Yes in UI when we click on generate keys button it will create oauth2 app and generate tokens using client credentials(first time). To complete both we need client credentials grant. In back end we do not have such limitation we are anyway doing 2 different service calls. If someone need to enable only SAML then after initial token generation we can disable it. Its good to have options to generate key/secret, generate tokens separately. Since this behavior was there for sometime we will not need to change it suddenly. But we can consider that in future.
Thanks, sanjeewa. On Thu, Nov 9, 2017 at 7:32 PM, Saneth Dharmakeerthi <[email protected]> wrote: > Hi APIM Team, > > Docent this a limitation of Store UI? > > Customer who is using SAML or authorization code grant, Why he needs to > enable client_credential? Inst this a security risk? The only thing he > needs to do is getting the Client ID and Client Secret, But in Store UI it > only shows those after click Generate Key button. > > > > Thanks and Best Regards, > > Saneth Dharmakeerthi > *Associate Technical Lead* > WSO2, Inc. > Mobile: +94772325511 <077%20232%205511> > > <http://wso2.com/signature> > > On Thu, Nov 9, 2017 at 9:37 AM, Dilshani Subasinghe <[email protected]> > wrote: > >> Hi Fazlan, >> >> Ok, now I got it. Thanks for explaining it. >> >> Regards, >> Dilshani >> >> On Thu, Nov 9, 2017 at 9:21 AM, Fazlan Nazeem <[email protected]> wrote: >> >>> Hi Dilshani, >>> >>> SAML grant does not depend on client_credentials grant being enabled, >>> but in store UI when we generate keys using the Generate Keys button, >>> client_credentials grant is used to generate the token. Therefore you have >>> to enable client_credentials grant if you are generating keys via UI. I >>> think this is what Hrasha meant. >>> >>> On Thu, Nov 9, 2017 at 12:20 AM, Dilshani Subasinghe <[email protected]> >>> wrote: >>> >>>> Hi Harsha, >>>> >>>> Thanks for prompt reply. Will follow that. Hope we need to specify that >>>> client_credentials grant need for enabling SAML grant in the documentation. >>>> >>>> Regards, >>>> Dilshani >>>> >>>> On Thu, Nov 9, 2017 at 12:08 AM, Harsha Kumara <[email protected]> >>>> wrote: >>>> >>>>> Hi Dilshani, >>>>> >>>>> If you need to generate a token using SAML2 grant you may follow [1]. >>>>> In store, you need to select client_credentials grant as we used it in the >>>>> store to generate the token for an application. >>>>> >>>>> [1] https://docs.wso2.com/display/AM1100/Exchanging+SAML2+Be >>>>> arer+Tokens+with+OAuth2+-+SAML+Extension+Grant+Type >>>>> >>>>> On Thu, Nov 9, 2017 at 12:01 AM, Dilshani Subasinghe < >>>>> [email protected]> wrote: >>>>> >>>>>> Hi APIM/IS Team, >>>>>> >>>>>> I'm working with IS as Key manager setup. (APIM 2.1.0 and >>>>>> wso2is-km-5.3.0). In APIM, while generating keys for Applications with >>>>>> "SAML" as grant type, it may give an error as follows [1]: >>>>>> >>>>>> [2017-11-08 23:51:34,102] ERROR - APIUtil Error occurred while >>>>>> executing SubscriberKeyMgtClient. >>>>>> java.lang.RuntimeException: Error occurred while calling token >>>>>> endpoint: HTTP error code : 400 >>>>>> at org.wso2.carbon.apimgt.impl.AMDefaultKeyManagerImpl.getNewAp >>>>>> plicationAccessToken(AMDefaultKeyManagerImpl.java:367) >>>>>> at org.wso2.carbon.apimgt.impl.workflow.AbstractApplicationRegi >>>>>> strationWorkflowExecutor.dogenerateKeysForApplication(Abstra >>>>>> ctApplicationRegistrationWorkflowExecutor.java:151) >>>>>> at org.wso2.carbon.apimgt.impl.workflow.AbstractApplicationRegi >>>>>> strationWorkflowExecutor.generateKeysForApplication(Abstract >>>>>> ApplicationRegistrationWorkflowExecutor.java:118) >>>>>> at org.wso2.carbon.apimgt.impl.workflow.ApplicationRegistration >>>>>> SimpleWorkflowExecutor.complete(ApplicationRegistrationSimpl >>>>>> eWorkflowExecutor.java:78) >>>>>> at org.wso2.carbon.apimgt.impl.workflow.ApplicationRegistration >>>>>> SimpleWorkflowExecutor.execute(ApplicationRegistrationSimple >>>>>> WorkflowExecutor.java:54) >>>>>> at org.wso2.carbon.apimgt.impl.APIConsumerImpl.requestApprovalF >>>>>> orApplicationRegistration(APIConsumerImpl.java:2789) >>>>>> at org.wso2.carbon.apimgt.impl.UserAwareAPIConsumer.requestAppr >>>>>> ovalForApplicationRegistration(UserAwareAPIConsumer.java:36) >>>>>> at org.wso2.carbon.apimgt.hostobjects.APIStoreHostObject.jsFunc >>>>>> tion_getApplicationKey(APIStoreHostObject.java:385) >>>>>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) >>>>>> at sun.reflect.NativeMethodAccessorIm >>>>>> >>>>>> Any idea on the issue? >>>>>> >>>>>> [1] error.png >>>>>> >>>>>> Thanks, >>>>>> Dilshani >>>>>> >>>>>> -- >>>>>> >>>>>> Dilshani Subasinghe >>>>>> Software Engineer - QA *|* WSO2 >>>>>> lean *|* enterprise *|* middleware >>>>>> >>>>>> Mobile : +94773375185 <+94%2077%20337%205185> >>>>>> Blog : dilshani.me >>>>>> >>>>>> <https://wso2.com/signature> >>>>>> >>>>> >>>>> >>>>> >>>>> -- >>>>> Harsha Kumara >>>>> Software Engineer, WSO2 Inc. >>>>> Mobile: +94775505618 <+94%2077%20550%205618> >>>>> Blog:harshcreationz.blogspot.com >>>>> >>>> >>>> >>>> >>>> -- >>>> >>>> Dilshani Subasinghe >>>> Software Engineer - QA *|* WSO2 >>>> lean *|* enterprise *|* middleware >>>> >>>> Mobile : +94773375185 <+94%2077%20337%205185> >>>> Blog : dilshani.me >>>> >>>> <https://wso2.com/signature> >>>> >>> >>> >>> >>> -- >>> Thanks & Regards, >>> >>> *Fazlan Nazeem* >>> Senior Software Engineer >>> WSO2 Inc >>> Mobile : +94772338839 >>> <%2B94%20%280%29%20773%20451194> >>> [email protected] >>> >> >> >> >> -- >> >> Dilshani Subasinghe >> Software Engineer - QA *|* WSO2 >> lean *|* enterprise *|* middleware >> >> Mobile : +94773375185 <+94%2077%20337%205185> >> Blog : dilshani.me >> >> <https://wso2.com/signature> >> > > -- *Sanjeewa Malalgoda* WSO2 Inc. Mobile : +94713068779 <http://sanjeewamalalgoda.blogspot.com/>blog :http://sanjeewamalalgoda.blogspot.com/ <http://sanjeewamalalgoda.blogspot.com/>
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
