Now I got Google Apps - Identity Server - LDAP working :) I hope the Gadget Server - Identity Server integration can be developed soon.
Thanks! 2010/6/18 Víctor Álvarez <[email protected]> > Lots of thanks! > > it worked! :) > > > > On Thu, Jun 17, 2010 at 7:31 PM, Thilina Mahesh Buddhika < > [email protected]> wrote: > >> Hi, >> >> When integrating Google Apps with Identity Server, it is required to have >> same user set in both sides. But the authentication credentials are >> maintained only at Identity Server. >> >> In Standalone Identity Server, the default key pair is used for signing >> SAML2 assertions. So you can extract the default public key(which has the >> alias 'wso2carbon') from the wso2carbon.jks (which is available in >> ${IS_HOME}/resources/security) using the keytool. Or else, you can save it >> from the browser, when you are accessing IS management console. >> >> For Cloud Identity Server, a slightly different approach is used for >> signing the assertions. For each and every tenant, a separate key pair is >> generated and it will be used to sign the assertions. You can download this >> public key from the SAML-SSO configurations page. It is generated when the >> first RP service provider is added. >> >> Hope this helps. >> >> Thanks, >> Thilina >> >> >> >> 2010/6/17 Víctor Álvarez <[email protected]> >> >>> i've notice i'm missing a step comparing with the Cloud Identitiy Server >>> SSO with google apps : >>> >>> http://wso2.org/library/articles/integrate-google-apps-wso2-cloud-identity >>> >>> i'm not importing the public key certificate, but i cant' find the User >>> Management Menu on my Local Identity Server, >>> >>> How can i generate this publik key .cert ? >>> >>> Thanks >>> >>> 2010/6/17 Víctor Álvarez <[email protected]> >>> >>> Hello again, >>>> >>>> I've configured Identity Server to work against a local LDAP, and seems >>>> to works as i can see the LDAP users on the Identity Server. >>>> >>>> Now i'm trying to configure SAML2.0 SSO with Google Apps as said on >>>> Thilina Blog: >>>> http://blog.thilinamb.com/2010/04/saml-20-based-single-sign-on-with-wso2.html >>>> >>>> i've configured Google Apps and Identity server, but now when i try with >>>> a non admin user to go to http://docs.google.com/a/midomain.com it >>>> correctly redirects to my Local Identity Server. >>>> But there , i can't login withou any user. >>>> >>>> The user to log in... I understand it should be a LDAP user? >>>> or it may be Google Apps User? >>>> >>>> I've tested on both cases and can't login, >>>> >>>> Any ideas? >>>> >>>> 2010/6/14 Víctor Álvarez <[email protected]> >>>> >>>> Lot Of thanks for your help. >>>>> >>>>> Waiting for the new release then! >>>>> >>>>> >>>>> On Sun, Jun 13, 2010 at 7:03 AM, Thilina Mahesh Buddhika < >>>>> [email protected]> wrote: >>>>> >>>>>> In Identity Server 3.0.0 release, we started supporting SAML 2.0 based >>>>>> SSO identity provider feature. But we did not include SAML 2.0 consumer >>>>>> feature which enables other Carbon products acting as SAML 2.0 based SSO >>>>>> relying parties. >>>>>> >>>>>> Currently, we are working on SAML 2.0 consumer components, and this >>>>>> feature will be available in our next release. With this feature, it >>>>>> will be >>>>>> possible to achieve single sign-on across all our products. In 2-3 weeks >>>>>> time, the implementation will be completed, and you can try this in a >>>>>> nightly build taken from our trunk. >>>>>> >>>>>> But still, pointing to the same user-store will allow you to support >>>>>> unified login, where all the user information is maintained at a single >>>>>> point. >>>>>> >>>>>> WSO2 