Hi Ken, Yes. You can SSO carbon products as described in [1]. If you need to SSO API manager and IS, those will be SPs in identity server and you need to set the local and outbound authenticator of those SPs as newly creating custom authenticator.
[1] https://docs.wso2.com/display/IS500/Enabling+SSO+for+WSO2+Servers Thanks Godwin On Fri, Oct 28, 2016 at 8:03 PM, Ken McDonald <[email protected]> wrote: > Thanks Godwin. I didn’t think of doing it this way. Then I would be able > to set our API Manager management console and IS management console to both > be an SP within IS, so it could authenticate through this new connector. > Unless I am mistaken – but I believe I set this up previously. > > > > > > Ken McDonald | Security Consultant| Symcor Inc. > > 400-1 Robert Speck Parkway, Mississauga, Ontario, L4Z 4E7 > > Office: 905.273.1306 | Cell: 647.888.6548 > > > > *From:* Godwin Shrimal [mailto:[email protected]] > *Sent:* Friday, October 28, 2016 10:10 AM > *To:* Ken McDonald <[email protected]> > *Cc:* WSO2 Developers' List <[email protected]> > *Subject:* Re: [Dev] Custom Active Directory User Store > > > > Hi Ken, > > User store manager doesn't have any control to do redirection such as > password change page. User store manager take care of user operations such > as create/update/authenticate etc. in your scenario its authenticate. Yes. > doAuthenticate is the correct function to override. > > For overcome your use-case, you can write a custom authenticator which has > full control in the authentication flow and you can do required redirection > there. Pleas follow post [1] how to create custom user store and configure. > > > [1] http://xacmlinfo.org/2015/10/15/custom-authenticator-for- > wso2-identity-server-wso2is-sso-login/ > > > > Thanks > > Godwin > > > > On Fri, Oct 28, 2016 at 7:15 PM, Ken McDonald <[email protected]> > wrote: > > Hi everyone. > > > > I am looking to create a custom user store for Active Directory that uses > the User Account Control field to reflect whether a user is requiring a > password change based on an expired password. I was also looking to > implement the “force change password on first login” here as well. > > > > I had initially looked into implementing this by changing/extending the > following: > > https://docs.wso2.com/display/ISCONNECTORS/Configuring+ > Password+Policy+Authenticator > > > > but due to the fact that in order to even get passed the initial step to > even invoke this code, the user must bind from the initial active directory > user store from the main plugin, this will not work with proper Active > Directory controls. When a user tries to bind when their > UserAccountControl states their password is expired, it will throw an > exception. > > > > My main question here is: > > Is there a way to throw a custom exception from my new user store > implementation and catch it and direct the user to a different page (jsp or > context view) that I could then present the change password view to them. > Or is there ability to direct within the code to a different page somehow > driven from the User Store code? > > > > Essentially my User Store code will override the doAuthenticate (I believe > this is the function) and if the user bind fails due to (but not with a bad > credentials exception), I will query the ldap entry and check the User > Account Control field, and if it has the flag set for expired password, I > would like to direct the user to a page asking for current password, and > new password (twice), much like the ISCONNECTOR code referenced above. > > > > Any assistance pointing me in the right direction as to how this might be > possible would be appreciated (or simply telling me it’s not possible). > > > > Thanks > > > > Ken McDonald | Security Consultant| Symcor Inc. > > 400-1 Robert Speck Parkway, Mississauga, Ontario, L4Z 4E7 > > Office: 905.273.1306 | Cell: 647.888.6548 > > > > > > CONFIDENTIALITY WARNING > This communication, including any attachments, is for the exclusive use of > addressee and may contain proprietary and/or confidential information. If > you are not the intended recipient, any use, copying, disclosure, > dissemination or distribution is strictly prohibited. If you are not the > intended recipient, please notify the sender immediately by return e-mail, > delete this communication and destroy all copies. > > * Symcor 1 Robert Speck Parkway, Suite 400, Mississauga, Ontario, Canada > L4Z 4E7 **www.symcor.com* <http://www.symcor.com/>* To unsubscribe from > receiving promotional messages from Symcor, email “unsubscribe” to * > *[email protected]* <[email protected]>* You will continue to receive > regular business communications from Symcor.* > > AVERTISSEMENT RELATIF À LA CONFIDENTIALITÉ > Ce message, ainsi que les pièces qui y sont jointes, est destiné à l’usage > exclusif de la personne à laquelle il s’adresse et peut contenir de > l’information personnelle ou confidentielle. Si le lecteur de ce message > n’en est pas le destinataire, nous l’avisons par la présente que toute > diffusion, distribution, reproduction ou utilisation de son contenu est > strictement interdite. Veuillez avertir sur-le-champ l’expéditeur par > retour de courrier électronique et supprimez ce message ainsi que toutes > les pièces jointes. > > * Symcor, 1 Robert Speck Parkway, bureau 400, Mississauga, Ontario, Canada > L4Z 4E7 **www.symcor.com* <http://www.symcor.com/>* – Pour cesser de > recevoir les messages promotionnels de Symcor, veuillez envoyer un courriel > portant la mention « Désinscription » à **[email protected]* > <[email protected]>*. Vous continuerez de recevoir les messages > d’affaires courants de Symcor.* > > > _______________________________________________ > Dev mailing list > [email protected] > http://wso2.org/cgi-bin/mailman/listinfo/dev > > > > > -- > > *Godwin Amila Shrimal* > Senior Software Engineer > WSO2 Inc.; http://wso2.com > lean.enterprise.middleware > > mobile: *+94772264165 <%2B94772264165>* > > linkedin: *http://lnkd.in/KUum6D <http://lnkd.in/KUum6D>* > > twitter: https://twitter.com/godwinamila > [image: Image removed by sender.] <http://wso2.com/signature> > -- *Godwin Amila Shrimal* Senior Software Engineer WSO2 Inc.; http://wso2.com lean.enterprise.middleware mobile: *+94772264165* linkedin: *http://lnkd.in/KUum6D <http://lnkd.in/KUum6D>* twitter: https://twitter.com/godwinamila <http://wso2.com/signature>
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
