Hi All, This is an update to provide more context to the problem.
Currently in IoT Server we have device type apis for each tenants that are exposed through api manager. In order to access it we create an AM Application and then we subscribe to the tenants apis. This works fine when we use the password grant type. Now when we tried to integrate with sso, we login to the service provider (configured for sso with SAAS enabled) and it generates saml token that is signed with super tenants key store. Then we use this saml token along with the tenants specific app to generate oauth token. In this case it tries to verify the signature using the tenants key store and it fails. After having a offline discussion with Farasath, figured that there could be two possible solution: 1) create an IDP with super tenants public cert for each tenant. The problem in this is if we are to update the key store of super tenants then we have to update the IDP of all the tenants. 2) Create a custom grant type that verifies using super tenants key store. the downside is to maintain a separate grant type handler. Is it okay to create a custom grant type or is there any solutions for this ?. Thanks, Ayyoob *Ayyoob Hamza* *Software Engineer* WSO2 Inc.; http://wso2.com email: ayy...@wso2.com cell: +94 77 1681010 <%2B94%2077%207779495> On Sun, Jan 15, 2017 at 9:53 PM, Ayyoob Hamza <ayy...@wso2.com> wrote: > > Is the service provider created in super tenant and the rest of tenants >> access it as a SaaS app? >> > Yes. > >> >> Also what is oauth component version used in IoT server? >> > 5.1.2 > > Is there any solution other than writing a custom grant type for this > since in the current grant type implementation it looks up for the IDP in > the tenant space > >
_______________________________________________ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