Identity Server currently supports 2-legged and 3-legged OAuth. >>>>>> Also the Gadget Server supports OAuth based authentication for gadgets. >>>>>> So >>>>>> the 2-legged OAuth support of Identity Server can be used to authenticate >>>>>> gadgets hosted in Gadget Server. We are currently testing >>>>>> the interoperability between these two entities. >>>>>> >>>>>> We will update you with the progress of these tasks. >>>>>> >>>>>> Thanks, >>>>>> Thiliina >>>>>> >>>>>> On Sun, Jun 13, 2010 at 9:01 AM, Sanjiva Weerawarana < >>>>>> [email protected]> wrote: >>>>>> >>>>>>> I think the problem is that we are still not supporting SAML 2..0 in >>>>>>> the Gadget Server .. once that's done the single login should propagate. >>>>>>> There was a thread on this a while ago but can't remember the details! >>>>>>> Maybe >>>>>>> Thilina or Prabath can explain the situation and plans to fix it >>>>>>> properly >>>>>>> (including supporting 2-legged OAuth in GS). >>>>>>> >>>>>>> Sanjiva. >>>>>>> >>>>>>> 2010/6/12 Víctor Álvarez <[email protected]> >>>>>>> >>>>>>> Thanks Thilina! >>>>>>>> >>>>>>>> But if I connect Gadget Server with the LDAP directly i wouldn't >>>>>>>> have Single Sign On for the Gadget Server, so ures may have to make >>>>>>>> login >>>>>>>> again, if they already have a logged session on identity server. >>>>>>>> Is there another way to enable Single Sign On? >>>>>>>> >>>>>>>> Thanks in advance >>>>>>>> >>>>>>>> >>>>>>>> On Sat, Jun 12, 2010 at 5:44 AM, Thilina Mahesh Buddhika < >>>>>>>> [email protected]> wrote: >>>>>>>> >>>>>>>>> Hi Victor, >>>>>>>>> >>>>>>>>> This user guide [1] explains the necessary steps to configure >>>>>>>>> Identity Server to use an external user store like LDAP. This user >>>>>>>>> guide is >>>>>>>>> applicable for Carbon 3.0.0 based products, like Identity Server >>>>>>>>> 3.0.0, >>>>>>>>> Gadget Server 1.1.0, etc. >>>>>>>>> >>>>>>>>> For step 2, You can configure the Gadget Server to talk to the same >>>>>>>>> LDAP which is used by the Identity Server.(You can follow the same >>>>>>>>> steps as >>>>>>>>> in [1]) >>>>>>>>> >>>>>>>>> Thanks, >>>>>>>>> Thilina >>>>>>>>> >>>>>>>>> [1] - >>>>>>>>> http://wso2.org/project/solutions/identity/3.0.0/docs/user-core/admin_guide.html >>>>>>>>> >>>>>>>>> >>>>>>>>> 2010/6/11 Víctor Álvarez <[email protected]> >>>>>>>>> >>>>>>>>>> >>>>>>>>>> Hello, >>>>>>>>>> >>>>>>>>>> Im devoping a project where i should be capable to integrate a >>>>>>>>>> ws2o Gadget Server with Google Apps and a external User Store based >>>>>>>>>> on >>>>>>>>>> LDAP... >>>>>>>>>> >>>>>>>>>> I need the integration piece, and wso2 Identity Server seems a >>>>>>>>>> good choice. >>>>>>>>>> >>>>>>>>>> If planned to do this steps: >>>>>>>>>> >>>>>>>>>> 1 - Google Apps through Identity Server >>>>>>>>>> >>>>>>>>>> In order to provide Single Sign On, Identity Server seems to be >>>>>>>>>> easily configurated as User Store throught SAML 2.0 as exposed on: >>>>>>>>>> >>>>>>>>>> http://blog.thilinamb.com/2010/04/saml-20-based-single-sign-on-with-wso2.html >>>>>>>>>> >>>>>>>>>> 2 - Gadget Server through Identity Server >>>>>>>>>> I think it's possible, but can't find any documentation about >>>>>>>>>> integration. >>>>>>>>>> >>>>>>>>>> Identity Server can act lik a LDAP isn it, how to configure it >>>>>>>>>> then? >>>>>>>>>> >>>>>>>>>> Then i would provide Gadget server with external LDAP user store >>>>>>>>>> pointing to Identity Server >>>>>>>>>> >>>>>>>>>> 3 - Identity Server with LDAP external user store. >>>>>>>>>> >>>>>>>>>> Identity Server can be configured against a LDAP server by User >>>>>>>>>> Management Configuration, but i can't find this option on the menu!!! >>>>>>>>>> I already found a configuration xml for User Management >>>>>>>>>> >>>>>>>>>> [[Documentacion Configuración | >>>>>>>>>> http://wso2.org/project/solutions/identity/3.0.0/docs/user-core/admin_guide.html]] >>>>>>>>>> <!-- UserStoreManager >>>>>>>>>> >>>>>>>>>> class="org.wso2.carbon.user.core.ldap.LDAPUserStoreManager"> >>>>>>>>>> <Property >>>>>>>>>> name="ConnectionURL">ldap://localhost:10389</Property> >>>>>>>>>> <Property >>>>>>>>>> name="ConnectionName">uid=admin,ou=system</Property> >>>>>>>>>> <Property name="ConnectionPassword">admin123</Property> >>>>>>>>>> <Property name="UserSearchBase">ou=system</Property> >>>>>>>>>> <Property >>>>>>>>>> name="UserNameListFilter">(objectClass=person)</Property> >>>>>>>>>> <Property name="UserNameAttribute">uid</Property> >>>>>>>>>> <Property name="ReadLDAPGroups">false</Property> >>>>>>>>>> <Property name="GroupSearchBase">ou=system</Property> >>>>>>>>>> <Property >>>>>>>>>> name="GroupSearchFilter">(objectClass=groupOfNames)</Property> >>>>>>>>>> <Property name="GroupNameAttribute">cn</Property> >>>>>>>>>> <Property name="MembershipAttribute">member</Property> >>>>>>>>>> </UserStoreManager --> >>>>>>>>>> <!-- Active directory configuration follows --> >>>>>>>>>> <!-- UserStoreManager >>>>>>>>>> >>>>>>>>>> class="org.wso2.carbon.user.core.ldap.LDAPUserStoreManager"> >>>>>>>>>> <Property >>>>>>>>>> name="ConnectionURL">ldap://10.100.1.211:389</Property> >>>>>>>>>> <Property >>>>>>>>>> name="ConnectionName">cn=Administrator,cn=users,dc=wso2,dc=lk</Property> >>>>>>>>>> <Property name="ConnectionPassword">admin123</Property> >>>>>>>>>> <Property >>>>>>>>>> name="UserSearchBase">cn=users,dc=wso2,dc=lk</Property> >>>>>>>>>> <Property >>>>>>>>>> name="UserNameListFilter">(objectClass=person)</Property> >>>>>>>>>> <Property >>>>>>>>>> name="UserNameAttribute">sAMAccountName</Property> >>>>>>>>>> <Property name="ReadLDAPGroups">true</Property> >>>>>>>>>> <Property >>>>>>>>>> name="GroupSearchBase">cn=users,dc=wso2,dc=lk</Property> >>>>>>>>>> <Property >>>>>>>>>> name="GroupSearchFilter">(objectcategory=group)</Property> >>>>>>>>>> <Property name="GroupNameAttribute">cn</Property> >>>>>>>>>> <Property name="MemberOfAttribute">memberOf</Property> >>>>>>>>>> </UserStoreManager --> >>>>>>>>>> >>>>>>>>>> Then it should be "easy" to configure a ldap server on this params. >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> Did anyone of you make something similar ? >>>>>>>>>> >>>>>>>>>> I'm on the right way for the solution? >>>>>>>>>> >>>>>>>>>> Can anyone help me on Step 2? >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> Lot of thanks to all! >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> -- >>>>>>>>>> Víctor Álvarez >>>>>>>>>> Incoming IT www.incomingIT.com >>>>>>>>>> www.twitter.com/incomingIT >>>>>>>>>> Escribiendo en y sobre Accesibilidad Web: >>>>>>>>>> http://accesibilidad.blogspot.com >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> -- >>>>>>>>>> Víctor Álvarez >>>>>>>>>> Incoming IT www.incomingIT.com >>>>>>>>>> www.twitter.com/incomingIT >>>>>>>>>> Escribiendo en y sobre Accesibilidad Web: >>>>>>>>>> http://accesibilidad.blogspot.com >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> -- >>>>>>>>>> Víctor Álvarez >>>>>>>>>> Incoming IT www.incomingIT.com >>>>>>>>>> www.twitter.com/incomingIT >>>>>>>>>> Escribiendo en y sobre Accesibilidad Web: >>>>>>>>>> http://accesibilidad.blogspot.com >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> _______________________________________________ >>>>>>>>>> Carbon-dev mailing list >>>>>>>>>> [email protected] >>>>>>>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev >>>>>>>>>> >>>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> -- >>>>>>>>> Thilina Mahesh Buddhika >>>>>>>>> Senior Software Engineer >>>>>>>>> WSO2 Inc. ; http://wso2.com >>>>>>>>> lean . enterprise . middleware >>>>>>>>> >>>>>>>>> phone : +94 77 44 88 727 >>>>>>>>> blog : http://blog.thilinamb.com >>>>>>>>> >>>>>>>>> _______________________________________________ >>>>>>>>> Carbon-dev mailing list >>>>>>>>> [email protected] >>>>>>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev >>>>>>>>> >>>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> -- >>>>>>>> Víctor Álvarez >>>>>>>> Incoming IT www.incomingIT.com >>>>>>>> www.twitter.com/incomingIT >>>>>>>> Escribiendo en y sobre Accesibilidad Web: >>>>>>>> http://accesibilidad.blogspot.com >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> _______________________________________________ >>>>>>>> Carbon-dev mailing list >>>>>>>> [email protected] >>>>>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev >>>>>>>> >>>>>>>> >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> Sanjiva Weerawarana, Ph.D. >>>>>>> Founder, Chairman & CEO; WSO2, Inc.; http://wso2.com/ >>>>>>> email: [email protected]; phone: +1 408 754 7388 x51726; cell: +94 77 >>>>>>> 787 6880 | +1 650 265 8311 >>>>>>> blog: http://sanjiva.weerawarana.org/ >>>>>>> >>>>>>> Lean . Enterprise . Middleware >>>>>>> >>>>>>> _______________________________________________ >>>>>>> Carbon-dev mailing list >>>>>>> [email protected] >>>>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev >>>>>>> >>>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> Thilina Mahesh Buddhika >>>>>> Senior Software Engineer >>>>>> WSO2 Inc. ; http://wso2.com >>>>>> lean . enterprise . middleware >>>>>> >>>>>> phone : +94 77 44 88 727 >>>>>> blog : http://blog.thilinamb.com >>>>>> >>>>>> _______________________________________________ >>>>>> Carbon-dev mailing list >>>>>> [email protected] >>>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev >>>>>> >>>>>> >>>>> >>>>> >>>>> -- >>>>> Víctor Álvarez >>>>> Incoming IT www.incomingIT.com >>>>> www.twitter.com/incomingIT >>>>> Escribiendo en y sobre Accesibilidad Web: >>>>> http://accesibilidad.blogspot.com >>>>> >>>>> >>>>> >>>> >>>> >>>> -- >>>> Víctor Álvarez >>>> Incoming IT www.incomingIT.com >>>> www.twitter.com/incomingIT >>>> Escribiendo en y sobre Accesibilidad Web: >>>> http://accesibilidad.blogspot.com >>>> >>>> >>>> >>> >>> >>> -- >>> Víctor Álvarez >>> Incoming IT www.incomingIT.com >>> www.twitter.com/incomingIT >>> Escribiendo en y sobre Accesibilidad Web: >>> http://accesibilidad.blogspot.com >>> >>> >>> >>> _______________________________________________ >>> Carbon-dev mailing list >>> [email protected] >>> https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev >>> >>> >> >> >> -- >> Thilina Mahesh Buddhika >> Senior Software Engineer >> WSO2 Inc. ; http://wso2.com >> lean . enterprise . middleware >> >> phone : +94 77 44 88 727 >> blog : http://blog.thilinamb.com >> >> _______________________________________________ >> Carbon-dev mailing list >> [email protected] >> https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev >> >> > > > -- > Víctor Álvarez > Incoming IT www.incomingIT.com > www.twitter.com/incomingIT > Escribiendo en y sobre Accesibilidad Web: > http://accesibilidad.blogspot.com > > > -- Víctor Álvarez Incoming IT www.incomingIT.com www.twitter.com/incomingIT Escribiendo en y sobre Accesibilidad Web: http://accesibilidad.blogspot.com
_______________________________________________ Carbon-dev mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
