Hi Shiva, If we can get the google authenticator [1] feature installed on APIM 2.1.0 successfully, then your requirement is possible.
I'm thinking of a solution where we manually build the authenticator to support APIM and getting it installed. I've added few members from the API Manager Dev team to get some help here. [1] https://store.wso2.com/store/assets/isconnector/details/47fd2ab8-952f-4e2b-b9d8-af302aa1b396 Best Regards, Tharindu Edirisinghe On Thu, Dec 7, 2017 at 11:04 AM, Shiva Kumar K R <[email protected]> wrote: > Hi Tharindu, > > Thank you so much for your response. > I already have registered with Google an OAuth app and got client > credentials, I will tell my requirement properly below, please suggest me > any solution. > 1) I obtain WSO2 client credentials in API store for my application. > 2) I will also obtain Google OAuth app client credentials. > 3) I need to configure WSO2 in such a way that when I request > http://localhost:8243/authorize, it should redirect to Google > authentication page. > 4) User will authenticate with Google and it will redirect to WSO2 to > generate authorization code and WO2 will provide me that code. > 5) User app then request http://localhost:8243/token to get access token > to call my APIs. > > Is this possible with some customization or adding a feature that support > this flow instead of using Identity Server 5.3.0. > > On Thu, Dec 7, 2017 at 8:07 AM, Tharindu Edirisinghe <[email protected]> > wrote: > >> Hi Shiva, >> >> If the external Identity Provider supports SAML based authentication, >> then you can do this straight away using only the API Manager 2.1.0. >> >> For that, you can create an IDP from the Management Console and under the >> Federated Authenticators, you can add SAML configuration related to the >> external IDP. (See the attached image IDP_Config.png). >> >> Then, when you have the APIs published from the publisher, you can go the >> store, create an application and subscribe for the published APIs. There, >> when you generate the Keys for the application, in the Management Console >> you can see that a corresponding service provider getting automatically >> registered for that application. (See the attached image List_SPs.png). >> >> Then, in that service provider configuration, under the Local and >> Outbound Authentication section, you can link the federated authenticator >> which you have already added as an IDP (SAML based). >> >> This way, when the OAuth request comes to API Manager for generating an >> access token for the particular application (service provider), API Manager >> will perform the federated authentication flow. >> >> I have tested this with an external SAML based IDP and it worked. >> >> If you need to use facebook, by default the facebook federated >> authenticator feature is not installed in API Manager. If we can get the >> feature installed, then similarly we should be able to get facebook also to >> working in the same way. However we haven't tested that out. >> >> Thanks, >> Tharindu Edirisinghe >> >> >> >> On Wed, Dec 6, 2017 at 2:32 PM, Shiva Kumar K R < >> [email protected]> wrote: >> >>> Hi, >>> >>> I have to use Google, Facebook or any third party Identiy provider just >>> to authenticate users and giving access to my APIs by generating access >>> token in my WSO2. I know Identity server support it but because of resource >>> constraints I want this to be achieved through only WSO2 API Manager. Is >>> there any work around also please suggest me. >>> >>> Thank You, >>> Shiva Kumar >>> >>> _______________________________________________ >>> Dev mailing list >>> [email protected] >>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>> >>> >> >> >> -- >> >> Tharindu Edirisinghe >> Senior Software Engineer | WSO2 Inc >> Platform Security Team >> Blog : http://tharindue.blogspot.com >> mobile : +94 775181586 <+94%2077%20518%201586> >> > > -- Tharindu Edirisinghe Senior Software Engineer | WSO2 Inc Platform Security Team Blog : http://tharindue.blogspot.com mobile : +94 775181586
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
