Re: Configuring Yahoo as a IDP with Federated Authenticator Yahoo Configuration

classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

Re: Configuring Yahoo as a IDP with Federated Authenticator Yahoo Configuration

tharindue
Hi Shanika,

Can you show the Yahoo side configuration too. It seems Identity Server is invoking the authorize endpoint of Yahoo. Without checking the Yahoo side's config, we can't identify what causes the problem here.

Thanks,
TharinduE

On Thu, Dec 14, 2017 at 12:43 AM, Shanika Wickramasinghe <[hidden email]> wrote:
I am working with configuring Yahoo as a IDP using Federated authenticator Yahoo Configuration. Steps that I followed are as below.

Run Standalone IS 5.4.0 GA pack
Configure Travelocity as a Service Provider using SAML SSO
Configure a Yahoo app as in [1] and take the client ID and the client secret [2] [3]
Input them under federated authenticator > yahoo configuration
Configure yahoo IDP as a Federated authenticator for Service provider
Click on SAML redirect Binding
Provide Yahoo login details
Error message will be shown as in [4]

Appreciate any clarification related to this issue



[2]. yahoo-config1.png

[3]. yahoo-config2.png

[4]. yahoo.png

Thank You,
Shanika.




--
Shanika Wickramasinghe
Software Engineer - QA Team

Email    : [hidden email]
Mobile  : <a href="tel:+94%2071%20350%203563" value="+94713503563" target="_blank">+94713503563
Web     : http://wso2.com





--

Tharindu Edirisinghe
Senior Software Engineer | WSO2 Inc
Platform Security Team
Blog : http://tharindue.blogspot.com
mobile : +94 775181586


_______________________________________________
Dev mailing list
[hidden email]
http://wso2.org/cgi-bin/mailman/listinfo/dev
Reply | Threaded
Open this post in threaded view
|

Re: Configuring Yahoo as a IDP with Federated Authenticator Yahoo Configuration

tharindue
Hi Shanika,

I manually invoked the authorize endpoint of Yahoo and following request worked for me.
As per my observations, Yahoo is validating the redirect_uri value and if we define the callback domain as "is.wso2.com", then the redirect_uri value must be either "http://is.wso2.com" or "https://is.wso2.com", but nothing else.

When saving the callback domain as localhost, it didn't allow me, so I used is.wso2.com as above.

When comes to the Yahoo connector, in the authorize request, the scope parameter is not being sent. That should be a bug. Also, we need to send nonce parameter too, which is required as per [1]. Without nonce, even the above request I've given won't work.

It seems we have to check more on the validations done on redirect_uri / callback domain parameter from yahoo end. Because, in the yahoo app UI, callback domain is listed as an optional parameter. However, if we create an app without giving the callback domain value, that also doesn't work.
Thanks,
TharinduE

On Fri, Dec 15, 2017 at 1:04 AM, Shanika Wickramasinghe <[hidden email]> wrote:
Hi TharinduE,

In Yahoo side configuration I didnt observe a place to give the callback URL( https://localhost:9443/commonauth). It asks only for a callback Domain where we can input localhost or another domain. [1]

[1]. claimapp-yahoo.png


Thanks,

Shanika

 



On Thu, Dec 14, 2017 at 8:51 PM, Tharindu Edirisinghe <[hidden email]> wrote:
Hi Shanika,

Can you show the Yahoo side configuration too. It seems Identity Server is invoking the authorize endpoint of Yahoo. Without checking the Yahoo side's config, we can't identify what causes the problem here.

Thanks,
TharinduE

On Thu, Dec 14, 2017 at 12:43 AM, Shanika Wickramasinghe <[hidden email]> wrote:
I am working with configuring Yahoo as a IDP using Federated authenticator Yahoo Configuration. Steps that I followed are as below.

Run Standalone IS 5.4.0 GA pack
Configure Travelocity as a Service Provider using SAML SSO
Configure a Yahoo app as in [1] and take the client ID and the client secret [2] [3]
Input them under federated authenticator > yahoo configuration
Configure yahoo IDP as a Federated authenticator for Service provider
Click on SAML redirect Binding
Provide Yahoo login details
Error message will be shown as in [4]

Appreciate any clarification related to this issue



[2]. yahoo-config1.png

[3]. yahoo-config2.png

[4]. yahoo.png

Thank You,
Shanika.




