Hi Shanika, I manually invoked the authorize endpoint of Yahoo and following request worked for me.
https://api.login.yahoo.com/oauth2/request_auth?client_id=dj0yJmk9OFZNWktjalhFSjlsJmQ9WVdrOWVISmhZamxqTjJVbWNHbzlNQS0tJnM9Y29uc3VtZXJzZWNyZXQmeD02OA--&response_type=id_token&redirect_uri=https%3A%2F%2Fis.wso2.com&scope=openid&nonce=YihsFwGKgt3KJUh6tPs2 As per my observations, Yahoo is validating the redirect_uri value and if we define the callback domain as "is.wso2.com", then the redirect_uri value must be either "http://is.wso2.com"; or "https://is.wso2.com";, but nothing else. When saving the callback domain as localhost, it didn't allow me, so I used is.wso2.com as above. When comes to the Yahoo connector, in the authorize request, the *scope* parameter is not being sent. That should be a bug. Also, we need to send *nonce* parameter too, which is required as per [1]. Without nonce, even the above request I've given won't work. It seems we have to check more on the validations done on redirect_uri / callback domain parameter from yahoo end. Because, in the yahoo app UI, callback domain is listed as an optional parameter. However, if we create an app without giving the callback domain value, that also doesn't work. [1] https://developer.yahoo.com/oauth2/guide/openid_connect/getting_started.html#getting-started-auth-code Thanks, TharinduE On Fri, Dec 15, 2017 at 1:04 AM, Shanika Wickramasinghe <shani...@wso2.com> wrote: > Hi TharinduE, > > In Yahoo side configuration I didnt observe a place to give the callback > URL( https://localhost:9443/commonauth). It asks only for a callback > Domain where we can input localhost or another domain. [1] > > [1]. claimapp-yahoo.png > > > Thanks, > > Shanika > > > > > On Thu, Dec 14, 2017 at 8:51 PM, Tharindu Edirisinghe <tharin...@wso2.com> > wrote: > >> Hi Shanika, >> >> Can you show the Yahoo side configuration too. It seems Identity Server >> is invoking the authorize endpoint of Yahoo. Without checking the Yahoo >> side's config, we can't identify what causes the problem here. >> >> Thanks, >> TharinduE >> >> On Thu, Dec 14, 2017 at 12:43 AM, Shanika Wickramasinghe < >> shani...@wso2.com> wrote: >> >>> I am working with configuring Yahoo as a IDP using Federated >>> authenticator Yahoo Configuration. Steps that I followed are as below. >>> >>> Run Standalone IS 5.4.0 GA pack >>> Configure Travelocity as a Service Provider using SAML SSO >>> Configure a Yahoo app as in [1] and take the client ID and the client >>> secret [2] [3] >>> Input them under federated authenticator > yahoo configuration >>> Configure yahoo IDP as a Federated authenticator for Service provider >>> Access http://localhost:8080/travelocity.com >>> Click on SAML redirect Binding >>> Provide Yahoo login details >>> Error message will be shown as in [4] >>> >>> Appreciate any clarification related to this issue >>> >>> >>> [1]. https://docs.wso2.com/display/IS540/Configuring+Yahoo >>> >>> [2]. yahoo-config1.png >>> >>> [3]. yahoo-config2.png >>> >>> [4]. yahoo.png >>> >>> Thank You, >>> Shanika. >>> >>> >>> >>> >>> -- >>> *Shanika Wickramasinghe* >>> Software Engineer - QA Team >>> >>> Email : shani...@wso2.com >>> Mobile : +94713503563 <+94%2071%20350%203563> >>> Web : http://wso2.com >>> >>> <http://wso2.com/signature> >>> >> >> >> >> -- >> >> Tharindu Edirisinghe >> Senior Software Engineer | WSO2 Inc >> Platform Security Team >> Blog : http://tharindue.blogspot.com >> mobile : +94 775181586 <+94%2077%20518%201586> >> > > > > -- > *Shanika Wickramasinghe* > Software Engineer - QA Team > > Email : shani...@wso2.com > Mobile : +94713503563 <+94%2071%20350%203563> > Web : http://wso2.com > > <http://wso2.com/signature> > -- Tharindu Edirisinghe Senior Software Engineer | WSO2 Inc Platform Security Team Blog : http://tharindue.blogspot.com mobile : +94 775181586
_______________________________________________ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
