Friday, November 20, 2015

WSO2 Identity Server - How to add new attributes to the XACML Policy Editor

Hi All,

This is a very quick tutorial on how to add new attribute to the XACML policy editor.

1) I have a newly introduced  claim as special name and I need to add this to the XACML policy editor

2) Go to Policy Administration -> Add new entitlement policy and you can see all the policy editors

3) Click 'here' link on the Standard Policy Editor description



4) First you need to add SpecialName as an <attributeId> as follows :-


5) Then add the arrtibute description under <attributeIds>


6) Once you update you can see this new attribute in the relevant areas of the policy editor as follows :-


Cheers..!!

Tuesday, November 17, 2015

How to apply security policies with WSO2 ESB 4.9.0

Hi All,

Here is a quick tutorial on how to create a secured service in WSO2 ESB 4.9.0. As QoS is removed from the admin console, now you will have to use WSO2 Developer Studio to apply the relevant security policies for the proxy services.

1) Download WSO2 ESB 4.9.0 and WSO2 Developer Studio 3.8.0
2) Extract these into folders
3) First we need to create a policy using the developer studio
Please refer following URL on creating a new policy - here we can use UsernamToken Policy
policy https://docs.wso2.com/display/DVS380/Applying+Security+for+a+Service#ApplyingSecurityforaService-Creatingthesecuritypolicy

4) Then you need to create the proxy service - for this first create an ESB Config Project from the Developer Studio Dashboard - then right click on the project name and add a proxy service

5) For this scenario lets create a simple Pass through proxy- lets use StockQuote Sample as the sample endpoint

Please follow the following link on how to startup the sample services https://docs.wso2.com/display/ESB490/Setting+Up+the+ESB+Samples#SettingUptheESBSamples-StartingtheAxis2server

6) After creating the proxy , you need to add the previously created security policy to the proxy service

Please refer the following guide on how to do that  https://docs.wso2.com/display/DVS380/Applying+Security+for+a+Service#ApplyingSecurityforaService-Applyingsecurityforaproxyservice

7) After creating both proxy service and the policy , you need to deploy this into the ESB. For this purpose lets create a composite application First

8) Go to the Developer studio dashboard and Click on Composite Application Project - there give a name to the project and select both the proxy service project and the policy project you have created and click on Finish

9) Now right click on the created composite application project and click on Export Composite Application Project

10) Now startup the ESB server and Login - then go to Carbon Applications from the right side menu and upload the car file by clicking on Add

11) After the successful deployment of the .car file when you go to list the proxy services you can see the created Proxy Service with Security Applied


12) Click on Try this Service and the following window will be opened


Note :- please enter the username and password and select the https endpoint as shown above and invoke the service with a parameter ex:- IBM

You will get the relevant response :)

Cheers...!!

Friday, November 13, 2015

WSO2 Identity Server - Quick tutorial on how to invoke Authentication admin Login via SOAPUI

1. Download WSO2 Identity Server latest version (in this blog I have used 5.0.0)
2. Extract the .zip file and go to  <PRODUCT_HOME>/repository/conf/carbon.xml file.
3. Change <HideAdminServiceWSDLs> element to false 
4. Start the Identity Server by running the wso2server.bat (in windows environment .sh in linux) file in the bin folder
5.You can access the Authentication admin wsdl by typing the following into the browser url https://localhost:9443/services/AuthenticationAdmin?wsdl
6. Please refer this url for how to list all the admin services offered by WSO2 IS 
https://docs.wso2.com/display/IS500/Calling+Admin+Services
7. Now copy the wsdl url and create a new project in SOAPUI

8. Then double click on the login request and fill in the parameters for the login request as below

9. Once you invoke it you can see the response as true of false in the SOAPUI and also on the console of Identity Server as 

[2015-11-13 16:53:21,451]  INFO {org.wso2.carbon.core.services.util.CarbonAuthenticationUtil} -  'hasini@carbon.super [-1234]' logged in at [2015-11-13 16:53:21,451+



cheers...!!!

Tuesday, March 31, 2015

OAuth2 Playground app with WSO2 Identity Server 5.0.0

This is basically a how to reference post ...:)

1) Download the playground app from here and build using maven

2) Get the .war app and deploy on tomcat server
3) Download the  WSO2 Identity Server.

Now we need to configure the Playground app in the IS.


4) Go do add new service provider

5) Give a name = playground (example)
6) Register the application
7) Now you would be able to see a long list of options for a service provider, and if you expand the inbound authentication tab, you could see the OAuth configuration



8)  Click on configure, and add the relevant configuration and save


callback url :- http://localhost:8080/playground2/oauth2client

select needed oauth grant types , oauth version 2.0




9) This will generate a key and a secret for the application, this can be used to invoke the authorization / token end points on the server (displayed after generation)


10) once done, save the application configs


11) start tomcat server and goto http://localhost:8080/playground2


12) click on import photos , then you can select the relevant grant type and fill in the details as you go in the steps, basically the information needed are at the IS service provider application side (secret, key, urls etc)

13) According to the relevant grant type, you can interact with the oauth handshake relevant to the grant type, after getting the access token , you can import the photos :)

References :-

[1] https://docs.wso2.com/display/IS450/OAuth+2.0+Playground+with+WSO2+Identity+Server

Listen to this awesome webinar for OAuth :-

[2] http://wso2.com/library/webinars/2012/08/oauth-2-the-path-to-heaven-from-hell/

Following is a very useful rescource link :-

[3] https://aaronparecki.com/articles/2012/07/29/1/oauth2-simplified