Hi Chamara, Sorry, I missed out some details. I tested the SAML Bearer Grant with an Identity Server 5.3.0 M1 pack. I had to change the samlsso URL to *https://localhost:9443/samlsso?tenantDomain=wso2.com <https://localhost:9443/samlsso?tenantDomain=wso2.com> *to log in as a user in the tenant domain in the travelocity App. Thereafter the SAML2 Bearer grant was sent to https://localhost:9443/oauth2/token <https://localhost:9443/oauth2/token?tenantDomain=> endpoint without passing the tenantDomain as a query param in the URL.
The fix [1] was done after Identity Server 5.2.0-beta so if we are testing with a 5.2.0-beta or earlier IS pack we would have to send in the tenantDomain as a query param (ie. https://localhost:9443/oauth2/token?tenantDomain=<tenantDomain>) to the token endpoint for SPs in a tenantDomain as Pushpalanka has pointed out earlier .Otherwise, it will be taken as cabon.super. [1] https://wso2.org/jira/browse/IDENTITY-4531 Thanks, Farasath Ahamed Software Engineer, WSO2 Inc.; http://wso2.com lean.enterprise.middleware Email: [email protected] Mobile: +94777603866 Blog: blog.farazath.com Twitter: @farazath619 <https://twitter.com/farazath619> On Thu, Jun 2, 2016 at 7:43 AM, Chamara Ariyarathne <[email protected]> wrote: > Hi Farsath, Some unclear points. > > On Thu, Jun 2, 2016 at 2:47 AM, Farasath Ahamed <[email protected]> > wrote: > >> Hi, >> >> I tested the SAML2 bearer grant with travelocity app for a tenant user >> and I was able to get an access token with any issue. >> > "with" or "without"? > > >> I had to change the samlsso URL to >> *https://localhost:9443/samlsso?tenantDomain=wso2.com >> <https://localhost:9443/samlsso?tenantDomain=wso2.com> *to get the >> sample working for a tenant user. >> > So, is it still needed? > > >> However, I was able to generate the token without sending the >> tenantDomain as a query param. >> > For which grant type? Are you still talking about the saml2-bearer grant > type? > >> >> >> Thanks, >> Farasath >> >> >> Farasath Ahamed >> Software Engineer, >> WSO2 Inc.; http://wso2.com >> lean.enterprise.middleware >> >> >> Email: [email protected] >> Mobile: +94777603866 >> Blog: blog.farazath.com >> Twitter: @farazath619 <https://twitter.com/farazath619> >> >> On Thu, Jun 2, 2016 at 2:22 AM, Farasath Ahamed <[email protected]> >> wrote: >> >>> Hi All, >>> >>> We have removed the requirement to send in the tenantDomain with the >>> token request as a query param in [1]. Instead of relying on the query >>> param we now retrieve the tenantDomain using the client_id sent in the >>> request. Therefore, this should work for all grant types. Anyways will >>> check once again with the SAML2 Bearer grant. >>> >>> >>> [1] https://wso2.org/jira/browse/IDENTITY-4531 >>> >>> Thanks. >>> >>> Farasath Ahamed >>> Software Engineer, >>> WSO2 Inc.; http://wso2.com >>> lean.enterprise.middleware >>> >>> >>> Email: [email protected] >>> Mobile: +94777603866 >>> Blog: blog.farazath.com >>> Twitter: @farazath619 <https://twitter.com/farazath619> >>> >>> On Thu, Jun 2, 2016 at 1:25 AM, Tania Mahanama <[email protected]> wrote: >>> >>>> >>>> >>>> On Wed, Jun 1, 2016 at 9:56 PM, Sewmini Jayaweera <[email protected]> >>>> wrote: >>>> >>>>> Hi Pushpalanka, >>>>> >>>>> Thank you for your prompt response. >>>>> I could generate token successfully with the suggested endpoint. >>>>> >>>>> @Tania: Could you please update documentation [1] with this >>>>> information? I have created