[dev]Login to Google using Twitter Credentials

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

[dev]Login to Google using Twitter Credentials

Isuru Uyanage
Hi All, 

Requirement: Login to Gmail using Twitter Credentials. 

For the above scenario, I followed the below steps. 

1. Configured Google for a registered domain[1] 
2. Added Google as a Service Provider[1]
3. Created a Twitter account using the same email account which belongs to the respective domain. 
4. Created a twitter app and configured it as an IDP in IS. 

It is successfully navigating to Twitter page for authentication. But once redirecting back to the Gmail, it redirects to the following page. 


There is no error printed in IS. 




PS: The same scenario is tested for Basic Auth and Facebook and it worked well. (Twitter federation works fine since I tested it for adding Travelocity as the service provider.)

IS -  5.4.0 beta standalone pack
macOS High Sierra
Java: build 1.8.0_144-b01
Tested in Google Chrome and Firefox


Any thought about this issue is appreciated. 


Thanks and Best Regards,

Isuru Uyanage
Software Engineer - QA | WSO2
Mobile : <a href="tel:+94%2077%20767%201807" value="+94777671807" style="color:rgb(17,85,204)" target="_blank">+94 77 55 30752




_______________________________________________
Dev mailing list
[hidden email]
http://wso2.org/cgi-bin/mailman/listinfo/dev
Reply | Threaded
Open this post in threaded view
|

Re: [dev]Login to Google using Twitter Credentials

tharindue
Hi Isuru,

First thing to do is, run SSO Tracer [1] plugin in firefox and capture the SAML response going from IS to Google. In there, you should be able to see if the subject in the SAML assertion is correctly set with the email address.

If the email address is not set in the subject of the SAML assertion, you need to edit the Google Service Provider config in IS and modify the "Claim Configuration" and set the Subject Claim URI to the email address claim. More info in [2].

[1] https://addons.mozilla.org/en-US/firefox/addon/sso-tracer/
[2] http://tharindue.blogspot.com/2016/08/retrieving-user-claims-in-saml-response.html

P.S - I guess my previous reply to this email got bounced back due to some filtering rules. So I'm re-sending the same.

Thanks,
TharinduE

On Thu, Dec 7, 2017 at 4:29 AM, Isuru Uyanage <[hidden email]> wrote:
Hi All, 

Requirement: Login to Gmail using Twitter Credentials. 

For the above scenario, I followed the below steps. 

1. Configured Google for a registered domain[1] 
2. Added Google as a Service Provider[1]
3. Created a Twitter account using the same email account which belongs to the respective domain. 
4. Created a twitter app and configured it as an IDP in IS. 

It is successfully navigating to Twitter page for authentication. But once redirecting back to the Gmail, it redirects to the following page. 


There is no error printed in IS. 




PS: The same scenario is tested for Basic Auth and Facebook and it worked well. (Twitter federation works fine since I tested it for adding Travelocity as the service provider.)

IS -  5.4.0 beta standalone pack
macOS High Sierra
Java: build 1.8.0_144-b01
Tested in Google Chrome and Firefox


Any thought about this issue is appreciated. 


Thanks and Best Regards,

Isuru Uyanage
Software Engineer - QA | WSO2
Mobile : <a href="tel:+94%2077%20767%201807" value="+94777671807" style="color:rgb(17,85,204)" target="_blank">+94 77 55 30752






--

Tharindu Edirisinghe
Senior Software Engineer | WSO2 Inc
Platform Security Team
Blog : http://tharindue.blogspot.com
mobile : +94 775181586


_______________________________________________
Dev mailing list
[hidden email]
http://wso2.org/cgi-bin/mailman/listinfo/dev
Reply | Threaded
Open this post in threaded view
|

Re: [dev]Login to Google using Twitter Credentials

Shavindri Dissanayake
Hi Isuru,

If this works, can you create a doc JIRA and share how we can let the Google super admin be directed to IS, please.

Currently, we have a note in docs that mentions the following, and we can remove it if that is not the case.
"The admin users of your Google domain do not get redirected to WSO2 IS. Therefore, to try out the tutorial you need to use a user who is not an admin in your Google account."

Thanks & Regards
Shavindri Dissanayake
Senior Technical Writer

WSO2 Inc.
lean.enterprise.middleware

On Tue, Dec 19, 2017 at 2:37 AM, Tharindu Edirisinghe <[hidden email]> wrote:
Hi Isuru,

First thing to do is, run SSO Tracer [1] plugin in firefox and capture the SAML response going from IS to Google. In there, you should be able to see if the subject in the SAML assertion is correctly set with the email address.

If the email address is not set in the subject of the SAML assertion, you need to edit the Google Service Provider config in IS and modify the "Claim Configuration" and set the Subject Claim URI to the email address claim. More info in [2].

[1] https://addons.mozilla.org/en-US/firefox/addon/sso-tracer/
[2] http://tharindue.blogspot.com/2016/08/retrieving-user-claims-in-saml-response.html

P.S - I guess my previous reply to this email got bounced back due to some filtering rules. So I'm re-sending the same.

