Hi Tharindu, We will have a look.
thanks, Dimuthu On Sat, Dec 16, 2017 at 1:34 AM, Tharindu Edirisinghe <tharin...@wso2.com> wrote: > @Shanika, > > The sample request I had given previously was for id_token. For > authorization code, the request is below which worked for me when invoking > manually. > > https://api.login.yahoo.com/oauth2/request_auth?client_id= > dj0yJmk9OFZNWktjalhFSjlsJmQ9WVdrOWVISmhZamxqTjJVbWNHbzlNQS0t > JnM9Y29uc3VtZXJzZWNyZXQmeD02OA--&response_type=code& > redirect_uri=https%3A%2F%2Fis.wso2.com&scope=openid&nonce= > YihsFwGKgt3KJUh6tPs2 > > Thanks, > TharinduE > > On Fri, Dec 15, 2017 at 8:50 AM, Tharindu Edirisinghe <tharin...@wso2.com> > wrote: > >> +Dimuthu as it seems there's a bug in Yahoo federated authenticator. >> >> On Fri, Dec 15, 2017 at 8:46 AM, Tharindu Edirisinghe <tharin...@wso2.com >> > wrote: >> >>> Hi Shanika, >>> >>> I manually invoked the authorize endpoint of Yahoo and following request >>> worked for me. >>> >>> https://api.login.yahoo.com/oauth2/request_auth?client_id=dj >>> 0yJmk9OFZNWktjalhFSjlsJmQ9WVdrOWVISmhZamxqTjJVbWNHbzlNQS0tJn >>> M9Y29uc3VtZXJzZWNyZXQmeD02OA--&response_type=id_token&redire >>> ct_uri=https%3A%2F%2Fis.wso2.com&scope=openid&nonce=YihsFwGKgt3KJUh6tPs2 >>> >>> As per my observations, Yahoo is validating the redirect_uri value and >>> if we define the callback domain as "is.wso2.com", then the >>> redirect_uri value must be either "http://is.wso2.com" or " >>> https://is.wso2.com", but nothing else. >>> >>> When saving the callback domain as localhost, it didn't allow me, so I >>> used is.wso2.com as above. >>> >>> When comes to the Yahoo connector, in the authorize request, the *scope* >>> parameter is not being sent. That should be a bug. Also, we need to send >>> *nonce* parameter too, which is required as per [1]. Without nonce, >>> even the above request I've given won't work. >>> >>> It seems we have to check more on the validations done on redirect_uri / >>> callback domain parameter from yahoo end. Because, in the yahoo app UI, >>> callback domain is listed as an optional parameter. However, if we create >>> an app without giving the callback domain value, that also doesn't work. >>> >>> [1] https://developer.yahoo.com/oauth2/guide/openid_connect/gett >>> ing_started.html#getting-started-auth-code >>> >>> Thanks, >>> TharinduE >>> >>> On Fri, Dec 15, 2017 at 1:04 AM, Shanika Wickramasinghe < >>> shani...@wso2.com> wrote: >>> >>>> Hi TharinduE, >>>> >>>> In Yahoo side configuration I didnt observe a place to give the >>>> callback URL( https://localhost:9443/commonauth). It asks only for a >>>> callback Domain where we can input localhost or another domain. [1] >>>> >>>> [1]. claimapp-yahoo.png >>>> >>>> >>>> Thanks, >>>> >>>> Shanika >>>> >>>> >>>> >>>> >>>> On Thu, Dec 14, 2017 at 8:51 PM, Tharindu Edirisinghe < >>>> tharin...@wso2.com> wrote: >>>> >>>>> Hi Shanika, >>>>> >>>>> Can you show the Yahoo side configuration too. It seems Identity >>>>> Server is invoking the authorize endpoint of Yahoo. Without checking the >>>>> Yahoo side's config, we can't identify what causes the problem here. >>>>> >>>>> Thanks, >>>>> TharinduE >>>>> >>>>> On Thu, Dec 14, 2017 at 12:43 AM, Shanika Wickramasinghe < >>>>> shani...@wso2.com> wrote: >>>>> >>>>>> I am working with configuring Yahoo as a IDP using Federated >>>>>> authenticator Yahoo Configuration. Steps that I followed are as below. >>>>>> >>>>>> Run Standalone IS 5.4.0 GA pack >>>>>> Configure Travelocity as a Service Provider using SAML SSO >>>>>> Configure a Yahoo app as in [1] and take the client ID and the client >>>>>> secret [2] [3] >>>>>> Input them under federated authenticator > yahoo configuration >>>>>> Configure yahoo IDP as a Federated authenticator for Service provider >>>>>> Access http://localhost:8080/travelocity.com >>>>>> Click on SAML redirect Binding >>>>>> Provide Yahoo login details >>>>>> Error message will be shown as in [4] >>>>>> >>>>>> Appreciate any clarification related to this issue >>>>>> >>>>>> >>>>>> [1]. https://docs.wso2.com/display/IS540/Configuring+Yahoo >>>>>> >>>>>> [2]. yahoo-config1.png >>>>>> >>>>>> [3]. yahoo-config2.png >>>>>> >>>>>> [4]. yahoo.png >>>>>> >>>>>> Thank You, >>>>>> Shanika. >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> *Shanika Wickramasinghe* >>>>>> Software Engineer - QA Team >>>>>> >>>>>> Email : shani...@wso2.com >>>>>> Mobile : +94713503563 <+94%2071%20350%203563> >>>>>> Web : http://wso2.com >>>>>> >>>>>> <http://wso2.com/signature> >>>>>> >>>>> >>>>> >>>>> >>>>> -- >>>>> >>>>> Tharindu Edirisinghe >>>>> Senior Software Engineer | WSO2 Inc >>>>> Platform Security Team >>>>> Blog : http://tharindue.blogspot.com >>>>> mobile : +94 775181586 <+94%2077%20518%201586> >>>>> >>>> >>>> >>>> >>>> -- >>>> *Shanika Wickramasinghe* >>>> Software Engineer - QA Team >>>> >>>> Email : shani...@wso2.com >>>> Mobile : +94713503563 <+94%2071%20350%203563> >>>> Web : http://wso2.com >>>> >>>> <http://wso2.com/signature> >>>> >>> >>> >>> >>> -- >>> >>> Tharindu Edirisinghe >>> Senior Software Engineer | WSO2 Inc >>> Platform Security Team >>> Blog : http://tharindue.blogspot.com >>> mobile : +94 775181586 <+94%2077%20518%201586> >>> >> >> >> >> -- >> >> Tharindu Edirisinghe >> Senior Software Engineer | WSO2 Inc >> Platform Security Team >> Blog : http://tharindue.blogspot.com >> mobile : +94 775181586 <+94%2077%20518%201586> >> > > > > -- > > Tharindu Edirisinghe > Senior Software Engineer | WSO2 Inc > Platform Security Team > Blog : http://tharindue.blogspot.com > mobile : +94 775181586 <077%20518%201586> > -- Dimuthu Leelarathne Director, Solutions Architecture WSO2, Inc. (http://wso2.com) email: dimut...@wso2.com Mobile: +94773661935 Blog: http://muthulee.blogspot.com Lean . Enterprise . Middleware
_______________________________________________ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev