I'm using WSO2 Products, IS and API Gateway.
My use case is : I have a ReadOnly LDAP User Store that have some attributes such name, surname, email etc.. Obviously in LDAP Read Only i can't add new user's property, for example I would like to add a attribute (claime) with name "Profile". I found some documentation but i don't understand how to do this. (https://docs.wso2.com/display/IS510/Writing+a+Custom+User+Store+Manage).
If I understand well, I have to create a new User Store (such MYSQL DB) where i can mapping the LDAP's users and i can also add custom attribute.
This is the right way to do it?
And another question is : If the consideration above is right, How can I do provisioning of the 2 User Store ?
One way to do it without any code is as follows.
Create a new claim in WSO2 according to your preference, e.g. "Profile".
Map this claim to an existing unused attribute of your ReadOnly LDAP.
e.g. Map profile to FAX or Street Addres etc.
Modify configuration of your service provider and send this new claim in authentication response to your service provider.
Now you can update this LDAP attribute with whatever value you want and Service Provider will receive this as claim named as "profile".
Related
Currently, trying to use WSO2 Identity Server to authenticate users from a mysql user store that I created with my own schema. However, whenever I add this user store as a secondary one in WSO2, the users do not appear on the management console.
And when I attempt to authenticate a user from that store I get the error message:
[2019-05-24 10:01:15,951] ERROR{org.wso2.carbon.identity.auth.service.handler.impl.BasicAuthenticationHandler}
- Error occurred while trying to authenticate,
Error when handling event : PRE_AUTHENTICATION
The user stores of the WSO2 servers need to have the specific schema (the schema script located in the dbscripts folder). You need to import users using this from your existing schema or scim2 endpoints to programmably import users
I you cannot migrate user store to wso2 schema as senthalan explained then you have two options to plug custom schema.
Change SQL queries from Advanced option of secondary user store configuration
Writing custom user store manager by extending necessary functions like doAuthenticate, doAddUser [1]
Error when handling event : PRE_AUTHENTICATION basically coming from below listener
org.wso2.carbon.identity.governance.listener.IdentityMgtEventListener in identity.xml while handling pre authenticate event. You can even disable it.
[1]https://github.com/GayanM/custom-user-store
I have a user authenticated against LDAP using CAS. I now have the UID. Is it possible to use CAS to also query an oracle database using the UID to get other user attributes stored from oracle?
I've tried to use SingleRowJdbcPersonAttributeDao class in my bean but I can't get any attributes to release from it ... I'm not even sure if the query is being executed.
Yes. authentication in CAS is different from attribute retrieval. You can authenticate via one source, and get attributes from another. Authentication is handled via authN handlers, and attribute retrieval is handled via attribute repositories.
Once you have retrieved attributes, you need to configure your service definition to release those attributes. You need to define an attribute policy that authorizes the release of all or select attributes.
See http://jasig.github.io/cas/4.1.x/integration/Attribute-Release.html
I'm building a REST back end based on spring and i'm using spring security to secure the requests. But i'm lookin for an issue to login by sending parameters in json rather than defaults parameters sent by the default login page of spring security.
I'm working with spring security 4.0.1 and spring 4.1
Any issue please?
If you're using just username and password, you can simply add a new filter to the stack, akin to the existing UsernamePasswordAuthenticationFilter, that would react to a specific URL only (just like the default one reacts to j_spring_security_check only), parse the JSON and create the very same UsernamePasswordAuthenticationToken that the default filter creates. This leaves the auth provider the same as the token didn't change.
If you need more fields in addition to username and password, either create a new token type (or use existing one if it makes sense) and a new auth provider that can deal with that token type. You can also just cram extra fields into UsernamePasswordAuthenticationToken using setDetails(), but this is a bit hacky.
I am implementing a web app where users enter their personal information to store them onto a database, in this case MongoDB. This acts much like an address book. These services are implemented using a REST API (I am using Spring framework), where clients can call GET requests to view other people's personal information, POST to add their own information, and PUT to update. The Administrator of the DB can use DELETE To remove users.
I have implemented all the CRUD operations for the services on the server side. But I have one question:
When a client calls GET for a particular user to see his information, the request is returned as a JSON string, where the password field is visible. I do not want the client to see the password, obviously.
Now, I tried adding #JsonIgnoreProperties({"password"}) at the top of my model class on the server side. Although this works and the client cannot see the password, The password is also not even stored on the MongoDB database with this implementation. Because when I call db.users.find().pretty(), to list all the documents in the collection, I do not see the "password" field for any of the users.
I need some way for the password to be stored on the DB, but unable to be viewed by the client.
Here is one of the GET methods which finds a user by his username:
/* Get user by username */
#RequestMapping(method=RequestMethod.GET, value="/getByUsername")
public #ResponseBody User getUserByUsername(#RequestParam("username") String username) {
return repo.findByUsername(username);
}
The Model class is just a class with a bunch of String variables, and getters and setters.
Thanks
You can use the retrievedFields method available in Morphia.
getDs().createQuery(className)
.field("username").equal(username)
.retrievedFields(false, "password")
.get();
I could not find detailed documentation about Entity Service and Service Path, this is best i could find is this section in the Orion User Manual
I would like to retrieve a "Fiware-ServicePath" for a specific Entity_ID but NGSI10 does not provide that information using queryContext.
Is there a way of retrieving this information ?
My process is described here, everything is working except the the Get ServicePath using EntityID part:
A gateway is pushing data into Orion and i would like to make to "update or insert procedure":
Get ServicePath using EntityID
IF exists: update it
If not exists: updatecontext with ServicePath '/NewItems'
As a workaround, I would add the ServicePath into some metadata...
You can add Fiware-ServicePath: /NewItems to the query request in order to check if the entity is in that service path or not. You can also add a comma-separated list, e.g. Fiware-ServicePath: /NewItems1, /NewItems2.
This approach would work except if the entity can be in any service path (even diffent to the "/NewItems" that is going to be use to create entity failing the existence checking) and you don't know them in advance.
In that case, the workaround by the moment is as you say, to store the service path associated to the entity, although my recomendation is to use an entity attribute for that, not a metadata (note that in NGSI metadata are associated to attributes, not entity themselves).