--
Shanika Wickramasinghe
Software Engineer - QA Team

Email    : [hidden email]
Mobile  : <a href="tel:+94%2071%20350%203563" value="+94713503563" target="_blank">+94713503563
Web     : http://wso2.com





--

Tharindu Edirisinghe
Senior Software Engineer | WSO2 Inc
Platform Security Team
Blog : http://tharindue.blogspot.com
mobile : <a href="tel:+94%2077%20518%201586" value="+94775181586" target="_blank">+94 775181586




--
Shanika Wickramasinghe
Software Engineer - QA Team

Email    : [hidden email]
Mobile  : <a href="tel:+94%2071%20350%203563" value="+94713503563" target="_blank">+94713503563
Web     : http://wso2.com





--

Tharindu Edirisinghe
Senior Software Engineer | WSO2 Inc
Platform Security Team
Blog : http://tharindue.blogspot.com
mobile : +94 775181586


_______________________________________________
Dev mailing list
[hidden email]
http://wso2.org/cgi-bin/mailman/listinfo/dev

success.png (46K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Configuring Yahoo as a IDP with Federated Authenticator Yahoo Configuration

tharindue
+Dimuthu as it seems there's a bug in Yahoo federated authenticator.

On Fri, Dec 15, 2017 at 8:46 AM, Tharindu Edirisinghe <[hidden email]> wrote:
Hi Shanika,

I manually invoked the authorize endpoint of Yahoo and following request worked for me.
As per my observations, Yahoo is validating the redirect_uri value and if we define the callback domain as "is.wso2.com", then the redirect_uri value must be either "http://is.wso2.com" or "https://is.wso2.com", but nothing else.

When saving the callback domain as localhost, it didn't allow me, so I used is.wso2.com as above.

When comes to the Yahoo connector, in the authorize request, the scope parameter is not being sent. That should be a bug. Also, we need to send nonce parameter too, which is required as per [1]. Without nonce, even the above request I've given won't work.

It seems we have to check more on the validations done on redirect_uri / callback domain parameter from yahoo end. Because, in the yahoo app UI, callback domain is listed as an optional parameter. However, if we create an app without giving the callback domain value, that also doesn't work.
Thanks,
TharinduE

On Fri, Dec 15, 2017 at 1:04 AM, Shanika Wickramasinghe <[hidden email]> wrote:
Hi TharinduE,

In Yahoo side configuration I didnt observe a place to give the callback URL( https://localhost:9443/commonauth). It asks only for a callback Domain where we can input localhost or another domain. [1]

[1]. claimapp-yahoo.png


Thanks,

Shanika

 



On Thu, Dec 14, 2017 at 8:51 PM, Tharindu Edirisinghe <[hidden email]> wrote:
Hi Shanika,

Can you show the Yahoo side configuration too. It seems Identity Server is invoking the authorize endpoint of Yahoo. Without checking the Yahoo side's config, we can't identify what causes the problem here.

Thanks,
TharinduE

On Thu, Dec 14, 2017 at 12:43 AM, Shanika Wickramasinghe <[hidden email]> wrote:
I am working with configuring Yahoo as a IDP using Federated authenticator Yahoo Configuration. Steps that I followed are as below.

Run Standalone IS 5.4.0 GA pack
Configure Travelocity as a Service Provider using SAML SSO
Configure a Yahoo app as in [1] and take the client ID and the client secret [2] [3]
Input them under federated authenticator > yahoo configuration
Configure yahoo IDP as a Federated authenticator for Service provider
Click on SAML redirect Binding
Provide Yahoo login details
Error message will be shown as in [4]

Appreciate any clarification related to this issue



[2]. yahoo-config1.png

[3]. yahoo-config2.png

[4]. yahoo.png

Thank You,
Shanika.




