Hello again, I've configured Identity Server to work against a local LDAP, and seems to works as i can see the LDAP users on the Identity Server.
Now i'm trying to configure SAML2.0 SSO with Google Apps as said on Thilina Blog: http://blog.thilinamb.com/2010/04/saml-20-based-single-sign-on-with-wso2.html i've configured Google Apps and Identity server, but now when i try with a non admin user to go to http://docs.google.com/a/midomain.com it correctly redirects to my Local Identity Server. But there , i can't login withou any user. The user to log in... I understand it should be a LDAP user? or it may be Google Apps User? I've tested on both cases and can't login, Any ideas? 2010/6/14 Víctor Álvarez <spa...@gmail.com> > Lot Of thanks for your help. > > Waiting for the new release then! > > > On Sun, Jun 13, 2010 at 7:03 AM, Thilina Mahesh Buddhika < > thili...@wso2.com> wrote: > >> In Identity Server 3.0.0 release, we started supporting SAML 2.0 based SSO >> identity provider feature. But we did not include SAML 2.0 consumer feature >> which enables other Carbon products acting as SAML 2.0 based SSO relying >> parties. >> >> Currently, we are working on SAML 2.0 consumer components, and this >> feature will be available in our next release. With this feature, it will be >> possible to achieve single sign-on across all our products. In 2-3 weeks >> time, the implementation will be completed, and you can try this in a >> nightly build taken from our trunk. >> >> But still, pointing to the same user-store will allow you to support >> unified login, where all the user information is maintained at a single >> point. >> >> WSO2 Identity Server currently supports 2-legged and 3-legged OAuth. Also >> the Gadget Server supports OAuth based authentication for gadgets. So the >> 2-legged OAuth support of Identity Server can be used to authenticate >> gadgets hosted in Gadget Server. We are currently testing >> the interoperability between these two entities. >> >> We will update you with the progress of these tasks. >> >> Thanks, >> Thiliina >> >> On Sun, Jun 13, 2010 at 9:01 AM, Sanjiva Weerawarana <sanj...@wso2.com>wrote: >> >>> I think the problem is that we are still not supporting SAML 2..0 in the >>> Gadget Server .. once that's done the single login should propagate. There >>> was a thread on this a while ago but can't remember the details! Maybe >>> Thilina or Prabath can explain the situation and plans to fix it properly >>> (including supporting 2-legged OAuth in GS). >>> >>> Sanjiva. >>> >>> 2010/6/12 Víctor Álvarez <spa...@gmail.com> >>> >>> Thanks Thilina! >>>> >>>> But if I connect Gadget Server with the LDAP directly i wouldn't have >>>> Single Sign On for the Gadget Server, so ures may have to make login again, >>>> if they already have a logged session on identity server. >>>> Is there another way to enable Single Sign On? >>>> >>>> Thanks in advance >>>> >>>> >>>> On Sat, Jun 12, 2010 at 5:44 AM, Thilina Mahesh Buddhika < >>>> thili...@wso2.com> wrote: >>>> >>>>> Hi Victor, >>>>> >>>>> This user guide [1] explains the necessary steps to configure Identity >>>>> Server to use an external user store like LDAP. This user guide is >>>>> applicable for Carbon 3.0.0 based products, like Identity Server 3.0.0, >>>>> Gadget Server 1.1.0, etc. >>>>> >>>>> For step 2, You can configure the Gadget Server to talk to the same >>>>> LDAP which is used by the Identity Server.(You can follow the same steps >>>>> as >>>>> in [1]) >>>>> >>>>> Thanks, >>>>> Thilina >>>>> >>>>> [1] - >>>>> http://wso2.org/project/solutions/identity/3.0.0/docs/user-core/admin_guide.html >>>>> >>>>> >>>>> 2010/6/11 Víctor Álvarez <spa...@gmail.com> >>>>> >>>>>> >>>>>> Hello, >>>>>> >>>>>> Im devoping a project where i should be capable to integrate a ws2o >>>>>> Gadget Server with Google Apps and a external User Store based on >>>>>> LDAP... >>>>>> >>>>>> I need the integration piece, and wso2 Identity Server seems a good >>>>>> choice. >>>>>> >>>>>> If planned to do this steps: >>>>>> >>>>>> 1 - Google Apps through Identity Server >>>>>> >>>>>> In order to provide Single Sign On, Identity Server seems to be easily >>>>>> configurated as User Store throught SAML 2.0 as exposed on: >>>>>> >>>>>> http://blog.thilinamb.com/2010/04/saml-20-based-single-sign-on-with-wso2.html >>>>>> >>>>>> 2 - Gadget Server through Identity Server >>>>>> I think it's possible, but can't find any documentation about >>>>>> integration. >>>>>> >>>>>> Identity Server can act lik a LDAP isn it, how to configure it then? >>>>>> >>>>>> Then i would provide Gadget server with external LDAP user store >>>>>> pointing to Identity Server >>>>>> >>>>>> 3 - Identity Server with LDAP external user store. >>>>>> >>>>>> Identity Server can be configured against a LDAP server by User >>>>>> Management Configuration, but i can't find this option on the menu!!! >>>>>> I already found a configuration xml for User Management >>>>>> >>>>>> [[Documentacion Configuración | >>>>>> http://wso2.org/project/solutions/identity/3.0.0/docs/user-core/admin_guide.html]] >>>>>> <!