Hi Dinusha, In this case I think publisher user should be able to create those SP, XACML policies etc. Since publisher use is within the publisher role you can assign necessary permission to that role. Once user login (SSO) to publisher with his credential he can get a cookie for that and he can use that cookie to authenticate to the admin services.
@Rushmin, We don't have a authenticator for OAuth token. Better to get a ID token using OIDC or after validating OAuth token and create a carbon authenticator like saml carbon authenticator. Thanks, Ishara On Mon, Aug 8, 2016 at 3:47 PM, Rushmin Fernando <rush...@wso2.com> wrote: > In addition to creating these entries from the UI, we need to create the > same using our ReST API as well. And the API is OAuth protected. > > Is there an authenticator which gives back a cookie for an OAuth token as > well ? > > On Mon, Aug 8, 2016 at 3:29 PM, Ishara Karunarathna <isha...@wso2.com> > wrote: > >> Hi Lahiru. >> >> >> Its not the admin user.User trying to do this operation should have >> enough permission to do this. >> >> Use >> >> >> >> *entitlement/policy/view* >> >> Add this permission to the user who is trying to view those policies. >> >> >> BR, >> >> Ishara >> >> >> On Mon, Aug 8, 2016 at 3:20 PM, Lahiru Cooray <lahi...@wso2.com> wrote: >> >>> + [DEV] >>> >>> On Mon, Aug 8, 2016 at 3:19 PM, Lahiru Cooray <lahi...@wso2.com> wrote: >>> >>>> Hi all, >>>> >>>> *Current behaviour:* >>>> Currently in AppM, when we are creating XACML policies/Service >>>> Providers via IS admin services, we are providing the super tenant admin >>>> credentials (where the credentials are stored in a config) to get >>>> authenticated. Further, XACML policies/Service providers are only created >>>> in super tenant and marked as a SAAS app to be used in tenants. >>>> >>>> *Problem:* >>>> As we are moving for AppM - Cloud integration, we are trying to deploy >>>> these in relevant tenant spaces. So as a solution we have tried to use >>>> *SAML2SSOAuthenticator*[1] (retrieving a cookie passing the SAML >>>> response and use the same in subsequent service calls) but figured that >>>> this is not applicable for non admin users. >>>> (*eg:* In AppM user story, non admin users should be allowed to create >>>> apps with XAML policies) >>>> >>>> Any suggestions for this would be highly appreciated! >>>> >>>> >>>> [1] https://github.com/wso2/carbon-identity/blob/8cd996c1dc6 >>>> d9e7c0df491322af6e9ddf1cf3709/components/carbon-authenticato >>>> rs/saml2-sso-authenticator/org.wso2.carbon.identity.authenti >>>> cator.saml2.sso/src/main/java/org/wso2/carbon/identity/authe >>>> nticator/saml2/sso/SAML2SSOAuthenticator.java >>>> >>>> -- >>>> *Lahiru Cooray* >>>> Software Engineer >>>> WSO2, Inc.;http://wso2.com/ >>>> lean.enterprise.middleware >>>> >>>> Mobile: +94 715 654154 >>>> >>> >>> >>> >>> -- >>> *Lahiru Cooray* >>> Software Engineer >>> WSO2, Inc.;http://wso2.com/ >>> lean.enterprise.middleware >>> >>> Mobile: +94 715 654154 >>> >> >> >> >> -- >> Ishara Karunarathna >> Associate Technical Lead >> WSO2 Inc. - lean . enterprise . middleware | wso2.com >> >> email: isha...@wso2.com, blog: isharaaruna.blogspot.com, mobile: >> +94717996791 >> >> >> > > > -- > *Best Regards* > > *Rushmin Fernando* > *Technical Lead* > > WSO2 Inc. <http://wso2.com/> - Lean . Enterprise . Middleware > > mobile : +94772891266 > > > -- Ishara Karunarathna Associate Technical Lead WSO2 Inc. - lean . enterprise . middleware | wso2.com email: isha...@wso2.com, blog: isharaaruna.blogspot.com, mobile: +94717996791
_______________________________________________ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