--
Shanika Wickramasinghe
Software Engineer - QA Team

Email    : [hidden email]
Mobile  : <a href="tel:+94%2071%20350%203563" value="+94713503563" target="_blank">+94713503563
Web     : http://wso2.com





--

Tharindu Edirisinghe
Senior Software Engineer | WSO2 Inc
Platform Security Team
Blog : http://tharindue.blogspot.com
mobile : <a href="tel:+94%2077%20518%201586" value="+94775181586" target="_blank">+94 775181586




--
Shanika Wickramasinghe
Software Engineer - QA Team

Email    : [hidden email]
Mobile  : <a href="tel:+94%2071%20350%203563" value="+94713503563" target="_blank">+94713503563
Web     : http://wso2.com





--

Tharindu Edirisinghe
Senior Software Engineer | WSO2 Inc
Platform Security Team
Blog : http://tharindue.blogspot.com
mobile : <a href="tel:+94%2077%20518%201586" value="+94775181586" target="_blank">+94 775181586




--

Tharindu Edirisinghe
Senior Software Engineer | WSO2 Inc
Platform Security Team
Blog : http://tharindue.blogspot.com
mobile : +94 775181586


_______________________________________________
Dev mailing list
[hidden email]
http://wso2.org/cgi-bin/mailman/listinfo/dev
Reply | Threaded
Open this post in threaded view
|

Re: Configuring Yahoo as a IDP with Federated Authenticator Yahoo Configuration

tharindue
TharinduE

On Fri, Dec 15, 2017 at 8:50 AM, Tharindu Edirisinghe <[hidden email]> wrote:
+Dimuthu as it seems there's a bug in Yahoo federated authenticator.

On Fri, Dec 15, 2017 at 8:46 AM, Tharindu Edirisinghe <[hidden email]> wrote:
Hi Shanika,

I manually invoked the authorize endpoint of Yahoo and following request worked for me.
As per my observations, Yahoo is validating the redirect_uri value and if we define the callback domain as "is.wso2.com", then the redirect_uri value must be either "http://is.wso2.com" or "https://is.wso2.com", but nothing else.

When saving the callback domain as localhost, it didn't allow me, so I used is.wso2.com as above.

When comes to the Yahoo connector, in the authorize request, the scope parameter is not being sent. That should be a bug. Also, we need to send nonce parameter too, which is required as per [1]. Without nonce, even the above request I've given won't work.

It seems we have to check more on the validations done on redirect_uri / callback domain parameter from yahoo end. Because, in the yahoo app UI, callback domain is listed as an optional parameter. However, if we create an app without giving the callback domain value, that also doesn't work.
Thanks,
TharinduE

On Fri, Dec 15, 2017 at 1:04 AM, Shanika Wickramasinghe <[hidden email]> wrote:
Hi TharinduE,

In Yahoo side configuration I didnt observe a place to give the callback URL( https://localhost:9443/commonauth). It asks only for a callback Domain where we can input localhost or another domain. [1]

[1]. claimapp-yahoo.png


Thanks,

Shanika

 



On Thu, Dec 14, 2017 at 8:51 PM, Tharindu Edirisinghe <[hidden email]> wrote:
Hi Shanika,

Can you show the Yahoo side configuration too. It seems Identity Server is invoking the authorize endpoint of Yahoo. Without checking the Yahoo side's config, we can't identify what causes the problem here.

Thanks,
TharinduE

On Thu, Dec 14, 2017 at 12:43 AM, Shanika Wickramasinghe <[hidden email]> wrote:
I am working with configuring Yahoo as a IDP using Federated authenticator Yahoo Configuration. Steps that I followed are as below.

Run Standalone IS 5.4.0 GA pack
Configure Travelocity as a Service Provider using SAML SSO
Configure a Yahoo app as in [1] and take the client ID and the client secret [2] [3]
Input them under federated authenticator > yahoo configuration
Configure yahoo IDP as a Federated authenticator for Service provider
Click on SAML redirect Binding
Provide Yahoo login details
Error message will be shown as in [4]

Appreciate any clarification related to this issue



[2]. yahoo-config1.png

[3]. yahoo-config2.png

[4]. yahoo.png

Thank You,
Shanika.




