Lots of thanks! it worked! :)
On Thu, Jun 17, 2010 at 7:31 PM, Thilina Mahesh Buddhika <[email protected]>wrote: > Hi, > > When integrating Google Apps with Identity Server, it is required to have > same user set in both sides. But the authentication credentials are > maintained only at Identity Server. > > In Standalone Identity Server, the default key pair is used for signing > SAML2 assertions. So you can extract the default public key(which has the > alias 'wso2carbon') from the wso2carbon.jks (which is available in > ${IS_HOME}/resources/security) using the keytool. Or else, you can save it > from the browser, when you are accessing IS management console. > > For Cloud Identity Server, a slightly different approach is used for > signing the assertions. For each and every tenant, a separate key pair is > generated and it will be used to sign the assertions. You can download this > public key from the SAML-SSO configurations page. It is generated when the > first RP service provider is added. > > Hope this helps. > > Thanks, > Thilina > > > > 2010/6/17 Víctor Álvarez <[email protected]> > >> i've notice i'm missing a step comparing with the Cloud Identitiy Server >> SSO with google apps : >> http://wso2.org/library/articles/integrate-google-apps-wso2-cloud-identity >> >> i'm not importing the public key certificate, but i cant' find the User >> Management Menu on my Local Identity Server, >> >> How can i generate this publik key .cert ? >> >> Thanks >> >> 2010/6/17 Víctor Álvarez <[email protected]> >> >> Hello again, >>> >>> I've configured Identity Server to work against a local LDAP, and seems >>> to works as i can see the LDAP users on the Identity Server. >>> >>> Now i'm trying to configure SAML2.0 SSO with Google Apps as said on >>> Thilina Blog: >>> http://blog.thilinamb.com/2010/04/saml-20-based-single-sign-on-with-wso2.html >>> >>> i've configured Google Apps and Identity server, but now when i try with >>> a non admin user to go to http://docs.google.com/a/midomain.com it >>> correctly redirects to my Local Identity Server. >>> But there , i can't login withou any user. >>> >>> The user to log in... I understand it should be a LDAP user? >>> or it may be Google Apps User? >>> >>> I've tested on both cases and can't login, >>> >>> Any ideas? >>> >>> 2010/6/14 Víctor Álvarez <[email protected]> >>> >>> Lot Of thanks for your help. >>>> >>>> Waiting for the new release then! >>>> >>>> >>>> On Sun, Jun 13, 2010 at 7:03 AM, Thilina Mahesh Buddhika < >>>> [email protected]> wrote: >>>> >>>>> In Identity Server 3.0.0 release, we started supporting SAML 2.0 based >>>>> SSO identity provider feature. But we did not include SAML 2.0 consumer >>>>> feature which enables other Carbon products acting as SAML 2.0 based SSO >>>>> relying parties. >>>>> >>>>> Currently, we are working on SAML 2.0 consumer components, and this >>>>> feature will be available in our next release. With this feature, it will >>>>> be >>>>> possible to achieve single sign-on across all our products. In 2-3 weeks >>>>> time, the implementation will be completed, and you can try this in a >>>>> nightly build taken from our trunk. >>>>> >>>>> But still, pointing to the same user-store will allow you to support >>>>> unified login, where all the user information is maintained at a single >>>>> point. >>>>> >>>>> WSO2 Identity Server currently supports 2-legged and 3-legged OAuth. >>>>> Also the Gadget