[Dev] [EI-DSS] "Can not issue executeUpdate() or executeLargeUpdate() for SELECTs" error popup.

2017-12-15 Thread Senuwan Withana 
Hi Team,

I need to get the latest record ID from the database table. In order to get
that record, I have used the below SQL statement.

SELECT MAX(RECORD_ID) FROM Customer;

Above query executed fine and results retrieved correctly.

However When I tried to execute same query on *WSO2 EI DSS,* I got below
exceptions.



 
  SELECT MAX(RECORD_ID) FROM Customer
   

 
  
  
   


I would like to know the reason why this error comes and how to avoid this
error.

*Error Log*


Default Namespace: http://ws.wso2.org/dataservice
Current Request Name: GetLastRecord
Current Params: {}
Nested Exception:-
java.sql.SQLException: Can not issue executeUpdate() or
executeLargeUpdate() for SELECTs

at
org.wso2.carbon.dataservices.core.engine.DSOMDataSource.execute(DSOMDataSource.java:102)
at
org.wso2.carbon.dataservices.core.engine.DSOMDataSource.serialize(DSOMDataSource.java:107)
at
org.wso2.carbon.dataservices.core.engine.DSOMDataSource.executeInOnly(DSOMDataSource.java:80)
at
org.wso2.carbon.dataservices.core.dispatch.SingleDataServiceRequest.processSingleRequest(SingleDataServiceRequest.java:116)
at
org.wso2.carbon.dataservices.core.dispatch.SingleDataServiceRequest.processRequest(SingleDataServiceRequest.java:67)
at
org.wso2.carbon.dataservices.core.dispatch.DataServiceRequest.dispatch(DataServiceRequest.java:357)
at
org.wso2.carbon.dataservices.core.DataServiceProcessor.dispatch(DataServiceProcessor.java:41)
at
org.wso2.carbon.dataservices.core.DBInOnlyMessageReceiver.invokeBusinessLogic(DBInOnlyMessageReceiver.java:53)
... 8 more
[2017-12-16 10:24:16,287] [EI-Core] DEBUG - wire HTTP-Listener I/O
dispatcher-1 << "HTTP/1.1 500 Internal Server Error[\r][\n]"
[2017-12-16 10:24:16,287] [EI-Core] DEBUG - header << "HTTP/1.1 500
Internal Server Error[\r][\n]"
[2017-12-16 10:24:16,287] [EI-Core] DEBUG - wire HTTP-Listener I/O
dispatcher-1 << "Content-Type: application/soap+xml; charset=UTF-8; action="
http://www.w3.org/2005/08/addressing/soap/fault"[\r][\n]";
[2017-12-16 10:24:16,287] [EI-Core] DEBUG - header << "HTTP/1.1 500
Internal Server Error[\r][\n]"
[2017-12-16 10:24:16,287] [EI-Core] DEBUG - wire HTTP-Listener I/O
dispatcher-1 << "Date: Sat, 16 Dec 2017 04:54:16 GMT[\r][\n]"
[2017-12-16 10:24:16,287] [EI-Core] DEBUG - wire HTTP-Listener I/O
dispatcher-1 << "Transfer-Encoding: chunked[\r][\n]"
[2017-12-16 10:24:16,287] [EI-Core] DEBUG - header << "Content-Type:
application/soap+xml; charset=UTF-8; action="
http://www.w3.org/2005/08/addressing/soap/fault"[\r][\n]";
[2017-12-16 10:24:16,287] [EI-Core] DEBUG - wire HTTP-Listener I/O
dispatcher-1 << "[\r][\n]"
[2017-12-16 10:24:16,287] [EI-Core] DEBUG - header << "Date: Sat, 16 Dec
2017 04:54:16 GMT[\r][\n]"
[2017-12-16 10:24:16,287] [EI-Core] DEBUG - wire HTTP-Listener I/O
dispatcher-1 << "eb3[\r][\n]"
[2017-12-16 10:24:16,287] [EI-Core] DEBUG - header << "Transfer-Encoding:
chunked[\r][\n]"
[2017-12-16 10:24:16,287] [EI-Core] DEBUG - wire HTTP-Listener I/O
dispatcher-1 << "http://www.w3.org/2003/05/soap-envelope";>http://ws.wso2.org/dataservice";>axis2ns146:DATABASE_ERRORDS Fault Message: Error in DS non result invoke.[\n]"
[2017-12-16 10:24:16,287] [EI-Core] DEBUG - header << "[\r][\n]"
[2017-12-16 10:24:16,288] [EI-Core] DEBUG - content << "e"
[2017-12-16 10:24:16,288] [EI-Core] DEBUG - content << "b"
[2017-12-16 10:24:16,288] [EI-Core] DEBUG - content << "3"
[2017-12-16 10:24:16,288] [EI-Core] DEBUG - content << "[\r]"
[2017-12-16 10:24:16,288] [EI-Core] DEBUG - content << "[\n]"
[2017-12-16 10:24:16,288] [EI-Core] DEBUG - content << "<"
[2017-12-16 10:24:16,288] [EI-Core] DEBUG - content << "?xm"
[2017-12-16 10:24:16,289] [EI-Core] DEBUG - content << "l version='1.0'
encoding='UTF-8'?>http://www.w3.org/2003/05/soap-envelope";>http://ws.wso2.org/dataservice";>axis2ns146:DATABASE_ERRORDS Fault Message: Error in DS non result invoke.[\n]"
[2017-12-16 10:24:16,289] [EI-Core] DEBUG - content << "DS Code:
DATABASE_ERROR[\n]"
[2017-12-16 10:24:16,289] [EI-Core] DEBUG - content << "Nested
Exception:-[\n]"
[2017-12-16 10:24:16,289] [EI-Core] DEBUG - content <<
"javax.xml.stream.XMLStreamException: DS Fault Message: Error in
'SQLQuery.processPreNormalQuery': Can not issue executeUpdate() or
executeLargeUpdate() for SELECTs[\n]"
[2017-12-16 10:24:16,289] [EI-Core] DEBUG - content << "DS Code:
DATABASE_ERROR[\n]"
[2017-12-16 10:24:16,289] [EI-Core] DEBUG - content << "Source Data
Service:-[\n]"
[2017-12-16 10:24:16,289] [EI-Core] DEBUG - content << "Name: CARAPP[\n]"
[2017-12-16 10:24:16,289] [EI-Core] DEBUG - content << "Location:
/CARAPP.dbs[\n]"
[2017-12-16 10:24:16,289] [EI-Core] DEBUG - content << "Description:
Connected CAR app data service.

[Dev] java.net.BindException: Address already in use (Bind failed)

2017-12-15 Thread Júnior 
Hi,

I am facing this issue when using the call mediator.

Is there any fix for that?

