wso2is

问题 I have requirement to write a policy for the particular user it will return the xacml response like this : This policy is based on single user : bob FirstName: Create= true , Read = true, Update = true, Delete = false MiddleName: Create= true , Read = true, Update = true, Delete = false LastName: Create= true , Read = true, Update = true, Delete = false How to write a xacml policy for such requirement and how the request will look like for the same policy. How to achieve this policy using

问题 When setting up an application from the API Manager store how can I make the OAuth2 grant types authorization code and implicit the defaults for the app? I know how to do this manually using the carbon interface but I would like to make the two grant types the default. 回答1: For authorization code and implicit grant types to be enabled by default, you need to specify a callback URL when creating the App on store. When the callback URL is available these 2 grant types will be shown as enabled

问题 I have succesfully configured SSO using WSO2IS 4.6.0 and spring saml grails plugin, but when I enable signing and signature validation like this: I see errors on WSO2 console WARN {org.wso2.carbon.identity.sso.saml.util.SAMLSSOUtil} - Signature Validation Failed for the SAML Assertion : Signature is invalid. DEBUG org.wso2.carbon.identity.sso.saml.util.SAMLSSOUtil} - org.opensaml.xml.validation.ValidationException: Unable to evaluate key against signature WARN {org.wso2.carbon.identity.sso

问题 We are using WSO2 Identity Server for user authentication. We have upgraded from WSO2 IS 5.2.0 version to WSO2 IS 5.3.0. We are using the IWA (Integrated Windows Authentication) for user authentication for our applications. In WSO2 5.3.0 version we do not see the option to select IWA under the Authentication Type “Local Authentication” while registering the application under “Service Provider”. This option was available in WSO2 IS 5.2.0 and we were able to use it properly. Can you please let

问题 When disabling embedded-LDAP in my Identity Server install, I receive the following startup errors: [2017-10-09 14:12:03,955] ERROR {org.wso2.carbon.user.core.ldap.LDAPConnectionContext} - Error obtaining connection. [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1] javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1] Caused by: org

问题 Is there a way to create nested groups in WSO2 Identity Server using UI or the SCIM interface's Groups end point with LDAP User Store? I tried both but could not create. Is there any other mechanism or the nested groups not supported? 回答1: AFAIK, there is no way to create nested group in WSO2IS, it can only create LDAP groups and assign them to users. But if there are nested group in the LDAP already. Thenusers are retrieved from a particular group, it would give the all users within nested

问题 In v 4.6.0, we cannot delete tenats through the UI, only disable. However, I see there is a deleteTenant method on the TenantMgtAdminService soap service. I have tried to call this service, but I get an error. From the logs, it has: {org.wso2.carbon.tenant.mgt.services.TenantMgtAdminService} - Error deleting tenant with domain: test7.tenant and tenant id: 136. {org.wso2.carbon.tenant.mgt.services.TenantMgtAdminService} java.lang.NullPointerException at org.wso2.carbon.tenant.mgt.services

问题 I'm using WSO2 Identity Server with OpenId Connect protocol for authentication. When a user log in, a session is created to remember the user next time. I would like to know the possible ways to destroy this session. When Authentication Session persistence is not used : if i understood well, in this case the session is kept using the "commonAuthId" cookie. This cookie will be destroyed when the web browser is closed. Is there any other way to "log out" without closing the web browser ? A log

问题 Is there any SCIM endpoints to add users with the groups? I already gone through the article, But i couldn't able to add user with group. Also i need to edit that user and update the group, Is there any SCIM endpoints for these two tasks ? I tried with the following cURL command curl -v -k --user admin:admin --data "{"schemas":[],"name":{"familyName":"gunasinghe","givenName":"hasinitg"},"userName":"hasinitg","password":"hasinitg","groups":[{"value":"a0612e1e-d8c7-47dd-b9ee-4218291945c8",

问题 We would like to ship wso2 IS with our product.Instead of adding service providers manually through console, we want to pre-configure with some default identity providers and Service providers. I was expecting some xml files by which I can configure these. But seems like there is no such file and previous versions of IS has SCIM rest points to add SP configurations, I don't see them with IS 5.0. Any idea on how to go about this? 回答1: There is file that you can configure the service providers.