Hi Shanika, Who is the customer behind this requirement?
thanks, Dimuthu On Mon, Dec 18, 2017 at 10:00 AM, Shanika Wickramasinghe <shani...@wso2.com> wrote: > Hi All, > > Thank you all for the clarifications. Reported a JIRA related to this > issue [1]. Hope IAM team will look into the necessary fixes. > > [1]. https://github.com/wso2/product-is/issues/1526 > > Thanks, > Shanika. > > > > On Sun, Dec 17, 2017 at 11:08 PM, Dimuthu Leelarathne <dimut...@wso2.com> > wrote: > >> Hi Tharindu, >> >> We will have a look. >> >> thanks, >> Dimuthu >> >> On Sat, Dec 16, 2017 at 1:34 AM, Tharindu Edirisinghe <tharin...@wso2.com >> > wrote: >> >>> @Shanika, >>> >>> The sample request I had given previously was for id_token. For >>> authorization code, the request is below which worked for me when invoking >>> manually. >>> >>> https://api.login.yahoo.com/oauth2/request_auth?client_id=dj >>> 0yJmk9OFZNWktjalhFSjlsJmQ9WVdrOWVISmhZamxqTjJVbWNHbzlNQS0tJn >>> M9Y29uc3VtZXJzZWNyZXQmeD02OA--&response_type=code&redirect_u >>> ri=https%3A%2F%2Fis.wso2.com&scope=openid&nonce=YihsFwGKgt3KJUh6tPs2 >>> >>> Thanks, >>> TharinduE >>> >>> On Fri, Dec 15, 2017 at 8:50 AM, Tharindu Edirisinghe < >>> tharin...@wso2.com> wrote: >>> >>>> +Dimuthu as it seems there's a bug in Yahoo federated authenticator. >>>> >>>> On Fri, Dec 15, 2017 at 8:46 AM, Tharindu Edirisinghe < >>>> tharin...@wso2.com> wrote: >>>> >>>>> Hi Shanika, >>>>> >>>>> I manually invoked the authorize endpoint of Yahoo and following >>>>> request worked for me. >>>>> >>>>> https://api.login.yahoo.com/oauth2/request_auth?client_id=dj >>>>> 0yJmk9OFZNWktjalhFSjlsJmQ9WVdrOWVISmhZamxqTjJVbWNHbzlNQS0tJn >>>>> M9Y29uc3VtZXJzZWNyZXQmeD02OA--&response_type=id_token&redire >>>>> ct_uri=https%3A%2F%2Fis.wso2.com&scope=openid&nonce=YihsFwGK >>>>> gt3KJUh6tPs2 >>>>> >>>>> As per my observations, Yahoo is validating the redirect_uri value and >>>>> if we define the callback domain as "is.wso2.com", then the >>>>> redirect_uri value must be either "http://is.wso2.com" or " >>>>> https://is.wso2.com", but nothing else. >>>>> >>>>> When saving the callback domain as localhost, it didn't allow me, so I >>>>> used is.wso2.com as above. >>>>> >>>>> When comes to the Yahoo connector, in the authorize request, the >>>>> *scope* parameter is not being sent. That should be a bug. Also, we >>>>> need to send *nonce* parameter too, which is required as per [1]. >>>>> Without nonce, even the above request I've given won't work. >>>>> >>>>> It seems we have to check more on the validations done on redirect_uri >>>>> / callback domain parameter from yahoo end. Because, in the yahoo app UI, >>>>> callback domain is listed as an optional parameter. However, if we create >>>>> an app without giving the callback domain value, that also doesn't work. >>>>> >>>>> [1] https://developer.yahoo.com/oauth2/guide/openid_connect/gett >>>>> ing_started.html#getting-started-auth-code >>>>> >>>>> Thanks, >>>>> TharinduE >>>>> >>>>> On Fri, Dec 15, 2017 at 1:04 AM, Shanika Wickramasinghe < >>>>> shani...@wso2.com> wrote: >>>>> >>>>>> Hi TharinduE, >>>>>> >>>>>> In Yahoo side configuration I didnt observe a place to give the >>>>>> callback URL( https://localhost:9443/commonauth). It asks only for a >>>>>> callback Domain where we can input localhost or another domain. [1] >>>>>> >>>>>> [1]. claimapp-yahoo.png >>>>>> >>>>>> >>>>>> Thanks, >>>>>> >>>>>> Shanika >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> On Thu, Dec 14, 2017 at 8:51 PM, Tharindu Edirisinghe < >>>>>> tharin...@wso2.com> wrote: >>>>>> >>>>>>> Hi Shanika, >>>>>>> >>>>>>> Can you show the Yahoo side configuration too. It seems Identity >>>>>>> Server is invoking the authorize endpoint of Yahoo. Without checking the >>>>>>> Yahoo side's config, we can't identify what causes the problem here. >>>>>>> >>>>>>> Thanks, >>>>>>> TharinduE >>>>>>> >>>>>>> On Thu, Dec 14, 2017 at 12:43 AM, Shanika Wickramasinghe < >>>>>>> shani...@wso2.com> wrote: >>>>>>> >>>>>>>> I am working with configuring Yahoo as a IDP using Federated >>>>>>>> authenticator Yahoo Configuration. Steps that I followed are as below. >>>>>>>> >>>>>>>> Run Standalone IS 5.4.0 GA pack >>>>>>>> Configure Travelocity as a Service Provider using SAML SSO >>>>>>>> Configure a Yahoo app as in [1] and take the client ID and the >>>>>>>> client secret [2] [3] >>>>>>>> Input them under federated authenticator > yahoo configuration >>>>>>>> Configure yahoo IDP as a Federated authenticator for Service >>>>>>>> provider >>>>>>>> Access http://localhost:8080/travelocity.com >>>>>>>> Click on SAML redirect Binding >>>>>>>> Provide Yahoo login details >>>>>>>> Error message will be shown as in [4] >>>>>>>> >>>>>>>> Appreciate any clarification related to this issue >>>>>>>> >>>>>>>> >>>>>>>> [1]. https://docs.wso2.com/display/IS540/Configuring+Yahoo >>>>>>>> >>>>>>>> [2]. yahoo-config1.png >>>>>>>> >>>>>>>> [3]. yahoo-config2.png >>>>>>>> >>>>>>>> [4]. yahoo.png >>>>>>>> >>>>>>>> Thank You, >>>>>>>> Shanika. >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> -- >>>>>>>> *Shanika Wickramasinghe* >>>>>>>> Software Engineer - QA Team >>>>>>>> >>>>>>>> Email : shani...@wso2.com >>>>>>>> Mobile : +94713503563 <+94%2071%20350%203563> >>>>>>>> Web : http://wso2.com >>>>>>>> >>>>>>>> <http://wso2.com/signature> >>>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> >>>>>>> Tharindu Edirisinghe >>>>>>> Senior Software Engineer | WSO2 Inc >>>>>>> Platform Security Team >>>>>>> Blog : http://tharindue.blogspot.com >>>>>>> mobile : +94 775181586 <+94%2077%20518%201586> >>>>>>> >>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> *Shanika Wickramasinghe* >>>>>> Software Engineer - QA Team >>>>>> >>>>>> Email : shani...@wso2.com >>>>>> Mobile : +94713503563 <+94%2071%20350%203563> >>>>>> Web : http://wso2.com >>>>>> >>>>>> <http://wso2.com/signature> >>>>>> >>>>> >>>>> >>>>> >>>>> -- >>>>> >>>>> Tharindu Edirisinghe >>>>> Senior Software Engineer | WSO2 Inc >>>>> Platform Security Team >>>>> Blog : http://tharindue.blogspot.com >>>>> mobile : +94 775181586 <+94%2077%20518%201586> >>>>> >>>> >>>> >>>> >>>> -- >>>> >>>> Tharindu Edirisinghe >>>> Senior Software Engineer | WSO2 Inc >>>> Platform Security Team >>>> Blog : http://tharindue.blogspot.com >>>> mobile : +94 775181586 <+94%2077%20518%201586> >>>> >>> >>> >>> >>> -- >>> >>> Tharindu Edirisinghe >>> Senior Software Engineer | WSO2 Inc >>> Platform Security Team >>> Blog : http://tharindue.blogspot.com >>> mobile : +94 775181586 <077%20518%201586> >>> >> >> >> >> -- >> Dimuthu Leelarathne >> Director, Solutions Architecture >> >> WSO2, Inc. (http://wso2.com) >> email: dimut...@wso2.com >> Mobile: +94773661935 <+94%2077%20366%201935> >> Blog: http://muthulee.blogspot.com >> >> Lean . Enterprise . Middleware >> > > > > -- > *Shanika Wickramasinghe* > Software Engineer - QA Team > > Email : shani...@wso2.com > Mobile : +94713503563 <071%20350%203563> > Web : http://wso2.com > > <http://wso2.com/signature> > -- Dimuthu Leelarathne Director, Solutions Architecture WSO2, Inc. (http://wso2.com) email: dimut...@wso2.com Mobile: +94773661935 Blog: http://muthulee.blogspot.com Lean . Enterprise . Middleware
_______________________________________________ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev