Login to Identity Server using another Identity Server - OAuth2

classic Classic list List threaded Threaded
11 messages Options
Reply | Threaded
Open this post in threaded view
|

Login to Identity Server using another Identity Server - OAuth2

Isuru Uyanage
Hi All, 

I'm trying to login to Identity Server using another Identity Server. I followed doc[1]. 
It has been asked to follow the below steps. 
  • Configure an IDP(Idp9443) in Identity Server1. 
  • Configure an SP(SP9444) in Identity Server2.  
  • In the second Identity Server, in Service Provider Configuration, select Idp9443, which is created in first IS, as the federated authenticator in Local and Outbound Authentication Configuration.

My question is it only displays the IDPs created in its own Identity Server in Service Provider/Outbound Authentication Configuration. We created the IDP in IS1. How is it going to be displayed in Federated Authenticators in IS2?

It would be highly appreciated if these steps can be verified and specify if I have missed any configuration step here. 




Thanks and Best Regards,

Isuru Uyanage
Software Engineer - QA | WSO2
Mobile : <a href="tel:+94%2077%20767%201807" value="+94777671807" style="color:rgb(17,85,204)" target="_blank">+94 77 55 30752




_______________________________________________
Dev mailing list
[hidden email]
http://wso2.org/cgi-bin/mailman/listinfo/dev
Reply | Threaded
Open this post in threaded view
|

Re: Login to Identity Server using another Identity Server - OAuth2

Hasanthi Purnima Dissanayake
Hi Isuru,

What you need to do is as follows,

1. Create an OIDC SP in the second IS instance.
2. Create an IDP in the first IS instance
3. Add an authenticator for the above configured IDP by configuring 'Oauth2/Openid connect configuration' in the 'Federated Authenticators' section.
(Take the client_id , client_secret from the sp of the first IS instance and use it as client id and secret when configuring the federated authenticator)
4. Configure a SP in the first IS (May be Playground sample or travelocity sample based on the requirement)
5. Configure previously created IDP for the SP in the first IS instance.

When you trying to logging to the SP of the first IS instance you will get the login page of second IS. 

Thanks,

On Fri, Dec 15, 2017 at 1:23 PM, Isuru Uyanage <[hidden email]> wrote:
Hi All, 

I'm trying to login to Identity Server using another Identity Server. I followed doc[1]. 
It has been asked to follow the below steps. 
  • Configure an IDP(Idp9443) in Identity Server1. 
  • Configure an SP(SP9444) in Identity Server2.  
  • In the second Identity Server, in Service Provider Configuration, select Idp9443, which is created in first IS, as the federated authenticator in Local and Outbound Authentication Configuration.

My question is it only displays the IDPs created in its own Identity Server in Service Provider/Outbound Authentication Configuration. We created the IDP in IS1. How is it going to be displayed in Federated Authenticators in IS2?

It would be highly appreciated if these steps can be verified and specify if I have missed any configuration step here. 




Thanks and Best Regards,

Isuru Uyanage
Software Engineer - QA | WSO2
Mobile : <a href="tel:+94%2077%20767%201807" value="+94777671807" style="color:rgb(17,85,204)" target="_blank">+94 77 55 30752






--

Hasanthi Dissanayake

Senior Software Engineer | WSO2

E: [hidden email]

M :0718407133| http://wso2.com

_______________________________________________
Dev mailing list
[hidden email]
http://wso2.org/cgi-bin/mailman/listinfo/dev
Reply | Threaded
Open this post in threaded view
|

Re: Login to Identity Server using another Identity Server - OAuth2

Nilasini Thirunavukkarasu
In reply to this post by Isuru Uyanage
Hi Isuru,

Actual steps must be.

1) create a sp(sp name:-sample)  in second one(9444)
2) create a sp(spname:- playground) in the first one(9443)
3) create an IDP in the first one(9443) by giving the second one(9444) authorization endpoint and etc as mentioned in the doc. Also fill the client_id & secret from the second one's(9444) SP you got by the step 1.


