So for tenant users, the samlsso url has changed (requires tenantDomain query param)? Does this mean that for tenant users who are migrating to the new version, they have to change their Application's SSO handling code?
Thanks, NuwanD. On Thu, Jun 2, 2016 at 8:48 AM, Farasath Ahamed <farasa...@wso2.com> wrote: > Hi Chamara, > > Sorry, I missed out some details. I tested the SAML Bearer Grant with an > Identity Server 5.3.0 M1 pack. I had to change the samlsso URL to > *https://localhost:9443/samlsso?tenantDomain=wso2.com > <https://localhost:9443/samlsso?tenantDomain=wso2.com> *to log in as a > user in the tenant domain in the travelocity App. Thereafter the SAML2 > Bearer grant was sent to https://localhost:9443/oauth2/token > <https://localhost:9443/oauth2/token?tenantDomain=> endpoint without > passing the tenantDomain as a query param in the URL. > > The fix [1] was done after Identity Server 5.2.0-beta so if we are testing > with a 5.2.0-beta or earlier IS pack we would have to send in the > tenantDomain as a query param (ie. > https://localhost:9443/oauth2/token?tenantDomain=<tenantDomain>) to the > token endpoint for SPs in a tenantDomain as Pushpalanka has pointed out > earlier .Otherwise, it will be taken as cabon.super. > > > [1] https://wso2.org/jira/browse/IDENTITY-4531 > > > Thanks, > > Farasath Ahamed > Software Engineer, > WSO2 Inc.; http://wso2.com > lean.enterprise.middleware > > > Email: farasa...@wso2.com > Mobile: +94777603866 > Blog: blog.farazath.com > Twitter: @farazath619 <https://twitter.com/farazath619> > > On Thu, Jun 2, 2016 at 7:43 AM, Chamara Ariyarathne <chama...@wso2.com> > wrote: > >> Hi Farsath, Some unclear points. >> >> On Thu, Jun 2, 2016 at 2:47 AM, Farasath Ahamed <farasa...@wso2.com> >> wrote: >> >>> Hi, >>> >>> I tested the SAML2 bearer grant with travelocity app for a tenant user >>> and I was able to get an access token with any issue. >>> >> "with" or "without"? >> >> >>> I had to change the samlsso URL to >>> *https://localhost:9443/samlsso?tenantDomain=wso2.com >>> <https://localhost:9443/samlsso?tenantDomain=wso2.com> *to get the >>> sample working for a tenant user. >>> >> So, is it still needed? >> >> >>> However, I was able to generate the token without sending the >>> tenantDomain as a query param. >>> >> For which grant type? Are you still talking about the saml2-bearer grant >> type? >> >>> >>> >>> Thanks, >>> Farasath >>> >>> >>> Farasath Ahamed >>> Software Engineer, >>> WSO2 Inc.; http://wso2.com >>> lean.enterprise.middleware >>> >>> >>> Email: farasa...@wso2.com >>> Mobile: +94777603866 >>> Blog: blog.farazath.com >>> Twitter: @farazath619 <https://twitter.com/farazath619> >>> >>> On Thu, Jun 2, 2016 at 2:22 AM, Farasath Ahamed <farasa...@wso2.com> >>> wrote: >>> >>>> Hi All, >>>> >>>> We have removed the requirement to send in the tenantDomain with the >>>> token request as a query param in [1]. Instead of relying on the query >>>> param we now retrieve the tenantDomain using the client_id sent in the >>>> request. Therefore, this should work for all grant types. Anyways will >>>> check once again with the SAML2 Bearer grant. >>>> >>>> >>>> [1] https://wso2.org/jira/browse/IDENTITY-4531 >>>> >>>> Thanks. >>>> >>>> Farasath Ahamed >>>> Software Engineer, >>>> WSO2 Inc.; http://wso2.com >>>> lean.enterprise.middleware >>>> >>>> >>>> Email: farasa...@wso2.com >>>> Mobile: +94777603866 >>>> Blog: blog.farazath.com >>>> Twitter: @farazath619 <https://twitter.com/farazath619> >>>> >>>> On Thu, Jun 2, 2016 at 1:25 AM, Tania Mahanama <ta...@wso2.com> wrote: >>>> >>>>> >>>>> >>>>> On Wed, Jun 1, 2016 at 9:56 PM, Sewmini Jayaweera <sewm...