wso2is - Recommendation for integrating WSO2 API Manager, Identity Server and Shibboleth -

-

what current, recommended way setup wso2 api manager use sso against shibboleth idp?

our organization has existing sso infrastructure built around shibboleth’s idp integrate our api manager installation. ideal use case:

  • user navigates api manager store.
  • user redirected shibboleth idp login page.
  • if 1 doesn’t exist, api manager account created , assigned subscriber role.
  • user returned api manager , logged in. “signed-in-as:” renders reasonable user name (i.e. not guid).

i’m aware there included saml2 authenticator component api manager limited in features, not handle encrypted assertions, using specific attributes username/display name , automatic user creation.

i understand write custom authenticator, rather avoid creating code base needs maintained , doesn’t have community support. if simpler solution cannot determined do.

what investigating delegating user management api manager wso2 identity server. delegate authentication shibboleth , auto provision users before returning am. seems address of issues mentioned above.

  1. firstly, appropriate strategy? if so, how recommended , configured?
  2. should , both point same jdbc database or should point is’s ldap server?
  3. regarding authenticator pointed is, should use saml or oauth, or there better/simpler one?

shibboleth idp v2.4 – saml2 attribute push preferred.
wso2 api manager v1.6.0
wso2 identity server v5.0.0

here's results of research, interested:

1) appropriate strategy. new features in 5.0 release of identity server centered around scenario. , 1.7 release of includes features facility setup. i've heard developers intend push integration further in next few releases.

2) of 1.6 there bug made required share same primary jdbc user store. of 1.7 should more open.
there not seem preference people @ wso2 between ldap , jdbc (except default h2 db not designed production environments), if choosing between installing db or open ldap this, ldap server seems more suited choice.

3) it's best use saml communicating between 2 when goal present user un/pw screen. when goal login pre-issued tokens oauth. api manager , use both protocols behind scenes, answer particular question seems saml. in future wso2 plans expand "trusted idp" feature of products, streamline process (and use saml behind scenes).


Comments

Post a Comment

Popular posts from this blog

c++ - OpenCV Error: Assertion failed <scn == 3 ::scn == 4> in unknown function, -

-
i read alot other solution still confused should mine... #include <opencv2/objdetect/objdetect.hpp> #include <opencv2/highgui/highgui.hpp> #include <opencv2/imgproc/imgproc.hpp> #include <iostream> #include <stdio.h> using namespace std; using namespace cv; int main(int argc, const char** argv) { //create cascade classifier object used face detection cascadeclassifier face_cascade; //use haarcascade_frontalface_alt.xml library face_cascade.load("haarcascade_frontalface_alt.xml"); //setup video capture device , link first capture device videocapture capturedevice; capturedevice.open(0); //setup image files used in capture process mat captureframe; mat grayscaleframe; //create window present results namedwindow("outputcapture", 1); //create loop capture , find faces while (true) { //capture new image frame capturedevice >> captureframe; ...
Read more

php - render data via PDO::FETCH_FUNC vs loop -

-
i've been using 2 methods render data. the first one: function name($id,$name){ return '<div id="'.$id.'">'.$name.'</div>'; } echo implode($pdo->query("select id,name user")->fetchall(pdo::fetch_func,'name')); the second one: $users = $pdo->query("select id,name user")->fetchall(pdo::fetch_obj); foreach($users $user){ echo name($user->id,$user->name); } i don't understand how pdo::fetch_func works. tried figure out. however, not well-documented. could please explain fetch mode? , also, 1 performs better? thank you. both methods wrong , have learn how use templates , how separate business logic presentation logic. $users = $pdo->query("select id,name user")->fetchall(pdo::fetch_obj); tpl::assign('users', $users); is code business logic part. then in template <?php foreach $users $row): ?> <div id="<?=$...
Read more

The canvas has been tainted by cross-origin data in chrome only -

-
uncaught securityerror: failed execute 'getimagedata' on 'canvasrenderingcontext2d': canvas has been tainted cross-origin data i getting above error in chrome. code(following) works fine in mozilla. have not corss domain issue. why above error in chrome? var wheel_canvas, wheel_context, can_w, can_h, wheel_grd; var large_radius = 160; var small_radius = 120; var wheel_canvas = document.getelementbyid('wheel_canvas'); var wheel_context = wheel_canvas.getcontext('2d'); var can_w = $(wheel_canvas).width(); var can_h = $(wheel_canvas).height(); var centerx = can_w / 2, centery = can_h / 2; var wheel_grd = null; test('#ff0000'); function test(hex) { $('#clrpicker').css({'left': 210, 'top': 210 }); inverted = hexbw(hex); $('#color_val_show').val(hex); current_color_hex_val_selected = hex; $('#color_val_show').css({'color':inverted,'background':hex}); fillgradient...
Read more