Documentation is only mention about one service provider. We need to correct it. I will create a doc jira for that


Thanks,
Nila.


On Fri, Dec 15, 2017 at 1:23 PM, Isuru Uyanage <[hidden email]> wrote:
Hi All, 

I'm trying to login to Identity Server using another Identity Server. I followed doc[1]. 
It has been asked to follow the below steps. 
  • Configure an IDP(Idp9443) in Identity Server1. 
  • Configure an SP(SP9444) in Identity Server2.  
  • In the second Identity Server, in Service Provider Configuration, select Idp9443, which is created in first IS, as the federated authenticator in Local and Outbound Authentication Configuration.

My question is it only displays the IDPs created in its own Identity Server in Service Provider/Outbound Authentication Configuration. We created the IDP in IS1. How is it going to be displayed in Federated Authenticators in IS2?

It would be highly appreciated if these steps can be verified and specify if I have missed any configuration step here. 




Thanks and Best Regards,

Isuru Uyanage
Software Engineer - QA | WSO2
Mobile : <a href="tel:+94%2077%20767%201807" value="+94777671807" style="color:rgb(17,85,204)" target="_blank">+94 77 55 30752






--
Nilasini Thirunavukkarasu
Software Engineer - WSO2

Email : [hidden email]
Mobile : +94775241823
Web : http://wso2.com/




_______________________________________________
Dev mailing list
[hidden email]
http://wso2.org/cgi-bin/mailman/listinfo/dev
Reply | Threaded
Open this post in threaded view
|

Re: Login to Identity Server using another Identity Server - OAuth2

Nilasini Thirunavukkarasu
Created a documentation jira[1] to track this.



On Fri, Dec 15, 2017 at 2:07 PM, Nilasini Thirunavukkarasu <[hidden email]> wrote:
Hi Isuru,

Actual steps must be.

1) create a sp(sp name:-sample)  in second one(9444)
2) create a sp(spname:- playground) in the first one(9443)
3) create an IDP in the first one(9443) by giving the second one(9444) authorization endpoint and etc as mentioned in the doc. Also fill the client_id & secret from the second one's(9444) SP you got by the step 1.


Documentation is only mention about one service provider. We need to correct it. I will create a doc jira for that


Thanks,
Nila.


On Fri, Dec 15, 2017 at 1:23 PM, Isuru Uyanage <[hidden email]> wrote:
Hi All, 

I'm trying to login to Identity Server using another Identity Server. I followed doc[1]. 
It has been asked to follow the below steps. 
  • Configure an IDP(Idp9443) in Identity Server1. 
  • Configure an SP(SP9444) in Identity Server2.  
  • In the second Identity Server, in Service Provider Configuration, select Idp9443, which is created in first IS, as the federated authenticator in Local and Outbound Authentication Configuration.

My question is it only displays the IDPs created in its own Identity Server in Service Provider/Outbound Authentication Configuration. We created the IDP in IS1. How is it going to be displayed in Federated Authenticators in IS2?

It would be highly appreciated if these steps can be verified and specify if I have missed any configuration step here. 




Thanks and Best Regards,

Isuru Uyanage
Software Engineer - QA | WSO2
Mobile : <a href="tel:+94%2077%20767%201807" value="+94777671807" style="color:rgb(17,85,204)" target="_blank">+94 77 55 30752






--
Nilasini Thirunavukkarasu
Software Engineer - WSO2

Email : [hidden email]
Mobile : <a href="tel:+94%2077%20524%201823" value="+94775241823" target="_blank">+94775241823
Web : http://wso2.com/






--
Nilasini Thirunavukkarasu
Software Engineer - WSO2

Email : [hidden email]
Mobile : +94775241823
Web : http://wso2.com/




_______________________________________________
Dev mailing list
[hidden email]
http://wso2.org/cgi-bin/mailman/listinfo/dev
Reply | Threaded
Open this post in threaded view
|

Re: Login to Identity Server using another Identity Server - OAuth2

Isuru Uyanage
Hi Nilasini/Hasanthi, 
Thank you for the clarification. 