I am running on EI-61.0

Thanks

Follow the stack trace

*org.apache.axis2.AxisFault: Address already in use (Bind failed)*
at org.apache.axis2.AxisFault.makeFault(AxisFault.java:430)
at org.apache.axis2.transport.http.HTTPSender.sendViaPost(
HTTPSender.java:199)
at org.apache.axis2.transport.http.HTTPSender.send(HTTPSender.java:
77)
at org.apache.axis2.transport.http.CommonsHTTPTransportSender.
writeMessageWithCommons(CommonsHTTPTransportSender.java:451)
at org.apache.axis2.transport.http.CommonsHTTPTransportSender.invoke
(CommonsHTTPTransportSender.java:278)
at org.apache.axis2.engine.AxisEngine.send(AxisEngine.java:442)
at org.apache.axis2.description.OutInAxisOperationClient.send(
OutInAxisOperation.java:430)
at org.apache.axis2.description.OutInAxisOperationClient.executeImpl
(OutInAxisOperation.java:225)
at org.apache.axis2.client.OperationClient.execute(
OperationClient.java:149)
at org.apache.synapse.message.senders.blocking.BlockingMsgSender.
sendReceive(BlockingMsgSender.java:302)
at org.apache.synapse.message.senders.blocking.BlockingMsgSender.
send(BlockingMsgSender.java:211)
at org.apache.synapse.mediators.builtin.CallMediator.
handleBlockingCall(CallMediator.java:150)
at org.apache.synapse.mediators.builtin.CallMediator.mediate(
CallMediator.java:113)
at org.apache.synapse.mediators.AbstractListMediator.mediate(
AbstractListMediator.java:97)
at org.apache.synapse.mediators.filters.FilterMediator.mediate(
FilterMediator.java:250)
at org.apache.synapse.mediators.base.SequenceMediator.mediate(
SequenceMediator.java:267)
at org.apache.synapse.core.axis2.Axis2SynapseEnvironment.
mediateFromContinuationStateStack(Axis2SynapseEnvironment.java:775)
at org.apache.synapse.core.axis2.Axis2SynapseEnvironment.
injectMessage(Axis2SynapseEnvironment.java:282)
at org.apache.synapse.core.axis2.SynapseCallbackReceiver.
handleMessage(SynapseCallbackReceiver.java:554)
at org.apache.synapse.core.axis2.SynapseCallbackReceiver.receive(
SynapseCallbackReceiver.java:188)
at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:180)
at org.apache.synapse.transport.passthru.ClientWorker.run(
ClientWorker.java:262)
at org.apache.axis2.transport.base.threads.NativeWorkerPool$1.run(
NativeWorkerPool.java:172)
at java.util.concurrent.ThreadPoolExecutor.runWorker(
ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(
ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)
Caused by: java.net.BindException: Address already in use (Bind failed)
at java.net.PlainSocketImpl.socketBind(Native Method)
at java.net.AbstractPlainSocketImpl.bind(
AbstractPlainSocketImpl.java:387)
at java.net.Socket.bind(Socket.java:644)
at sun.security.ssl.BaseSSLSocketImpl.bind(BaseSSLSocketImpl.java:
124)
at sun.security.ssl.SSLSocketImpl.bind(SSLSocketImpl.java:65)
at sun.security.ssl.SSLSocketImpl.(SSLSocketImpl.java:468)
at
sun.security.ssl.SSLSocketFactoryImpl.createSocket(SSLSocketFactoryImpl.java:
153)
at
org.opensaml.ws.soap.client.http.TLSProtocolSocketFactory.createSocket(TLSProtocolSocketFactory.java:
185)
at
org.apache.commons.httpclient.HttpConnection.open(HttpConnection.java:707)
at
org.apache.commons.httpclient.MultiThreadedHttpConnectionManager$HttpConnectionAdapter.open(MultiThreadedHttpConnectionManager.java:
1361)
at
org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:
387)
at
org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:
171)
at
org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397)
at
org.apache.axis2.transport.http.AbstractHTTPSender.executeMethod(AbstractHTTPSender.java:
659)
at
org.apache.axis2.transport.http.HTTPSender.sendViaPost(HTTPSender.java:195)
... 24 more



-- 
Francisco Ribeiro
*SCEA|SCJP|SCWCD|IBM Certified SOA Associate*
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Configuring Yahoo as a IDP with Federated Authenticator Yahoo Configuration

2017-12-15 Thread Tharindu Edirisinghe 
@Shanika,

The sample request I had given previously was for id_token. For
authorization code, the request is below which worked for me when invoking
manually.

https://api.login.yahoo.com/oauth2/request_auth?client_id=dj0yJmk9OFZNWktjalhFSjlsJmQ9WVdrOWVISmhZamxqTjJVbWNHbzlNQS0tJnM9Y29uc3VtZXJzZWNyZXQmeD02OA--&response_type=code&redirect_uri=https%3A%2F%2Fis.wso2.com&scope=openid&nonce=YihsFwGKgt3KJUh6tPs2

Thanks,
TharinduE

On Fri, Dec 15, 2017 at 8:50 AM, Tharindu Edirisinghe 
wrote:

> +Dimuthu as it seems there's a bug in Yahoo federated authenticator.
>
> On Fri, Dec 15, 2017 at 8:46 AM, Tharindu Edirisinghe 
> wrote:
>
>> Hi Shanika,
>>
>> I manually invoked the authorize endpoint of Yahoo and following request
>> worked for me.
>>
>> https://api.login.yahoo.com/oauth2/request_auth?client_id=dj
>> 0yJmk9OFZNWktjalhFSjlsJmQ9WVdrOWVISmhZamxqTjJVbWNHbzlNQS0tJn
>> M9Y29uc3VtZXJzZWNyZXQmeD02OA--&response_type=id_token&redire
>> ct_uri=https%3A%2F%2Fis.wso2.com&scope=openid&nonce=YihsFwGKgt3KJUh6tPs2
>>
>> As per my observations, Yahoo is validating the redirect_uri value and if
>> we define the callback domain as "is.wso2.com", then the redirect_uri
>> value must be either "http://is.wso2.com"; or "https://is.wso2.com";, but
>> nothing else.
>>
>> When saving the callback domain as localhost, it didn't allow me, so I
>> used is.wso2.com as above.
>>
>> When comes to the Yahoo connector, in the authorize request, the *scope*
>> parameter is not being sent. That should be a bug. Also, we need to send
>> *nonce* parameter too, which is required as per [1]. Without nonce, even
>> the above request I've given won't work.
>>
>> It seems we have to check more on the validations done on redirect_uri /
>> callback domain parameter from yahoo end. Because, in the yahoo app UI,
>> callback domain is listed as an optional parameter. However, if we create
>> an app without giving the callback domain value, that also doesn't work.
>>
>> [1] https://developer.yahoo.com/oauth2/guide/openid_connect/gett
>> ing_started.html#getting-started-auth-code
>>
>> Thanks,
>> TharinduE
>>
>> On Fri, Dec 15, 2017 at 1:04 AM, Shanika Wickramasinghe <
>> shani...@wso2.com> wrote:
>>
>>> Hi TharinduE,
>>>
>>> In Yahoo side configuration I didnt observe a place to give the callback
>>> URL( https://localhost:9443/commonauth). It asks only for a callback
>>> Domain where we can input localhost or another domain. [1]
>>>
>>> [1]. claimapp-yahoo.png
>>>
>>>
>>> Thanks,
>>>
>>> Shanika
>>>
>>>
>>>
>>>
>>> On Thu, Dec 14, 2017 at 8:51 PM, Tharindu Edirisinghe <
>>> tharin...@wso2.com> wrote:
>>>
 Hi Shanika,

 Can you show the Yahoo side configuration too. It seems Identity Server
 is invoking the authorize endpoint of Yahoo. Without checking the Yahoo
 side's config, we can't identify what causes the problem here.

 Thanks,
 TharinduE

 On Thu, Dec 14, 2017 at 12:43 AM, Shanika Wickramasinghe <
 shani...@wso2.com> wrote:

> I am working with configuring Yahoo as a IDP using Federated
> authenticator Yahoo Configuration. Steps that I followed are as below.
>
> Run Standalone IS 5.4.0 GA pack
> Configure Travelocity as a Service Provider using SAML SSO
> Configure a Yahoo app as in [1] and take the client ID and the client
> secret [2] [3]
> Input them under federated authenticator > yahoo configuration
> Configure yahoo IDP as a Federated authenticator for Service provider
> Access http://localhost:8080/travelocity.com
> Click on SAML redirect Binding
> Provide Yahoo login details
> Error message will be shown as in [4]
>
> Appreciate any clarification related to this issue
>
>
> [1]. https://docs.wso2.com/display/IS540/Configuring+Yahoo
>
> [2]. yahoo-config1.png
>
> [3]. yahoo-config2.png
>
> [4]. yahoo.png
>
> Thank You,
> Shanika.
>
>
>
>
> --
> *Shanika Wickramasinghe*
> Software Engineer - QA Team
>
> Email: shani...@wso2.com
> Mobile  : +94713503563 <+94%2071%20350%203563>
> Web : http://wso2.com
>
> 
>



 --

 Tharindu Edirisinghe
 Senior Software Engineer | WSO2 Inc
 Platform Security Team
 Blog : http://tharindue.blogspot.com
 mobile : +94 775181586 <+94%2077%20518%201586>

>>>
>>>
>>>
>>> --
>>> *Shanika Wickramasinghe*
>>> Software Engineer - QA Team
>>>
>>> Email: shani...@wso2.com
>>> Mobile  : +94713503563 <+94%2071%20350%203563>
>>> Web : http://wso2.com
>>>
>>> 
>>>
>>
>>
>>
>> --
>>
>> Tharindu Edirisinghe
>> Senior Software Engineer | WSO2 Inc
>> Platform Security Team
>> Blog : http://tharindue.blogspot.com
>> mobile : +94 775181586 <+94%2077%20518%201586>
>>
>
>
>
> --
>
> Tharindu Edirisinghe
> Senior Software Engineer | WSO2 Inc
> Platform Security Team
> Blog : http://tharindue.blogspot.com
> mobi

Re: [Dev] Login to Identity Server using another Identity Server - OAuth2

2017-12-15 Thread Nilasini Thirunavukkarasu 
On Fri, Dec 15, 2017 at 5:45 PM, Sherene Mahanama  wrote:

