Tuesday, July 2, 2013

WSO2 Identity Server in the SCIM Interop at Cloud Identity Summit 2013

WSO2 Identity Server is remotely participating in the SCIM Interop which will be held in parallel to Cloud Identity Summit 2013...

Following are the connection details of the publicly hosted WSO2 IS instance for this interop:

SCIM User Endpoint URL : https://209.126.229.93:9443/wso2/scim/Users

SCIM Group Endpoint URL : https://209.126.229.93:9443/wso2/scim/Groups

Credentials for Basic Auth Authentication:

          User Name : interopUser
          Password : interop#321

Details for OAuth Bearer Token Based Authentication:

          Client Id : 00bZzLviiM1QOSvtFv7ZQDOWBNEa
          Client Secret : CsN87SjTCG_X9qGN6xcfwJOakrga
          Access Token URL : https://209.126.229.93:9443/oauth2endpoints/token
          Authorize URL : https://209.126.229.93:9443/oauth2/authorize

For more details, you may refer my previous posts on how to authenticate to SCIM REST endpoints via OAuth and how to consume SCIM endpoints through curl...

Please let us know your feedback...

Update on 8th July: Interop testing was performed during the week of 1st July - 5th July with selected  two partners: PingOne & Salesforce. The graphic below was designed to illustrate the WSO2 Identity Server - SCIM integration with two partners in the SCIM-Interop - CIS 2013.


Monday, July 1, 2013

OAuth Bearer Token based Authentication for WSO2 IS SCIM endpoints

WSO2 Identity Server acts as a SCIM Service Provider (both hub and spoke type service providers) as well as SCIM Service Consumer.

My previous post (WSO2 Identity Server as a SCIM Service Provider) explains how to consume SCIM REST endpoints in WSO2 IS, with curl - using Basic Auth authentication.

WSO2 IS supports OAuth bearer token based authentication for SCIM REST endpoints from its 4.5.0 release onwards...
This post explains how to leverage OAuth 2.0 feature of IS in order to authenticate to SCIM REST endpoints of IS...

Step 1:
Login to IS (default credentials admin:admin) management console and create a new entry for an OAuth client application. After creating the application entry, click on it to view its details as below.


Now copy the Client Id, Client Secret & Access Token Url for future use.

Step 2:
Now lets obtain a valid access token in order to get authenticated to SCIM REST endpoints.
We can use resource owner password credential grant type for this. Format of the the curl command to obtain the access token is:

curl --user Client Id:Client Secret -k -d "grant_type=password&username=username&password=password" -H "Content-Type:application/x-www-form-urlencoded" https://localhost:9443/oauth2endpoints/token

You need to replace the bold strings in the above command with valid values copied from the step 1 above and the username & password of the resource owner. (You can use admin,admin for that in default pack)

Once you execute the above command, you will get a response as below:

{"token_type":"bearer","expires_in":3600,"refresh_token":"16e3de3b7af4e7a43b7e56cd9362ff","access_token":"492d8b51cb815bbe143f219ac2cf61c3"}

Copy the access token value in the above response.

Step 3:
Now we can consume the SCIM REST endpoints using the above access token.

For an e.g; you can use a curl command like below to create a user through SCIM REST endpoints:

curl -v -k --header "Authorization: Bearer access_token" --data "{"schemas":[],"name":{"familyName":"gunasinghe","givenName":"hasinitg"},"userName":"hasi","password":"hasinitg","emails":[{"primary":true,"value":"hasini_home.com","type":"home"},{"value":"hasini_work.com","type":"work"}]}" --header "Content-Type:application/json" https://localhost:9443/wso2/scim/Users

You need to provide the access token copied in the above step 2, for the bold string in the above command...

That's it.. You can refer more curl commands to consume SCIM endpoints from my previous post. And also, you can use the SCIM sample clients in WSO2 IS samples to invoke the SCIM endpoints using both Basic auth and OAuth.