--
Shanika Wickramasinghe
Software Engineer - QA Team

Email    : [hidden email]
Mobile  : <a href="tel:+94%2071%20350%203563" value="+94713503563" target="_blank">+94713503563
Web     : http://wso2.com





--

Tharindu Edirisinghe
Senior Software Engineer | WSO2 Inc
Platform Security Team
Blog : http://tharindue.blogspot.com
mobile : <a href="tel:+94%2077%20518%201586" value="+94775181586" target="_blank">+94 775181586




--
Shanika Wickramasinghe
Software Engineer - QA Team

Email    : [hidden email]
Mobile  : <a href="tel:+94%2071%20350%203563" value="+94713503563" target="_blank">+94713503563
Web     : http://wso2.com





--

Tharindu Edirisinghe
Senior Software Engineer | WSO2 Inc
Platform Security Team
Blog : http://tharindue.blogspot.com
mobile : <a href="tel:+94%2077%20518%201586" value="+94775181586" target="_blank">+94 775181586




--

Tharindu Edirisinghe
Senior Software Engineer | WSO2 Inc
Platform Security Team
Blog : http://tharindue.blogspot.com
mobile : <a href="tel:+94%2077%20518%201586" value="+94775181586" target="_blank">+94 775181586




--

Tharindu Edirisinghe
Senior Software Engineer | WSO2 Inc
Platform Security Team
Blog : http://tharindue.blogspot.com
mobile : +94 775181586


_______________________________________________
Dev mailing list
[hidden email]
http://wso2.org/cgi-bin/mailman/listinfo/dev
Reply | Threaded
Open this post in threaded view
|

Re: Configuring Yahoo as a IDP with Federated Authenticator Yahoo Configuration

Dimuthu Leelarathne-2
Hi Tharindu,

We will have a look.

thanks,
Dimuthu

On Sat, Dec 16, 2017 at 1:34 AM, Tharindu Edirisinghe <[hidden email]> wrote:
TharinduE

On Fri, Dec 15, 2017 at 8:50 AM, Tharindu Edirisinghe <[hidden email]> wrote:
+Dimuthu as it seems there's a bug in Yahoo federated authenticator.

On Fri, Dec 15, 2017 at 8:46 AM, Tharindu Edirisinghe <[hidden email]> wrote:
Hi Shanika,

I manually invoked the authorize endpoint of Yahoo and following request worked for me.
As per my observations, Yahoo is validating the redirect_uri value and if we define the callback domain as "is.wso2.com", then the redirect_uri value must be either "http://is.wso2.com" or "https://is.wso2.com", but nothing else.

When saving the callback domain as localhost, it didn't allow me, so I used is.wso2.com as above.

When comes to the Yahoo connector, in the authorize request, the scope parameter is not being sent. That should be a bug. Also, we need to send nonce parameter too, which is required as per [1]. Without nonce, even the above request I've given won't work.

It seems we have to check more on the validations done on redirect_uri / callback domain parameter from yahoo end. Because, in the yahoo app UI, callback domain is listed as an optional parameter. However, if we create an app without giving the callback domain value, that also doesn't work.
Thanks,
TharinduE

On Fri, Dec 15, 2017 at 1:04 AM, Shanika Wickramasinghe <[hidden email]> wrote:
Hi TharinduE,

In Yahoo side configuration I didnt observe a place to give the callback URL( https://localhost:9443/commonauth). It asks only for a callback Domain where we can input localhost or another domain. [1]

[1]. claimapp-yahoo.png


Thanks,

Shanika

 



On Thu, Dec 14, 2017 at 8:51 PM, Tharindu Edirisinghe <[hidden email]> wrote:
Hi Shanika,

Can you show the Yahoo side configuration too. It seems Identity Server is invoking the authorize endpoint of Yahoo. Without checking the Yahoo side's config, we can't identify what causes the problem here.

Thanks,
TharinduE

On Thu, Dec 14, 2017 at 12:43 AM, Shanika Wickramasinghe <[hidden email]> wrote:
I am working with configuring Yahoo as a IDP using Federated authenticator Yahoo Configuration. Steps that I followed are as below.

Run Standalone IS 5.4.0 GA pack
Configure Travelocity as a Service Provider using SAML SSO
Configure a Yahoo app as in [1] and take the client ID and the client secret [2] [3]
Input them under federated authenticator > yahoo configuration
Configure yahoo IDP as a Federated authenticator for Service provider
Click on SAML redirect Binding
Provide Yahoo login details
Error message will be shown as in [4]

Appreciate any clarification related to this issue



[2]. yahoo-config1.png

[3]. yahoo-config2.png

[4]. yahoo.png

Thank You,
Shanika.




--
Shanika Wickramasinghe
Software Engineer - QA Team

Email    : [hidden email]
Mobile  : <a href="tel:+94%2071%20350%203563" value="+94713503563" target="_blank">+94713503563
Web     : http://wso2.com





--

Tharindu Edirisinghe
Senior Software Engineer | WSO2 Inc
Platform Security Team
Blog : http://tharindue.blogspot.com
mobile : <a href="tel:+94%2077%20518%201586" value="+94775181586" target="_blank">+94 775181586




--
Shanika Wickramasinghe
Software Engineer - QA Team

Email    : [hidden email]
Mobile  : <a href="tel:+94%2071%20350%203563" value="+94713503563" target="_blank">+94713503563
Web     : http://wso2.com





--

Tharindu Edirisinghe
Senior Software Engineer | WSO2 Inc
Platform Security Team
Blog : http://tharindue.blogspot.com
mobile : <a href="tel:+94%2077%20518%201586" value="+94775181586" target="_blank">+94 775181586




--

Tharindu Edirisinghe
Senior Software Engineer | WSO2 Inc
Platform Security Team
Blog : http://tharindue.blogspot.com
mobile : <a href="tel:+94%2077%20518%201586" value="+94775181586" target="_blank">+94 775181586




--

Tharindu Edirisinghe
Senior Software Engineer | WSO2 Inc
Platform Security Team
Blog : http://tharindue.blogspot.com
mobile : <a href="tel:077%20518%201586" value="+94775181586" target="_blank">+94 775181586




--
Dimuthu Leelarathne 
Director, Solutions Architecture

WSO2, Inc. (http://wso2.com)
email: 
[hidden email]
Mobile: +94773661935 
Blog: http://muthulee.blogspot.com

Lean . Enterprise . Middleware

_______________________________________________
Dev mailing list
[hidden email]
http://wso2.org/cgi-bin/mailman/listinfo/dev
Reply | Threaded
Open this post in threaded view
|

Re: Configuring Yahoo as a IDP with Federated Authenticator Yahoo Configuration

Dimuthu Leelarathne-2
Hi Shanika,

Who is the customer behind this requirement?

thanks,
Dimuthu

On Mon, Dec 18, 2017 at 10:00 AM, Shanika Wickramasinghe <[hidden email]> wrote:
Hi All,

Thank you all for the clarifications. Reported a JIRA related to this issue [1]. Hope IAM team will look into the necessary fixes.


Thanks,
Shanika.



On Sun, Dec 17, 2017 at 11:08 PM, Dimuthu Leelarathne <[hidden email]> wrote:
Hi Tharindu,

We will have a look.

thanks,
Dimuthu

On Sat, Dec 16, 2017 at 1:34 AM, Tharindu Edirisinghe <[hidden email]> wrote:
TharinduE

On Fri, Dec 15, 2017 at 8:50 AM, Tharindu Edirisinghe <[hidden email]> wrote:
+Dimuthu as it seems there's a bug in Yahoo federated authenticator.

On Fri, Dec 15, 2017 at 8:46 AM, Tharindu Edirisinghe <[hidden email]> wrote:
Hi Shanika,

I manually invoked the authorize endpoint of Yahoo and following request worked for me.
As per my observations, Yahoo is validating the redirect_uri value and if we define the callback domain as "is.wso2.com", then the redirect_uri value must be either "http://is.wso2.com" or "https://is.wso2.com", but nothing else.

When saving the callback domain as localhost, it didn't allow me, so I used is.wso2.com as above.

When comes to the Yahoo connector, in the authorize request, the scope parameter is not being sent. That should be a bug. Also, we need to send nonce parameter too, which is required as per [1]. Without nonce, even the above request I've given won't work.

