Re: [Dev] Authenticating with WSO2 Identity Server 5.0.0
Hello, I am checking to see if anyone has gotten IS 5.0.0 with the security patch working with a read-only connection to an LDAP server. It is possible that I am connecting to a VDS server, not an LDAP server. Any help would be greatly appreciated. Michael Eyre Integration SME, Solution Architecture and Integration [cid:2AD003B4-80B8-4759-B32C-8006E1FF0519] Work: 570-957-4698 Mobile: 610-462-5823 michael.e...@sanofi.commailto:michael.e...@sanofi.com From: Harsha Thirimanna [mailto:hars...@wso2.com] Sent: Thursday, April 02, 2015 9:15 PM To: Eyre, Michael (sanofi pasteur) Cc: dominique.debaill...@woana.net; Akila Ravihansa Perera; WSO2 Developers' List Subject: Re: [Dev] Authenticating with WSO2 Identity Server 5.0.0 What do you mean by applying patch to the Identity Server 5.0.0 ? Did you mean by Service Pack ? Harsha Thirimanna Senior Software Engineer; WSO2, Inc.; http://wso2.comhttp://wso2.com/ email: hars...@wso2.commailto:az...@wso2.com cell: +94 71 5186770 , +94 774617784 twitter: http://twitter.com/http://twitter.com/afkham_azeezharshathirimann linked-in: http:http://lk.linkedin.com/in/afkhamazeez//www.linkedin.com/pub/harsha-thirimanna/10/ab8/122http://www.linkedin.com/pub/harsha-thirimanna/10/ab8/122 Lean . Enterprise . Middleware On Thu, Apr 2, 2015 at 6:48 PM, michael.e...@sanofipasteur.commailto:michael.e...@sanofipasteur.com wrote: I can try that, but the user I have does not have write access to the server. Michael Eyre From: Dominique Debailleux [mailto:dominique.debaill...@woana.netmailto:dominique.debaill...@woana.net] Sent: Thursday, April 02, 2015 8:40 AM To: Akila Ravihansa Perera Cc: Eyre, Michael (sanofi pasteur); WSO2 Developers' List Subject: Re: [Dev] Authenticating with WSO2 Identity Server 5.0.0 Hi Michael You should try the read and write user store manager not the read only one. Dominique 2015-04-01 22:20 GMT+02:00 Akila Ravihansa Perera raviha...@wso2.commailto:raviha...@wso2.com: Hi Michael, Would it be possible for you to share the configs and wso2carbon.log? It's not easy to guess the problem without looking at the logs. Do you have email addresses as usernames? In that case you need to enable EnableEmailUsers property in carbon.xml. Did you configure a DomainName for your LDAP userstore? You can try to authenticate with domain_name\username Thanks. On Wed, Apr 1, 2015 at 9:45 AM, michael.e...@sanofipasteur.commailto:michael.e...@sanofipasteur.com wrote: I am working at evaluating WSO2 Identity Server and API Manager. I am trying to connect the Identity Server with our VDS/LDAP server. I have created the UserStoreManager configuration in the user-mgt.xml file and set the AdminUser to the same user name (not the full connectionName), but I am not able to authenticate with this user. When I navigate to the local carbon instance, enter the username and password, I get an login failure message. The UserStoreManager is a read-only connection to the VDS server. I have also disabled the internal LDAP server. If I enable the internal LDAP server and configure the connection to the internal VDS server with a secondary user store, I can log in with the standard “admin” user and the Travelocity.com example works with that user, but even if I add one of the VDS user to the Travelocity internal group, I cannot authenticate with SAML SSO example. I am trying to do two things. 1.Log into the Identity Server Management console with an internal LDAP user 2. Authenticate with Travelocity SAML SSO example with an internal LDAP user, either as a secondary user store or when the internal LDAP server is the primary (and only) user store. Thanks for your help on this issue Michael Eyre ___ Dev mailing list Dev@wso2.orgmailto:Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev -- Akila Ravihansa Perera Software Engineer, WSO2 Blog: http://ravihansa3000.blogspot.com ___ Dev mailing list Dev@wso2.orgmailto:Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev -- Dominique Debailleux WoAnA - small.but.robust [Accèder au profil LinkedIn de Dominique Debailleux]http://www.linkedin.com/in/dominiquedebailleux ___ Dev mailing list Dev@wso2.orgmailto:Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] Authenticating with WSO2 Identity Server 5.0.0