>
>
> On Fri, Dec 15, 2017 at 5:09 PM, Nilasini Thirunavukkarasu <
> nilas...@wso2.com> wrote:
>
>> Hi Sherene,
>>
>> On Fri, Dec 15, 2017 at 4:29 PM, Sherene Mahanama 
>> wrote:
>>
>>> Hi Nilasini/Isuru
>>>
>>> AFAIU, the doc jira states that we have to create an SP in each instance
>>> of IS and that the doc bug is that we have missed mentioning the SP created
>>> in IS1 (playground sample).
>>>
>>> In doc [1], we have said to create an SP for IS2 (9444) in step 2 and in
>>> step 5 we have said to set up the playground sample in IS1 (9443). To set
>>> up the playground sample, we have pointed to this doc [2] which instructs
>>> the user to create an SP. So if the user follows the steps, he/she will end
>>> up creating an SP in each instance.
>>>
>>
>> But in that case,  before telling to create a service provider in step 5
>> we have mentioned to configure federated identity provider for the service
>> provider in step(4). Ideally the IS which have playground is the one must
>> be configured with an IDP. Also in step 4 we have mentioned to edit the
>> service provider which created for first IS but we didn't create a service
>> provider in first IS until that step. I will include these details in the
>> jira itself.
>>
>
> Ah yes that's true. Step 4 should ideally come after step 5. Will fix
> this..and as @Farasath suggested, lets add a diagram to make it clear.
>
Thanks Sherene.

>
> Thanks all,
> Sherene
>
>>
>


-- 
Nilasini Thirunavukkarasu
Software Engineer - WSO2

Email : nilas...@wso2.com
Mobile : +94775241823
Web : http://wso2.com/



___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [ESB -DSS] Issue on sending emails.

2017-12-15 Thread Senuwan Withana 
Hi Guys,

Thanks for respond. Well, I would able to send email correctly, after the
selecting the "Event Trigger" option.

Input Event Trigger  --Select--
   SendEmail



Regards,

*Senuwan Withana*
Software Engineer - Support Team | WSO2

Email : senu...@wso2.com
Mobile: 94773212853
Web: http://www.wso2.com



On Fri, Dec 15, 2017 at 9:29 AM, Chanika Geeganage  wrote:

> According to the configuration the email is sent only if the value passed
> for ENGINE_CAPACITY is less than 10. As Praminda said do you observe any
> exceptions in logs? If so can you please post them.,
>
> On Fri, Dec 15, 2017 at 9:25 AM, Praminda Jayawardana 
> wrote:
>
>> Hi Senuwan,
>>
>> Do you get any errors when trying to send an email? If you get
>> authentication errors you should use app password [1] for the axis2 email
>> configuration.
>>
>> [1]: https://security.google.com/settings/security/apppasswords
>>
>> Thanks,
>> Praminda
>>
>> On Thu, Dec 14, 2017 at 9:26 PM, Senuwan Withana 
>> wrote:
>>
>>> Hi Team,
>>>
>>> When  the user adds some value(s) into the back end I want to send an
>>> email to some other users like managers etc.
>>>
>>> In order to do below scenario I have used WSO2 EI DSS service.  I have
>>> tried out the scenario give on documentation [1], but email have not
>>> generated.
>>>
>>>
>>> Please give me suggestion to over come this issue.
>>>
>>>
>>>   
>>>   /AddDetails/ENGINE_CAPACITY<10
>>>   new_order
>>>   
>>>  mailto:x...@wso2.com
>>>  mailto:m...@gmail.com
>>>   
>>>
>>>
>>>
>>>
>>> [1] - https://docs.wso2.com/display/EI600/Receiving+Notification
>>> s+from+Data+Services
>>>
>>>
>>>
>>> Furthermore I wan to clarify my x path as well.
>>>
>>>
>>> Thanks.
>>>
>>> *Senuwan Withana*
>>> Software Engineer - Support Team | WSO2
>>>
>>> Email : senu...@wso2.com
>>> Mobile: 94773212853
>>> Web: http://www.wso2.com
>>>
>>>
>>>
>>> ___
>>> Dev mailing list
>>> Dev@wso2.org
>>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>>
>>>
>>
>>
>> --
>>
>> *Praminda Jayawardana*
>> Software Engineer
>> WSO2 Inc.; http://wso2.com
>> Mobile : +94 (0) 716 590918 <+94%2071%20659%200918>
>>
>> ___
>> Dev mailing list
>> Dev@wso2.org
>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>
>>
>
>
> --
> Best Regards..
>
> Chanika Geeganage
> +94773522586 <+94%2077%20352%202586>
> WSO2, Inc.; http://wso2.com
>
>
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Configuring Yahoo as a IDP with Federated Authenticator Yahoo Configuration

2017-12-15 Thread Tharindu Edirisinghe 
+Dimuthu as it seems there's a bug in Yahoo federated authenticator.

On Fri, Dec 15, 2017 at 8:46 AM, Tharindu Edirisinghe 
wrote:

> Hi Shanika,
>
> I manually invoked the authorize endpoint of Yahoo and following request
> worked for me.
>
> https://api.login.yahoo.com/oauth2/request_auth?client_id=
> dj0yJmk9OFZNWktjalhFSjlsJmQ9WVdrOWVISmhZamxqTjJVbWNHbzlNQS0t
> JnM9Y29uc3VtZXJzZWNyZXQmeD02OA--&response_type=id_token&
> redirect_uri=https%3A%2F%2Fis.wso2.com&scope=openid&nonce=
> YihsFwGKgt3KJUh6tPs2
>
> As per my observations, Yahoo is validating the redirect_uri value and if
> we define the callback domain as "is.wso2.com", then the redirect_uri
> value must be either "http://is.wso2.com"; or "https://is.wso2.com";, but
> nothing else.
>
> When saving the callback domain as localhost, it didn't allow me, so I
> used is.wso2.com as above.
>
> When comes to the Yahoo connector, in the authorize request, the *scope*
> parameter is not being sent. That should be a bug. Also, we need to send
> *nonce* parameter too, which is required as per [1]. Without nonce, even
> the above request I've given won't work.
>
> It seems we have to check more on the validations done on redirect_uri /
> callback domain parameter from yahoo end. Because, in the yahoo app UI,
> callback domain is listed as an optional parameter. However, if we create
> an app without giving the callback domain value, that also doesn't work.
>
> [1] https://developer.yahoo.com/oauth2/guide/openid_connect/
> getting_started.html#getting-started-auth-code
>
> Thanks,
> TharinduE
>
> On Fri, Dec 15, 2017 at 1:04 AM, Shanika Wickramasinghe  > wrote:
>
>> Hi TharinduE,
>>
>> In Yahoo side configuration I didnt observe a place to give the callback
>> URL( https://localhost:9443/commonauth). It asks only for a callback
>> Domain where we can input localhost or another domain. [1]
>>
>> [1]. claimapp-yahoo.png
>>
>>
>> Thanks,
>>
>> Shanika
>>
>>
>>
>>
>> On Thu, Dec 14, 2017 at 8:51 PM, Tharindu Edirisinghe > > wrote:
>>
>>> Hi Shanika,
>>>
>>> Can you show the Yahoo side configuration too. It seems Identity Server
>>> is invoking the authorize endpoint of Yahoo. Without checking the Yahoo
>>> side's config, we can't identify what causes the problem here.
>>>
>>> Thanks,
>>> TharinduE
>>>
>>> On Thu, Dec 14, 2017 at 12:43 AM, Shanika Wickramasinghe <
>>> shani...@wso2.com> wrote:
>>>
 I am working with configuring Yahoo as a IDP using Federated
 authenticator Yahoo Configuration. Steps that I followed are as below.

 Run Standalone IS 5.4.0 GA pack
 Configure Travelocity as a Service Provider using SAML SSO
 Configure a Yahoo app as in [1] and take the client ID and the client
 secret [2] [3]
 Input them under federated authenticator > yahoo configuration
 Configure yahoo IDP as a Federated authenticator for Service provider
 Access http://localhost:8080/travelocity.com
 Click on SAML redirect Binding
 Provide Yahoo login details
 Error message will be shown as in [4]

 Appreciate any clarification related to this issue


 [1]. https://docs.wso2.com/display/IS540/Configuring+Yahoo

 [2]. yahoo-config1.png

 [3]. yahoo-config2.png

 [4]. yahoo.png

 Thank You,
 Shanika.




