+Dimuthu as it seems there's a bug in Yahoo federated authenticator. On Fri, Dec 15, 2017 at 8:46 AM, Tharindu Edirisinghe <[email protected]> wrote:
> Hi Shanika, > > I manually invoked the authorize endpoint of Yahoo and following request > worked for me. > > https://api.login.yahoo.com/oauth2/request_auth?client_id= > dj0yJmk9OFZNWktjalhFSjlsJmQ9WVdrOWVISmhZamxqTjJVbWNHbzlNQS0t > JnM9Y29uc3VtZXJzZWNyZXQmeD02OA--&response_type=id_token& > redirect_uri=https%3A%2F%2Fis.wso2.com&scope=openid&nonce= > YihsFwGKgt3KJUh6tPs2 > > As per my observations, Yahoo is validating the redirect_uri value and if > we define the callback domain as "is.wso2.com", then the redirect_uri > value must be either "http://is.wso2.com"; or "https://is.wso2.com";, but > nothing else. > > When saving the callback domain as localhost, it didn't allow me, so I > used is.wso2.com as above. > > When comes to the Yahoo connector, in the authorize request, the *scope* > parameter is not being sent. That should be a bug. Also, we need to send > *nonce* parameter too, which is required as per [1]. Without nonce, even > the above request I've given won't work. > > It seems we have to check more on the validations done on redirect_uri / > callback domain parameter from yahoo end. Because, in the yahoo app UI, > callback domain is listed as an optional parameter. However, if we create > an app without giving the callback domain value, that also doesn't work. > > [1] https://developer.yahoo.com/oauth2/guide/openid_connect/ > getting_started.html#getting-started-auth-code > > Thanks, > TharinduE > > On Fri, Dec 15, 2017 at 1:04 AM, Shanika Wickramasinghe <[email protected] > > wrote: > >> Hi TharinduE, >> >> In Yahoo side configuration I didnt observe a place to give the callback >> URL( https://localhost:9443/commonauth). It asks only for a callback >> Domain where we can input localhost or another domain. [1] >> >> [1]. claimapp-yahoo.png >> >> >> Thanks, >> >> Shanika >> >> >> >> >> On Thu, Dec 14, 2017 at 8:51 PM, Tharindu Edirisinghe <[email protected] >> > wrote: >> >>> Hi Shanika, >>> >>> Can you show the Yahoo side configuration too. It seems Identity Server >>> is invoking the authorize endpoint of Yahoo. Without checking the Yahoo >>> side's config, we can't identify what causes the problem here. >>> >>> Thanks, >>> TharinduE >>> >>> On Thu, Dec 14, 2017 at 12:43 AM, Shanika Wickramasinghe < >>> [email protected]> wrote: >>> >>>> I am working with configuring Yahoo as a IDP using Federated >>>> authenticator Yahoo Configuration. Steps that I followed are as below. >>>> >>>> Run Standalone IS 5.4.0 GA pack >>>> Configure Travelocity as a Service Provider using SAML SSO >>>> Configure a Yahoo app as in [1] and take the client ID and the client >>>> secret [2] [3] >>>> Input them under federated authenticator > yahoo configuration >>>> Configure yahoo IDP as a Federated authenticator for Service provider >>>> Access http://localhost:8080/travelocity.com >>>> Click on SAML redirect Binding >>>> Provide Yahoo login details >>>> Error message will be shown as in [4] >>>> >>>> Appreciate any clarification related to this issue >>>> >>>> >>>> [1]. https://docs.wso2.com/display/IS540/Configuring+Yahoo >>>> >>>> [2]. yahoo-config1.png >>>> >>>> [3]. yahoo-config2.png >>>> >>>> [4]. yahoo.png >>>> >>>> Thank You, >>>> Shanika. >>>> >>>> >>>> >>>> >>>> -- >>>> *Shanika Wickramasinghe* >>>> Software Engineer - QA Team >>>> >>>> Email : [email protected] >>>> Mobile : +94713503563 <+94%2071%20350%203563> >>>> Web : http://wso2.com >>>> >>>> <http://wso2.com/signature> >>>> >>> >>> >>> >>> -- >>> >>> Tharindu Edirisinghe >>> Senior Software Engineer | WSO2 Inc >>> Platform Security Team >>> Blog : http://tharindue.blogspot.com >>> mobile : +94 775181586 <+94%2077%20518%201586> >>> >> >> >> >> -- >> *Shanika Wickramasinghe* >> Software Engineer - QA Team >> >> Email : [email protected] >> Mobile : +94713503563 <+94%2071%20350%203563> >> Web : http://wso2.com >> >> <http://wso2.com/signature> >> > > > > -- > > Tharindu Edirisinghe > Senior Software Engineer | WSO2 Inc > Platform Security Team > Blog : http://tharindue.blogspot.com > mobile : +94 775181586 <+94%2077%20518%201586> > -- Tharindu Edirisinghe Senior Software Engineer | WSO2 Inc Platform Security Team Blog : http://tharindue.blogspot.com mobile : +94 775181586
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