Yes. I applied the Service Pack before starting to work with Identity Server. Michael Eyre Integration SME, Solution Architecture and Integration [cid:2AD003B4-80B8-4759-B32C-8006E1FF0519] Work: 570-957-4698 Mobile: 610-462-5823 michael.e...@sanofi.commailto:michael.e...@sanofi.com From: Harsha Thirimanna [mailto:hars...@wso2.com] Sent: Thursday, April 02, 2015 9:15 PM To: Eyre, Michael (sanofi pasteur) Cc: dominique.debaill...@woana.net; Akila Ravihansa Perera; WSO2 Developers' List Subject: Re: [Dev] Authenticating with WSO2 Identity Server 5.0.0 What do you mean by applying patch to the Identity Server 5.0.0 ? Did you mean by Service Pack ? Harsha Thirimanna Senior Software Engineer; WSO2, Inc.; http://wso2.comhttp://wso2.com/ email: hars...@wso2.commailto:az...@wso2.com cell: +94 71 5186770 , +94 774617784 twitter: http://twitter.com/http://twitter.com/afkham_azeezharshathirimann linked-in: http:http://lk.linkedin.com/in/afkhamazeez//www.linkedin.com/pub/harsha-thirimanna/10/ab8/122http://www.linkedin.com/pub/harsha-thirimanna/10/ab8/122 Lean . Enterprise . Middleware On Thu, Apr 2, 2015 at 6:48 PM, michael.e...@sanofipasteur.commailto:michael.e...@sanofipasteur.com wrote: I can try that, but the user I have does not have write access to the server. Michael Eyre From: Dominique Debailleux [mailto:dominique.debaill...@woana.netmailto:dominique.debaill...@woana.net] Sent: Thursday, April 02, 2015 8:40 AM To: Akila Ravihansa Perera Cc: Eyre, Michael (sanofi pasteur); WSO2 Developers' List Subject: Re: [Dev] Authenticating with WSO2 Identity Server 5.0.0 Hi Michael You should try the read and write user store manager not the read only one. Dominique 2015-04-01 22:20 GMT+02:00 Akila Ravihansa Perera raviha...@wso2.commailto:raviha...@wso2.com: Hi Michael, Would it be possible for you to share the configs and wso2carbon.log? It's not easy to guess the problem without looking at the logs. Do you have email addresses as usernames? In that case you need to enable EnableEmailUsers property in carbon.xml. Did you configure a DomainName for your LDAP userstore? You can try to authenticate with domain_name\username Thanks. On Wed, Apr 1, 2015 at 9:45 AM, michael.e...@sanofipasteur.commailto:michael.e...@sanofipasteur.com wrote: I am working at evaluating WSO2 Identity Server and API Manager. I am trying to connect the Identity Server with our VDS/LDAP server. I have created the UserStoreManager configuration in the user-mgt.xml file and set the AdminUser to the same user name (not the full connectionName), but I am not able to authenticate with this user. When I navigate to the local carbon instance, enter the username and password, I get an login failure message. The UserStoreManager is a read-only connection to the VDS server. I have also disabled the internal LDAP server. If I enable the internal LDAP server and configure the connection to the internal VDS server with a secondary user store, I can log in with the standard “admin” user and the Travelocity.com example works with that user, but even if I add one of the VDS user to the Travelocity internal group, I cannot authenticate with SAML SSO example. I am trying to do two things. 1.Log into the Identity Server Management console with an internal LDAP user 2. Authenticate with Travelocity SAML SSO example with an internal LDAP user, either as a secondary user store or when the internal LDAP server is the primary (and only) user store. Thanks for your help on this issue Michael Eyre ___ Dev mailing list Dev@wso2.orgmailto:Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev -- Akila Ravihansa Perera Software Engineer, WSO2 Blog: http://ravihansa3000.blogspot.com ___ Dev mailing list Dev@wso2.orgmailto:Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev -- Dominique Debailleux WoAnA - small.but.robust [Accèder au profil LinkedIn de Dominique Debailleux]http://www.linkedin.com/in/dominiquedebailleux ___ Dev mailing list Dev@wso2.orgmailto:Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] Authenticating with WSO2 Identity Server 5.0.0
What do you mean by applying patch to the Identity Server 5.0.0 ? Did you mean by Service Pack ? *Harsha Thirimanna* Senior Software Engineer; WSO2, Inc.; http://wso2.com * http://www.apache.org/* *email: **hars...@wso2.com* az...@wso2.com* cell: +94 71 5186770 , +94 * *774617784twitter: **http://twitter.com/ http://twitter.com/afkham_azeez* *harshathirimannlinked-in: **http: http://lk.linkedin.com/in/afkhamazeez**//www.linkedin.com/pub/harsha-thirimanna/10/ab8/122 http://www.linkedin.com/pub/harsha-thirimanna/10/ab8/122* *Lean . Enterprise . Middleware* On Thu, Apr 2, 2015 at 6:48 PM, michael.e...@sanofipasteur.com wrote: I can try that, but the user I have does not have write access to the server. *Michael Eyre* *From:* Dominique Debailleux [mailto:dominique.debaill...@woana.net] *Sent:* Thursday, April 02, 2015 8:40 AM *To:* Akila Ravihansa Perera *Cc:* Eyre, Michael (sanofi pasteur); WSO2 Developers' List *Subject:* Re: [Dev] Authenticating with WSO2 Identity Server 5.0.0 Hi Michael You should try the read and write user store manager not the read only one. Dominique 2015-04-01 22:20 GMT+02:00 Akila Ravihansa Perera raviha...