Thanks,
Isuru

Thanks and Best Regards,

Isuru Uyanage
Software Engineer - QA | WSO2
Mobile : <a href="tel:+94%2077%20767%201807" value="+94777671807" style="color:rgb(17,85,204)" target="_blank">+94 77 55 30752




On Fri, Dec 15, 2017 at 2:26 PM, Nilasini Thirunavukkarasu <[hidden email]> wrote:
Created a documentation jira[1] to track this.



On Fri, Dec 15, 2017 at 2:07 PM, Nilasini Thirunavukkarasu <[hidden email]> wrote:
Hi Isuru,

Actual steps must be.

1) create a sp(sp name:-sample)  in second one(9444)
2) create a sp(spname:- playground) in the first one(9443)
3) create an IDP in the first one(9443) by giving the second one(9444) authorization endpoint and etc as mentioned in the doc. Also fill the client_id & secret from the second one's(9444) SP you got by the step 1.


Documentation is only mention about one service provider. We need to correct it. I will create a doc jira for that


Thanks,
Nila.


On Fri, Dec 15, 2017 at 1:23 PM, Isuru Uyanage <[hidden email]> wrote:
Hi All, 

I'm trying to login to Identity Server using another Identity Server. I followed doc[1]. 
It has been asked to follow the below steps. 
  • Configure an IDP(Idp9443) in Identity Server1. 
  • Configure an SP(SP9444) in Identity Server2.  
  • In the second Identity Server, in Service Provider Configuration, select Idp9443, which is created in first IS, as the federated authenticator in Local and Outbound Authentication Configuration.

My question is it only displays the IDPs created in its own Identity Server in Service Provider/Outbound Authentication Configuration. We created the IDP in IS1. How is it going to be displayed in Federated Authenticators in IS2?

It would be highly appreciated if these steps can be verified and specify if I have missed any configuration step here. 




Thanks and Best Regards,

Isuru Uyanage
Software Engineer - QA | WSO2
Mobile : <a href="tel:+94%2077%20767%201807" value="+94777671807" style="color:rgb(17,85,204)" target="_blank">+94 77 55 30752






--
Nilasini Thirunavukkarasu
Software Engineer - WSO2

Email : [hidden email]
Mobile : <a href="tel:+94%2077%20524%201823" value="+94775241823" target="_blank">+94775241823
Web : http://wso2.com/






--
Nilasini Thirunavukkarasu
Software Engineer - WSO2

Email : [hidden email]
Mobile : <a href="tel:+94%2077%20524%201823" value="+94775241823" target="_blank">+94775241823
Web : http://wso2.com/





_______________________________________________
Dev mailing list
[hidden email]
http://wso2.org/cgi-bin/mailman/listinfo/dev
Reply | Threaded
Open this post in threaded view
|

Re: Login to Identity Server using another Identity Server - OAuth2

Shavindri Dissanayake
Ack for docs! We will look into this. There were a few doc JIRAs created over the week for this scenario (OAuth and SAML2 both). 

Thanks & Regards
Shavindri Dissanayake
Senior Technical Writer

WSO2 Inc.
lean.enterprise.middleware

On Fri, Dec 15, 2017 at 3:03 PM, Isuru Uyanage <[hidden email]> wrote:
Hi Nilasini/Hasanthi, 
Thank you for the clarification. 


Thanks,
Isuru

Thanks and Best Regards,

Isuru Uyanage
Software Engineer - QA | WSO2
Mobile : <a href="tel:+94%2077%20767%201807" value="+94777671807" style="color:rgb(17,85,204)" target="_blank">+94 77 55 30752




On Fri, Dec 15, 2017 at 2:26 PM, Nilasini Thirunavukkarasu <[hidden email]> wrote:
Created a documentation jira[1] to track this.