 --
 *Shanika Wickramasinghe*
 Software Engineer - QA Team

 Email: shani...@wso2.com
 Mobile  : +94713503563 <+94%2071%20350%203563>
 Web : http://wso2.com

 

>>>
>>>
>>>
>>> --
>>>
>>> Tharindu Edirisinghe
>>> Senior Software Engineer | WSO2 Inc
>>> Platform Security Team
>>> Blog : http://tharindue.blogspot.com
>>> mobile : +94 775181586 <+94%2077%20518%201586>
>>>
>>
>>
>>
>> --
>> *Shanika Wickramasinghe*
>> Software Engineer - QA Team
>>
>> Email: shani...@wso2.com
>> Mobile  : +94713503563 <+94%2071%20350%203563>
>> Web : http://wso2.com
>>
>> 
>>
>
>
>
> --
>
> Tharindu Edirisinghe
> Senior Software Engineer | WSO2 Inc
> Platform Security Team
> Blog : http://tharindue.blogspot.com
> mobile : +94 775181586 <+94%2077%20518%201586>
>



-- 

Tharindu Edirisinghe
Senior Software Engineer | WSO2 Inc
Platform Security Team
Blog : http://tharindue.blogspot.com
mobile : +94 775181586
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Configuring Yahoo as a IDP with Federated Authenticator Yahoo Configuration

2017-12-15 Thread Tharindu Edirisinghe 
Hi Shanika,

I manually invoked the authorize endpoint of Yahoo and following request
worked for me.

https://api.login.yahoo.com/oauth2/request_auth?client_id=dj0yJmk9OFZNWktjalhFSjlsJmQ9WVdrOWVISmhZamxqTjJVbWNHbzlNQS0tJnM9Y29uc3VtZXJzZWNyZXQmeD02OA--&response_type=id_token&redirect_uri=https%3A%2F%2Fis.wso2.com&scope=openid&nonce=YihsFwGKgt3KJUh6tPs2

As per my observations, Yahoo is validating the redirect_uri value and if
we define the callback domain as "is.wso2.com", then the redirect_uri value
must be either "http://is.wso2.com"; or "https://is.wso2.com";, but nothing
else.

When saving the callback domain as localhost, it didn't allow me, so I used
is.wso2.com as above.

When comes to the Yahoo connector, in the authorize request, the *scope*
parameter is not being sent. That should be a bug. Also, we need to send
*nonce* parameter too, which is required as per [1]. Without nonce, even
the above request I've given won't work.

It seems we have to check more on the validations done on redirect_uri /
callback domain parameter from yahoo end. Because, in the yahoo app UI,
callback domain is listed as an optional parameter. However, if we create
an app without giving the callback domain value, that also doesn't work.

[1]
https://developer.yahoo.com/oauth2/guide/openid_connect/getting_started.html#getting-started-auth-code

Thanks,
TharinduE

On Fri, Dec 15, 2017 at 1:04 AM, Shanika Wickramasinghe 
wrote:

> Hi TharinduE,
>
> In Yahoo side configuration I didnt observe a place to give the callback
> URL( https://localhost:9443/commonauth). It asks only for a callback
> Domain where we can input localhost or another domain. [1]
>
> [1]. claimapp-yahoo.png
>
>
> Thanks,
>
> Shanika
>
>
>
>
> On Thu, Dec 14, 2017 at 8:51 PM, Tharindu Edirisinghe 
> wrote:
>
>> Hi Shanika,
>>
>> Can you show the Yahoo side configuration too. It seems Identity Server
>> is invoking the authorize endpoint of Yahoo. Without checking the Yahoo
>> side's config, we can't identify what causes the problem here.
>>
>> Thanks,
>> TharinduE
>>
>> On Thu, Dec 14, 2017 at 12:43 AM, Shanika Wickramasinghe <
>> shani...@wso2.com> wrote:
>>
>>> I am working with configuring Yahoo as a IDP using Federated
>>> authenticator Yahoo Configuration. Steps that I followed are as below.
>>>
>>> Run Standalone IS 5.4.0 GA pack
>>> Configure Travelocity as a Service Provider using SAML SSO
>>> Configure a Yahoo app as in [1] and take the client ID and the client
>>> secret [2] [3]
>>> Input them under federated authenticator > yahoo configuration
>>> Configure yahoo IDP as a Federated authenticator for Service provider
>>> Access http://localhost:8080/travelocity.com
>>> Click on SAML redirect Binding
>>> Provide Yahoo login details
>>> Error message will be shown as in [4]
>>>
>>> Appreciate any clarification related to this issue
>>>
>>>
>>> [1]. https://docs.wso2.com/display/IS540/Configuring+Yahoo
>>>
>>> [2]. yahoo-config1.png
>>>
>>> [3]. yahoo-config2.png
>>>
>>> [4]. yahoo.png
>>>
>>> Thank You,
>>> Shanika.
>>>
>>>
>>>
>>>
>>> --
>>> *Shanika Wickramasinghe*
>>> Software Engineer - QA Team
>>>
>>> Email: shani...@wso2.com
>>> Mobile  : +94713503563 <+94%2071%20350%203563>
>>> Web : http://wso2.com
>>>
>>> 
>>>
>>
>>
>>
>> --
>>
>> Tharindu Edirisinghe
>> Senior Software Engineer | WSO2 Inc
>> Platform Security Team
>> Blog : http://tharindue.blogspot.com
>> mobile : +94 775181586 <+94%2077%20518%201586>
>>
>
>
>
> --
> *Shanika Wickramasinghe*
> Software Engineer - QA Team
>
> Email: shani...@wso2.com
> Mobile  : +94713503563 <+94%2071%20350%203563>
> Web : http://wso2.com
>
> 
>



-- 

Tharindu Edirisinghe
Senior Software Engineer | WSO2 Inc
Platform Security Team
Blog : http://tharindue.blogspot.com
mobile : +94 775181586
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Login to Identity Server using another Identity Server - OAuth2

2017-12-15 Thread Sherene Mahanama 
On Fri, Dec 15, 2017 at 5:09 PM, Nilasini Thirunavukkarasu <
nilas...@wso2.com> wrote:

> Hi Sherene,
>
> On Fri, Dec 15, 2017 at 4:29 PM, Sherene Mahanama 
> wrote:
>
>> Hi Nilasini/Isuru
>>
>> AFAIU, the doc jira states that we have to create an SP in each instance
>> of IS and that the doc bug is that we have missed mentioning the SP created
>> in IS1 (playground sample).
>>
>> In doc [1], we have said to create an SP for IS2 (9444) in step 2 and in
>> step 5 we have said to set up the playground sample in IS1 (9443). To set
>> up the playground sample, we have pointed to this doc [2] which instructs
>> the user to create an SP. So if the user follows the steps, he/she will end
>> up creating an SP in each instance.
>>
>
> But in that case,  before telling to create a service provider in step 5
> we have mentioned to configure federated identity provider for the service
> provider in step(4). Ideally the IS which have playground is the one must
> be configured with an IDP. Also in step 4 we have mentioned to edit the
> service provider which created for first IS but we didn't create a service
> provider in first IS until that step. I will include these details in the
> jira itself.
>

Ah yes that's true. Step 4 should ideally come after step 5. Will fix
this..and as @Farasath suggested, lets add a diagram to make it clear.

Thanks all,
Sherene

>
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Login to Identity Server using another Identity Server - OAuth2

2017-12-15 Thread Nilasini Thirunavukkarasu 
Hi Sherene,

On Fri, Dec 15, 2017 at 4:29 PM, Sherene Mahanama  wrote:

> Hi Nilasini/Isuru
>
> AFAIU, the doc jira states that we have to create an SP in each instance
> of IS and that the doc bug is that we have missed mentioning the SP created
> in IS1 (playground sample).
>
> In doc [1], we have said to create an SP for IS2 (9444) in step 2 and in
> step 5 we have said to set up the playground sample in IS1 (9443). To set
> up the playground sample, we have pointed to this doc [2] which instructs
> the user to create an SP. So if the user follows the steps, he/she will end
> up creating an SP in each instance.
>

But in that case,  before telling to create a service provider in step 5 we
have mentioned to configure federated identity provider for the service
provider in step(4). Ideally the IS which have playground is the one must
be configured with an IDP. Also in step 4 we have mentioned to edit the
service provider which created for first IS but we didn't create a service
provider in first IS until that step. I will include these details in the
jira itself.

>
> However, I guess this can be made a bit more clearer in the doc. Will look
> into that.
>
Thanks Sherene.

