Originally published at http://everything1know.wordpress.com on September 25, 2019.
What’s up, folks?
WSO2 Identity Server team is quite busy these days writing REST APIs for all of its functions and old SOAP APIs. Accordingly, I myself got to write a REST API for an old SOAP service we had, and today I’m going to tell you what I learned in that effort.
This article will cover the most common concepts of REST APIs and writing an API definition using Swagger. Then you can convert that definition into code using a language you prefer.
Please note that you need a basic understanding of HTTP protocol and API s. …
Originally published at http://everything1know.wordpress.com on September 10, 2019.
Here I am with another article that can get you a little bit higher on your IAM ladder. In my previous articles, I talked about what OAuth is, it’s grant types and what OpenID Connect is. Today I intend to give you hands-on experience with a real-life OAuth and OIDC implementation that is used by more than 100 companies around the world, and it’s the WSO2 Identity Server’s OAuth/OIDC implementation.
Let’s see a 10,000-foot view of what we’re going do to, first. The following is the user story.
Originally published at http://everything1know.wordpress.com on August 1, 2019.
What’s up, folks?
Today I’m going to talk about the eventing framework of the WSO2 Identity Server. There are numerous operations you can do with the WSO2 Identity Server such as user operations, and the eventing framework is designed to trigger events when each of those operations are executed.
We can write Handlers that can be subscribed to these events and do whatever the use case we need to get done.
This is just one example, and we can do a lot using the WSO2 Identity Server eventing framework. …
This post is originally published at http://everything1know.wordpress.com on July 2, 2019.
In my previous posts, I talked about the basic OAuth concept ( IAM for dummies: How does OAuth work) and OAuth Grant types ( IAM for dummies: OAuth 2 Grant Types). Today, I’m going to give you an understanding of OpenID Connect.
Originally published at http://everything1know.wordpress.com on June 1, 2019.
I talked about the concept of OAuth in my previous post. Today I’m going to dive a bit too deep and talk about the implementation details provided by the OAuth 2.0 specification. The first specific of OAuth was OAuth 1.0 and after a few years of the use, people identified some problems with it and created OAuth 2.0, the improved version.
What’s up, guys?
Today I’m going to talk about OAuth. I’ve been delivering OAuth presentations for a while now and I can’t believe it didn’t cross my mind to write something up on it. So here goes nothing!
OAuth is THE industry-standard protocol for authorization. It is used by a majority of software service providers including WSO2 Identity Server, which is known for it’s fully functional OAuth features as an Identity Provider. OK, cool. Why should I care? Well, let me give you a practical real-life example of OAuth before going into details.
Have you heard about SoundCloud? If not, great! Let’s go and see what it is. …
When you use WSO2 Identity Server with OAuth functionalities, issued access tokens are likely to be accumulated in the database, due to expiration, inactivation or revocation. In order to address this issue, the server ships with token clean-up methods, that allows you to keep your deployment free from growing token tables and decreasing performance on token flows due to data growth.
There are two main methods we can use for token cleanup as,
The world password day was just two days ago (first Thursday of May, which was the 2nd for this year) and I saw a lot of articles and events all around the world. Personally to me, passwords are nothing but problems. Why? Well, you have to think of a lot of things before choosing a password. The first and obvious question would be, is it secure enough? And once you crack that one, will that secure password easily remembered? These are not simple problems and we have to face them for each and every digital account we have.
Today I’m going to talk about Artifact Binding specification of SAML 2.0. Before we being, I’ll give you a brief understanding of SAML.
SAML 2.0 stands for Security Assertion Markup Language version 2.0. This is an XML-based protocol which is recognized by the OASIS Standard and it’s widely used in the software industry for enabling cross-domain single sign-on (SSO). SAML 2.0 uses security tokens containing assertions to pass information about an end user between an identity provider, and a service provider. This article written by Sagara Gunathunga has more on SAML if you wish to read.
There are several bindings or methods introduced with the SAML Specification such as HTTP Redirect Binding, HTTP POST Binding, and HTTP Artifact Biding. What’s special about Artifact Binding is that it uses a special token to transport sensitive information between two parties. In order to understand the importance of this, we must have an idea about other bindings of the SAML Spec. …