I have added the user in ldap account manager but not able to get enough resources regarding that.
Related
I'm having separate Dotnet Web Service API to authenticate users. How can I configure it with WSO2 API Manager?
I have already configured WSO2 API Manager with external IDP (Keycloak). Is this is what im looking orcan be achieved in different way.
If you are looking for a way to replace your user store(LDAP/AD/JDBC), with your Dotnet service, you might want to write a new custom user store manager extending the CarbonRemoteUserStoreManger class. There, you should invoke your custom APIs to authenticate, retrieve users. Then you can add a secondary/primary user store with your custom user store manager implementation.
If you want to configure your Dotnet service as a Federated IdP in the API Manager server, you might have to write a Custom Federated Authenticator to communicate with your Dotnet service to authenticate the users. There you should be overriding the initiateAuthenticationRequest and processAuthenticationResponse.
Editing the answer with the new context on issue
In order to generate or validate tokens with an external party(Dotnet service), WSO2 needs to know the service contract of that service beforehand. How you fetch that information to the WSO2 APIM server is by writing an extension to the Key Manger service of the WSO2 APIM server.
By default WSO2 APIM has the implementation to talk to its own Key Manager component and the WSO2 Identity Server. But you need to write the logic (request/response templates) to validate tokens with your dotnet service. This is the official documentation for this. These two Medium posts as well are written on that topic.
Blog 1
Blog 2
Basically, you need to write a simple java extension project to the mentioned interface, so that WSO2 knows how to talk to your service. A sample such implementation written for Okta as a Key Manager is pointed here.
Regarding your concern on validating both the token types;
Yes, it's possible using a custom key manager interface as described above. Once you receive the token at the API Manager side, if you can distinguish if the token was issued by your Dotnet service or by WSO2 itself from your Java logic (May be the token length), then your logic should divert the validation request respectively to WSO2 default Key Validation service (Call super()) or to your Dotnet service call. If you can't distinguish between the two tokens just by looking at them, then you can try both the servers to check if either can validate it. (There's a security vulnerability in that.)
Hope this helps.
I want to check if AWS Security Hub integration is enabled for particular aws account ID and particular region using AWS Security Hub SDK?
For checking this, follow the below steps:
Your AWS account needs to have connector permissions (AWS-SD-Connector-Role) to target aws account
Assume role using the target account ARN (Amazon Resource Name) and get the temporary session credentials of a target account.
Now using the temporary session credentials get the security-hub object of a target account and check which all product subscriptions are enabled in it.
We have multiple different identity providers federated (ADFS, GitHub, OpenID) with our identity management system. It won't work for us to recreate all the identity management federations with Artifactory in order for us to distribute artifacts in a protected manner. Is there any ability for Artifactory to do a token exchange similar to AWS.Cognito that can then be used to access Artifactory programmatically?
You can Authenticate users in Artifactory using external identity providers via several common protocols (LDAP, SAML, OAuth, CROWD...) - read some examples here
You will still have to define the Authorization (permissions) in Artifactory - Which Users/Groups can Read/Write/Manage etc which Resources (Repos)
To make your life easier, check out the Artifactory Access Token page, to see if it answers your programmatically accessing of Artifactory.
Using Access Tokens you can grant scoped access to your artifactory resources without having to integrate external realm users into Artifactory.
HTH,
We are using WSO2 Identity server and WSO2 API Manager to manage access.
We give scopes to API and assign scopes to roles.
Now the requirement came like From the application , privileges for roles has to be manipulable.
Suppose if there is a Role like Admin in the application , we have to list activities[scopes] against that Role and Super User can change the scopes against that Role.Superuser can create new roles as well.
So we cant predefine which are all the scopes for the particular roles.
How can i address this via WSO2? How to manage privilages via WSO2?
I believe what you want is to manage the permission each role has.
That you can do with RemoteAuthorizationManager SOAP service.
See docs here.
I have setup a WSO2 API Manager. When I create a user in WSO2 using web console/ using admin services, I want to send a user activation email with link to the user.
Can someone point me to documentation OR steps to do this?
I am using MySQL to store my users.
EDIT: I am using WSO2 API Manager version 2
EDIT: When I try to access
https://:9443/services/UserInformationRecoveryService?wsdl WSDL is not found.
What are steps to install UserInformationRecoveryService in WSO2 API Manager?
You can use UserInfoRecoveryService for this requirement. You may need to install Account and credential management feature. You can refer this blog to understand how to install that featurs
Thanks
Isura