Hello Victor, We highly encourage contributions from our user & developer community. As you may be aware, all design & development is done in a totally open fashion, and we strictly follow the open development philosophies & methodologies of Apache. Not only is the code released under the Apache Software License, but we strive to follow the Apache way ( http://theapacheway.com/) as well.
We look forward to your valuable contributions. Thanks Azeez 2010/6/23 Víctor Álvarez <[email protected]> > Hello, > > Can I help in something, developing, testing, etc with Gadget Server and > Identity Server Integration? > > Thanks in advance. > > > 2010/6/18 Víctor Álvarez <[email protected]> > >> Now I got Google Apps - Identity Server - LDAP working :) >> >> I hope the Gadget Server - Identity Server integration can be developed >> soon. >> >> Thanks! >> >> 2010/6/18 Víctor Álvarez <[email protected]> >> >> Lots of thanks! >>> >>> it worked! :) >>> >>> >>> >>> On Thu, Jun 17, 2010 at 7:31 PM, Thilina Mahesh Buddhika < >>> [email protected]> wrote: >>> >>>> Hi, >>>> >>>> When integrating Google Apps with Identity Server, it is required to >>>> have same user set in both sides. But the authentication credentials are >>>> maintained only at Identity Server. >>>> >>>> In Standalone Identity Server, the default key pair is used for signing >>>> SAML2 assertions. So you can extract the default public key(which has the >>>> alias 'wso2carbon') from the wso2carbon.jks (which is available in >>>> ${IS_HOME}/resources/security) using the keytool. Or else, you can save it >>>> from the browser, when you are accessing IS management console. >>>> >>>> For Cloud Identity Server, a slightly different approach is used for >>>> signing the assertions. For each and every tenant, a separate key pair is >>>> generated and it will be used to sign the assertions. You can download this >>>> public key from the SAML-SSO configurations page. It is generated when the >>>> first RP service provider is added. >>>> >>>> Hope this helps. >>>> >>>> Thanks, >>>> Thilina >>>> >>>> >>>> >>>> 2010/6/17 Víctor Álvarez <[email protected]> >>>> >>>>> i've notice i'm missing a step comparing with the Cloud Identitiy >>>>> Server SSO with google apps : >>>>> >>>>> http://wso2.org/library/articles/integrate-google-apps-wso2-cloud-identity >>>>> >>>>> i'm not importing the public key certificate, but i cant' find the User >>>>> Management Menu on my Local Identity Server, >>>>> >>>>> How can i generate this publik key .cert ? >>>>> >>>>> Thanks >>>>> >>>>> 2010/6/17 Víctor Álvarez <[email protected]> >>>>> >>>>> Hello again, >>>>>> >>>>>> I've configured Identity Server to work against a local LDAP, and >>>>>> seems to works as i can see the LDAP users on the Identity Server. >>>>>> >>>>>> Now i'm trying to configure SAML2.0 SSO with Google Apps as said on >>>>>> Thilina Blog: >>>>>> http://blog.thilinamb.com/2010/04/saml-20-based-single-sign-on-with-wso2.html >>>>>> >>>>>> i've configured Google Apps and Identity server, but now when i try >>>>>> with a non admin user to go to http://docs.google.com/a/midomain.comit >>>>>> correctly redirects to my Local Identity Server. >>>>>> But there , i can't login withou any user. >>>>>> >>>>>> The user to log in... I understand it should be a LDAP user? >>>>>> or it may be Google Apps User? >>>>>> >>>>>> I've