@wso2.com: Hi Michael, Would it be possible for you to share the configs and wso2carbon.log? It's not easy to guess the problem without looking at the logs. Do you have email addresses as usernames? In that case you need to enable EnableEmailUsers property in carbon.xml. Did you configure a DomainName for your LDAP userstore? You can try to authenticate with domain_name\username Thanks. On Wed, Apr 1, 2015 at 9:45 AM, michael.e...@sanofipasteur.com wrote: I am working at evaluating WSO2 Identity Server and API Manager. I am trying to connect the Identity Server with our VDS/LDAP server. I have created the UserStoreManager configuration in the user-mgt.xml file and set the AdminUser to the same user name (not the full connectionName), but I am not able to authenticate with this user. When I navigate to the local carbon instance, enter the username and password, I get an login failure message. The UserStoreManager is a read-only connection to the VDS server. I have also disabled the internal LDAP server. If I enable the internal LDAP server and configure the connection to the internal VDS server with a secondary user store, I can log in with the standard “admin” user and the Travelocity.com example works with that user, but even if I add one of the VDS user to the Travelocity internal group, I cannot authenticate with SAML SSO example. I am trying to do two things. 1.Log into the Identity Server Management console with an internal LDAP user 2. Authenticate with Travelocity SAML SSO example with an internal LDAP user, either as a secondary user store or when the internal LDAP server is the primary (and only) user store. Thanks for your help on this issue *Michael Eyre* ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev -- Akila Ravihansa Perera Software Engineer, WSO2 Blog: http://ravihansa3000.blogspot.com ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev -- Dominique Debailleux WoAnA - small.but.robust [image: Accèder au profil LinkedIn de Dominique Debailleux] http://www.linkedin.com/in/dominiquedebailleux ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] Authenticating with WSO2 Identity Server 5.0.0
Hi Michael You should try the read and write user store manager not the read only one. Dominique 2015-04-01 22:20 GMT+02:00 Akila Ravihansa Perera raviha...@wso2.com: Hi Michael, Would it be possible for you to share the configs and wso2carbon.log? It's not easy to guess the problem without looking at the logs. Do you have email addresses as usernames? In that case you need to enable EnableEmailUsers property in carbon.xml. Did you configure a DomainName for your LDAP userstore? You can try to authenticate with domain_name\username Thanks. On Wed, Apr 1, 2015 at 9:45 AM, michael.e...@sanofipasteur.com wrote: I am working at evaluating WSO2 Identity Server and API Manager. I am trying to connect the Identity Server with our VDS/LDAP server. I have created the UserStoreManager configuration in the user-mgt.xml file and set the AdminUser to the same user name (not the full connectionName), but I am not able to authenticate with this user. When I navigate to the local carbon instance, enter the username and password, I get an login failure message. The UserStoreManager is a read-only connection to the VDS server. I have also disabled the internal LDAP server. If I enable the internal LDAP server and configure the connection to the internal VDS server with a secondary user store, I can log in with the standard “admin” user and the Travelocity.com example works with that user, but even if I add one of the VDS user to the Travelocity internal group, I cannot authenticate with SAML SSO example. I am trying to do two things. 1.Log into the Identity Server Management console with an internal LDAP user 2. Authenticate with Travelocity SAML SSO example with an internal LDAP user, either as a secondary user store or when the internal LDAP server is the primary (and only) user store. Thanks for your help on this issue *Michael Eyre* ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev -- Akila Ravihansa Perera Software Engineer, WSO2 Blog: http://ravihansa3000.blogspot.com ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev -- Dominique Debailleux WoAnA - small.but.robust [image: Accèder au profil LinkedIn de Dominique Debailleux] http://www.linkedin.com/in/dominiquedebailleux ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] Authenticating with WSO2 Identity Server 5.0.0
