Hi Shanika,

In your use-case, what you want to achieve is Single Sign-On (SSO)
behaviour then you have preferably two options, SAML2-SSO and
OpenID-Connect (OIDC). IMO for your use-case you do not need to adopt both
protocols, just pick a one and go ahead. I would recommend OIDC.

Use the Identity-Server (IS) as the Identity Bus [1] for authenticating
with Facebook, Google, and etc. IS will deal with the different protocols
that Facebook, Google, and other IDPs use and will communicate with your
app with the protocol that you have chosen (SAML2 or OIDC).

AFAIK Travelocity application has problems when working with OpenID
configs. Those need to be fixed at the code level, I believe. Maybe that's
why it has not been documented, not sure though. Since OpenID is a fading
away norm would not recommend going with OpenID.

Please feel free to ask any questions if anything is not clear.

[1] https://docs.wso2.com/display/IS530/Identity+Bus

Best,
Thilina


On Tue, Nov 14, 2017 at 11:12 AM, Shanika Wickramasinghe <shani...@wso2.com>
wrote:

> Hi All,
>
> Thank you all for the clarification
>
> Thankyou,
> Shanika.
>
> On Tue, Nov 14, 2017 at 7:30 AM, Tharindu Edirisinghe <tharin...@wso2.com>
> wrote:
>
>> Hi Shanika,
>>
>> The reason for the PKIX path building failure error is the public
>> certificate of the HTTPS endpoint that travelocity tries to invoke is not
>> being available in the truststore of travelocity app.
>>
>> It seems you are trying to invoke the following link.
>>
>> http://localhost:8080/travelocity.com/openid?OpenId.ClaimedI
>> d=https://localhost:9443/openid/
>>
>> This should invoke the identity server URL. If that is the case, the
>> public certificate of Identity Server is not available in the truststore
>> JKS file of travelocity app. You can import it to the truststore and this
>> issue should be resolved with that.
>>
>> Thanks,
>> TharinduE
>>
>> On Fri, Nov 10, 2017 at 11:18 PM, Nilasini Thirunavukkarasu <
>> nilas...@wso2.com> wrote:
>>
>>> Hi Shanika,
>>>
>>> Travelocity sample allows SAML & openid (not opeinid connect). Currently
>>> we doesn't have one sample application which accepts both (SAML & openid
>>> connect) protocol instead we are having travelocity sample for SAML &
>>> playground sample for openid connect. In order try openid connect hope [1]
>>> & [2] would be helpful for you.
>>>
>>> [1] https://docs.wso2.com/display/IS530/Basic+Client+Profile
>>> +with+Playground
>>> [2]https://docs.wso2.com/display/IS520/Session+Management+wi
>>> th+Playground
>>>
>>> One more thing, openid feature is going to be deprecated so recommended
>>> way is to use openid connect, Still if you want to find the configuration
>>> detail you can find it through 5.1.0 doc[3].
>>>
>>> [3] https://docs.wso2.com/display/IS510/Configuring+OpenID+S
>>> ingle-Sign-On
>>>
>>> Thanks,
>>> Nila.
>>>
>>>
>>> On Wed, Nov 8, 2017 at 3:56 PM, Shanika Wickramasinghe <
>>> shani...@wso2.com> wrote:
>>>
>>>> Hi All,
>>>>
>>>> I raised a document JIRA related to the concern that I have mentioned
>>>> in Question 2 [1]
>>>> When I add a service provider the name that i give for the service
>>>> provider is automatically taken as the Openid Realm value by the Identity
>>>> Server. With that automatically taken Openid realm value I tred to access
>>>> the openid (3 rd link ) in the travelocity login page. Then gave a error
>>>> message as [2]. I found a reported JIRA [3] which mention that getting the
>>>> service provider name automatically for the openid realm value is wrong and
>>>> JIRA says that this issue was fixed. But it seems like yet the issue is not
>>>> fixed.
>>>> Appreciate any guidance on what is the correct input value for the
>>>> openid realm and how a user can find what they need to input as the openid
>>>> realm value.
>>>>
>>>>
>>>> [1]. https://wso2.org/jira/browse/DOCUMENTATION-6378?filter=14372
>>>> [2]. openid-login-error.png
>>>> [3]. https://wso2.org/jira/browse/IDENTITY-2443
>>>>
>>>> On Wed, Nov 8, 2017 at 2:20 PM, Godwin Shrimal <god...@wso2.com> wrote:
>>>>
>>>>> Hi Shanika,
>>>>>
>>>>> Please see my answers to your questions.
>>>>>
>>>>> Question1: This is not related to OAuth/Openid Connect Configuration
>>>>> it's about OpenID Configuration. Those are basically two inbound 
>>>>> protocols.
>>>>> We need to enhance the documentation if there are gaps. Please create a