Server supports OAuth based authentication for gadgets. So >>>>> the 2-legged OAuth support of Identity Server can be used to authenticate >>>>> gadgets hosted in Gadget Server. We are currently testing >>>>> the interoperability between these two entities. >>>>> >>>>> We will update you with the progress of these tasks. >>>>> >>>>> Thanks, >>>>> Thiliina >>>>> >>>>> On Sun, Jun 13, 2010 at 9:01 AM, Sanjiva Weerawarana <[email protected] >>>>> > wrote: >>>>> >>>>>> I think the problem is that we are still not supporting SAML 2..0 in >>>>>> the Gadget Server .. once that's done the single login should propagate. >>>>>> There was a thread on this a while ago but can't remember the details! >>>>>> Maybe >>>>>> Thilina or Prabath can explain the situation and plans to fix it properly >>>>>> (including supporting 2-legged OAuth in GS). >>>>>> >>>>>> Sanjiva. >>>>>> >>>>>> 2010/6/12 Víctor Álvarez <[email protected]> >>>>>> >>>>>> Thanks Thilina! >>>>>>> >>>>>>> But if I connect Gadget Server with the LDAP directly i wouldn't have >>>>>>> Single Sign On for the Gadget Server, so ures may have to make login >>>>>>> again, >>>>>>> if they already have a logged session on identity server. >>>>>>> Is there another way to enable Single Sign On? >>>>>>> >>>>>>> Thanks in advance >>>>>>> >>>>>>> >>>>>>> On Sat, Jun 12, 2010 at 5:44 AM, Thilina Mahesh Buddhika < >>>>>>> [email protected]> wrote: >>>>>>> >>>>>>>> Hi Victor, >>>>>>>> >>>>>>>> This user guide [1] explains the necessary steps to configure >>>>>>>> Identity Server to use an external user store like LDAP. This user >>>>>>>> guide is >>>>>>>> applicable for Carbon 3.0.0 based products, like Identity Server 3.0.0, >>>>>>>> Gadget Server 1.1.0, etc. >>>>>>>> >>>>>>>> For step 2, You can configure the Gadget Server to talk to the same >>>>>>>> LDAP which is used by the Identity Server.(You can follow the same >>>>>>>> steps as >>>>>>>> in [1]) >>>>>>>> >>>>>>>> Thanks, >>>>>>>> Thilina >>>>>>>> >>>>>>>> [1] - >>>>>>>> http://wso2.org/project/solutions/identity/3.0.0/docs/user-core/admin_guide.html >>>>>>>> >>>>>>>> >>>>>>>> 2010/6/11 Víctor Álvarez <[email protected]> >>>>>>>> >>>>>>>>> >>>>>>>>> Hello, >>>>>>>>> >>>>>>>>> Im devoping a project where i should be capable to integrate a ws2o >>>>>>>>> Gadget Server with Google Apps and a external User Store based on >>>>>>>>> LDAP... >>>>>>>>> >>>>>>>>> I need the integration piece, and wso2 Identity Server seems a good >>>>>>>>> choice. >>>>>>>>> >>>>>>>>> If planned to do this steps: >>>>>>>>> >>>>>>>>> 1 - Google Apps through Identity Server >>>>>>>>> >>>>>>>>> In order to provide Single Sign On, Identity Server seems to be >>>>>>>>> easily configurated as User Store throught SAML 2.0 as exposed on: >>>>>>>>> >>>>>>>>> http://blog.thilinamb.com/2010/04/saml-20-based-single-sign-on-with-wso2.html >>>>>>>>> >>>>>>>>> 2 - Gadget Server through Identity Server >>>>>>>>> I think it's possible, but can't find any documentation about >>>>>>>>> integration. >>>>>>>>> >>>>>>>>> Identity Server can act lik a LDAP isn it, how to configure it >>>>>>>>> then? >>>>>>>>> >>>>>>>>> Then i would provide Gadget server with external LDAP user store >>>>>>>>> pointing to Identity Server >>>>>>>>> >>>>>>>>> 3 - Identity Server with LDAP external user store. >>>>>>>>> >>>>>>>>> Identity Server can be configured against a LDAP server by User >>>>>>>>> Management Configuration, but i can't find this option on the menu!!! >>>>>>>>> I already found a configuration xml for User Management >>>>>>>>> >>>>>>>>> [[Documentacion Configuración | >>>>>>>>> http://wso2.org/project/solutions/identity/3.0.0/docs/user-core/admin_guide.html]] >>>>>>>>> <!