On Fri, Dec 15, 2017 at 2:07 PM, Nilasini Thirunavukkarasu <[hidden email]> wrote:
Hi Isuru,

Actual steps must be.

1) create a sp(sp name:-sample)  in second one(9444)
2) create a sp(spname:- playground) in the first one(9443)
3) create an IDP in the first one(9443) by giving the second one(9444) authorization endpoint and etc as mentioned in the doc. Also fill the client_id & secret from the second one's(9444) SP you got by the step 1.


Documentation is only mention about one service provider. We need to correct it. I will create a doc jira for that


Thanks,
Nila.


On Fri, Dec 15, 2017 at 1:23 PM, Isuru Uyanage <[hidden email]> wrote:
Hi All, 

I'm trying to login to Identity Server using another Identity Server. I followed doc[1]. 
It has been asked to follow the below steps. 
  • Configure an IDP(Idp9443) in Identity Server1. 
  • Configure an SP(SP9444) in Identity Server2.  
  • In the second Identity Server, in Service Provider Configuration, select Idp9443, which is created in first IS, as the federated authenticator in Local and Outbound Authentication Configuration.

My question is it only displays the IDPs created in its own Identity Server in Service Provider/Outbound Authentication Configuration. We created the IDP in IS1. How is it going to be displayed in Federated Authenticators in IS2?

It would be highly appreciated if these steps can be verified and specify if I have missed any configuration step here. 




Thanks and Best Regards,

Isuru Uyanage
Software Engineer - QA | WSO2
Mobile : <a href="tel:+94%2077%20767%201807" value="+94777671807" style="color:rgb(17,85,204)" target="_blank">+94 77 55 30752






--
Nilasini Thirunavukkarasu
Software Engineer - WSO2

Email : [hidden email]
Mobile : <a href="tel:+94%2077%20524%201823" value="+94775241823" target="_blank">+94775241823
Web : http://wso2.com/






--
Nilasini Thirunavukkarasu
Software Engineer - WSO2

Email : [hidden email]
Mobile : <a href="tel:+94%2077%20524%201823" value="+94775241823" target="_blank">+94775241823
Web : http://wso2.com/






_______________________________________________
Dev mailing list
[hidden email]
http://wso2.org/cgi-bin/mailman/listinfo/dev
Reply | Threaded
Open this post in threaded view
|

Re: Login to Identity Server using another Identity Server - OAuth2

Sherene Mahanama
Hi Nilasini/Isuru

AFAIU, the doc jira states that we have to create an SP in each instance of IS and that the doc bug is that we have missed mentioning the SP created in IS1 (playground sample).

In doc [1], we have said to create an SP for IS2 (9444) in step 2 and in step 5 we have said to set up the playground sample in IS1 (9443). To set up the playground sample, we have pointed to this doc [2] which instructs the user to create an SP. So if the user follows the steps, he/she will end up creating an SP in each instance. 

However, I guess this can be made a bit more clearer in the doc. Will look into that. 
 

Thanks,
Sherene

On Fri, Dec 15, 2017 at 3:14 PM, Shavindri Dissanayake <[hidden email]> wrote:
Ack for docs! We will look into this. There were a few doc JIRAs created over the week for this scenario (OAuth and SAML2 both). 

Thanks & Regards
Shavindri Dissanayake
Senior Technical Writer

WSO2 Inc.
lean.enterprise.middleware

On Fri, Dec 15, 2017 at 3:03 PM, Isuru Uyanage <[hidden email]> wrote:
Hi Nilasini/Hasanthi, 
Thank you for the clarification. 


Thanks,
Isuru

Thanks and Best Regards,

Isuru Uyanage
Software Engineer - QA | WSO2
Mobile : <a href="tel:+94%2077%20767%201807" value="+94777671807" style="color:rgb(17,85,204)" target="_blank">+94 77 55 30752




On Fri, Dec 15, 2017 at 2:26 PM, Nilasini Thirunavukkarasu <[hidden email]> wrote:
Created a documentation jira[1] to track this.