>>>>> document Jira for this.
>>>>>
>>>>> Question1: It allows to authenticate using OpenID protocol and you
>>>>> need to configure OpenID Realm under OpenID Configuration. Please
>>>>> create a document Jira for this.
>>>>>
>>>>> Thanks
>>>>> Godwin
>>>>>
>>>>>
>>>>> On Tue, Nov 7, 2017 at 7:13 PM, Shanika Wickramasinghe <
>>>>> shani...@wso2.com> wrote:
>>>>>
>>>>>> Hi All,
>>>>>>
>>>>>> I am Implementing a web app called doctors app for a Hospital
>>>>>> Management System and want to implement the Application Login Using 
>>>>>> several
>>>>>> Identity providers such as Facebook, Yahoo and Gmail. My application need
>>>>>> to cover multiple login protocols such as SAML SSO , OAuth/Openid 
>>>>>> Connect,
>>>>>> passive STS as the inbound authentication for the same application. To do
>>>>>> this I followed the following steps
>>>>>>
>>>>>>
>>>>>>    -
>>>>>>
>>>>>>    Developed a web app by allowing 3 options in the login page to
>>>>>>    login with Facebook , Yahoo and Gmail
>>>>>>    -
>>>>>>
>>>>>>    Configured the web app as the service provider in WSO2 Identity
>>>>>>    Server
>>>>>>    -
>>>>>>
>>>>>>    Configured both SAML SSO and OAuth/Openid Connect configurations
>>>>>>    as inbound authentication
>>>>>>
>>>>>>
>>>>>> Now I am trying to map both of these protocols for the same web app
>>>>>> login by giving two options in the login page.
>>>>>>
>>>>>> Question 1:
>>>>>>
>>>>>> When I refer into the Travelocity sample, in the travelocity login
>>>>>> page there is a option as “login with openid”.
>>>>>>
>>>>>> Is it some thing related to the OAuth/Openid Connect Configuration or
>>>>>> is it the link to access when we configure Openid configuration as the
>>>>>> Inbound authentication?
>>>>>>
>>>>>> This is not much clear in the document [1].
>>>>>>
>>>>>> Question 2:
>>>>>>
>>>>>> What is the purpose of having OpenID Configuration in travelocity and
>>>>>> what that inbound config will do?
>>>>>>
>>>>>> It is not documented in the IS Doc [2]
>>>>>>
>>>>>> [1].https://docs.wso2.com/display/IS530/Configuring+Inbound+
>>>>>> Authentication+for+a+Service+Provider
>>>>>>
>>>>>> [2].https://docs.wso2.com/display/IS530/Configuring+Inbound+
>>>>>> Authentication+for+a+Service+Provider
>>>>>>
>>>>>>
>>>>>> Thank You,
>>>>>>
>>>>>> Shanika.
>>>>>>
>>>>>> --
>>>>>> *Shanika Wickramasinghe*
>>>>>> Software Engineer - QA Team
>>>>>>
>>>>>> Email    : shani...@wso2.com
>>>>>> Mobile  : +94713503563 <+94%2071%20350%203563>
>>>>>> Web     : http://wso2.com
>>>>>>
>>>>>> <http://wso2.com/signature>
>>>>>>
>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> *Godwin Amila Shrimal*
>>>>> Associate Technical Lead
>>>>> WSO2 Inc.; http://wso2.com
>>>>> lean.enterprise.middleware
>>>>>
>>>>> mobile: *+94772264165*
>>>>> linkedin: *https://www.linkedin.com/in/godwin-amila-2ba26844/
>>>>> <https://www.linkedin.com/in/godwin-amila-2ba26844/>*
>>>>> twitter: https://twitter.com/godwinamila
>>>>> <http://wso2.com/signature>
>>>>>
>>>>
>>>>
>>>>
>>>> --
>>>> *Shanika Wickramasinghe*
>>>> Software Engineer - QA Team
>>>>
>>>> Email    : shani...@wso2.com
>>>> Mobile  : +94713503563 <+94%2071%20350%203563>
>>>> Web     : http://wso2.com
>>>>
>>>> <http://wso2.com/signature>
>>>>
>>>
>>>
>>>
>>> --
>>> Nilasini Thirunavukkarasu
>>> Software Engineer - WSO2
>>>
>>> Email : nilas...@wso2.com
>>> Mobile : +94775241823 <+94%2077%20524%201823>
>>> Web : http://wso2.com/
>>>
>>>
>>> <http://wso2.com/signature>
>>>
>>> _______________________________________________
>>> Dev mailing list
>>> Dev@wso2.org
>>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>>
>>>
>>
>>
>> --
>>
>> Tharindu Edirisinghe
>> Senior Software Engineer | WSO2 Inc
>> Platform Security Team
>> Blog : http://tharindue.blogspot.com
>> mobile : +94 775181586 <+94%2077%20518%201586>
>>
>
>
>
> --
> *Shanika Wickramasinghe*
> Software Engineer - QA Team
>
> Email    : shani...@wso2.com
> Mobile  : +94713503563 <+94%2071%20350%203563>
> Web     : http://wso2.com
>
> <http://wso2.com/signature>
>



-- 
*Thilina Madumal*
*Software Engineer | **WSO2*
Email: thilina...@wso2.com
Mobile: *+ <+94%2077%20767%201807>94 774553167*
Web:  <http://goog_716986954>http://wso2.com

<http://wso2.com/signature>
_______________________________________________
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Reply via email to