Adding Documentation team. Yes, I agree with Rajith. It will be better to mention in docs as normal users not gonna identify the requirement of having client credential grant type with SAML grant type.
Reported Jira on this to track the progress [1]. [1] https://wso2.org/jira/browse/DOCUMENTATION-6403 On Fri, Nov 10, 2017 at 9:40 AM, Rajith Roshan <[email protected]> wrote: > Hi all, > I think it's better to include this in our documentation (quick start [1], > cloud -[2]), that in store UI generate keys and regenerate will always > generate access token using client credentials, even though the Oauth app > is enabled for multiple grant types. > Or shall we add a tool tip to generate keys button and regenerate button > to say that this will use client credential grant type. > > [1] - https://docs.wso2.com/display/AM210/Quick+Start+Guide > [2] - https://docs.wso2.com/display/APICloud/Subscribe+to+ > and+Invoke+an+API > > On Thu, Nov 9, 2017 at 7:58 PM, Sanjeewa Malalgoda <[email protected]> > wrote: > >> Yes in UI when we click on generate keys button it will create oauth2 app >> and generate tokens using client credentials(first time). >> To complete both we need client credentials grant. In back end we do not >> have such limitation we are anyway doing 2 different service calls. >> If someone need to enable only SAML then after initial token generation >> we can disable it. Its good to have options to generate key/secret, >> generate tokens separately. >> Since this behavior was there for sometime we will not need to change it >> suddenly. But we can consider that in future. >> >> Thanks, >> sanjeewa. >> >> On Thu, Nov 9, 2017 at 7:32 PM, Saneth Dharmakeerthi <[email protected]> >> wrote: >> >>> Hi APIM Team, >>> >>> Docent this a limitation of Store UI? >>> >>> Customer who is using SAML or authorization code grant, Why he needs >>> to enable client_credential? Inst this a security risk? The only thing >>> he needs to do is getting the Client ID and Client Secret, But in Store UI >>> it only shows those after click Generate Key button. >>> >>> >>> >>> Thanks and Best Regards, >>> >>> Saneth Dharmakeerthi >>> *Associate Technical Lead* >>> WSO2, Inc. >>> Mobile: +94772325511 <077%20232%205511> >>> >>> <http://wso2.com/signature> >>> >>> On Thu, Nov 9, 2017 at 9:37 AM, Dilshani Subasinghe <[email protected]> >>> wrote: >>> >>>> Hi Fazlan, >>>> >>>> Ok, now I got it. Thanks for explaining it. >>>> >>>> Regards, >>>> Dilshani >>>> >>>> On Thu, Nov 9, 2017 at 9:21 AM, Fazlan Nazeem <[email protected]> wrote: >>>> >>>>> Hi Dilshani, >>>>> >>>>> SAML grant does not depend on client_credentials grant being enabled, >>>>> but in store UI when we generate keys using the Generate Keys button, >>>>> client_credentials grant is used to generate the token. Therefore you have >>>>> to enable client_credentials grant if you are generating keys via UI. I >>>>> think this is what Hrasha meant. >>>>> >>>>> On Thu, Nov 9, 2017 at 12:20 AM, Dilshani Subasinghe < >>>>> [email protected]> wrote: >>>>> >>>>>> Hi Harsha, >>>>>> >>>>>> Thanks for prompt reply. Will follow that. Hope we need to specify >>>>>> that client_credentials grant need for enabling SAML grant in the >>>>>> documentation. >>>>>> >>>>>> Regards, >>>>>> Dilshani >>>>>> >>>>>> On Thu, Nov 9, 2017 at 12:08 AM, Harsha Kumara <[email protected]> >>>>>> wrote: >>>>>> >>>>>>> Hi Dilshani, >>>>>>> >>>>>>> If you need to generate a token using SAML2 grant you may follow >>>>>>> [1]. In store, you need to select client_credentials grant as we used >>>>>>> it in >>>>>>> the store to generate the token for an application. >>>>>>> >>>>>>> [1] https://docs.wso2.com/display/AM1100/Exchanging+SAML2+Be >>>>>>> arer+Tokens+with+OAuth2+-+SAML+Extension+Grant+Type >>>>>>> >>>>>>> On Thu, Nov 9, 2017 at 12:01 AM, Dilshani Subasinghe < >>>>>>> [email protected]> wrote: >>>>>>> >>>>>>>> Hi APIM/IS Team, >>>>>>>> >>>>>>>> I'm working with IS as Key manager setup. (APIM 2.1.0 and >>>>>>>> wso2is-km-5.3.0). In APIM, while generating keys for Applications with >>>>>>>> "SAML" as grant type, it may give an error as follows [1]: >>>>>>>> >>>>>>>> [2017-11-08 23:51:34,102] ERROR - APIUtil Error occurred while >>>>>>>> executing SubscriberKeyMgtClient. >>>>>>>> java.lang.RuntimeException: Error occurred while calling token >>>>>>>> endpoint: HTTP error code : 400 >>>>>>>> at org.wso2.carbon.apimgt.impl.AMDefaultKeyManagerImpl.getNewAp >>>>>>>> plicationAccessToken(AMDefaultKeyManagerImpl.java:367) >>>>>>>> at org.wso2.carbon.apimgt.impl.workflow.AbstractApplicationRegi >>>>>>>> strationWorkflowExecutor.dogenerateKeysForApplication(Abstra >>>>>>>> ctApplicationRegistrationWorkflowExecutor.java:151) >>>>>>>> at org.wso2.carbon.apimgt.impl.workflow.AbstractApplicationRegi >>>>>>>> strationWorkflowExecutor.generateKeysForApplication(Abstract >>>>>>>> ApplicationRegistrationWorkflowExecutor.java:118) >>>>>>>> at org.wso2.carbon.apimgt.impl.workflow.ApplicationRegistration >>>>>>>> SimpleWorkflowExecutor.complete(ApplicationRegistrationSimpl >>>>>>>> eWorkflowExecutor.java:78) >>>>>>>> at org.wso2.carbon.apimgt.impl.workflow.ApplicationRegistration >>>>>>>> SimpleWorkflowExecutor.execute(ApplicationRegistrationSimple >>>>>>>> WorkflowExecutor.java:54) >>>>>>>> at org.wso2.carbon.apimgt.impl.APIConsumerImpl.requestApprovalF >>>>>>>> orApplicationRegistration(APIConsumerImpl.java:2789) >>>>>>>> at org.wso2.carbon.apimgt.impl.UserAwareAPIConsumer.requestAppr >>>>>>>> ovalForApplicationRegistration(UserAwareAPIConsumer.java:36) >>>>>>>> at org.wso2.carbon.apimgt.hostobjects.APIStoreHostObject.jsFunc >>>>>>>> tion_getApplicationKey(APIStoreHostObject.java:385) >>>>>>>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) >>>>>>>> at sun.reflect.NativeMethodAccessorIm >>>>>>>> >>>>>>>> Any idea on the issue? >>>>>>>> >>>>>>>> [1] error.png >>>>>>>> >>>>>>>> Thanks, >>>>>>>> Dilshani >>>>>>>> >>>>>>>> -- >>>>>>>> >>>>>>>> Dilshani Subasinghe >>>>>>>> Software Engineer - QA *|* WSO2 >>>>>>>> lean *|* enterprise *|* middleware >>>>>>>> >>>>>>>> Mobile : +94773375185 <+94%2077%20337%205185> >>>>>>>> Blog : dilshani.me >>>>>>>> >>>>>>>> <https://wso2.com/signature> >>>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> Harsha Kumara >>>>>>> Software Engineer, WSO2 Inc. >>>>>>> Mobile: +94775505618 <+94%2077%20550%205618> >>>>>>> Blog:harshcreationz.blogspot.com >>>>>>> >>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> >>>>>> Dilshani Subasinghe >>>>>> Software Engineer - QA *|* WSO2 >>>>>> lean *|* enterprise *|* middleware >>>>>> >>>>>> Mobile : +94773375185 <+94%2077%20337%205185> >>>>>> Blog : dilshani.me >>>>>> >>>>>> <https://wso2.com/signature> >>>>>> >>>>> >>>>> >>>>> >>>>> -- >>>>> Thanks & Regards, >>>>> >>>>> *Fazlan Nazeem* >>>>> Senior Software Engineer >>>>> WSO2 Inc >>>>> Mobile : +94772338839 >>>>> <%2B94%20%280%29%20773%20451194> >>>>> [email protected] >>>>> >>>> >>>> >>>> >>>> -- >>>> >>>> Dilshani Subasinghe >>>> Software Engineer - QA *|* WSO2 >>>> lean *|* enterprise *|* middleware >>>> >>>> Mobile : +94773375185 <+94%2077%20337%205185> >>>> Blog : dilshani.me >>>> >>>> <https://wso2.com/signature> >>>> >>> >>> >> >> >> -- >> >> *Sanjeewa Malalgoda* >> WSO2 Inc. >> Mobile : +94713068779 <+94%2071%20306%208779> >> >> <http://sanjeewamalalgoda.blogspot.com/>blog >> :http://sanjeewamalalgoda.blogspot.com/ >> <http://sanjeewamalalgoda.blogspot.com/> >> >> >> > > > -- > Rajith Roshan > Senior Software Engineer, WSO2 Inc. > Mobile: +94-7 <%2B94-71-554-8430>17-064-214 > -- Dilshani Subasinghe Software Engineer - QA *|* WSO2 lean *|* enterprise *|* middleware Mobile : +94773375185 Blog : dilshani.me <https://wso2.com/signature>
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