>
> [1] https://docs.wso2.com/display/IS540/Login+to+
> Identity+Server+using+another+Identity+Server+-+OAuth2
> [2] https://docs.wso2.com/display/IS540/Setting+Up+the+Sample+Webapp
>
> Thanks,
> Sherene
>
> On Fri, Dec 15, 2017 at 3:14 PM, Shavindri Dissanayake  > wrote:
>
>> Ack for docs! We will look into this. There were a few doc JIRAs created
>> over the week for this scenario (OAuth and SAML2 both).
>>
>> Thanks & Regards
>> Shavindri Dissanayake
>> Senior Technical Writer
>>
>> WSO2 Inc.
>> lean.enterprise.middleware
>>
>> On Fri, Dec 15, 2017 at 3:03 PM, Isuru Uyanage  wrote:
>>
>>> Hi Nilasini/Hasanthi,
>>> Thank you for the clarification.
>>>
>>>
>>> Thanks,
>>> Isuru
>>>
>>> *Thanks and Best Regards,*
>>>
>>> *Isuru Uyanage*
>>> *Software Engineer - QA | WSO2*
>>> *Mobile : **+94 77 <+94%2077%20767%201807> 55 30752*
>>> *LinkedIn: **https://www.linkedin.com/in/isuru-uyanage/
>>> *
>>>
>>>
>>>
>>>
>>> On Fri, Dec 15, 2017 at 2:26 PM, Nilasini Thirunavukkarasu <
>>> nilas...@wso2.com> wrote:
>>>
 Created a documentation jira[1] to track this.


 [1] https://wso2.org/jira/browse/DOCUMENTATION-7409

 On Fri, Dec 15, 2017 at 2:07 PM, Nilasini Thirunavukkarasu <
 nilas...@wso2.com> wrote:

> Hi Isuru,
>
> Actual steps must be.
>
> 1) create a sp(sp name:-sample)  in second one(9444)
> 2) create a sp(spname:- playground) in the first one(9443)
> 3) create an IDP in the first one(9443) by giving the second one(9444)
> authorization endpoint and etc as mentioned in the doc. Also fill the
> client_id & secret from the second one's(9444) SP you got by the step 1.
>
>
> Documentation is only mention about one service provider. We need to
> correct it. I will create a doc jira for that
>
>
> Thanks,
> Nila.
>
>
> On Fri, Dec 15, 2017 at 1:23 PM, Isuru Uyanage 
> wrote:
>
>> Hi All,
>>
>> I'm trying to login to Identity Server using another Identity Server.
>> I followed doc[1].
>> It has been asked to follow the below steps.
>>
>>- Configure an IDP(Idp9443) in Identity Server1.
>>- Configure an SP(SP9444) in Identity Server2.
>>- In the second Identity Server, in Service Provider
>>Configuration, select Idp9443, which is created in first IS, as the
>>federated authenticator in Local and Outbound Authentication 
>> Configuration.
>>
>>
>> My question is it only displays the IDPs created in its own Identity
>> Server in Service Provider/Outbound Authentication Configuration. We
>> created the IDP in IS1. How is it going to be displayed in Federated
>> Authenticators in IS2?
>>
>> It would be highly appreciated if these steps can be verified and
>> specify if I have missed any configuration step here.
>>
>> [1]- https://docs.wso2.com/display/IS540/Login+to+Identity+S
>> erver+using+another+Identity+Server+-+OAuth2
>>
>>
>>
>> *Thanks and Best Regards,*
>>
>> *Isuru Uyanage*
>> *Software Engineer - QA | WSO2*
>> *Mobile : **+94 77 <+94%2077%20767%201807> 55 30752*
>> *LinkedIn: **https://www.linkedin.com/in/isuru-uyanage/
>> *
>>
>>
>>
>>
>
>
> --
> Nilasini Thirunavukkarasu
> Software Engineer - WSO2
>
> Email : nilas...@wso2.com
> Mobile : +94775241823 <+94%2077%20524%201823>
> Web : http://wso2.com/
>
>
> 
>



 --
 Nilasini Thirunavukkarasu
 Software Engineer - WSO2

 Email : nilas...@wso2.com
 Mobile : +94775241823 <+94%2077%20524%201823>
 Web : h

Re: [Dev] Login to Identity Server using another Identity Server - OAuth2

2017-12-15 Thread Farasath Ahamed 
On Friday, December 15, 2017, Sherene Mahanama  wrote:

> Hi Nilasini/Isuru
>
> AFAIU, the doc jira states that we have to create an SP in each instance
> of IS and that the doc bug is that we have missed mentioning the SP created
> in IS1 (playground sample).
>
> In doc [1], we have said to create an SP for IS2 (9444) in step 2 and in
> step 5 we have said to set up the playground sample in IS1 (9443). To set
> up the playground sample, we have pointed to this doc [2] which instructs
> the user to create an SP. So if the user follows the steps, he/she will end
> up creating an SP in each instance.
>
> However, I guess this can be made a bit more clearer in the doc. Will look
> into that.
>

Adding a small diagram would make things much clear IMO 🙂

>
> [1] https://docs.wso2.com/display/IS540/Login+to+
> Identity+Server+using+another+Identity+Server+-+OAuth2
> [2] https://docs.wso2.com/display/IS540/Setting+Up+the+Sample+Webapp
>
> Thanks,
> Sherene
>
> On Fri, Dec 15, 2017 at 3:14 PM, Shavindri Dissanayake  > wrote:
>
>> Ack for docs! We will look into this. There were a few doc JIRAs created
>> over the week for this scenario (OAuth and SAML2 both).
>>
>> Thanks & Regards
>> Shavindri Dissanayake
>> Senior Technical Writer
>>
>> WSO2 Inc.
>> lean.enterprise.middleware
>>
>> On Fri, Dec 15, 2017 at 3:03 PM, Isuru Uyanage  wrote:
>>
>>> Hi Nilasini/Hasanthi,
>>> Thank you for the clarification.
>>>
>>>
>>> Thanks,
>>> Isuru
>>>
>>> *Thanks and Best Regards,*
>>>
>>> *Isuru Uyanage*
>>> *Software Engineer - QA | WSO2*
>>> *Mobile : **+94 77 <+94%2077%20767%201807> 55 30752*
>>> *LinkedIn: **https://www.linkedin.com/in/isuru-uyanage/
>>> *
>>>
>>>
>>>
>>>
>>> On Fri, Dec 15, 2017 at 2:26 PM, Nilasini Thirunavukkarasu <
>>> nilas...@wso2.com> wrote:
>>>
 Created a documentation jira[1] to track this.


 [1] https://wso2.org/jira/browse/DOCUMENTATION-7409

 On Fri, Dec 15, 2017 at 2:07 PM, Nilasini Thirunavukkarasu <
 nilas...@wso2.com> wrote:

> Hi Isuru,
>
> Actual steps must be.
>
> 1) create a sp(sp name:-sample)  in second one(9444)
> 2) create a sp(spname:- playground) in the first one(9443)
> 3) create an IDP in the first one(9443) by giving the second one(9444)
> authorization endpoint and etc as mentioned in the doc. Also fill the
> client_id & secret from the second one's(9444) SP you got by the step 1.
>
>
> Documentation is only mention about one service provider. We need to
> correct it. I will create a doc jira for that
>
>
> Thanks,
> Nila.
>
>
> On Fri, Dec 15, 2017 at 1:23 PM, Isuru Uyanage 
> wrote:
>
>> Hi All,
>>
>> I'm trying to login to Identity Server using another Identity Server.
>> I followed doc[1].
>> It has been asked to follow the below steps.
>>
>>- Configure an IDP(Idp9443) in Identity Server1.
>>- Configure an SP(SP9444) in Identity Server2.
>>- In the second Identity Server, in Service Provider
>>Configuration, select Idp9443, which is created in first IS, as the
>>federated authenticator in Local and Outbound Authentication 
>> Configuration.
>>
>>
>> My question is it only displays the IDPs created in its own Identity
>> Server in Service Provider/Outbound Authentication Configuration. We
>> created the IDP in IS1. How is it going to be displayed in Federated
>> Authenticators in IS2?
>>
>> It would be highly appreciated if these steps can be verified and
>> specify if I have missed any configuration step here.
>>
>> [1]- https://docs.wso2.com/display/IS540/Login+to+Identity+S
>> erver+using+another+Identity+Server+-+OAuth2
>>
>>
>>
>> *Thanks and Best Regards,*
>>
>> *Isuru Uyanage*
>> *Software Engineer - QA | WSO2*
>> *Mobile : **+94 77 <+94%2077%20767%201807> 55 30752*
>> *LinkedIn: **https://www.linkedin.com/in/isuru-uyanage/
>> *
>>
>>
>>
>>
>
>
> --
> Nilasini Thirunavukkarasu
> Software Engineer - WSO2
>
> Email : nilas...@wso2.com
> Mobile : +94775241823 <+94%2077%20524%201823>
> Web : http://wso2.com/
>
>
> 
>



 --
 Nilasini Thirunavukkarasu
 Software Engineer - WSO2

 Email : nilas...@wso2.com
 Mobile : +94775241823 <+94%2077%20524%201823>
 Web : http://wso2.com/


 

>>>
>>>
>>
>
>
> --
> Sherene Mahanama
> Technical Writer
>
> WSO2 (pvt.) Ltd.
> Colombo, Sri Lanka
> Mobile: (+94) 777 <%28%2B94%29%20773131798>
> *994805*
>


-- 
Farasath Ahamed
Senior Software Engineer, WSO2 Inc.; http://wso2.com
Mobile: +94777603866
Blog: blog.farazath.com
Twitter: @farazath619 

__

Re: [Dev] Login to Identity Server using another Identity Server - OAuth2

2017-12-15 Thread Sherene Mahanama 
Hi Nilasini/Isuru

AFAIU, the doc jira states that we have to create an SP in each instance of
IS and that the doc bug is that we have missed mentioning the SP created in
IS1 (playground sample).