It seems we have to check more on the validations done on redirect_uri / callback domain parameter from yahoo end. Because, in the yahoo app UI, callback domain is listed as an optional parameter. However, if we create an app without giving the callback domain value, that also doesn't work.
Thanks,
TharinduE

On Fri, Dec 15, 2017 at 1:04 AM, Shanika Wickramasinghe <[hidden email]> wrote:
Hi TharinduE,

In Yahoo side configuration I didnt observe a place to give the callback URL( https://localhost:9443/commonauth). It asks only for a callback Domain where we can input localhost or another domain. [1]

[1]. claimapp-yahoo.png


Thanks,

Shanika

 



On Thu, Dec 14, 2017 at 8:51 PM, Tharindu Edirisinghe <[hidden email]> wrote:
Hi Shanika,

Can you show the Yahoo side configuration too. It seems Identity Server is invoking the authorize endpoint of Yahoo. Without checking the Yahoo side's config, we can't identify what causes the problem here.

Thanks,
TharinduE

On Thu, Dec 14, 2017 at 12:43 AM, Shanika Wickramasinghe <[hidden email]> wrote:
I am working with configuring Yahoo as a IDP using Federated authenticator Yahoo Configuration. Steps that I followed are as below.

Run Standalone IS 5.4.0 GA pack
Configure Travelocity as a Service Provider using SAML SSO
Configure a Yahoo app as in [1] and take the client ID and the client secret [2] [3]
Input them under federated authenticator > yahoo configuration
Configure yahoo IDP as a Federated authenticator for Service provider
Click on SAML redirect Binding
Provide Yahoo login details
Error message will be shown as in [4]

Appreciate any clarification related to this issue



[2]. yahoo-config1.png

[3]. yahoo-config2.png

[4]. yahoo.png

Thank You,
Shanika.




--
Shanika Wickramasinghe
Software Engineer - QA Team

Email    : [hidden email]
Mobile  : <a href="tel:+94%2071%20350%203563" value="+94713503563" target="_blank">+94713503563
Web     : http://wso2.com





--

Tharindu Edirisinghe
Senior Software Engineer | WSO2 Inc
Platform Security Team
Blog : http://tharindue.blogspot.com
mobile : <a href="tel:+94%2077%20518%201586" value="+94775181586" target="_blank">+94 775181586




--
Shanika Wickramasinghe
Software Engineer - QA Team

Email    : [hidden email]
Mobile  : <a href="tel:+94%2071%20350%203563" value="+94713503563" target="_blank">+94713503563
Web     : http://wso2.com





--

Tharindu Edirisinghe
Senior Software Engineer | WSO2 Inc
Platform Security Team
Blog : http://tharindue.blogspot.com
mobile : <a href="tel:+94%2077%20518%201586" value="+94775181586" target="_blank">+94 775181586




--

Tharindu Edirisinghe
Senior Software Engineer | WSO2 Inc
Platform Security Team
Blog : http://tharindue.blogspot.com
mobile : <a href="tel:+94%2077%20518%201586" value="+94775181586" target="_blank">+94 775181586




--

Tharindu Edirisinghe
Senior Software Engineer | WSO2 Inc
Platform Security Team
Blog : http://tharindue.blogspot.com
mobile : <a href="tel:077%20518%201586" value="+94775181586" target="_blank">+94 775181586




--
Dimuthu Leelarathne 
Director, Solutions Architecture

WSO2, Inc. (http://wso2.com)
email: 
[hidden email]
Mobile: <a href="tel:+94%2077%20366%201935" value="+94773661935" target="_blank">+94773661935 
Blog: http://muthulee.blogspot.com

Lean . Enterprise . Middleware



--
Shanika Wickramasinghe
Software Engineer - QA Team

Email    : [hidden email]
Mobile  : <a href="tel:071%20350%203563" value="+94713503563" target="_blank">+94713503563
Web     : http://wso2.com





--
Dimuthu Leelarathne 
Director, Solutions Architecture

WSO2, Inc. (http://wso2.com)
email: 
[hidden email]
Mobile: +94773661935 
Blog: http://muthulee.blogspot.com

Lean . Enterprise . Middleware

_______________________________________________
Dev mailing list
[hidden email]
http://wso2.org/cgi-bin/mailman/listinfo/dev