On Fri, Dec 15, 2017 at 2:07 PM, Nilasini Thirunavukkarasu <[hidden email]> wrote:
Hi Isuru,

Actual steps must be.

1) create a sp(sp name:-sample)  in second one(9444)
2) create a sp(spname:- playground) in the first one(9443)
3) create an IDP in the first one(9443) by giving the second one(9444) authorization endpoint and etc as mentioned in the doc. Also fill the client_id & secret from the second one's(9444) SP you got by the step 1.


Documentation is only mention about one service provider. We need to correct it. I will create a doc jira for that


Thanks,
Nila.


On Fri, Dec 15, 2017 at 1:23 PM, Isuru Uyanage <[hidden email]> wrote:
Hi All, 

I'm trying to login to Identity Server using another Identity Server. I followed doc[1]. 
It has been asked to follow the below steps. 
  • Configure an IDP(Idp9443) in Identity Server1. 
  • Configure an SP(SP9444) in Identity Server2.  
  • In the second Identity Server, in Service Provider Configuration, select Idp9443, which is created in first IS, as the federated authenticator in Local and Outbound Authentication Configuration.

My question is it only displays the IDPs created in its own Identity Server in Service Provider/Outbound Authentication Configuration. We created the IDP in IS1. How is it going to be displayed in Federated Authenticators in IS2?

It would be highly appreciated if these steps can be verified and specify if I have missed any configuration step here. 




Thanks and Best Regards,

Isuru Uyanage
Software Engineer - QA | WSO2
Mobile : <a href="tel:+94%2077%20767%201807" value="+94777671807" style="color:rgb(17,85,204)" target="_blank">+94 77 55 30752






--
Nilasini Thirunavukkarasu
Software Engineer - WSO2

Email : [hidden email]
Mobile : <a href="tel:+94%2077%20524%201823" value="+94775241823" target="_blank">+94775241823
Web : http://wso2.com/






--
Nilasini Thirunavukkarasu
Software Engineer - WSO2

Email : [hidden email]
Mobile : <a href="tel:+94%2077%20524%201823" value="+94775241823" target="_blank">+94775241823
Web : http://wso2.com/








--
Sherene Mahanama
Technical Writer

WSO2 (pvt.) Ltd.
Colombo, Sri Lanka
Mobile: <a href="tel:%28%2B94%29%20773131798" value="+94773131798" style="font-family:Arial,Helvetica,Verdana,monospace,san-serif;font-size:x-small;background-color:rgb(230,230,230);color:rgb(17,85,204)" target="_blank">(+94) 777994805

_______________________________________________
Dev mailing list
[hidden email]
http://wso2.org/cgi-bin/mailman/listinfo/dev
Reply | Threaded
Open this post in threaded view
|

Re: Login to Identity Server using another Identity Server - OAuth2

Farasath Ahamed


On Friday, December 15, 2017, Sherene Mahanama <[hidden email]> wrote:
Hi Nilasini/Isuru

AFAIU, the doc jira states that we have to create an SP in each instance of IS and that the doc bug is that we have missed mentioning the SP created in IS1 (playground sample).

In doc [1], we have said to create an SP for IS2 (9444) in step 2 and in step 5 we have said to set up the playground sample in IS1 (9443). To set up the playground sample, we have pointed to this doc [2] which instructs the user to create an SP. So if the user follows the steps, he/she will end up creating an SP in each instance. 

However, I guess this can be made a bit more clearer in the doc. Will look into that. 

Adding a small diagram would make things much clear IMO 🙂 

On Fri, Dec 15, 2017 at 3:14 PM, Shavindri Dissanayake <[hidden email]> wrote:
Ack for docs! We will look into this. There were a few doc JIRAs created over the week for this scenario (OAuth and SAML2 both). 

Thanks & Regards
Shavindri Dissanayake
Senior Technical Writer

WSO2 Inc.
lean.enterprise.middleware

On Fri, Dec 15, 2017 at 3:03 PM, Isuru Uyanage <[hidden email]> wrote:
Hi Nilasini/Hasanthi, 
Thank you for the clarification. 