In doc [1], we have said to create an SP for IS2 (9444) in step 2 and in
step 5 we have said to set up the playground sample in IS1 (9443). To set
up the playground sample, we have pointed to this doc [2] which instructs
the user to create an SP. So if the user follows the steps, he/she will end
up creating an SP in each instance.

However, I guess this can be made a bit more clearer in the doc. Will look
into that.

[1]
https://docs.wso2.com/display/IS540/Login+to+Identity+Server+using+another+Identity+Server+-+OAuth2
[2] https://docs.wso2.com/display/IS540/Setting+Up+the+Sample+Webapp

Thanks,
Sherene

On Fri, Dec 15, 2017 at 3:14 PM, Shavindri Dissanayake 
wrote:

> Ack for docs! We will look into this. There were a few doc JIRAs created
> over the week for this scenario (OAuth and SAML2 both).
>
> Thanks & Regards
> Shavindri Dissanayake
> Senior Technical Writer
>
> WSO2 Inc.
> lean.enterprise.middleware
>
> On Fri, Dec 15, 2017 at 3:03 PM, Isuru Uyanage  wrote:
>
>> Hi Nilasini/Hasanthi,
>> Thank you for the clarification.
>>
>>
>> Thanks,
>> Isuru
>>
>> *Thanks and Best Regards,*
>>
>> *Isuru Uyanage*
>> *Software Engineer - QA | WSO2*
>> *Mobile : **+94 77 <+94%2077%20767%201807> 55 30752*
>> *LinkedIn: **https://www.linkedin.com/in/isuru-uyanage/
>> *
>>
>>
>>
>>
>> On Fri, Dec 15, 2017 at 2:26 PM, Nilasini Thirunavukkarasu <
>> nilas...@wso2.com> wrote:
>>
>>> Created a documentation jira[1] to track this.
>>>
>>>
>>> [1] https://wso2.org/jira/browse/DOCUMENTATION-7409
>>>
>>> On Fri, Dec 15, 2017 at 2:07 PM, Nilasini Thirunavukkarasu <
>>> nilas...@wso2.com> wrote:
>>>
 Hi Isuru,

 Actual steps must be.

 1) create a sp(sp name:-sample)  in second one(9444)
 2) create a sp(spname:- playground) in the first one(9443)
 3) create an IDP in the first one(9443) by giving the second one(9444)
 authorization endpoint and etc as mentioned in the doc. Also fill the
 client_id & secret from the second one's(9444) SP you got by the step 1.


 Documentation is only mention about one service provider. We need to
 correct it. I will create a doc jira for that


 Thanks,
 Nila.


 On Fri, Dec 15, 2017 at 1:23 PM, Isuru Uyanage 
 wrote:

> Hi All,
>
> I'm trying to login to Identity Server using another Identity Server.
> I followed doc[1].
> It has been asked to follow the below steps.
>
>- Configure an IDP(Idp9443) in Identity Server1.
>- Configure an SP(SP9444) in Identity Server2.
>- In the second Identity Server, in Service Provider
>Configuration, select Idp9443, which is created in first IS, as the
>federated authenticator in Local and Outbound Authentication 
> Configuration.
>
>
> My question is it only displays the IDPs created in its own Identity
> Server in Service Provider/Outbound Authentication Configuration. We
> created the IDP in IS1. How is it going to be displayed in Federated
> Authenticators in IS2?
>
> It would be highly appreciated if these steps can be verified and
> specify if I have missed any configuration step here.
>
> [1]- https://docs.wso2.com/display/IS540/Login+to+Identity+S
> erver+using+another+Identity+Server+-+OAuth2
>
>
>
> *Thanks and Best Regards,*
>
> *Isuru Uyanage*
> *Software Engineer - QA | WSO2*
> *Mobile : **+94 77 <+94%2077%20767%201807> 55 30752*
> *LinkedIn: **https://www.linkedin.com/in/isuru-uyanage/
> *
>
>
>
>


 --
 Nilasini Thirunavukkarasu
 Software Engineer - WSO2

 Email : nilas...@wso2.com
 Mobile : +94775241823 <+94%2077%20524%201823>
 Web : http://wso2.com/


 

>>>
>>>
>>>
>>> --
>>> Nilasini Thirunavukkarasu
>>> Software Engineer - WSO2
>>>
>>> Email : nilas...@wso2.com
>>> Mobile : +94775241823 <+94%2077%20524%201823>
>>> Web : http://wso2.com/
>>>
>>>
>>> 
>>>
>>
>>
>


-- 
Sherene Mahanama
Technical Writer

WSO2 (pvt.) Ltd.
Colombo, Sri Lanka
Mobile: (+94) 777 <%28%2B94%29%20773131798>
*994805*
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Login to Identity Server using another Identity Server - OAuth2

2017-12-15 Thread Shavindri Dissanayake 
Ack for docs! We will look into this. There were a few doc JIRAs created
over the week for this scenario (OAuth and SAML2 both).

Thanks & Regards
Shavindri Dissanayake
Senior Technical Writer

WSO2 Inc.
lean.enterprise.middleware

On Fri, Dec 15, 2017 at 3:03 PM, Isuru Uyanage  wrote:

> Hi Nilasini/Hasanthi,
> Thank you for the clarification.
>
>
> Thanks,
> Isuru
>
> *Thanks and Best Regards,*
>
> *Isuru Uyanage*
> *Software Engineer - QA | WSO2*
> *Mobile : **+94 77 <+94%2077%20767%201807> 55 30752*
> *LinkedIn: **https://www.linkedin.com/in/isuru-uyanage/
> *
>
>
>
>
> On Fri, Dec 15, 2017 at 2:26 PM, Nilasini Thirunavukkarasu <
> nilas...@wso2.com> wrote:
>
>> Created a documentation jira[1] to track this.
>>
>>
>> [1] https://wso2.org/jira/browse/DOCUMENTATION-7409
>>
>> On Fri, Dec 15, 2017 at 2:07 PM, Nilasini Thirunavukkarasu <
>> nilas...@wso2.com> wrote:
>>
>>> Hi Isuru,
>>>
>>> Actual steps must be.
>>>
>>> 1) create a sp(sp name:-sample)  in second one(9444)
>>> 2) create a sp(spname:- playground) in the first one(9443)
>>> 3) create an IDP in the first one(9443) by giving the second one(9444)
>>> authorization endpoint and etc as mentioned in the doc. Also fill the
>>> client_id & secret from the second one's(9444) SP you got by the step 1.
>>>
>>>
>>> Documentation is only mention about one service provider. We need to
>>> correct it. I will create a doc jira for that
>>>
>>>
>>> Thanks,
>>> Nila.
>>>
>>>
>>> On Fri, Dec 15, 2017 at 1:23 PM, Isuru Uyanage  wrote:
>>>
 Hi All,

 I'm trying to login to Identity Server using another Identity Server. I
 followed doc[1].
 It has been asked to follow the below steps.

- Configure an IDP(Idp9443) in Identity Server1.
- Configure an SP(SP9444) in Identity Server2.
- In the second Identity Server, in Service Provider Configuration,
select Idp9443, which is created in first IS, as the federated
authenticator in Local and Outbound Authentication Configuration.


 My question is it only displays the IDPs created in its own Identity
 Server in Service Provider/Outbound Authentication Configuration. We
 created the IDP in IS1. How is it going to be displayed in Federated
 Authenticators in IS2?

 It would be highly appreciated if these steps can be verified and
 specify if I have missed any configuration step here.

