wso2is

问题 Is it advised to use different database for identity,shared,bps,consent & metric db in wsois 5.9.0? how to configure consent and metric db? I am trying this configuration: [user_store] type = "database" TenantManager="org.wso2.carbon.user.core.tenant.JDBCTenantManager" ReadOnly=false ReadGroups=true WriteGroups=true scim_enabled = true #enabling scim apis [database.user] url = "jdbc:mysql://localhost:3306/regdb?useSSL=false" username = "regadmin" password = "regadmin" driver = "com.mysql.jdbc

问题 I'm trying to implement OpenId Connect in an SPA application with WSO2 Identity Server 5.0.0. I'm trying to use Implicit Flow but I always received an error from the identity server. GET Request: https://idserver:9443/oauth2/authorize?response_type=id_token& client_id=abcd& redirect_uri=https%3A%2F%2Flocalhost%3A44326%2F Error Response: invalid_request, Invalid response_type parameter value Is response_type=id_token supported? 回答1: With WSO2 Identity Server 5.0.0 OpenID Connect "id_token"

问题 My SAML request from WSO2 to my IdP contains the port still in the AssertionConsumerServiceURL in the AuthnRequest. I am running the system behind a reverse proxy and need to change this URL. Please help, I cannot find it in any configs, thank you 回答1: To change the hostname : Set the "MgtHostName" value to your hostname at repository/conf/carbon.xml To change the port : Add proxyPort="443" attribute to the HTTPS connector element at the repository/conf/tomcat/catalina-server.xml 回答2: In

问题 I deployed wso2 IS 5.3.0 in docker. I set it up for openid connect authentication. I tried to have kubernetes to work with it for authentication. But it turns out to have problem with iss field in idtoken. The payload part of the token looks like below after decode: {"exp":1487335376,"sub":"admin","azp":"Dibo_uMHzySCIxrf55uvMGWjGEUa","at_hash":"_8q5TmtJRsdEj4V_dL4-Zg","aud":["Dibo_uMHzySCIxrf55uvMGWjGEUa"],"iss":"https:\/\/localhost:9443\/oauth2\/token","iat":1487331776,"acr":"urn:mace

问题 I am using WSO2 Identity management server(WSO2 IS) for SSO . Once user is authenticated ID server sends the SAML response to webapp. I want WSO2 IS to send token in pre-configured format(like user_name and user_role) to be sent instead of SAML reponse. 回答1: WSO2IS acts according to the SAML2 SSO specification, Therefore username and user's attributes can be found inside the SAML2 Assertion as attribute statement. There is no flexibility to customize it. But, if you do not like SAML2 SSO (As

问题 Environment: wso2 5.3.0 installed on Windows 7 sp1 jdk_1.8.0_151 with external primary user store on AD (Windows server 2016 Active Directory) Action: wso2 starts normally wsoadmin user is available in AD wso2 binds via ldaps to AD logging into the wso2 management menue on win 7 client as administrator ok all existing AD users show up in the wso2 users list view (only those with an email address) If I want to add a new user "wsotest" an error is thrown: ERROR {org.wso2.carbon.user.mgt.ui

问题 I am trying to achieve MFA in WSO2. I made changes as per the below link but nothing worked, https://docs.wso2.com/display/IS510/Multi-factor+Authentication+using+FIDO I am a bit confused, do we need a physical U2F device to achieve this MFA? Are there any other multi factor authentication methods/tutorials available for WSO2? 回答1: Yes, as @maduranga has explained you need a physical U2F device for MFA with Fido. Fido is the only out-of-the-box MFA authenticator that ships with WSO2 Identity

问题 I need to create a .NET client for a wso2 Secure Token Service. Normally I would create a simple console or WinForm project adding a Service Reference to it. The exposed WSDL would be turned in a set of classes that I can use to query the service and to properly manage its response. Unfortunately, the generated request and response classes are empty: just the class declaration without any property or method. This is similar to the behaviour described in this other (unanswered) Stack Overflow

问题 Using java client, I have generated the SAMLRequest string Is there a way to post the whole data, and skip the IdentityServer login page? With the data which I pass, has to meet the authentication for SSO and then generate Oauth2Token. 回答1: You can use request path authentication and send the username, password in the same request, which will give you the SAML assertion. You can later use SAML2 bearer grant type to exchange that assertion to an oauth token. 来源： https://stackoverflow.com

问题 I'm rewording a question that I previously posted here. The default functionality for WSO2 Identity Server is to allow users to register user accounts for themselves. However, this is undesirable for my company. We only want to allow an administrator to create user accounts. Is it possible to disable the user self registration functionality in wso2 identity server? 回答1: Yes, you can remove this feature from the WSO2 Identity Server. Go to Configure --> Features --> Installed Features -->