We are testing out WSO2's identity server. The features list shows that it supports OAuth 2, but I cannot seem to find any config options in the admin to determine the use of oAuth2. When I register my application, the registration information seems to suggest its oAuth 1. Can anyone confirm whether version 3.2.3 support oauth 2?
No. The current version does not support OAuth 2. It is coming in the next version.
I think WSO2 identity server version 4.0.0 onward this Oauth 2.0 is supported. Go to the IS home -> Service provider -> inbound Authentication Configuration ->
OAuth/OpenID Connect Configuration
and click Configure.
refer this link oauth 2.0 with WSO2 identity server for latest version.
Related
We are looking into implementing authentication using the OIDC protocol on a web application deployed on WebLogic Server 14.1.
According to one comment here "Weblogic's OIDC functionality is available only from Weblogic Version 12.xx.".
However, I only find SAML support, OIDC integration seems to require to use Oracle Access Manager (OAM).
I'd prefer not to require a separate product, so I would appreciate any feedback about your experiences doing OAuth integration with WebLogic with or without OAM.
References: OAM 11.1 FAQ
We have a ADFS server farm running version 3.0. Right now, we have it enabled to authenticate 3rd party vendor applications. We are planning to leverage this existing server farm to generate a JWT token for it to be consumed by our in-house custom applications. Does anyone know the steps to be followed for generating a JWT token which returns all the AD groups associated with the user?
Configuration - Windows Server 2012 R2, ADFS 3.0.
Can use either OAuth or SAML.
Please help.
This link should help.
Note that you should really use OpenID Connect for authentication but that's not available on ADFS 3.0. Also the user case for ADFS 3.0 OAuth is web API not application.
Configuration: We are using Identity Server 3 with a Web API 2 application, a mobile phone application and an upstream identity server.
Problem: The upstream identity server supports OAuth2 but not OIDC.
Question 1: Does Identity Server 3 support OAuth2 without OIDC to the upstream identity server?
Question 2: Do I need additional configuration to make OAuth2 work without OIDC?
Just to give a bit of understanding about OAuth2 and OIDC:
OIDC is extension of OAuth2. OAuth 2 isn’t about authentication. It’s all about authorization. https://www.rfc-editor.org/rfc/rfc6749 OIDC is a simple layer on top of the OAuth 2 protocol that deals with the end user. http://openid.net/specs/openid-connect-core-1_0.html
I’m not exactly sure about your implementation detail but Identity Server 3 supports OAuth2 as well as OIDC and it all depends how the client is setup (flow) and what the client asks in terms of a “ResponseType” as part of a token request to Identity Server 3.
I know this may not be an answer to your 2 questions but I think you need to think of the interaction between the Client (mobile phone application), Identity Server 3, and the Upstream Identity Server. If the Upstream Identity Server does not support OIDC then it does not care about authentication of the end user and therefore I would think that it only requires some sort of clientId/clientsecret that could be passed as part of the request to get a token? Machine to machine (Client Credential Flow). So maybe your mobile phone application calls the Upstream Identity Server in a different fashion then it does Identity Server 3? Hope this helped a bit. Cheers
I looked at mule-oauth2.xsd and found only client credentials and authorization grant type elements. However, looking at the oauth2-provider:config it can be configured as supportedGrantTypes="RESOURCE_OWNER_PASSWORD_CREDENTIALS". If it does support resource owner password credentials, how can I configure an oauth2-client to retrieve a token? I am looking at retrieving a token from the OAuth2 provider using the oauth2:client. Here is an example of what I'm referring to, however, I want to achieve this for password.
<http:request-config name="requestConfigWithOAuth">
<oauth2:client-credentials-grant-type
clientId="${client.id}"
clientSecret="${client.secret}"
tokenManager-ref="tokenManagerConfig">
<oauth2:token-request tokenUrl="${token.url}"/>
</oauth2:client-credentials-grant-type>
</http:request-config>
#Breen-
yes Mule provides Password Grant type. I recently configured for my APIs. In API management console, when you generate a client application , it provides an option for different grant types to select which is out of the box from MULE. you do not have to do any set up for this. It is through API management console on Anypoint platform.
Let me know if any question.
MuleSoft supports the following authentication in Mule 3.8 client apps:
Basic Authentication
NTLM Authentication
Digest Authentication
OAuth2 - Authorization Code
OAuth2 - Client Credentials
See the docs.
These are the settings I have behind my twitter App,
And these are the settings I've tried in Amazon IAM,
Which I'm assuming doesn't work because twitter is providing oauth login only, not full OpenID Connect compatible options. Is there any way I can get twitter as one of the login options, or build some sort of middle server, or similar, to be able to make this work?
You are correct, this is because Twitter only supports OAuth 2.0 delegated access to the Twitter APIs for 3rd party clients. Twitter does not support an OAuth 2.0 based signin mechanism (like OpenID Connect), their current signin mechanism is based on OAuth 1.0, see: https://dev.twitter.com/web/sign-in/implementing and https://dev.twitter.com/rest/reference/get/account/verify_credentials
You could indeed build a middle server to bridge standard OpenID Connect to Twitter's OAuth 1.0 signin mechanism. I am not aware of the existence of such a bridge as an open source product. There are commercial products that can do this.