Posts

OAuth - Extension Points Part 2 - WSO2 Identity Server

OAuth2 is widely used in the enterprise today for authorization aspects of APIs. This is the second post on the extension points available in WSO2 Identity Server after WSO2 Identity Server - Extension Points - Part 1 - SAML


All the implementation using following extension point needs to be configured at <IS_HOME>/repository/conf/identity/identity.xml file under the element OAuth.
Custom OAuth grant handlerUsage:When we need to support an OAuth flow that is different from standard grant types. Validates the grant, scopes, and access delegation. Sample:https://docs.wso2.com/display/IS510/Writing+a+Custom+OAuth+2.0+Grant+Type

org.wso2.carbon.identity.oauth2.token.handlers.grant.AuthorizationGrantHandler
Client Auth HandlerUsage:
When the client credential authentication needs to be customized. By default we validate the client id and secret.
Interface:
org.wso2.carbon.identity.oauth2.token.handlers.clientauth.ClientAuthenticationHandler OAuth Callback HandlerAn extension point provide…

WSO2 Identity Server - Extension Points - Part 1 - SAML

This is the first post of a series of post to come, to serve as a catalog of extension points available within WSO2 Identity Server as of IS 5.1.0 version which is to be released soon. Most of them are available in 5.0.0 version as well. We have quite a lot of flexibility provided for the users to shape Identity Server to serve exactly what they require via these extension points.
There are 2 types of extensions available in WSO2 Identity Server as of now. Most of these require a restart of the server in order to be effective, but can be configured dynamically without a restart of the server. Few of the extensions like UI theming can be made without a server restart. Drop the extension developed as an OSGI bundle, followed by a server restart,  configure it dynamically eg: custom user store managers Drop the extension developed as a Java component, configure in a configuration file, then restart the server. Configure it dynamically via the UI. eg: custom authenticators

Files Used for Con…

Leveraging federation capabilities of Identity Server for API gateway - Configuration Details

Image
With this post I am to share the steps of a popular solution using WSO2 Identity Server and WSO2 API Manager. Following diagram will give an initial insight on this solution. Overview


1.  Webapp that requires single sign on(SSO) facility with some other applications. 
                - To achieve this we are using WSO2 Identity Server(IS) as the Identity Provider(IDP). 
2.  Webapp needs to consume some APIs secured with OAuth tokens.                  - To expose the APIs secured with OAuth tokens we are using WSO2 API Manager(AM) here.
                - Since we already have the SAML Response received at SSO step, SAML2 Bearer grant type is ideal to use at this scenario to request an OAuth token to access the required APIs.                 - Allowing AM to properly issue an OAuth token in this scenario, we add IS as a trusted IDP in AM.
3.  Webapp requires to allow users registered in another IDP like Facebook or Google to be able to login with SSO functionality.                  - With mini…