I can try that, but the user I have does not have write access to the server. Michael Eyre From: Dominique Debailleux [mailto:dominique.debaill...@woana.net] Sent: Thursday, April 02, 2015 8:40 AM To: Akila Ravihansa Perera Cc: Eyre, Michael (sanofi pasteur); WSO2 Developers' List Subject: Re: [Dev] Authenticating with WSO2 Identity Server 5.0.0 Hi Michael You should try the read and write user store manager not the read only one. Dominique 2015-04-01 22:20 GMT+02:00 Akila Ravihansa Perera raviha...@wso2.commailto:raviha...@wso2.com: Hi Michael, Would it be possible for you to share the configs and wso2carbon.log? It's not easy to guess the problem without looking at the logs. Do you have email addresses as usernames? In that case you need to enable EnableEmailUsers property in carbon.xml. Did you configure a DomainName for your LDAP userstore? You can try to authenticate with domain_name\username Thanks. On Wed, Apr 1, 2015 at 9:45 AM, michael.e...@sanofipasteur.commailto:michael.e...@sanofipasteur.com wrote: I am working at evaluating WSO2 Identity Server and API Manager. I am trying to connect the Identity Server with our VDS/LDAP server. I have created the UserStoreManager configuration in the user-mgt.xml file and set the AdminUser to the same user name (not the full connectionName), but I am not able to authenticate with this user. When I navigate to the local carbon instance, enter the username and password, I get an login failure message. The UserStoreManager is a read-only connection to the VDS server. I have also disabled the internal LDAP server. If I enable the internal LDAP server and configure the connection to the internal VDS server with a secondary user store, I can log in with the standard “admin” user and the Travelocity.com example works with that user, but even if I add one of the VDS user to the Travelocity internal group, I cannot authenticate with SAML SSO example. I am trying to do two things. 1.Log into the Identity Server Management console with an internal LDAP user 2. Authenticate with Travelocity SAML SSO example with an internal LDAP user, either as a secondary user store or when the internal LDAP server is the primary (and only) user store. Thanks for your help on this issue Michael Eyre ___ Dev mailing list Dev@wso2.orgmailto:Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev -- Akila Ravihansa Perera Software Engineer, WSO2 Blog: http://ravihansa3000.blogspot.com ___ Dev mailing list Dev@wso2.orgmailto:Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev -- Dominique Debailleux WoAnA - small.but.robust [Accèder au profil LinkedIn de Dominique Debailleux]http://www.linkedin.com/in/dominiquedebailleux ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] Authenticating with WSO2 Identity Server 5.0.0
Hi Michael, Would it be possible for you to share the configs and wso2carbon.log? It's not easy to guess the problem without looking at the logs. Do you have email addresses as usernames? In that case you need to enable EnableEmailUsers property in carbon.xml. Did you configure a DomainName for your LDAP userstore? You can try to authenticate with domain_name\username Thanks. On Wed, Apr 1, 2015 at 9:45 AM, michael.e...@sanofipasteur.com wrote: I am working at evaluating WSO2 Identity Server and API Manager. I am trying to connect the Identity Server with our VDS/LDAP server. I have created the UserStoreManager configuration in the user-mgt.xml file and set the AdminUser to the same user name (not the full connectionName), but I am not able to authenticate with this user. When I navigate to the local carbon instance, enter the username and password, I get an login failure message. The UserStoreManager is a read-only connection to the VDS server. I have also disabled the internal LDAP server. If I enable the internal LDAP server and configure the connection to the internal VDS server with a secondary user store, I can log in with the standard “admin” user and the Travelocity.com example works with that user, but even if I add one of the VDS user to the Travelocity internal group, I cannot authenticate with SAML SSO example. I am trying to do two things. 1.Log into the Identity Server Management console with an internal LDAP user 2. Authenticate with Travelocity SAML SSO example with an internal LDAP user, either as a secondary user store or when the internal LDAP server is the primary (and only) user store. Thanks for your help on this issue *Michael Eyre* ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev -- Akila Ravihansa Perera Software Engineer, WSO2 Blog: http://ravihansa3000.blogspot.com ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev