Pushpalanka's Blog

With this post I am to share the steps of a popular solution using WSO2 Identity Server and WSO2 API Manager. Following diagram will give an initial insight on this solution. Overview 1.  Webapp that requires single sign on(SSO) facility with some other applications.                  - To achieve this we are using WSO2 Identity Server(IS) as the Identity Provider(IDP).  2.  Webapp needs to consume some APIs secured with OAuth tokens.                  - To expose the APIs secured with OAuth tokens we are using WSO2 API Manager(AM) here.                 - Since we already have the SAML Response received at SSO step, SAML2 Bearer grant type is ideal to use at this scenario to request an OAuth token to access the required APIs.                 - Allowing AM to properly issue an OAuth token in this scenario, we add IS as a trusted IDP in AM. 3.  Webapp requires to allow users registered in another IDP like Facebook or Google to be able to login with SSO functiona

This is the 3rd post I am writing to explain the use of extension points in WSO2 Identity Server. WSO2 Identity Server has so many such extension points which are easily configurable and arm the server with lot of flexibility. With this, we can support so many domain specific requirements with minimum efforts. Firstly I have shared the usage and steps of writing a custom user store manager .  Secondly a custom claim handler which is also related with SAML SSO Response.  Now this third post deals with writing a custom SAML SSO Assertion signer. What we can customize? Credentials used to sign the SAML Assertion (The private key) Signing Algorithm This sample can be extended to customize how we sign the SAML Response and validate the signature as well. How? We have to write a class extending  The class 'org.wso2.carbon.identity.sso.saml.builders.signature.DefaultSSOSigner' or Implementing, The interface 'org.wso2.carbon.identity.sso.saml.bu

Overview The latest release of WSO2 Identity Server (version 5.0.0), is armed with an "application authentication framework" which provides lot of flexibility in authenticating users from various service providers who are using heterogeneous protocols. It has several extension points, which can be used to cater several customized requirements commonly found in enterprise systems. With this post, I am going to share the details on making use of one such extension point. Functionality to be Extended When SAML Single Sign On is used in enterprise systems it is through the SAML Response that the relying party get to know whether the user is authenticated or not. At this point relying party is not aware of other attributes of the authenticated user which it may need for business and authorization purposes. To provide these attribute details for the relying party, SAML specification has allowed to send attributes as well in the SAML Response. WSO2 Identity Server supports

The first Webinar conducting experience for me happened on July 02nd 2014, with opportunity given  by WSO2 Lanka (pvt) Ltd, where I am currently employed. As always that was a great opportunity given by the company to me. The Webinar was done to highlight the capabilities introduced with WSO2 IS 5.0.0, the First Enterprise Identity Bus, which is 100% free and open source. This Webinar, in detail discuss and demonstrate the power and value it adds when these capabilities of federation are leveraged in combination with WSO2 API Manager.  Following are the slides used at the Webinar.  The session went under following outline and you can watch the full recording of the session at WSO2 library, ' Leveraging federation capabilities of Identity Server for API gateway '. Configuring WSO2 Identity Server as the OAuth2 key manager of the API Manager Identity federation capability of Identity Server 5.0 How to connect existing IAM solution with API Manager thr

Digital signing is a widely used mechanism to make digital contents authentic. By producing a digital signature for some content, we can let another party capable of validating that content. It can provide a guarantee that, is not altered after we signed it, with this validation. With this sample I am to share how to generate the a signature for SOAP envelope. But of course this is valid for any other content signing as well. Here, I will sign The SOAP envelope itself An attachment  Place the signature inside SOAP header  With the placement of signature inside the SOAP header which is also signed by the signature, this becomes a demonstration of enveloped signature. I am using Apache Santuario library for signing. Following is the code segment I used. I have shared the complete sample here to to be downloaded . public static void main(String unused[]) throws Exception {         String keystoreType = "JKS";         String keystoreFile = "src/main/resour

WSO2 DSS wraps Data Services Layer and provides us with a simple GUI to define a Data Service with zero Java code. With this, a change to the data source is just a simple click away and no other party needs to be aware of this. With this sample demonstration, we will see how to do a batch insert to a table. Batch insert is useful when you want to insert data in sequential manner. This also means that if at least one of the insertion query fails all the other queries ran so far in the batch will be rolled back as well. If one insertion in the batch fails means whole batch is failed. This can be used if you are running the same query to insert data many times. With batch insert all the data will be sent in one call. So this reduce the number calls you have to call, to get the data inserted.  This comes with one condition that, The query should not be producing results back. (We will only be notified whether the query was successful or not.) Prerequisites:  WSO2 Data

In this post I am to share my experience and understandings using WSO2 API Manager(API-M) for a very common and useful scenario in the industry.  In brief following is the flow. An API is exposed for app developers to be used under the control of API Manager (which adds access control for the API). Then app developers make their apps consuming those APIs. After development and testing is completed they make it available for end users at App store. The end users can then get registered in the store and use the apps with own credentials. The app will provide the desired services calling the APIs it has subscribed to. The above scenario is well demonstrated in WSO2 API-M with the pizza shack example explained in the documentation at [1]. For clarity I will be including the steps in brief. For detailed steps we can refer documentation at [1].  API Developer Role We deploy the back-end services related to 'pizza ordering' in WSO2-Application server o

In most of the business services sometimes there comes requirements to send notifications to users or administrators via email. For example : Confirming a user registration Password reset via emails Following code segments can be used to send these emails using Google SMTP server. Here I am sharing two ways to do it.  Using javax.mail.jar directly Using Apache commons email jar which wraps javax.mail  Using javax.mail try { Properties props = new Properties(); props.put("mail.smtp.host", "smtp.gmail.com"); props.put("mail.smtp.auth", "true"); props.put("mail.debug", "false"); props.put("mail.smtp.ssl.enable", "true"); Session session = Session.getInstance(props, new EmailAuth()); Message msg = new MimeMessage(session); InternetAddress from = new InternetAddress("sendersEmailAddress&quo