Thanks,
Isuru

Thanks and Best Regards,

Isuru Uyanage
Software Engineer - QA | WSO2
Mobile : <a href="tel:+94%2077%20767%201807" value="+94777671807" style="color:rgb(17,85,204)" target="_blank">+94 77 55 30752




On Fri, Dec 15, 2017 at 2:26 PM, Nilasini Thirunavukkarasu <[hidden email]> wrote:
Created a documentation jira[1] to track this.



On Fri, Dec 15, 2017 at 2:07 PM, Nilasini Thirunavukkarasu <[hidden email]> wrote:
Hi Isuru,

Actual steps must be.

1) create a sp(sp name:-sample)  in second one(9444)
2) create a sp(spname:- playground) in the first one(9443)
3) create an IDP in the first one(9443) by giving the second one(9444) authorization endpoint and etc as mentioned in the doc. Also fill the client_id & secret from the second one's(9444) SP you got by the step 1.


Documentation is only mention about one service provider. We need to correct it. I will create a doc jira for that


Thanks,
Nila.


On Fri, Dec 15, 2017 at 1:23 PM, Isuru Uyanage <[hidden email]> wrote:
Hi All, 

I'm trying to login to Identity Server using another Identity Server. I followed doc[1]. 
It has been asked to follow the below steps. 
  • Configure an IDP(Idp9443) in Identity Server1. 
  • Configure an SP(SP9444) in Identity Server2.  
  • In the second Identity Server, in Service Provider Configuration, select Idp9443, which is created in first IS, as the federated authenticator in Local and Outbound Authentication Configuration.

My question is it only displays the IDPs created in its own Identity Server in Service Provider/Outbound Authentication Configuration. We created the IDP in IS1. How is it going to be displayed in Federated Authenticators in IS2?

It would be highly appreciated if these steps can be verified and specify if I have missed any configuration step here. 




Thanks and Best Regards,

Isuru Uyanage
Software Engineer - QA | WSO2
Mobile : <a href="tel:+94%2077%20767%201807" value="+94777671807" style="color:rgb(17,85,204)" target="_blank">+94 77 55 30752






--
Nilasini Thirunavukkarasu
Software Engineer - WSO2

Email : [hidden email]
Mobile : <a href="tel:+94%2077%20524%201823" value="+94775241823" target="_blank">+94775241823
Web : http://wso2.com/






--
Nilasini Thirunavukkarasu
Software Engineer - WSO2

Email : [hidden email]
Mobile : <a href="tel:+94%2077%20524%201823" value="+94775241823" target="_blank">+94775241823
Web : http://wso2.com/








--
Sherene Mahanama
Technical Writer

WSO2 (pvt.) Ltd.
Colombo, Sri Lanka
Mobile: <a href="tel:%28%2B94%29%20773131798" value="+94773131798" style="font-family:Arial,Helvetica,Verdana,monospace,san-serif;font-size:x-small;background-color:rgb(230,230,230);color:rgb(17,85,204)" target="_blank">(+94) 777994805


--
Farasath Ahamed
Senior Software Engineer, WSO2 Inc.; http://wso2.com
Mobile: <a href="tel:%2B94777603866" value="+94713149860" style="font-size:12.8px;color:rgb(17,85,204)" target="_blank">+94777603866
Twitter: @farazath619






_______________________________________________
Dev mailing list
[hidden email]
http://wso2.org/cgi-bin/mailman/listinfo/dev
Reply | Threaded
Open this post in threaded view
|

Re: Login to Identity Server using another Identity Server - OAuth2

Nilasini Thirunavukkarasu
In reply to this post by Sherene Mahanama
Hi Sherene,

On Fri, Dec 15, 2017 at 4:29 PM, Sherene Mahanama <[hidden email]> wrote:
Hi Nilasini/Isuru

AFAIU, the doc jira states that we have to create an SP in each instance of IS and that the doc bug is that we have missed mentioning the SP created in IS1 (playground sample).