-- UserStoreManager >>>>>> class="org.wso2.carbon.user.core.ldap.LDAPUserStoreManager"> >>>>>> <Property >>>>>> name="ConnectionURL">ldap://localhost:10389</Property> >>>>>> <Property >>>>>> name="ConnectionName">uid=admin,ou=system</Property> >>>>>> <Property name="ConnectionPassword">admin123</Property> >>>>>> <Property name="UserSearchBase">ou=system</Property> >>>>>> <Property >>>>>> name="UserNameListFilter">(objectClass=person)</Property> >>>>>> <Property name="UserNameAttribute">uid</Property> >>>>>> <Property name="ReadLDAPGroups">false</Property> >>>>>> <Property name="GroupSearchBase">ou=system</Property> >>>>>> <Property >>>>>> name="GroupSearchFilter">(objectClass=groupOfNames)</Property> >>>>>> <Property name="GroupNameAttribute">cn</Property> >>>>>> <Property name="MembershipAttribute">member</Property> >>>>>> </UserStoreManager --> >>>>>> <!-- Active directory configuration follows --> >>>>>> <!-- UserStoreManager >>>>>> class="org.wso2.carbon.user.core.ldap.LDAPUserStoreManager"> >>>>>> <Property >>>>>> name="ConnectionURL">ldap://10.100.1.211:389</Property> >>>>>> <Property >>>>>> name="ConnectionName">cn=Administrator,cn=users,dc=wso2,dc=lk</Property> >>>>>> <Property name="ConnectionPassword">admin123</Property> >>>>>> <Property >>>>>> name="UserSearchBase">cn=users,dc=wso2,dc=lk</Property> >>>>>> <Property >>>>>> name="UserNameListFilter">(objectClass=person)</Property> >>>>>> <Property name="UserNameAttribute">sAMAccountName</Property> >>>>>> <Property name="ReadLDAPGroups">true</Property> >>>>>> <Property >>>>>> name="GroupSearchBase">cn=users,dc=wso2,dc=lk</Property> >>>>>> <Property >>>>>> name="GroupSearchFilter">(objectcategory=group)</Property> >>>>>> <Property name="GroupNameAttribute">cn</Property> >>>>>> <Property name="MemberOfAttribute">memberOf</Property> >>>>>> </UserStoreManager --> >>>>>> >>>>>> Then it should be "easy" to configure a ldap server on this params. >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> Did anyone of you make something similar ? >>>>>> >>>>>> I'm on the right way for the solution? >>>>>> >>>>>> Can anyone help me on Step 2? >>>>>> >>>>>> >>>>>> Lot of thanks to all! >>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> Víctor Álvarez >>>>>> Incoming IT www.incomingIT.com >>>>>> www.twitter.com/incomingIT >>>>>> Escribiendo en y sobre Accesibilidad Web: >>>>>> http://accesibilidad.blogspot.com >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> Víctor Álvarez >>>>>> Incoming IT www.incomingIT.com >>>>>> www.twitter.com/incomingIT >>>>>> Escribiendo en y sobre Accesibilidad Web: >>>>>> http://accesibilidad.blogspot.com >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> Víctor Álvarez >>>>>> Incoming IT www.incomingIT.com >>>>>> www.twitter.com/incomingIT >>>>>> Escribiendo en y sobre Accesibilidad Web: >>>>>> http://accesibilidad.blogspot.com >>>>>> >>>>>> >>>>>> >>>>>> _______________________________________________ >>>>>> Carbon-dev mailing list >>>>>> Carbon-dev@wso2.org >>>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev >>>>>> >>>>>> >>>>> >>>>> >>>>> -- >>>>> Thilina Mahesh Buddhika >>>>> Senior Software Engineer >>>>> WSO2 Inc. ; http://wso2.com >>>>> lean . enterprise . middleware >>>>> >>>>> phone : +94 77 44 88 727 >>>>> blog : http://blog.thilinamb.com >>>>> >>>>> _______________________________________________ >>>>> Carbon-dev mailing list >>>>> Carbon-dev@wso2.org >>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev >>>>> >>>>> >>>> >>>> >>>> -- >>>> Víctor Álvarez >>>> Incoming IT www.incomingIT.com >>>> www.twitter.com/incomingIT >>>> Escribiendo en y sobre Accesibilidad Web: >>>> http://accesibilidad.blogspot.com >>>> >>>> >>>> >>>> _______________________________________________ >>>> Carbon-dev mailing list >>>> Carbon-dev@wso2.org >>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev >>>> >>>> >>> >>> >>> -- >>> Sanjiva Weerawarana, Ph.D. >>> Founder, Chairman & CEO; WSO2, Inc.; http://wso2.com/ >>> email: sanj...@wso2.com; phone: +1 408 754 7388 x51726; cell: +94 77 787 >>> 6880 | +1 650 265 8311 >>> blog: http://sanjiva.weerawarana.org/ >>> >>> Lean . Enterprise . Middleware >>> >>> _______________________________________________ >>> Carbon-dev mailing list >>> Carbon-dev@wso2.org >>> https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev >>> >>> >> >> >> -- >> Thilina Mahesh Buddhika >> Senior Software Engineer >> WSO2 Inc. ; http://wso2.com >> lean . enterprise . middleware >> >> phone : +94 77 44 88 727 >> blog : http://blog.thilinamb.com >> >> _______________________________________________ >> Carbon-dev mailing list >> Carbon-dev@wso2.org >> https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev >> >> > > > -- > Víctor Álvarez > Incoming IT www.incomingIT.com > www.twitter.com/incomingIT > Escribiendo en y sobre Accesibilidad Web: > http://accesibilidad.blogspot.com > > > -- Víctor Álvarez Incoming IT www.incomingIT.com www.twitter.com/incomingIT Escribiendo en y sobre Accesibilidad Web: http://accesibilidad.blogspot.com
_______________________________________________ Carbon-dev mailing list Carbon-dev@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