 [1]- https://docs.wso2.com/display/IS540/Login+to+Identity+S
 erver+using+another+Identity+Server+-+OAuth2



 *Thanks and Best Regards,*

 *Isuru Uyanage*
 *Software Engineer - QA | WSO2*
 *Mobile : **+94 77 <+94%2077%20767%201807> 55 30752*
 *LinkedIn: **https://www.linkedin.com/in/isuru-uyanage/
 *




>>>
>>>
>>> --
>>> Nilasini Thirunavukkarasu
>>> Software Engineer - WSO2
>>>
>>> Email : nilas...@wso2.com
>>> Mobile : +94775241823 <+94%2077%20524%201823>
>>> Web : http://wso2.com/
>>>
>>>
>>> 
>>>
>>
>>
>>
>> --
>> Nilasini Thirunavukkarasu
>> Software Engineer - WSO2
>>
>> Email : nilas...@wso2.com
>> Mobile : +94775241823 <+94%2077%20524%201823>
>> Web : http://wso2.com/
>>
>>
>> 
>>
>
>
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Login to Identity Server using another Identity Server - OAuth2

2017-12-15 Thread Isuru Uyanage 
Hi Nilasini/Hasanthi,
Thank you for the clarification.


Thanks,
Isuru

*Thanks and Best Regards,*

*Isuru Uyanage*
*Software Engineer - QA | WSO2*
*Mobile : **+94 77 <+94%2077%20767%201807> 55 30752*
*LinkedIn: **https://www.linkedin.com/in/isuru-uyanage/
*




On Fri, Dec 15, 2017 at 2:26 PM, Nilasini Thirunavukkarasu <
nilas...@wso2.com> wrote:

> Created a documentation jira[1] to track this.
>
>
> [1] https://wso2.org/jira/browse/DOCUMENTATION-7409
>
> On Fri, Dec 15, 2017 at 2:07 PM, Nilasini Thirunavukkarasu <
> nilas...@wso2.com> wrote:
>
>> Hi Isuru,
>>
>> Actual steps must be.
>>
>> 1) create a sp(sp name:-sample)  in second one(9444)
>> 2) create a sp(spname:- playground) in the first one(9443)
>> 3) create an IDP in the first one(9443) by giving the second one(9444)
>> authorization endpoint and etc as mentioned in the doc. Also fill the
>> client_id & secret from the second one's(9444) SP you got by the step 1.
>>
>>
>> Documentation is only mention about one service provider. We need to
>> correct it. I will create a doc jira for that
>>
>>
>> Thanks,
>> Nila.
>>
>>
>> On Fri, Dec 15, 2017 at 1:23 PM, Isuru Uyanage  wrote:
>>
>>> Hi All,
>>>
>>> I'm trying to login to Identity Server using another Identity Server. I
>>> followed doc[1].
>>> It has been asked to follow the below steps.
>>>
>>>- Configure an IDP(Idp9443) in Identity Server1.
>>>- Configure an SP(SP9444) in Identity Server2.
>>>- In the second Identity Server, in Service Provider Configuration,
>>>select Idp9443, which is created in first IS, as the federated
>>>authenticator in Local and Outbound Authentication Configuration.
>>>
>>>
>>> My question is it only displays the IDPs created in its own Identity
>>> Server in Service Provider/Outbound Authentication Configuration. We
>>> created the IDP in IS1. How is it going to be displayed in Federated
>>> Authenticators in IS2?
>>>
>>> It would be highly appreciated if these steps can be verified and
>>> specify if I have missed any configuration step here.
>>>
>>> [1]- https://docs.wso2.com/display/IS540/Login+to+Identity+S
>>> erver+using+another+Identity+Server+-+OAuth2
>>>
>>>
>>>
>>> *Thanks and Best Regards,*
>>>
>>> *Isuru Uyanage*
>>> *Software Engineer - QA | WSO2*
>>> *Mobile : **+94 77 <+94%2077%20767%201807> 55 30752*
>>> *LinkedIn: **https://www.linkedin.com/in/isuru-uyanage/
>>> *
>>>
>>>
>>>
>>>
>>
>>
>> --
>> Nilasini Thirunavukkarasu
>> Software Engineer - WSO2
>>
>> Email : nilas...@wso2.com
>> Mobile : +94775241823 <+94%2077%20524%201823>
>> Web : http://wso2.com/
>>
>>
>> 
>>
>
>
>
> --
> Nilasini Thirunavukkarasu
> Software Engineer - WSO2
>
> Email : nilas...@wso2.com
> Mobile : +94775241823 <+94%2077%20524%201823>
> Web : http://wso2.com/
>
>
> 
>
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Login to Identity Server using another Identity Server - OAuth2

2017-12-15 Thread Nilasini Thirunavukkarasu 
Created a documentation jira[1] to track this.


[1] https://wso2.org/jira/browse/DOCUMENTATION-7409

On Fri, Dec 15, 2017 at 2:07 PM, Nilasini Thirunavukkarasu <
nilas...@wso2.com> wrote:

> Hi Isuru,
>
> Actual steps must be.
>
> 1) create a sp(sp name:-sample)  in second one(9444)
> 2) create a sp(spname:- playground) in the first one(9443)
> 3) create an IDP in the first one(9443) by giving the second one(9444)
> authorization endpoint and etc as mentioned in the doc. Also fill the
> client_id & secret from the second one's(9444) SP you got by the step 1.
>
>
> Documentation is only mention about one service provider. We need to
> correct it. I will create a doc jira for that
>
>
> Thanks,
> Nila.
>
>
> On Fri, Dec 15, 2017 at 1:23 PM, Isuru Uyanage  wrote:
>
>> Hi All,
>>
>> I'm trying to login to Identity Server using another Identity Server. I
>> followed doc[1].
>> It has been asked to follow the below steps.
>>
>>- Configure an IDP(Idp9443) in Identity Server1.
>>- Configure an SP(SP9444) in Identity Server2.
>>- In the second Identity Server, in Service Provider Configuration,
>>select Idp9443, which is created in first IS, as the federated
>>authenticator in Local and Outbound Authentication Configuration.
>>
>>
>> My question is it only displays the IDPs created in its own Identity
>> Server in Service Provider/Outbound Authentication Configuration. We
>> created the IDP in IS1. How is it going to be displayed in Federated
>> Authenticators in IS2?
>>
>> It would be highly appreciated if these steps can be verified and specify
>> if I have missed any configuration step here.
>>
>> [1]- https://docs.wso2.com/display/IS540/Login+to+Identity+
>> Server+using+another+Identity+Server+-+OAuth2
>>
>>
>>
>> *Thanks and Best Regards,*
>>
>> *Isuru Uyanage*
>> *Software Engineer - QA | WSO2*
>> *Mobile : **+94 77 <+94%2077%20767%201807> 55 30752*
>> *LinkedIn: **https://www.linkedin.com/in/isuru-uyanage/
>> *
>>
>>
>>
>>
>
>
> --
> Nilasini Thirunavukkarasu
> Software Engineer - WSO2
>
> Email : nilas...@wso2.com
> Mobile : +94775241823 <+94%2077%20524%201823>
> Web : http://wso2.com/
>
>
> 
>



-- 
Nilasini Thirunavukkarasu
Software Engineer - WSO2

Email : nilas...@wso2.com
Mobile : +94775241823
Web : http://wso2.com/



___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [IS] [OAuth] Cannot be generated an authorization code using an active access token for "OAuthRequestPathAuthenticator"

2017-12-15 Thread Kavitha Subramaniyam 
Ack. I will check the auth flow then.

 Btw is the approach you are trying (send consent as a query param)
documented anywhere?
No, it is not documented, but I was just gave a try with consent query
param.