documentation Jira [2]. >>>>> >>>> >>>> Noted. >>>> >>>> >>>>> >>>>> [1]. >>>>> https://docs.wso2.com/display/AM1100/Exchanging+SAML2+Bearer+Tokens+with+OAuth2+-+SAML+Extension+Grant+Type >>>>> [2]. https://wso2.org/jira/browse/DOCUMENTATION-3414 >>>>> >>>>> Regards, >>>>> Sewmini. >>>>> >>>>> Sewmini Jayaweera >>>>> *Software Engineer - QA Team* >>>>> Mobile: +94 (0) 773 381 250 >>>>> [email protected] >>>>> >>>>> On Wed, Jun 1, 2016 at 8:42 PM, Pushpalanka Jayawardhana < >>>>> [email protected]> wrote: >>>>> >>>>>> Hi Sewmini, >>>>>> >>>>>> Please try sending the tenantDomain as a query param in the cURL >>>>>> command's token endpoint as below. >>>>>> >>>>>> https://localhost:9443/oauth2/token?tenantDomain=<tenantDomain> >>>>>> >>>>>> >>>>>> Thanks, >>>>>> >>>>>> On Wed, Jun 1, 2016 at 8:15 PM, Sewmini Jayaweera <[email protected]> >>>>>> wrote: >>>>>> >>>>>>> Adding [email protected] >>>>>>> >>>>>>> Sewmini Jayaweera >>>>>>> *Software Engineer - QA Team* >>>>>>> Mobile: +94 (0) 773 381 250 >>>>>>> [email protected] >>>>>>> >>>>>>> On Wed, Jun 1, 2016 at 8:13 PM, Sewmini Jayaweera <[email protected]> >>>>>>> wrote: >>>>>>> >>>>>>>> Hi APIM / IS teams, >>>>>>>> >>>>>>>> I am testing 'Exchanging SAML2 Bearer Tokens with OAuth2' (SAML >>>>>>>> Extension Grant Type) scenario for tenant user. I followed API manager >>>>>>>> documentation available [1] and scenario worked fine for the super >>>>>>>> tenant. >>>>>>>> When I try the tenant scenario I noticed when service provider and IDP >>>>>>>> created in IS tenant domain token generation fails. Reason is that even >>>>>>>> though SP is in the tenant domain system expects IDP in carbon.super >>>>>>>> tenant. >>>>>>>> >>>>>>>> Are there any specific configurations which should be done, in >>>>>>>> order to get the tenant scenario working ? >>>>>>>> >>>>>>>> I have also reported a Jira [2] on this explaining full scenario. >>>>>>>> >>>>>>>> [2]. https://wso2.org/jira/browse/APIMANAGER-4929 >>>>>>>> [1]. >>>>>>>> https://docs.wso2.com/display/AM1100/Exchanging+SAML2+Bearer+Tokens+with+OAuth2+-+SAML+Extension+Grant+Type >>>>>>>> >>>>>>>> Kind Regards, >>>>>>>> Sewmini. >>>>>>>> >>>>>>>> Sewmini Jayaweera >>>>>>>> *Software Engineer - QA Team* >>>>>>>> Mobile: +94 (0) 773 381 250 >>>>>>>> [email protected] >>>>>>>> >>>>>>> >>>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> Pushpalanka. >>>>>> -- >>>>>> Pushpalanka Jayawardhana, B.Sc.Eng.(Hons). >>>>>> Senior Software Engineer, WSO2 Lanka (pvt) Ltd; wso2.com/ >>>>>> Mobile: +94779716248 >>>>>> Blog: pushpalankajaya.blogspot.com/ | LinkedIn: >>>>>> lk.linkedin.com/in/pushpalanka/ | Twitter: @pushpalanka >>>>>> >>>>>> >>>>> >>>> >>>> >>>> -- >>>> Tania Mahanama >>>> Senior Technical Writer >>>> >>>> Contact: >>>> Mob: +94 077 5129270 >>>> >>>> -- >>>> You received this message because you are subscribed to the Google >>>> Groups "WSO2 Documentation Group" group. >>>> To unsubscribe from this group and stop receiving emails from it, send >>>> an email to [email protected]. >>>> For more options, visit https://groups.google.com/a/wso2.com/d/optout. >>>> >>> >>> >> >> _______________________________________________ >> Dev mailing list >> [email protected] >> http://wso2.org/cgi-bin/mailman/listinfo/dev >> >> > > > -- > *Chamara Ariyarathne* > Associate Technical Lead - QA > WSO2 Inc; http://www.wso2.com/ > Mobile; *+94772786766 <%2B94772786766>* >
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
