wso2is

问题 I am getting " Policy uploading failed. Invalid Entitlement Policy. Policy is not valid according to XACML schema " message, whenever i am uploading policy in WSO2 identity server. I have wso2is-5.1.0 version. I got this XACML policy from this WSO2 tutorial. The XACML policy is: <Policy xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" PolicyId="Entitlement_Filter_Sample_Policy" RuleCombiningAlgId="urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:first-applicable" Version="1.0">

问题 getting the following error accessing a tomcat app that is linked to a WSO2 Identity Server TID[-1234] [IS] [2014-02-12 11:43:34,386] ERROR {org.wso2.carbon.identity.sso.saml.servlet.SAMLSSOProviderServlet} - Error when processing the authentication request! org.wso2.carbon.identity.sso.saml.util.SAMLSSOUtil.unmarshall(SAMLSSOUtil.java:193) org.wso2.carbon.identity.sso.saml.SAMLSSOService.validateSPInitSSORequest(SAMLSSOService.java:67) org.wso2.carbon.identity.sso.saml.servlet

问题 I just created tenant with name mycompany.com. Within this tenant, I registered Service Provider with name SP. After integrating my application with WSO2, the apps will create SAML Authn request <?xml version="1.0" encoding="UTF-8"?> <saml2p:AuthnRequest AssertionConsumerServiceURL="https://localhost:8443/myapp/auth/sso" Destination="https://localhost:9443/samlsso" ForceAuthn="false" ID="a2i70af753i64cce4ehj977h3h9085h" IsPassive="false" IssueInstant="2016-03-30T02:51:12.083Z" ProtocolBinding

问题 How to cover following scenario using XACML (with WSO2 PDP) and PIP (if required). In Used Car application, in particular location, salesperson are allowed to view-update car price. They can only view cars which are assigned to them. Now from a xacml prespective, we can create policy for salesperson role and based on location hide the particular menus. But what to do with the method getCarDetails(Object User){...} ? here based on UserID (salesperson) we will show the list. How to design this

问题 I have a WSO2 Identiy server installed and i have written some java code to get user information with oauth 2. For this I am using OLTU. I have connected correctly and after negotiating the access_code, I ask for the userinfo endpoint like this: https://<serverIP>:9443/oauth2/userinfo?schema=openid I get user info correctly in JSON format: {"email":"xxxx@xxx.aa","name":"xxx","family_name":"xx","preferred_username":"xxx","given_name":"xx"} What I find is that no role information is returned. I

问题 As we know from this documentation , If you add in the SAML Request the fidp query parameter with the Home Realm Identifier value , WSO2 Identity Server can use this information and respond with the specified login. My question is if it is possible the opposite procedure in any way. If it is possible the WSO2 Identity Server to provide (as a claim ? ) the Home Realm Identifier value in the SAML Array Response. The question concerns the latest public available WSO2 Identity Server version (5.3

问题 I have a requirement to generate deep links/magic links for end users. The users will receive the link via email and on click of it requires to be auto logged in (passwordless login). The identity server that is being used is WSO2 identity server. I also have WSO2 API manager. Can you please suggest the mechanism via which WSO2 identity server would enable the view of the link/page without requiring the user to explicitly login. 回答1: I don't think this is supported out-of-the-box. But you can

问题 My web client application has different menus like read , delete , add ,view etc depending up on the users roles. I have different scope as read , delete , add etc and associated roles with them which is configured in WSO2 API Manager. when user logs in , I authenticate user via WSO2 API Manager and gets the token .How can i obtain all the valid scopes for that token so that i can show the user different menu's depending on the scopes i received? Since i have many scopes , i hope to have some

问题 I am trying get a JWT access token from WSO2 IS. I followed instructions from msf4j Oauth2 Security Sample, and managed to get a JWT acces token by resource owner password grant type. but I have problem authenticating the token externally. it seems that the token had not been signed by the default "wso2carbon.jks". also, my claim configurations in the "service providers" was not reflected in jwt content so my questions: how to config the JWT signing certificate in WSO2IS? and also: How to

问题 This is quite the same question as WSO2 identity server email as username but we want to have both choice to provide username as email address or user's name (pseudo without @). I understand the problem with the tenant fully qualified name using @ but can't we change the @ character for the tenant fully qualified ? Is it possible to use both email address or user's name as username and if so can you provide the configuration, I cannot make it work following https://docs.wso2.com/display/IS520