Shenavi's Blog

User provisioning and attribute profile mapping with Moodle and WSO2 Identity Server  This is the continuation of how to configure SAML2 Web SSO with WSO2 Identity Server and Moodle. I will guide you on how the attribute mappings and user provisioning can be done using WSO2 Identity Server and Moodle. In order to do this we need to make sure that the attributes on the WSO2 Identity Server maps with the corresponding attributes in Moodle. This plugin provides the capability to auto provision users in Moodle. If a new user who is not registered in Moodle but is registered in the WSO2 Identity Server needs to be created in Moodle we can make use of these mappings. Let's get started on the configurations. First let's carry out the configs on the moodle end. 1) Same way as we did in the post [1]. Navigate to the Moodle's authentication plugins section and select the Settings of the OneLogin SAML SSO Authentication plugin. 2) Check the following two options.

Introduction Moodle is a learning platform designed to provide educators, administrators and learners with a single robust, secure and integrated system to create personalized learning environments.[1]. This is commonly used in the education sector and there might be occurrences where it would require to use SAML to login to Moodle instead of the default basic authentication. For this we would need to have an Identity Provider capable of issuing such SAML tokens and Moodle configured to accept the tokens in order to do the authentication I will be discussing this in two parts. Part I - How to configure moodle for SSO with WSO2 Identity Server Part II - How to carry our user provisioning and attribute profile mapping with Moodle and WSO2 Identity Server Let's see how this can be achieved using a SAML authentication plugin provided by one login. Prerequisite  You need to have a working version of Moodle installed. If you want to try this tutorial from scratch you can

By default the SAML response of the WSO2 Identity Server will contain the tenant domain in the response. See the below response block which containts the tenant domain appended to the NAMEID element. <saml2:NameIDFormat ="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"> admin@carbon.super </saml2:NameID> If you want to get rid of the tenant domain being appended you can follow one of the below methods to accomplish this Method 1 - Disabling this option from the management console. Log into the management console of the Identity Server Expand your service provider configuration and select the 'Local & Outbound Authentication Configuration' option Untick the option 'Use tenant domain in local subject identifier'               Now the tenant domain would not be displayed in your SAML response. Method 2 - Setting this value for the file based Service Provider configurations Given that you have configured the serv

In most service chaining and API invocations we might come across situations where we will require to remove the initial request URI from the request. If we take for an example the following scenario. 1. We need to obtain some parameters from the users of our API. Therefore we define a resource as below which takes the name and age What we really need to do is get the name of the student and return the exam grades information. For that we need to invoke a URL in the following format. http://www.mocky.io/v2/59a3e86f130000b013ce056d /getGrades/{query.param.name} But with the request URI already been defined in step (1) the request which will be sent is the one below http://www.mocky.io/v2/59a3e86f130000b013ce056d /getGrades/{query.param.name}?name=Jessie&age=20 Since the backend does not identity a request with such trailing parameters it will fail. How can we get rid of the trailing query parameters from the request (1)?? It's pretty simple. We have a property

In my previous posi i explained how to call an endpoint using the call mediator. Usually when errors are thrown from the call mediator we can handle them using a custom sequence. When call mediators fails the execution stops hence handling errors is very essential. For this post I will be modifying the same sequence which i created in the blog post [1] The change which we need to do is we need to modify the sequence definition to map with the error sequence as shown below. You can find the modified sequence here . <sequence xmlns="http://ws.apache.org/ns/synapse" name="countrySequenceWithError" onError="countryErrorSequence"> <property name="uri.var.countryCode" expression="$url:countryCode"/> <property name="REST_URL_POSTFIX" scope="axis2" action="remove"/>     <call blocking="true">         <endpoint>             <http method="get" uri-temp

Introduction In the real world we require to create use cases where we need to invoke more than one endpoint to get the response we need for the API. We may require to get the response from one endpoint and manipulate that response and send it to another. In order to demonstrate this sample let's consider the following flow. We need to design an API which returns details about a country when a country code is entered by a user. One limitation we have is the endpoint which returns the country details expects a country name to be passed. Therefore to accomplish this task we need an intermediate service which gives us the country for the given country code (Service A). After we get the country name then we can pass it to our actual backend service. (Service B) Flow of events.  User needs to input a country code  We need to pass that entered value to the service A which returns the corresponding name of the country back to us. This is the format it will return. {"country

Self Registration is an important feature when in comes to commercial applications. This feature allows the users the priviledge of being a part of your community without you having to go through the hassle of adding them. Mentioning ihis Identity Server also allows the capability to restrict or revise the approvals before granting access but we will be discussing that in a seperate post. This post will guide you on how you can enable the Self Registration feature using the self registration REST APIs at a global level for the WSO2 Identity Server 5.3.0. You can try the Rest service through Identity Server login page (https://localhost:9443/dashboard) There are two ways in which you can enable the feature. 1. Enable it at a global level across the whole platform. 2. Enable it per tenant basis. Let's discuss how to enable it a global level across the whole platform.. Pre requisite  Extracted WSO2 Identity Server 5.3.0. Let's name this as <WSO2_IS_HOME>

In this post i will be explaining how we can transform a SOAP based backend to receive requests in a restful manner through the WSO2 API Cloud. Steps. First log into the WSO2 Cloud and navigate to the API Cloud. In the API cloud select the option to add a new API. We will be creating an API to demonstrate an invocation to the backend soap service ws.cdyne.com/phoneverify/phoneverify.asmx?wsdl Give a name, context and version to the API and add a resource name with a GET Method. The resource name can be anything which you like since we will invoke the actual service usiing a custom sequence. Mention the URI template as indicated in the below screenshot. Next go to the implement tab. And select the endpoint type as HTTP/SOAP Endpoint and specify the endpoint as http://ws.cdyne.com/phoneverify/phoneverify.asmx. There is an important step we need to do here. We need to set the SOAP version for this request. In order to do that we need to select the advanced option for the e

WSO2 Identity server provides the capability to recover user accounts with the help of security questions. This feature is important when we forget the password and need some evidence that the actual user who had forgotton the password is indeed the right owner of the account. There are three such ways in which we can set these challenge questions for the users. You can read more details about each of these methods in this documentation. From the  UserIdentityManagementAdminService  SOAP API By manually creating registry resources for questions From Identity Server Management Console In this blog I will be guiding you through how to use the  UserIdentityManagementAdminService SOAP API to set the challenge questions. But we will be doing this with a slight twist. We are going to set these questions using an API created in the WSO2 ESB with the help of some custom sequences.  For the setting of the challenge questions using the admin service this is the soap message wh