I have setup a WSO2 API Manager. When I create a user in WSO2 using web console/ using admin services, I want to send a user activation email with link to the user.
Can someone point me to documentation OR steps to do this?
I am using MySQL to store my users.
EDIT: I am using WSO2 API Manager version 2
EDIT: When I try to access
https://:9443/services/UserInformationRecoveryService?wsdl WSDL is not found.
What are steps to install UserInformationRecoveryService in WSO2 API Manager?
You can use UserInfoRecoveryService for this requirement. You may need to install Account and credential management feature. You can refer this blog to understand how to install that featurs
Thanks
Isura
Related
I'm having separate Dotnet Web Service API to authenticate users. How can I configure it with WSO2 API Manager?
I have already configured WSO2 API Manager with external IDP (Keycloak). Is this is what im looking orcan be achieved in different way.
If you are looking for a way to replace your user store(LDAP/AD/JDBC), with your Dotnet service, you might want to write a new custom user store manager extending the CarbonRemoteUserStoreManger class. There, you should invoke your custom APIs to authenticate, retrieve users. Then you can add a secondary/primary user store with your custom user store manager implementation.
If you want to configure your Dotnet service as a Federated IdP in the API Manager server, you might have to write a Custom Federated Authenticator to communicate with your Dotnet service to authenticate the users. There you should be overriding the initiateAuthenticationRequest and processAuthenticationResponse.
Editing the answer with the new context on issue
In order to generate or validate tokens with an external party(Dotnet service), WSO2 needs to know the service contract of that service beforehand. How you fetch that information to the WSO2 APIM server is by writing an extension to the Key Manger service of the WSO2 APIM server.
By default WSO2 APIM has the implementation to talk to its own Key Manager component and the WSO2 Identity Server. But you need to write the logic (request/response templates) to validate tokens with your dotnet service. This is the official documentation for this. These two Medium posts as well are written on that topic.
Blog 1
Blog 2
Basically, you need to write a simple java extension project to the mentioned interface, so that WSO2 knows how to talk to your service. A sample such implementation written for Okta as a Key Manager is pointed here.
Regarding your concern on validating both the token types;
Yes, it's possible using a custom key manager interface as described above. Once you receive the token at the API Manager side, if you can distinguish if the token was issued by your Dotnet service or by WSO2 itself from your Java logic (May be the token length), then your logic should divert the validation request respectively to WSO2 default Key Validation service (Call super()) or to your Dotnet service call. If you can't distinguish between the two tokens just by looking at them, then you can try both the servers to check if either can validate it. (There's a security vulnerability in that.)
Hope this helps.
We integrated Alfresco in our enterprise integration platform using CMIS.
Now we are wondering if there is an official or unofficial way to run queries against the alfresco cmis api using runAs similar to a REMOTE_USER for SSO login sending the username for the permission downgrade in the request header/body since the integration platform has no end user credentials and should not handle alfresco tickets on a per user basis.
The only way I found so far was Jeff's suggestion made in Alfresco Community OAuth2 SSO via CMIS to configure Alfresco for external auth but then we have to handle per user sessions from the integration platform to Alfresco instead of using one session sending the user in the request which we use in other custom java code.
I want to integrate WSO2 Identity server and API manager together so that user authentication can be done by WSO2 Identity server and API level authorization can be done in the API Manager.I am using WSO2 identity server separately so that one day if i have to remove API Manager , authentication will work properly.
Can someone explain the workflow/architecture? Where should i keep the users , in the identity server or in the API Manager? I Would like to have the /oauth2/token token generation code to hit the Identity server .How can i achieve this?
Is there a cloud hosting for WSo2 Identity server.
Thanks
If you want to configure WSO2 IS as an keymanager all the detailed steps can be found in WSO2 doc https://docs.wso2.com/display/CLUSTER44x/Configuring+the+Identity+Server+5.2.0+as+a+Key+Manager+with+API+Manager+2.0.0
Is it possible in WSO2 API Manager to redirect to IdP(Eg. ADFS) when accessing any of the APIs on API Manager. If so, how it can be achieved. Please forward any link as such.
How can I pass the access token created on an OpenIdConnect Federated IDP to the developer application?
Currently, the federated access token doesn't get passed through the API Manager and the API Manager generates a new access token for the application.
You won't be able to plug in an external IDP and generate access tokens using an out-of-the-box API Manager. But you can implement a custom keymanager implementation and plug external third party keymanager to API manager and then use that tokens. See Configuring a Third-Party Key Manager in the product documentation regarding this. It has a sample where "Surf OAuth Authorization Server" is use as the key manager. You will be able to implement similar thing for your scenario.
following are some good posts related to this feature.
https://amilasnotes.wordpress.com/2015/06/20/customizing-key-validation-flow/
https://amilasnotes.wordpress.com/2015/05/19/integrating-with-a-third-party-oauth-provider-overview/
https://amilasnotes.wordpress.com/2015/06/07/provisioning-oauth-clients-created-out-of-band/