WSO2IS which is based on Axis2. But, you can configure any other notification modules with WSO2IS or extend the existing email sending module. This blog post describes […]
In my previous posts, we tried the federation authentication with WSO2IS and other third party identity provider such as Salesforce, Google IDP, Shibboleth and so on. You can find them from here In this post, we are trying to understand,, how to configure multiple federated IDPs with given service provider. Let assume that we have already […]
Lets discuss; How you can properly configure KeyStores in WSO2 products. There are two main keystores in all products which are, In 4.2.X products Primary KeyStore which is used for SSL Registry KeyStore which is used for Data encryption and decryption. You can find that both KeyStore configurations in the /repository/conf/carbon.xml file. By default; same […]
If you are storing end user passwords, It must be stored as hashed value.. not as encrypted or plain text. Because; once it is stored as hashed, it is hard to find the actual password out of it. So, it is guarantee more security for your end users. Let see how we can properly configure […]