Hi Rushmin, On Mon, Aug 8, 2016 at 4:14 PM, Rushmin Fernando <[email protected]> wrote:
> Thanks Ishara ! > > Since our products are adopting OAuth protected ReST APIs, is there an > OAuth authencator being developed and planed to be developed ? > Harsha has worked on developing a generic component that can be used by OAuth protected REST APIs[1]. Adding Harsha as he can provide more details on this. [1] https://github.com/wso2-extensions/identity-carbon-auth-rest > Regards, > Rushmin > > > > On Mon, Aug 8, 2016 at 4:04 PM, Ishara Karunarathna <[email protected]> > wrote: > >> Hi Dinusha, >> >> In this case I think publisher user should be able to create those SP, >> XACML policies etc. >> Since publisher use is within the publisher role you can assign necessary >> permission to that role. >> Once user login (SSO) to publisher with his credential he can get a >> cookie for that >> and he can use that cookie to authenticate to the admin services. >> >> @Rushmin, >> We don't have a authenticator for OAuth token. Better to get a ID token >> using OIDC or after validating OAuth token >> and create a carbon authenticator like saml carbon authenticator. >> >> Thanks, >> Ishara >> >> >> >> >> On Mon, Aug 8, 2016 at 3:47 PM, Rushmin Fernando <[email protected]> >> wrote: >> >>> In addition to creating these entries from the UI, we need to create the >>> same using our ReST API as well. And the API is OAuth protected. >>> >>> Is there an authenticator which gives back a cookie for an OAuth token >>> as well ? >>> >>> On Mon, Aug 8, 2016 at 3:29 PM, Ishara Karunarathna <[email protected]> >>> wrote: >>> >>>> Hi Lahiru. >>>> >>>> >>>> Its not the admin user.User trying to do this operation should have >>>> enough permission to do this. >>>> >>>> Use >>>> >>>> >>>> >>>> *entitlement/policy/view* >>>> >>>> Add this permission to the user who is trying to view those policies. >>>> >>>> >>>> BR, >>>> >>>> Ishara >>>> >>>> >>>> On Mon, Aug 8, 2016 at 3:20 PM, Lahiru Cooray <[email protected]> wrote: >>>> >>>>> + [DEV] >>>>> >>>>> On Mon, Aug 8, 2016 at 3:19 PM, Lahiru Cooray <[email protected]> >>>>> wrote: >>>>> >>>>>> Hi all, >>>>>> >>>>>> *Current behaviour:* >>>>>> Currently in AppM, when we are creating XACML policies/Service >>>>>> Providers via IS admin services, we are providing the super tenant admin >>>>>> credentials (where the credentials are stored in a config) to get >>>>>> authenticated. Further, XACML policies/Service providers are only created >>>>>> in super tenant and marked as a SAAS app to be used in tenants. >>>>>> >>>>>> *Problem:* >>>>>> As we are moving for AppM - Cloud integration, we are trying to >>>>>> deploy these in relevant tenant spaces. So as a solution we have tried to >>>>>> use *SAML2SSOAuthenticator*[1] (retrieving a cookie passing the >>>>>> SAML response and use the same in subsequent service calls) but figured >>>>>> that this is not applicable for non admin users. >>>>>> (*eg:* In AppM user story, non admin users should be allowed to >>>>>> create apps with XAML policies) >>>>>> >>>>>> Any suggestions for this would be highly appreciated! >>>>>> >>>>>> >>>>>> [1] https://github.com/wso2/carbon-identity/blob/8cd996c1dc6 >>>>>> d9e7c0df491322af6e9ddf1cf3709/components/carbon-authenticato >>>>>> rs/saml2-sso-authenticator/org.wso2.carbon.identity.authenti >>>>>> cator.saml2.sso/src/main/java/org/wso2/carbon/identity/authe >>>>>> nticator/saml2/sso/SAML2SSOAuthenticator.java >>>>>> >>>>>> -- >>>>>> *Lahiru Cooray* >>>>>> Software Engineer >>>>>> WSO2, Inc.;http://wso2.com/ >>>>>> lean.enterprise.middleware >>>>>> >>>>>> Mobile: +94 715 654154 >>>>>> >>>>> >>>>> >>>>> >>>>> -- >>>>> *Lahiru Cooray* >>>>> Software Engineer >>>>> WSO2, Inc.;http://wso2.com/ >>>>> lean.enterprise.middleware >>>>> >>>>> Mobile: +94 715 654154 >>>>> >>>> >>>> >>>> >>>> -- >>>> Ishara Karunarathna >>>> Associate Technical Lead >>>> WSO2 Inc. - lean . enterprise . middleware | wso2.com >>>> >>>> email: [email protected], blog: isharaaruna.blogspot.com, mobile: >>>> +94717996791 >>>> >>>> >>>> >>> >>> >>> -- >>> *Best Regards* >>> >>> *Rushmin Fernando* >>> *Technical Lead* >>> >>> WSO2 Inc. <http://wso2.com/> - Lean . Enterprise . Middleware >>> >>> mobile : +94772891266 >>> >>> >>> >> >> >> -- >> Ishara Karunarathna >> Associate Technical Lead >> WSO2 Inc. - lean . enterprise . middleware | wso2.com >> >> email: [email protected], blog: isharaaruna.blogspot.com, mobile: >> +94717996791 >> >> >> > > > -- > *Best Regards* > > *Rushmin Fernando* > *Technical Lead* > > WSO2 Inc. <http://wso2.com/> - Lean . Enterprise . Middleware > > mobile : +94772891266 > > > > _______________________________________________ > Dev mailing list > [email protected] > http://wso2.org/cgi-bin/mailman/listinfo/dev > >
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