In doc [1], we have said to create an SP for IS2 (9444) in step 2 and in step 5 we have said to set up the playground sample in IS1 (9443). To set up the playground sample, we have pointed to this doc [2] which instructs the user to create an SP. So if the user follows the steps, he/she will end up creating an SP in each instance. 

But in that case,  before telling to create a service provider in step 5 we have mentioned to configure federated identity provider for the service provider in step(4). Ideally the IS which have playground is the one must be configured with an IDP. Also in step 4 we have mentioned to edit the service provider which created for first IS but we didn't create a service provider in first IS until that step. I will include these details in the jira itself. 

However, I guess this can be made a bit more clearer in the doc. Will look into that. 
Thanks Sherene. 

On Fri, Dec 15, 2017 at 3:14 PM, Shavindri Dissanayake <[hidden email]> wrote:
Ack for docs! We will look into this. There were a few doc JIRAs created over the week for this scenario (OAuth and SAML2 both). 

Thanks & Regards
Shavindri Dissanayake
Senior Technical Writer

WSO2 Inc.
lean.enterprise.middleware

On Fri, Dec 15, 2017 at 3:03 PM, Isuru Uyanage <[hidden email]> wrote:
Hi Nilasini/Hasanthi, 
Thank you for the clarification. 


Thanks,
Isuru

Thanks and Best Regards,

Isuru Uyanage
Software Engineer - QA | WSO2
Mobile : <a href="tel:+94%2077%20767%201807" value="+94777671807" style="color:rgb(17,85,204)" target="_blank">+94 77 55 30752




On Fri, Dec 15, 2017 at 2:26 PM, Nilasini Thirunavukkarasu <[hidden email]> wrote:
Created a documentation jira[1] to track this.



On Fri, Dec 15, 2017 at 2:07 PM, Nilasini Thirunavukkarasu <[hidden email]> wrote:
Hi Isuru,

Actual steps must be.

1) create a sp(sp name:-sample)  in second one(9444)
2) create a sp(spname:- playground) in the first one(9443)
3) create an IDP in the first one(9443) by giving the second one(9444) authorization endpoint and etc as mentioned in the doc. Also fill the client_id & secret from the second one's(9444) SP you got by the step 1.


Documentation is only mention about one service provider. We need to correct it. I will create a doc jira for that


Thanks,
Nila.


On Fri, Dec 15, 2017 at 1:23 PM, Isuru Uyanage <[hidden email]> wrote:
Hi All, 

I'm trying to login to Identity Server using another Identity Server. I followed doc[1]. 
It has been asked to follow the below steps. 
  • Configure an IDP(Idp9443) in Identity Server1. 
  • Configure an SP(SP9444) in Identity Server2.  
  • In the second Identity Server, in Service Provider Configuration, select Idp9443, which is created in first IS, as the federated authenticator in Local and Outbound Authentication Configuration.

My question is it only displays the IDPs created in its own Identity Server in Service Provider/Outbound Authentication Configuration. We created the IDP in IS1. How is it going to be displayed in Federated Authenticators in IS2?

It would be highly appreciated if these steps can be verified and specify if I have missed any configuration step here. 




Thanks and Best Regards,

Isuru Uyanage
Software Engineer - QA | WSO2
Mobile : <a href="tel:+94%2077%20767%201807" value="+94777671807" style="color:rgb(17,85,204)" target="_blank">+94 77 55 30752






--
Nilasini Thirunavukkarasu
Software Engineer - WSO2

Email : [hidden email]
Mobile : <a href="tel:+94%2077%20524%201823" value="+94775241823" target="_blank">+94775241823
Web : http://wso2.com/






--
Nilasini Thirunavukkarasu
Software Engineer - WSO2

Email : [hidden email]
Mobile : <a href="tel:+94%2077%20524%201823" value="+94775241823" target="_blank">+94775241823
Web : http://wso2.com/