tested on both cases and can't login, >>>>>> >>>>>> Any ideas? >>>>>> >>>>>> 2010/6/14 Víctor Álvarez <[email protected]> >>>>>> >>>>>> Lot Of thanks for your help. >>>>>>> >>>>>>> Waiting for the new release then! >>>>>>> >>>>>>> >>>>>>> On Sun, Jun 13, 2010 at 7:03 AM, Thilina Mahesh Buddhika < >>>>>>> [email protected]> wrote: >>>>>>> >>>>>>>> In Identity Server 3.0.0 release, we started supporting SAML 2.0 >>>>>>>> based SSO identity provider feature. But we did not include SAML 2.0 >>>>>>>> consumer feature which enables other Carbon products acting as SAML 2.0 >>>>>>>> based SSO relying parties. >>>>>>>> >>>>>>>> Currently, we are working on SAML 2.0 consumer components, and this >>>>>>>> feature will be available in our next release. With this feature, it >>>>>>>> will be >>>>>>>> possible to achieve single sign-on across all our products. In 2-3 >>>>>>>> weeks >>>>>>>> time, the implementation will be completed, and you can try this in a >>>>>>>> nightly build taken from our trunk. >>>>>>>> >>>>>>>> But still, pointing to the same user-store will allow you to support >>>>>>>> unified login, where all the user information is maintained at a single >>>>>>>> point. >>>>>>>> >>>>>>>> WSO2 Identity Server currently supports 2-legged and 3-legged OAuth. >>>>>>>> Also the Gadget Server supports OAuth based authentication for >>>>>>>> gadgets. So >>>>>>>> the 2-legged OAuth support of Identity Server can be used to >>>>>>>> authenticate >>>>>>>> gadgets hosted in Gadget Server. We are currently testing >>>>>>>> the interoperability between these two entities. >>>>>>>> >>>>>>>> We will update you with the progress of these tasks. >>>>>>>> >>>>>>>> Thanks, >>>>>>>> Thiliina >>>>>>>> >>>>>>>> On Sun, Jun 13, 2010 at 9:01 AM, Sanjiva Weerawarana < >>>>>>>> [email protected]> wrote: >>>>>>>> >>>>>>>>> I think the problem is that we are still not supporting SAML 2..0 >>>>>>>>> in the Gadget Server .. once that's done the single login should >>>>>>>>> propagate. >>>>>>>>> There was a thread on this a while ago but can't remember the >>>>>>>>> details! Maybe >>>>>>>>> Thilina or Prabath can explain the situation and plans to fix it >>>>>>>>> properly >>>>>>>>> (including supporting 2-legged OAuth in GS). >>>>>>>>> >>>>>>>>> Sanjiva. >>>>>>>>> >>>>>>>>> 2010/6/12 Víctor Álvarez <[email protected]> >>>>>>>>> >>>>>>>>> Thanks Thilina! >>>>>>>>>> >>>>>>>>>> But if I connect Gadget Server with the LDAP directly i wouldn't >>>>>>>>>> have Single Sign On for the Gadget Server, so ures may have to make >>>>>>>>>> login >>>>>>>>>> again, if they already have a logged session on identity server. >>>>>>>>>> Is there another way to enable Single Sign On? >>>>>>>>>> >>>>>>>>>> Thanks in advance >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> On Sat, Jun 12, 2010 at 5:44 AM, Thilina Mahesh Buddhika < >>>>>>>>>> [email protected]> wrote: >>>>>>>>>> >>>>>>>>>>> Hi Victor, >>>>>>>>>>> >>>>>>>>>>> This user guide [1] explains the necessary steps to configure >>>>>>>>>>> Identity Server to use an external user store like LDAP. This user >>>>>>>>>>> guide is >>>>>>>>>>> applicable for Carbon 3.0.0 based products, like Identity Server >>>>>>>>>>> 3.0.0, >>>>>>>>>>> Gadget Server 1.1.0, etc. >>>>>>>>>>> >>>>>>>>>>> For step 2, You can configure the Gadget Server to talk to the >>>>>>>>>>> same LDAP which is used by the Identity Server.(You can follow the >>>>>>>>>>> same >>>>>>>>>>> steps as in [1]) >>>>>>>>>>> >>>>>>>>>>> Thanks, >>>>>>>>>>> Thilina >>>>>>>>>>> >>>>>>>>>>> [1] - >>>>>>>>>>> http://wso2.org/project/solutions/identity/3.0.0/docs/user-core/admin_guide.html >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> 2010/6/11 Víctor Álvarez <[email protected]> >>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> Hello, >>>>>>>>>>>> >>>>>>>>>>>> Im devoping a project where i should be capable to integrate a >>>>>>>>>>>> ws2o Gadget Server with Google Apps and a external User Store >>>>>>>>>>>> based on >>>>>>>>>>>> LDAP... >>>>>>>>>>>> >>>>>>>>>>>> I need the integration piece, and wso2 Identity Server seems a >>>>>>>>>>>> good choice. >>>>>>>>>>>> >>>>>>>>>>>> If planned to do this steps: >>>>>>>>>>>> >>>>>>>>>>>> 1 - Google Apps through Identity Server >>>>>>>>>>>> >>>>>>>>>>>> In order to provide Single Sign On, Identity Server seems to be >>>>>>>>>>>> easily configurated as User Store throught SAML 2.0 as exposed on: >>>>>>>>>>>> >>>>>>>>>>>> http://blog.thilinamb.com/2010/04/saml-20-based-single-sign-on-with-wso2.html >>>>>>>>>>>> >>>>>>>>>>>> 2 - Gadget Server through Identity Server >>>>>>>>>>>> I think it's possible, but can't find any documentation about >>>>>>>>>>>> integration. >>>>>>>>>>>> >>>>>>>>>>>> Identity Server can act lik a LDAP isn it, how to configure it >>>>>>>>>>>> then? >>>>>>>>>>>> >>>>>>>>>>>> Then i would provide Gadget server with external LDAP user store >>>>>>>>>>>> pointing to Identity Server >>>>>>>>>>>> >>>>>>>>>>>> 3 - Identity Server with LDAP external user store. >>>>>>>>>>>> >>>>>>>>>>>> Identity Server can be configured against a LDAP server by User >>>>>>>>>>>> Management Configuration, but i can't find this option on the >>>>>>>>>>>> menu!!! >>>>>>>>>>>> I already found a configuration xml for User Management >>>>>>>>>>>> >>>>>>>>>>>> [[Documentacion Configuración | >>>>>>>>>>>> http://wso2.org/project/solutions/identity/3.0.0/docs/user-core/admin_guide.html]] >>>>>>>>>>>> <!-- UserStoreManager >>>>>>>>>>>> >>>>>>>>>>>> class="org.wso2.carbon.user.core.ldap.LDAPUserStoreManager"> >>>>>>>>>>>> <Property >>>>>>>>>>>> name="ConnectionURL">ldap://localhost:10389</Property> >>>>>>>>>>>> <Property >>>>>>>>>>>> name="ConnectionName">uid=admin,ou=system</Property> >>>>>>>>>>>> <Property name="ConnectionPassword">admin123</Property> >>>>>>>>>>>> <Property name="UserSearchBase">ou=system</Property> >>>>>>>>>>>> <Property >>>>>>>>>>>> name="UserNameListFilter">(objectClass=person)</Property> >>>>>>>>>>>> <Property name="UserNameAttribute">uid</Property> >>>>>>>>>>>> <Property name="ReadLDAPGroups">false</Property> >>>>>>>>>>>> <Property name="GroupSearchBase">ou=system</Property> >>>>>>>>>>>> <Property >>>>>>>>>>>> name="GroupSearchFilter">(objectClass=groupOfNames)</Property> >>>>>>>>>>>> <Property name="GroupNameAttribute">cn</Property> >>>>>>>>>>>> <Property name="MembershipAttribute">member</Property> >>>>>>>>>>>> </UserStoreManager --> >>>>>>>>>>>> <!-- Active directory configuration follows --> >>>>>>>>>>>> <!-- UserStoreManager >>>>>>>>>>>> >>>>>>>>>>>> class="org.wso2.carbon.user.core.ldap.LDAPUserStoreManager"> >>>>>>>>>>>> <Property >>>>>>>>>>>> name="ConnectionURL">ldap://10.100.1.211:389</Property> >>>>>>>>>>>> <Property >>>>>>>>>>>> name="ConnectionName">cn=Administrator,cn=users,dc=wso2,dc=lk</Property> >>>>>>>>>>>> <Property name="ConnectionPassword">admin123</Property> >>>>>>>>>>>> <Property >>>>>>>>>>>> name="UserSearchBase">cn=users,dc=wso2,dc=lk</Property> >>>>>>>>>>>> <Property >>>>>>>>>>>> name="UserNameListFilter">(objectClass=person)</Property> >>>>>>>>>>>> <Property >>>>>>>>>>>> name="UserNameAttribute">sAMAccountName</Property> >>>>>>>>>>>> <Property name="ReadLDAPGroups">true</Property> >>>>>>>>>>>> <Property >>>>>>>>>>>> name="GroupSearchBase">cn=users,dc=wso2,dc=lk</Property> >>>>>>>>>>>> <Property >>>>>>>>>>>> name="GroupSearchFilter">(objectcategory=group)</Property> >>>>>>>>>>>> <Property name="GroupNameAttribute">cn</Property> >>>>>>>>>>>> <Property name="MemberOfAttribute">memberOf</Property> >>>>>>>>>>>> </UserStoreManager --> >>>>>>>>>>>> >>>>>>>>>>>> Then it should be "easy" to configure a ldap server on this params. >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> Did anyone of you make something similar ? >>>>>>>>>>>> >>>>>>>>>>>> I'm on the right way for the solution? >>>>>>>>>>>> >>>>>>>>>>>> Can anyone help me on Step 2? >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> Lot of thanks to all! >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> -- >>>>>>>>>>>> Víctor Álvarez >>>>>>>>>>>> Incoming IT www.incomingIT.com >>>>>>>>>>>> www.twitter.com/incomingIT >>>>>>>>>>>> Escribiendo en y sobre Accesibilidad Web: >>>>>>>>>>>> http://accesibilidad.blogspot.com >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> -- >>>>>>>>>>>> Víctor Álvarez >>>>>>>>>>>> Incoming IT www.incomingIT.com >>>>>>>>>>>> www.twitter.com/incomingIT >>>>>>>>>>>> Escribiendo en y sobre Accesibilidad Web: >>>>>>>>>>>> http://accesibilidad.blogspot.com >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> -- >>>>>>>>>>>> Víctor Álvarez >>>>>>>>>>>> Incoming IT www.incomingIT.com >>>>>>>>>>>> www.twitter.com/incomingIT >>>>>>>>>>>> Escribiendo en y sobre Accesibilidad Web: >>>>>>>>>>>> http://accesibilidad.blogspot.com >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> _______________________________________________ >>>>>>>>>>>> Carbon-dev mailing list >>>>>>>>>>>> [email protected] >>>>>>>>>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> -- >>>>>>>>>>> Thilina Mahesh Buddhika >>>>>>>>>>> Senior Software Engineer >>>>>>>>>>> WSO2 Inc. ; http://wso2.com >>>>>>>>>>> lean . enterprise . middleware >>>>>>>>>>> >>>>>>>>>>> phone : +94 77 44 88 727 >>>>>>>>>>> blog : http://blog.thilinamb.com >>>>>>>>>>> >>>>>>>>>>> _______________________________________________ >>>>>>>>>>> Carbon-dev mailing list >>>>>>>>>>> [email protected] >>>>>>>>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> -- >>>>>>>>>> Víctor Álvarez >>>>>>>>>> Incoming IT www.incomingIT.com >>>>>>>>>> www.twitter.com/incomingIT >>>>>>>>>> Escribiendo en y sobre Accesibilidad Web: >>>>>>>>>> http://accesibilidad.blogspot.com >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> _______________________________________________ >>>>>>>>>> Carbon-dev mailing list >>>>>>>>>> [email protected] >>>>>>>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev >>>>>>>>>> >>>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> -- >>>>>>>>> Sanjiva Weerawarana, Ph.D. >>>>>>>>> Founder, Chairman & CEO; WSO2, Inc.; http://wso2.com/ >>>>>>>>> email: [email protected]; phone: +1 408 754 7388 x51726; cell: +94 >>>>>>>>> 77 787 6880 | +1 650 265 8311 >>>>>>>>> blog: http://sanjiva.weerawarana.org/ >>>>>>>>> >>>>>>>>> Lean . Enterprise . Middleware >>>>>>>>> >>>>>>>>> _______________________________________________ >>>>>>>>> Carbon-dev mailing list >>>>>>>>> [email protected] >>>>>>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev >>>>>>>>> >>>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> -- >>>>>>>> Thilina Mahesh Buddhika >>>>>>>> Senior Software Engineer >>>>>>>> WSO2 Inc. ; http://wso2.com >>>>>>>> lean . enterprise . middleware >>>>>>>> >>>>>>>> phone : +94 77 44 88 727 >>>>>>>> blog : http://blog.thilinamb.com >>>>>>>> >>>>>>>> _______________________________________________ >>>>>>>> Carbon-dev mailing list >>>>>>>> [email protected] >>>>>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev >>>>>>>> >>>>>>>> >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> Víctor Álvarez >>>>>>> Incoming IT www.incomingIT.com >>>>>>> www.twitter.com/incomingIT >>>>>>> Escribiendo en y sobre Accesibilidad Web: >>>>>>> http://accesibilidad.blogspot.com >>>>>>> >>>>>>> >>>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> Víctor Álvarez >>>>>> Incoming IT www.incomingIT.com >>>>>> www.twitter.com/incomingIT >>>>>> Escribiendo en y sobre Accesibilidad Web: >>>>>> http://accesibilidad.blogspot.com >>>>>> >>>>>> >>>>>> >>>>> >>>>> >>>>> -- >>>>> Víctor Álvarez >>>>> Incoming IT www.incomingIT.com >>>>> www.twitter.com/incomingIT >>>>> Escribiendo en y sobre Accesibilidad Web: >>>>> http://accesibilidad.blogspot.com >>>>> >>>>> >>>>> >>>>> _______________________________________________ >>>>> Carbon-dev mailing list >>>>> [email protected] >>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev >>>>> >>>>> >>>> >>>> >>>> -- >>>> Thilina Mahesh Buddhika >>>> Senior Software Engineer >>>> WSO2 Inc. ; http://wso2.com >>>> lean . enterprise . middleware >>>> >>>> phone : +94 77 44 88 727 >>>> blog : http://blog.thilinamb.com >>>> >>>> _______________________________________________ >>>> Carbon-dev mailing list >>>> [email protected] >>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev >>>> >>>> >>> >>> >>> -- >>> Víctor Álvarez >>> Incoming IT www.incomingIT.com >>> www.twitter.com/incomingIT >>> Escribiendo en y sobre Accesibilidad Web: >>> http://accesibilidad.blogspot.com >>> >>> >>> >> >> >> -- >> Víctor Álvarez >> Incoming IT www.incomingIT.com >> www.twitter.com/incomingIT >> Escribiendo en y sobre Accesibilidad Web: >> http://accesibilidad.blogspot.com >> >> >> > > > -- > Víctor Álvarez > Incoming IT www.incomingIT.com > www.twitter.com/incomingIT > Escribiendo en y sobre Accesibilidad Web: > http://accesibilidad.blogspot.com > > > > _______________________________________________ > Carbon-dev mailing list > [email protected] > https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev > > -- Afkham Azeez Senior Software Architect & Product Manager, WSO2 WSAS; WSO2, Inc.; http://wso2.com, Lean . Enterprise . Middleware Member; Apache Software Foundation; http://www.apache.org/ email: [email protected] cell: +94 77 3320919 blog: http://blog.afkham.org twitter: http://twitter.com/afkham_azeez linked-in: http://lk.linkedin.com/in/afkhamazeez
_______________________________________________ Carbon-dev mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