-- UserStoreManager >>>>>>>>> >>>>>>>>> class="org.wso2.carbon.user.core.ldap.LDAPUserStoreManager"> >>>>>>>>> <Property >>>>>>>>> name="ConnectionURL">ldap://localhost:10389</Property> >>>>>>>>> <Property >>>>>>>>> name="ConnectionName">uid=admin,ou=system</Property> >>>>>>>>> <Property name="ConnectionPassword">admin123</Property> >>>>>>>>> <Property name="UserSearchBase">ou=system</Property> >>>>>>>>> <Property >>>>>>>>> name="UserNameListFilter">(objectClass=person)</Property> >>>>>>>>> <Property name="UserNameAttribute">uid</Property> >>>>>>>>> <Property name="ReadLDAPGroups">false</Property> >>>>>>>>> <Property name="GroupSearchBase">ou=system</Property> >>>>>>>>> <Property >>>>>>>>> name="GroupSearchFilter">(objectClass=groupOfNames)</Property> >>>>>>>>> <Property name="GroupNameAttribute">cn</Property> >>>>>>>>> <Property name="MembershipAttribute">member</Property> >>>>>>>>> </UserStoreManager --> >>>>>>>>> <!-- Active directory configuration follows --> >>>>>>>>> <!-- UserStoreManager >>>>>>>>> >>>>>>>>> class="org.wso2.carbon.user.core.ldap.LDAPUserStoreManager"> >>>>>>>>> <Property >>>>>>>>> name="ConnectionURL">ldap://10.100.1.211:389</Property> >>>>>>>>> <Property >>>>>>>>> name="ConnectionName">cn=Administrator,cn=users,dc=wso2,dc=lk</Property> >>>>>>>>> <Property name="ConnectionPassword">admin123</Property> >>>>>>>>> <Property >>>>>>>>> name="UserSearchBase">cn=users,dc=wso2,dc=lk</Property> >>>>>>>>> <Property >>>>>>>>> name="UserNameListFilter">(objectClass=person)</Property> >>>>>>>>> <Property >>>>>>>>> name="UserNameAttribute">sAMAccountName</Property> >>>>>>>>> <Property name="ReadLDAPGroups">true</Property> >>>>>>>>> <Property >>>>>>>>> name="GroupSearchBase">cn=users,dc=wso2,dc=lk</Property> >>>>>>>>> <Property >>>>>>>>> name="GroupSearchFilter">(objectcategory=group)</Property> >>>>>>>>> <Property name="GroupNameAttribute">cn</Property> >>>>>>>>> <Property name="MemberOfAttribute">memberOf</Property> >>>>>>>>> </UserStoreManager --> >>>>>>>>> >>>>>>>>> Then it should be "easy" to configure a ldap server on this params. >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> Did anyone of you make something similar ? >>>>>>>>> >>>>>>>>> I'm on the right way for the solution? >>>>>>>>> >>>>>>>>> Can anyone help me on Step 2? >>>>>>>>> >>>>>>>>> >>>>>>>>> Lot of thanks to all! >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> -- >>>>>>>>> Víctor Álvarez >>>>>>>>> Incoming IT www.incomingIT.com >>>>>>>>> www.twitter.com/incomingIT >>>>>>>>> Escribiendo en y sobre Accesibilidad Web: >>>>>>>>> http://accesibilidad.blogspot.com >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> -- >>>>>>>>> Víctor Álvarez >>>>>>>>> Incoming IT www.incomingIT.com >>>>>>>>> www.twitter.com/incomingIT >>>>>>>>> Escribiendo en y sobre Accesibilidad Web: >>>>>>>>> http://accesibilidad.blogspot.com >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> -- >>>>>>>>> Víctor Álvarez >>>>>>>>> Incoming IT www.incomingIT.com >>>>>>>>> www.twitter.com/incomingIT >>>>>>>>> Escribiendo en y sobre Accesibilidad Web: >>>>>>>>> http://accesibilidad.blogspot.com >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> _______________________________________________ >>>>>>>>> Carbon-dev mailing list >>>>>>>>> [email protected] >>>>>>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev >>>>>>>>> >>>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> -- >>>>>>>> Thilina Mahesh Buddhika >>>>>>>> Senior Software Engineer >>>>>>>> WSO2 Inc. ; http://wso2.com >>>>>>>> lean . enterprise . middleware >>>>>>>> >>>>>>>> phone : +94 77 44 88 727 >>>>>>>> blog : http://blog.thilinamb.com >>>>>>>> >>>>>>>> _______________________________________________ >>>>>>>> Carbon-dev mailing list >>>>>>>> [email protected] >>>>>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev >>>>>>>> >>>>>>>> >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> Víctor Álvarez >>>>>>> Incoming IT www.incomingIT.com >>>>>>> www.twitter.com/incomingIT >>>>>>> Escribiendo en y sobre Accesibilidad Web: >>>>>>> http://accesibilidad.blogspot.com >>>>>>> >>>>>>> >>>>>>> >>>>>>> _______________________________________________ >>>>>>> Carbon-dev mailing list >>>>>>> [email protected] >>>>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev >>>>>>> >>>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> Sanjiva Weerawarana, Ph.D. >>>>>> Founder, Chairman & CEO; WSO2, Inc.; http://wso2.com/ >>>>>> email: [email protected]; phone: +1 408 754 7388 x51726; cell: +94 77 >>>>>> 787 6880 | +1 650 265 8311 >>>>>> blog: http://sanjiva.weerawarana.org/ >>>>>> >>>>>> Lean . Enterprise . Middleware >>>>>> >>>>>> _______________________________________________ >>>>>> Carbon-dev mailing list >>>>>> [email protected] >>>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev >>>>>> >>>>>> >>>>> >>>>> >>>>> -- >>>>> Thilina Mahesh Buddhika >>>>> Senior Software Engineer >>>>> WSO2 Inc. ; http://wso2.com >>>>> lean . enterprise . middleware >>>>> >>>>> phone : +94 77 44 88 727 >>>>> blog : http://blog.thilinamb.com >>>>> >>>>> _______________________________________________ >>>>> Carbon-dev mailing list >>>>> [email protected] >>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev >>>>> >>>>> >>>> >>>> >>>> -- >>>> Víctor Álvarez >>>> Incoming IT www.incomingIT.com >>>> www.twitter.com/incomingIT >>>> Escribiendo en y sobre Accesibilidad Web: >>>> http://accesibilidad.blogspot.com >>>> >>>> >>>> >>> >>> >>> -- >>> Víctor Álvarez >>> Incoming IT www.incomingIT.com >>> www.twitter.com/incomingIT >>> Escribiendo en y sobre Accesibilidad Web: >>> http://accesibilidad.blogspot.com >>> >>> >>> >> >> >> -- >> Víctor Álvarez >> Incoming IT www.incomingIT.com >> www.twitter.com/incomingIT >> Escribiendo en y sobre Accesibilidad Web: >> http://accesibilidad.blogspot.com >> >> >> >> _______________________________________________ >> Carbon-dev mailing list >> [email protected] >> https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev >> >> > > > -- > Thilina Mahesh Buddhika > Senior Software Engineer > WSO2 Inc. ; http://wso2.com > lean . enterprise . middleware > > phone : +94 77 44 88 727 > blog : http://blog.thilinamb.com > > _______________________________________________ > Carbon-dev mailing list > [email protected] > https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev > > -- Víctor Álvarez Incoming IT www.incomingIT.com www.twitter.com/incomingIT Escribiendo en y sobre Accesibilidad Web: http://accesibilidad.blogspot.com
_______________________________________________ Carbon-dev mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