--
Sherene Mahanama
Technical Writer

WSO2 (pvt.) Ltd.
Colombo, Sri Lanka
Mobile: <a href="tel:%28%2B94%29%20773131798" value="+94773131798" style="font-family:Arial,Helvetica,Verdana,monospace,san-serif;font-size:x-small;background-color:rgb(230,230,230);color:rgb(17,85,204)" target="_blank">(+94) 777994805



--
Nilasini Thirunavukkarasu
Software Engineer - WSO2

Email : [hidden email]
Mobile : +94775241823
Web : http://wso2.com/




_______________________________________________
Dev mailing list
[hidden email]
http://wso2.org/cgi-bin/mailman/listinfo/dev
Reply | Threaded
Open this post in threaded view
|

Re: Login to Identity Server using another Identity Server - OAuth2

Sherene Mahanama


On Fri, Dec 15, 2017 at 5:09 PM, Nilasini Thirunavukkarasu <[hidden email]> wrote:
Hi Sherene,

On Fri, Dec 15, 2017 at 4:29 PM, Sherene Mahanama <[hidden email]> wrote:
Hi Nilasini/Isuru

AFAIU, the doc jira states that we have to create an SP in each instance of IS and that the doc bug is that we have missed mentioning the SP created in IS1 (playground sample).

In doc [1], we have said to create an SP for IS2 (9444) in step 2 and in step 5 we have said to set up the playground sample in IS1 (9443). To set up the playground sample, we have pointed to this doc [2] which instructs the user to create an SP. So if the user follows the steps, he/she will end up creating an SP in each instance. 

But in that case,  before telling to create a service provider in step 5 we have mentioned to configure federated identity provider for the service provider in step(4). Ideally the IS which have playground is the one must be configured with an IDP. Also in step 4 we have mentioned to edit the service provider which created for first IS but we didn't create a service provider in first IS until that step. I will include these details in the jira itself. 

Ah yes that's true. Step 4 should ideally come after step 5. Will fix this..and as @Farasath suggested, lets add a diagram to make it clear. 

Thanks all,
Sherene


_______________________________________________
Dev mailing list
[hidden email]
http://wso2.org/cgi-bin/mailman/listinfo/dev
Reply | Threaded
Open this post in threaded view
|

Re: Login to Identity Server using another Identity Server - OAuth2

Nilasini Thirunavukkarasu


On Fri, Dec 15, 2017 at 5:45 PM, Sherene Mahanama <[hidden email]> wrote:


On Fri, Dec 15, 2017 at 5:09 PM, Nilasini Thirunavukkarasu <[hidden email]> wrote:
Hi Sherene,

On Fri, Dec 15, 2017 at 4:29 PM, Sherene Mahanama <[hidden email]> wrote:
Hi Nilasini/Isuru

AFAIU, the doc jira states that we have to create an SP in each instance of IS and that the doc bug is that we have missed mentioning the SP created in IS1 (playground sample).

In doc [1], we have said to create an SP for IS2 (9444) in step 2 and in step 5 we have said to set up the playground sample in IS1 (9443). To set up the playground sample, we have pointed to this doc [2] which instructs the user to create an SP. So if the user follows the steps, he/she will end up creating an SP in each instance. 

But in that case,  before telling to create a service provider in step 5 we have mentioned to configure federated identity provider for the service provider in step(4). Ideally the IS which have playground is the one must be configured with an IDP. Also in step 4 we have mentioned to edit the service provider which created for first IS but we didn't create a service provider in first IS until that step. I will include these details in the jira itself. 

Ah yes that's true. Step 4 should ideally come after step 5. Will fix this..and as @Farasath suggested, lets add a diagram to make it clear. 
Thanks Sherene. 

Thanks all,
Sherene




--
Nilasini Thirunavukkarasu
Software Engineer - WSO2

Email : [hidden email]
Mobile : +94775241823
Web : http://wso2.com/




_______________________________________________
Dev mailing list
[hidden email]
http://wso2.org/cgi-bin/mailman/listinfo/dev