Thanks,
TharinduE

On Thu, Dec 7, 2017 at 4:29 AM, Isuru Uyanage <[hidden email]> wrote:
Hi All, 

Requirement: Login to Gmail using Twitter Credentials. 

For the above scenario, I followed the below steps. 

1. Configured Google for a registered domain[1] 
2. Added Google as a Service Provider[1]
3. Created a Twitter account using the same email account which belongs to the respective domain. 
4. Created a twitter app and configured it as an IDP in IS. 

It is successfully navigating to Twitter page for authentication. But once redirecting back to the Gmail, it redirects to the following page. 


There is no error printed in IS. 




PS: The same scenario is tested for Basic Auth and Facebook and it worked well. (Twitter federation works fine since I tested it for adding Travelocity as the service provider.)

IS -  5.4.0 beta standalone pack
macOS High Sierra
Java: build 1.8.0_144-b01
Tested in Google Chrome and Firefox


Any thought about this issue is appreciated. 


Thanks and Best Regards,

Isuru Uyanage
Software Engineer - QA | WSO2
Mobile : <a href="tel:+94%2077%20767%201807" value="+94777671807" style="color:rgb(17,85,204)" target="_blank">+94 77 55 30752






--

Tharindu Edirisinghe
Senior Software Engineer | WSO2 Inc
Platform Security Team
Blog : http://tharindue.blogspot.com
mobile : <a href="tel:+94%2077%20518%201586" value="+94775181586" target="_blank">+94 775181586



_______________________________________________
Dev mailing list
[hidden email]
http://wso2.org/cgi-bin/mailman/listinfo/dev
Reply | Threaded
Open this post in threaded view
|

Re: [dev]Login to Google using Twitter Credentials

Isuru Uyanage
@tharindu - Thank you for the reply. Will try doing it. 
@shavindri - I will look into it and create a JIRA. 


thanks
Isuru

Thanks and Best Regards,

Isuru Uyanage
Software Engineer - QA | WSO2
Mobile : <a href="tel:+94%2077%20767%201807" value="+94777671807" style="color:rgb(17,85,204)" target="_blank">+94 77 55 30752




On Thu, Dec 21, 2017 at 2:05 PM, Shavindri Dissanayake <[hidden email]> wrote:
Hi Isuru,

If this works, can you create a doc JIRA and share how we can let the Google super admin be directed to IS, please.

Currently, we have a note in docs that mentions the following, and we can remove it if that is not the case.
"The admin users of your Google domain do not get redirected to WSO2 IS. Therefore, to try out the tutorial you need to use a user who is not an admin in your Google account."

Thanks & Regards
Shavindri Dissanayake
Senior Technical Writer

WSO2 Inc.
lean.enterprise.middleware

On Tue, Dec 19, 2017 at 2:37 AM, Tharindu Edirisinghe <[hidden email]> wrote:
Hi Isuru,

First thing to do is, run SSO Tracer [1] plugin in firefox and capture the SAML response going from IS to Google. In there, you should be able to see if the subject in the SAML assertion is correctly set with the email address.

If the email address is not set in the subject of the SAML assertion, you need to edit the Google Service Provider config in IS and modify the "Claim Configuration" and set the Subject Claim URI to the email address claim. More info in [2].

[1] https://addons.mozilla.org/en-US/firefox/addon/sso-tracer/
[2] http://tharindue.blogspot.com/2016/08/retrieving-user-claims-in-saml-response.html

P.S - I guess my previous reply to this email got bounced back due to some filtering rules. So I'm re-sending the same.

Thanks,
TharinduE

On Thu, Dec 7, 2017 at 4:29 AM, Isuru Uyanage <[hidden email]> wrote:
Hi All, 

Requirement: Login to Gmail using Twitter Credentials. 

For the above scenario, I followed the below steps. 

1. Configured Google for a registered domain[1] 
2. Added Google as a Service Provider[1]
3. Created a Twitter account using the same email account which belongs to the respective domain. 
4. Created a twitter app and configured it as an IDP in IS. 

It is successfully navigating to Twitter page for authentication. But once redirecting back to the Gmail, it redirects to the following page. 


There is no error printed in IS. 




PS: The same scenario is tested for Basic Auth and Facebook and it worked well. (Twitter federation works fine since I tested it for adding Travelocity as the service provider.)

IS -  5.4.0 beta standalone pack
macOS High Sierra
Java: build 1.8.0_144-b01
Tested in Google Chrome and Firefox


Any thought about this issue is appreciated. 


Thanks and Best Regards,

Isuru Uyanage
Software Engineer - QA | WSO2
Mobile : <a href="tel:+94%2077%20767%201807" value="+94777671807" style="color:rgb(17,85,204)" target="_blank">+94 77 55 30752






--

Tharindu Edirisinghe
Senior Software Engineer | WSO2 Inc
Platform Security Team
Blog : http://tharindue.blogspot.com
mobile : <a href="tel:+94%2077%20518%201586" value="+94775181586" target="_blank">+94 775181586




_______________________________________________
Dev mailing list
[hidden email]
http://wso2.org/cgi-bin/mailman/listinfo/dev