Thanks Ishara ! Since our products are adopting OAuth protected ReST APIs, is there an OAuth authencator being developed and planed to be developed ?
Regards, Rushmin On Mon, Aug 8, 2016 at 4:04 PM, Ishara Karunarathna <isha...@wso2.com> wrote: > Hi Dinusha, > > In this case I think publisher user should be able to create those SP, > XACML policies etc. > Since publisher use is within the publisher role you can assign necessary > permission to that role. > Once user login (SSO) to publisher with his credential he can get a > cookie for that > and he can use that cookie to authenticate to the admin services. > > @Rushmin, > We don't have a authenticator for OAuth token. Better to get a ID token > using OIDC or after validating OAuth token > and create a carbon authenticator like saml carbon authenticator. > > Thanks, > Ishara > > > > > On Mon, Aug 8, 2016 at 3:47 PM, Rushmin Fernando <rush...@wso2.com> wrote: > >> In addition to creating these entries from the UI, we need to create the >> same using our ReST API as well. And the API is OAuth protected. >> >> Is there an authenticator which gives back a cookie for an OAuth token as >> well ? >> >> On Mon, Aug 8, 2016 at 3:29 PM, Ishara Karunarathna <isha...@wso2.com> >> wrote: >> >>> Hi Lahiru. >>> >>> >>> Its not the admin user.User trying to do this operation should have >>> enough permission to do this. >>> >>> Use >>> >>> >>> >>> *entitlement/policy/view* >>> >>> Add this permission to the user who is trying to view those policies. >>> >>> >>> BR, >>> >>> Ishara >>> >>> >>> On Mon, Aug 8, 2016 at 3:20 PM, Lahiru Cooray <lahi...@wso2.com> wrote: >>> >>>> + [DEV] >>>> >>>> On Mon, Aug 8, 2016 at 3:19 PM, Lahiru Cooray <lahi...@wso2.com> wrote: >>>> >>>>> Hi all, >>>>> >>>>> *Current behaviour:* >>>>> Currently in AppM, when we are creating XACML policies/Service >>>>> Providers via IS admin services, we are providing the super tenant admin >>>>> credentials (where the credentials are stored in a config) to get >>>>> authenticated. Further, XACML policies/Service providers are only created >>>>> in super tenant and marked as a SAAS app to be used in tenants. >>>>> >>>>> *Problem:* >>>>> As we are moving for AppM - Cloud integration, we are trying to deploy >>>>> these in relevant tenant spaces. So as a solution we have tried to use >>>>> *SAML2SSOAuthenticator*[1] (retrieving a cookie passing the SAML >>>>> response and use the same in subsequent service calls) but figured that >>>>> this is not applicable for non admin users. >>>>> (*eg:* In AppM user story, non admin users should be allowed to >>>>> create apps with XAML policies) >>>>> >>>>> Any suggestions for this would be highly appreciated! >>>>> >>>>> >>>>> [1] https://github.com/wso2/carbon-identity/blob/8cd996c1dc6 >>>>> d9e7c0df491322af6e9ddf1cf3709/components/carbon-authenticato >>>>> rs/saml2-sso-authenticator/org.wso2.carbon.identity.authenti >>>>> cator.saml2.sso/src/main/java/org/wso2/carbon/identity/authe >>>>> nticator/saml2/sso/SAML2SSOAuthenticator.java >>>>> >>>>> -- >>>>> *Lahiru Cooray* >>>>> Software Engineer >>>>> WSO2, Inc.;http://wso2.com/ >>>>> lean.enterprise.middleware >>>>> >>>>> Mobile: +94 715 654154 >>>>> >>>> >>>> >>>> >>>> -- >>>> *Lahiru Cooray* >>>> Software Engineer >>>> WSO2, Inc.;http://wso2.com/ >>>> lean.enterprise.middleware >>>> >>>> Mobile: +94 715 654154 >>>> >>> >>> >>> >>> -- >>> Ishara Karunarathna >>> Associate Technical Lead >>> WSO2 Inc. - lean . enterprise . middleware | wso2.com >>> >>> email: isha...@wso2.com, blog: isharaaruna.blogspot.com, mobile: >>> +94717996791 >>> >>> >>> >> >> >> -- >> *Best Regards* >> >> *Rushmin Fernando* >> *Technical Lead* >> >> WSO2 Inc. <http://wso2.com/> - Lean . Enterprise . Middleware >> >> mobile : +94772891266 >> >> >> > > > -- > Ishara Karunarathna > Associate Technical Lead > WSO2 Inc. - lean . enterprise . middleware | wso2.com > > email: isha...@wso2.com, blog: isharaaruna.blogspot.com, mobile: > +94717996791 > > > -- *Best Regards* *Rushmin Fernando* *Technical Lead* WSO2 Inc. <http://wso2.com/> - Lean . Enterprise . Middleware mobile : +94772891266
_______________________________________________ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