Thanks,


On Fri, Dec 15, 2017 at 12:30 PM, Farasath Ahamed 
wrote:

>
>
> On Friday, December 15, 2017, Kavitha Subramaniyam 
> wrote:
>
>> Hi Farasath,
>>
>> Yes, it is working [1] with skipping the consent, Thanks!
>>  I hope this is a workaround and it needs to be fixed [2]?
>>
>
> This is not a workaround. Infact its the expected behaviour. If it is not
> documented we need to do so. RequestPath authentication will only skip the
> login page and not the consent page.
>
>
>>  BTW I don't understand why the authentication not accepted the consent
>> value which sent in authorize request as I tried on above reply. Please
>> advice on this.
>>
>
> Can you check how this works in a normal authentiction flow?
>
> I mean when you click on Approve in the consent screen AFAIR we post a
> reply with the sessionDataKey.
>
> Btw is the approach you are trying (send consent as a query param)
> documented anywhere?
>
>
>>
>> [1]
>> < Location: https://curl-app/callback?code=e07765b9-d27f-30d8-b63d-63fe6
>> e131fb6&session_state=a52d2de9ca4a6702b532c91df1356d9f02f048
>> db88f641ae5f80531ab2e35c04.J9WOprGoq9RVx2VYXR5-1Q
>>
>> [2] [https://wso2.org/jira/browse/IDENTITY-7154]
>>
>> On Fri, Dec 15, 2017 at 11:55 AM, Kavitha Subramaniyam 
>> wrote:
>>
>>> Hi Farasath,
>>> Ok I will try with skipping consent and let you know the result.
>>> Between I have tried requesting the code with appending the consent
>>> value (consent=approve) in the request and it was given same response as
>>> above. Any idea why the same behaviour?
>>>
>>> Thanks,
>>>
>>> On Fri, Dec 15, 2017 at 11:30 AM, Farasath Ahamed 
>>> wrote:
>>>
 Please ignore my previous reply.

 This look like the consent screen (the 302 you got in the response)
 which requires user interaction to either approve or deny. Can you try
 skipping consent using identity.xml configuration[1] and retry the 
 scenario?

 [1] https://docs.wso2.com/plugins/servlet/mobile?contentId=6
 0493981#content/view/60493981
 (Refer last Note)

 On Friday, December 15, 2017, Kavitha Subramaniyam 
 wrote:

> Hi all,
>
> I have tried "oauth-bearer" Request path authentication scenario. In
> case I need to generate an authorization code using an active access token
> which should be recieved from the response.
> Steps I followed are as per doc [1]:
>
>- Register a SP
>- Configure OAuth/ OIDC with enbling password/code/refresh grant
>types
>- Configure "OAuthRequestPathAuthenticator" in local and outbound
>authenticator section
>- Generate access token using password type => recieved a valid
>token
>- Request for code using above token => Expected behaviour is to
>recieve auth code in the response "Location" header. But I didn't see 
> the
>code in the response  as per [2]
>
> Raised a jira for this in [3]. Appreciate any insight on this please.
>
> [1] https://docs.wso2.com/display/IS540/OAuth+Request+Path+Authe
> nticator
> [3] https://wso2.org/jira/browse/IDENTITY-7154
> [2]
>
> > POST /oauth2/authorize HTTP/1.1
> > Host: localhost:9444
> > User-Agent: curl/7.43.0
> > Accept: */*
> > Authorization: Bearer 86c1f0ab-831e-3ae1-9a82-93a55a49bcdb
> > Content-Type: application/x-www-form-urlencoded;charset=UTF-8
> > Content-Length: 109
> >
> * upload completely sent off: 109 out of 109 bytes
> < HTTP/1.1 302 Found
> < X-Frame-Options: DENY
> < X-Content-Type-Options: nosniff
> < X-XSS-Protection: 1; mode=block
> < Set-Cookie: commonAuthId=f8ace6c7-da84-4d0f-b3c6-4ae6ca40ac64; Path=/; 
> Secure; HttpOnly
> < Date: Tue, 12 Dec 2017 12:48:31 GMT
> < Location: 
> https://localhost:9444/authenticationendpoint/oauth2_consent.do?loggedInUser=admin&application=NewOauthSP&scope=openid&sessionDataKeyConsent=fd18c0f9-0151-420a-8389-49b955705722&spQueryParams=<
>  Content-Length: 0
> < Server: WSO2 Carbon Server
>
>
>
> Thanks,
>
> --
> Kavitha.S
> *Software Engineer -QA*
> email : kavi...@wso2.com
> Mobile : +94 (0) 771538811 <%2B94%20%280%29%20773%20451194>
>
>

 --
 Farasath Ahamed
 Senior Software Engineer, WSO2 Inc.; http://wso2.com
 Mobile: +94777603866
 Blog: blog.farazath.com
 Twitter: @farazath619 
 





>>>
>>>
>>> --
>>> Kavitha.S
>>> *Software Engineer -QA*
>>> email : kavi...@wso2.com
>>> Mobile : +94 (0) 771538811 <%2B94%20%280%29%20773%20451194>
>>>
>>>
>>
>>
>> --
>> Kavitha.S
>> *Software Engineer -QA*
>> email : kavi...@wso2.com
>> Mobile : +94 (0) 771538

Re: [Dev] Login to Identity Server using another Identity Server - OAuth2

2017-12-15 Thread Nilasini Thirunavukkarasu 
Hi Isuru,

Actual steps must be.

1) create a sp(sp name:-sample)  in second one(9444)
2) create a sp(spname:- playground) in the first one(9443)
3) create an IDP in the first one(9443) by giving the second one(9444)
authorization endpoint and etc as mentioned in the doc. Also fill the
client_id & secret from the second one's(9444) SP you got by the step 1.


Documentation is only mention about one service provider. We need to
correct it. I will create a doc jira for that


Thanks,
Nila.


On Fri, Dec 15, 2017 at 1:23 PM, Isuru Uyanage  wrote:

> Hi All,
>
> I'm trying to login to Identity Server using another Identity Server. I
> followed doc[1].
> It has been asked to follow the below steps.
>
>- Configure an IDP(Idp9443) in Identity Server1.
>- Configure an SP(SP9444) in Identity Server2.
>- In the second Identity Server, in Service Provider Configuration,
>select Idp9443, which is created in first IS, as the federated
>authenticator in Local and Outbound Authentication Configuration.
>
>
> My question is it only displays the IDPs created in its own Identity
> Server in Service Provider/Outbound Authentication Configuration. We
> created the IDP in IS1. How is it going to be displayed in Federated
> Authenticators in IS2?
>
> It would be highly appreciated if these steps can be verified and specify
> if I have missed any configuration step here.
>
> [1]- https://docs.wso2.com/display/IS540/Login+to+
> Identity+Server+using+another+Identity+Server+-+OAuth2
>
>
>
> *Thanks and Best Regards,*
>
> *Isuru Uyanage*
> *Software Engineer - QA | WSO2*
> *Mobile : **+94 77 <+94%2077%20767%201807> 55 30752*
> *LinkedIn: **https://www.linkedin.com/in/isuru-uyanage/
> *
>
>
>
>


-- 
Nilasini Thirunavukkarasu
Software Engineer - WSO2

Email : nilas...@wso2.com
Mobile : +94775241823
Web : http://wso2.com/



___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Login to Identity Server using another Identity Server - OAuth2

2017-12-15 Thread Hasanthi Purnima Dissanayake 
Hi Isuru,

What you need to do is as follows,

1. Create an OIDC SP in the second IS instance.
2. Create an IDP in the first IS instance
3. Add an authenticator for the above configured IDP by configuring
'Oauth2/Openid connect configuration' in the 'Federated Authenticators'
section.
(Take the client_id , client_secret from the sp of the first IS instance
and use it as client id and secret when configuring the federated
authenticator)
4. Configure a SP in the first IS (May be Playground sample or travelocity
sample based on the requirement)
5. Configure previously created IDP for the SP in the first IS instance.

When you trying to logging to the SP of the first IS instance you will get
the login page of second IS.

Thanks,

On Fri, Dec 15, 2017 at 1:23 PM, Isuru Uyanage  wrote:

> Hi All,
>
> I'm trying to login to Identity Server using another Identity Server. I
> followed doc[1].
> It has been asked to follow the below steps.
>
>- Configure an IDP(Idp9443) in Identity Server1.
>- Configure an SP(SP9444) in Identity Server2.
>- In the second Identity Server, in Service Provider Configuration,
>select Idp9443, which is created in first IS, as the federated
>authenticator in Local and Outbound Authentication Configuration.
>
>
> My question is it only displays the IDPs created in its own Identity
> Server in Service Provider/Outbound Authentication Configuration. We
> created the IDP in IS1. How is it going to be displayed in Federated
> Authenticators in IS2?
>
> It would be highly appreciated if these steps can be verified and specify
> if I have missed any configuration step here.
>
> [1]- https://docs.wso2.com/display/IS540/Login+to+
> Identity+Server+using+another+Identity+Server+-+OAuth2
>
>
>
> *Thanks and Best Regards,*
>
> *Isuru Uyanage*
> *Software Engineer - QA | WSO2*
> *Mobile : **+94 77 <+94%2077%20767%201807> 55 30752*
> *LinkedIn: **https://www.linkedin.com/in/isuru-uyanage/
> *
>
>
>
>


-- 

Hasanthi Dissanayake

Senior Software Engineer | WSO2

E: hasan...@wso2.com
M :0718407133| http://wso2.com 
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev