Hi Malithi, Thanks for the response. But my concern is IDP can be any one like Wso2IS, Salesforce, facebook etc. So for me to invoke I assume I should know the client ID and secret of the relevant IDP right? Please correct me if I am wrong. I just need to invoke the admin services using Basic Auth.
Appreciate your response. Thanks, On Tue, Nov 7, 2017 at 11:12 AM, Malithi Edirisinghe <[email protected]> wrote: > I think you can use SAML bearer grant here and use the access token to > access APIs > > Thanks, > Malithi > > On Tue, Nov 7, 2017 at 10:11 AM, Ushani Balasooriya <[email protected]> > wrote: > >> Hi, >> >> Appreciate your response. >> >> Thanks, >> >> On Mon, Nov 6, 2017 at 2:04 PM, Ushani Balasooriya <[email protected]> >> wrote: >> >>> Hi IAM team, >>> >>> As a part of my third party web application implementation to add users >>> and roles I would like to try if the logged in admin user can perform the >>> relevant activity within the app. >>> >>> In order to test Login in to the web app I will be using SAML Post >>> binding and as well as the Redirect binding. >>> >>> When I use the Post binding, I can capture the user name and password >>> and generate Basic authentication token retrieving it from the servlet >>> request. >>> >>> My question is, >>> >>> 1. If I use redirect binding, since the IDP can be any application like >>> wso2 IS or Facebook or salesforce etc *(a)* is it a valid use case to >>> use the logged in user admin's credentials to generate auth token? >>> >>> *(b)* Or should I hard code one particular admin user's credentials or >>> auth token which is configured as admin for the thirdparty web app to >>> perform the relevant activities? >>> >>> 2. If *(a) *is valid, how can I retrieve it from the session. I can >>> retrieve the username from the SAML2SSO session, but my question is how to >>> retrieve the password to generate auth token? >>> >>> Appreciate your response. >>> >>> Thanks, >>> -- >>> *Ushani Balasooriya* >>> Associate Technical Lead - EE; >>> WSO2 Inc; http://www.wso2.com/. >>> Mobile; +94772636796 >>> >>> >> >> >> -- >> *Ushani Balasooriya* >> Associate Technical Lead - EE; >> WSO2 Inc; http://www.wso2.com/. >> Mobile; +94772636796 >> >> > > > -- > > *Malithi Edirisinghe* > Associate Technical Lead > WSO2 Inc. > > Mobile : +94 (0) 718176807 > [email protected] > -- *Ushani Balasooriya* Associate Technical Lead - EE; WSO2 Inc; http://www.wso2.com/. Mobile; +94772636796
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
