I had deployed WSO2 APIM 4.0.0 in my VM and configured SSO with keycloak oidc.
Login works fine, but Logout fails for redirecting too many times in browser.
Logout operation works fine sometimes, but most times fails.
I don't know why.
Here is the URL when logout from browser:
https://keycloak.okd.cestc.com.cn:8443/auth/realms/registry/protocol/openid-connect/logout?id_token_hint=eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJ4QjMyUy1JdkFfaWN1U0dsNlMtNXlVNm9CUkc2ODM0VE9jd3VvbVV4NVVnIn0.eyJleHAiOjE2NTAxMTkzNjIsImlhdCI6MTY1MDExOTA2MiwiYXV0aF90aW1lIjoxNjUwMTE5MDYyLCJqdGkiOiJmMWY5NjUwNi01MTdmLTQxNzctYWE0My1mNWNkYzQ5ZmI1NjUiLCJpc3MiOiJodHRwczovL2tleWNsb2FrLm9rZC5jZXN0Yy5jb20uY246ODQ0My9hdXRoL3JlYWxtcy9yZWdpc3RyeSIsImF1ZCI6IndzbzJhcGltIiwic3ViIjoiZmY0MmU5MGItZWEzNi00Mjg3LWFhYmMtYTBjZDMyNWE2YzlhIiwidHlwIjoiSUQiLCJhenAiOiJ3c28yYXBpbSIsInNlc3Npb25fc3RhdGUiOiI4Y2Y5YjFjMC1jNzI4LTRiZTktOTY0My03MDU1MTQ2MTM1OTMiLCJhdF9oYXNoIjoiU3dwenlPOVB3ZjFsS1BhV3pMeTJLUSIsImFjciI6IjEiLCJzaWQiOiI4Y2Y5YjFjMC1jNzI4LTRiZTktOTY0My03MDU1MTQ2MTM1OTMiLCJlbWFpbF92ZXJpZmllZCI6dHJ1ZSwicm9sZXMiOlsic3Vic2NyaWJlciJdLCJuYW1lIjoia2V5IGNsb2FrIiwicHJlZmVycmVkX3VzZXJuYW1lIjoia2V5Y2xvYWt1c2VyIiwiZ2l2ZW5fbmFtZSI6ImtleSIsImZhbWlseV9uYW1lIjoiY2xvYWsiLCJlbWFpbCI6ImtleUBjbG9hay5jb20ifQ.F1_cxuU0TOl2tSrjEbwGcpyyha3iLBGyKGucp3od06P7HC7JslCdmeM5lwCHx2BKbxLByzG7ZcMeA6F6J3hMEKvXzxkZKQkHqy0jGeQdM7mmZFJsAjfxMpPxXN9KPS3C8Aw9RgyZlwKBBANNgU6Ur2SMiTVOwGtWUvrcGBnd_mry2-CGslqVUVeAl-RMSkJ0b8KiAIQowaEDWqyr5kejAnIa7w6dVz6PzTd8GBaAcwtOLhX7heNId0fhwLgC9Mxth_pRMeDz3MVafaxbjpttkyPacj1lgoE6pPMD-eu0wRdUmlyzHGD3iIVDeIsuEl6Qbnzbq940Q8b8qj4NjM9-8g&state=dc9ff587-bb56-4968-8c80-0e968ff6e440%2COIDC&post_logout_redirect_uri=https%3A%2F%2Fregistry.okd.cestc.com.cn%3A9443%2Fcommonauth
Related
I have deployed wso2am-4.0.0, and configured sso with keycloak oidc. Everythin worked fine but logout failed, it didn't loutout from https://am-domain:9443/publisher.I am searching for a long time on net. But no use. Please help or try to give some ideas how to achieve this
I have configured 2 wso2 IS server instances in the local windows environment according to the documentation provided https://docs.wso2.com/display/CLUSTER44x/Clustering+Identity+Server+5.1.0%2C+5.2.0+and+5.3.0
and also the NGINX configuration with self signed certificates
I have been redirecting to the wso2 is login page of any one node but when logging in its redirecting to the login page again but at log showing
[2017-05-24 15:52:26,528] INFO {org.wso2.carbon.core.services.util.CarbonAuthenticationUtil} - 'admin#carbon.super [-1234]' logged in at [2017-05-24 15:52:26,528+0530]
Its working properly with one node(other is down).
I am not able to figure out where is the issue, both nodes are working properly no error in the logs,
Please help ,
Thanks
Pankaj
You will need to enable sticky sessions in nginx configurations. See WSO2 doc too.
I've just installed Redmine on Windows 2008 R2 through the setup realized by Bitnami.
All works fine. Also SSL is working excellent.
Since today Redmine is in my DMZ, and I reach it directly, from internal network.
I arrive on login page and go.
Now I've published it on public IP with Microsoft TMG.
On TMG I use a listener that require authentication through radius.
TMG permits to pass credential to the web application by some different way, one is basic auth, one is NTLM....
I've found a redmine plugin that permit to use basic auth in redmine, so at login I don't see the redmine page but the classic http popup for credentials.
In this situation, like other published web application, TMG is configured to pass credentials on http basic auth but only redmine fails.
TMG pass credentials and these are refused by redmine, so TMG propose again credentials request.
Does anyone has a solution?
It could be a problem in the basic auth plugin, but it's the only one I've founded.
Thanks,
Mirko
I successfully configured WSO2 API Manager 1.8.0 [e.g. https://wso2am.com:9443] and WSO2 Identity Server 5.0.0 SP1 [IS] acting as Key Manager [e.g. https://wso2is.com:9443] in a clustered setup on 2 different servers.
I also configured a Service Provider in the IS using a SAML SSO Inbound Authenticator and tested it with travelocity.com sample app.
The sample app builds the SAML request in the right way, but https://wso2am.com:9443/samlsso?SAMLRequest=[base64stuff] returns an HTTP Status 405 - HTTP method GET is not supported by this URL.
Changing the url in https://wso2is.com:9443/samlsso?SAMLRequest=[base64stuff]
leads to successful authentication.
Basically I want to be redirected to wso2am login page and not wso2is login page.
In this way, I could deploy in DMZ WSO2AM only, leaving WSOIS in the internal network.
How can I do?
Thanks
In this scenario I think your authentication request must be directed to IS server, not APIM. The IS server is the one who does the authentication. Hence it acts as the IDP. APIM is just a service provider (SP). Even if you succeeded (even it's not the correct behaviour) with sending a SAML request to https://wso2am.com:9443/samlsso endpoint, it will redirect you to the login page in IS server. So you have to send the SAML request to the https://wso2is.com:9443/samlsso endpoint for successful authentication & for the correct behavior.
I have forms authentication setup through a Web API project. The forms auth works fine to login the user to the web site (note: API server is not the same server as web server). However, the API services I have restricted to logged in users are returning a 401, because Request.IsAuthenticated = false when I send back the very same forms auth cookie the API server just set, back to itself.
I have no idea why this is happening. I verified the .ASPXAUTH cookie is being sent with the request. Forms Auth is setup consistently across API and Website; and the website picks up the forms auth cookie just fine. Why is my API server not recognizing my user as logged in, even though the API server itself set the cookie?
Figured it out. The issue was a browser conflict with one of my Chrome add-ons. Once I opened the site up in a incognito window sans add-ons, it worked as expected.