@wso2.com> >>>>> wrote: >>>>> >>>>>> Hi Pushpalanka, >>>>>> >>>>>> Thank you for your prompt response. >>>>>> I could generate token successfully with the suggested endpoint. >>>>>> >>>>>> @Tania: Could you please update documentation [1] with this >>>>>> information? I have created documentation Jira [2]. >>>>>> >>>>> >>>>> Noted. >>>>> >>>>> >>>>>> >>>>>> [1]. >>>>>> https://docs.wso2.com/display/AM1100/Exchanging+SAML2+Bearer+Tokens+with+OAuth2+-+SAML+Extension+Grant+Type >>>>>> [2]. https://wso2.org/jira/browse/DOCUMENTATION-3414 >>>>>> >>>>>> Regards, >>>>>> Sewmini. >>>>>> >>>>>> Sewmini Jayaweera >>>>>> *Software Engineer - QA Team* >>>>>> Mobile: +94 (0) 773 381 250 >>>>>> sewm...@wso2.com >>>>>> >>>>>> On Wed, Jun 1, 2016 at 8:42 PM, Pushpalanka Jayawardhana < >>>>>> la...@wso2.com> wrote: >>>>>> >>>>>>> Hi Sewmini, >>>>>>> >>>>>>> Please try sending the tenantDomain as a query param in the cURL >>>>>>> command's token endpoint as below. >>>>>>> >>>>>>> https://localhost:9443/oauth2/token?tenantDomain=<tenantDomain> >>>>>>> >>>>>>> >>>>>>> Thanks, >>>>>>> >>>>>>> On Wed, Jun 1, 2016 at 8:15 PM, Sewmini Jayaweera <sewm...@wso2.com> >>>>>>> wrote: >>>>>>> >>>>>>>> Adding dev@wso2.org >>>>>>>> >>>>>>>> Sewmini Jayaweera >>>>>>>> *Software Engineer - QA Team* >>>>>>>> Mobile: +94 (0) 773 381 250 >>>>>>>> sewm...@wso2.com >>>>>>>> >>>>>>>> On Wed, Jun 1, 2016 at 8:13 PM, Sewmini Jayaweera <sewm...@wso2.com >>>>>>>> > wrote: >>>>>>>> >>>>>>>>> Hi APIM / IS teams, >>>>>>>>> >>>>>>>>> I am testing 'Exchanging SAML2 Bearer Tokens with OAuth2' (SAML >>>>>>>>> Extension Grant Type) scenario for tenant user. I followed API manager >>>>>>>>> documentation available [1] and scenario worked fine for the super >>>>>>>>> tenant. >>>>>>>>> When I try the tenant scenario I noticed when service provider and IDP >>>>>>>>> created in IS tenant domain token generation fails. Reason is that >>>>>>>>> even >>>>>>>>> though SP is in the tenant domain system expects IDP in carbon.super >>>>>>>>> tenant. >>>>>>>>> >>>>>>>>> Are there any specific configurations which should be done, in >>>>>>>>> order to get the tenant scenario working ? >>>>>>>>> >>>>>>>>> I have also reported a Jira [2] on this explaining full scenario. >>>>>>>>> >>>>>>>>> [2]. https://wso2.org/jira/browse/APIMANAGER-4929 >>>>>>>>> [1]. >>>>>>>>> https://docs.wso2.com/display/AM1100/Exchanging+SAML2+Bearer+Tokens+with+OAuth2+-+SAML+Extension+Grant+Type >>>>>>>>> >>>>>>>>> Kind Regards, >>>>>>>>> Sewmini. >>>>>>>>> >>>>>>>>> Sewmini Jayaweera >>>>>>>>> *Software Engineer - QA Team* >>>>>>>>> Mobile: +94 (0) 773 381 250 >>>>>>>>> sewm...@wso2.com >>>>>>>>> >>>>>>>> >>>>>>>> >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> Pushpalanka. >>>>>>> -- >>>>>>> Pushpalanka Jayawardhana, B.Sc.Eng.(Hons). >>>>>>> Senior Software Engineer, WSO2 Lanka (pvt) Ltd; wso2.com/ >>>>>>> Mobile: +94779716248 >>>>>>> Blog: pushpalankajaya.blogspot.com/ | LinkedIn: >>>>>>> lk.linkedin.com/in/pushpalanka/ | Twitter: @pushpalanka >>>>>>> >>>>>>> >>>>>> >>>>> >>>>> >>>>> -- >>>>> Tania Mahanama >>>>> Senior Technical Writer >>>>> >>>>> Contact: >>>>> Mob: +94 077 5129270 >>>>> >>>>> -- >>>>> You received this message because you are subscribed to the Google >>>>> Groups "WSO2 Documentation Group" group. >>>>> To unsubscribe from this group and stop receiving emails from it, send >>>>> an email to documentation+unsubscr...@wso2.com. >>>>> For more options, visit https://groups.google.com/a/wso2.com/d/optout. >>>>> >>>> >>>> >>> >>> _______________________________________________ >>> Dev mailing list >>> Dev@wso2.org >>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>> >>> >> >> >> -- >> *Chamara Ariyarathne* >> Associate Technical Lead - QA >> WSO2 Inc; http://www.wso2.com/ >> Mobile; *+94772786766 <%2B94772786766>* >> > > > _______________________________________________ > Dev mailing list > Dev@wso2.org > http://wso2.org/cgi-bin/mailman/listinfo/dev > > -- Nuwan Dias Technical Lead - WSO2, Inc. http://wso2.com email : nuw...@wso2.com Phone : +94 777 775 729
_______________________________________________ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
