Versions Compared

Old Version 18

changes.mady.by.user Former user

Saved on

compared with

New Version 19

changes.mady.by.user Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: https://wso2.org/jira/browse/DOCUMENTATION-3432

...

  1. Combine the consumer key and consumer secret keys as  consumer-key:consumer-secret. Encode the combined string using base64 (http://base64encode.org). Here's an example consumer key and secret combination: wU62DjlyDBnq87GlBwplfqvmAbAa:ksdSdoefDDP7wpaElfqvmjDue.

    Let's create a SAML2 assertion using the same command-line client that you used in the previous section.
  2. Download the command-line too from here and extract the ZIP file.

  3. Go to the extracted folder using the command line and execute the following command. We assume that both the client and the API Gateway run on the same server. Therefore, the Token API URL is  https://localhost:8243/token.

    Localtabgroup


    Localtab
    activetrue
    idformat
    titleFormat
    Code Block
    titleFormat
    java -jar SAML2AssertionCreator.jar <Identity_Provider_Entity_Id> <saml-subject> <saml-recipient> <saml-audience> <Identity_Provider_JKS_file> <Identity_Provider_JKS_password> <Identity_Provider_certificate_alias> <Identity_Provider_private_key_password>


    Localtab
    idexample
    titleExample
    Code Block
    titleExample
    java -jar SAML2AssertionCreator.jar localhost admin https://localhost:9443/oauth2/token https://localhost:9443/oauth2/token /home/user/wso2am-2.1.0/repository/resources/security/wso2carbon.jks wso2carbon wso2carbon wso2carbon

    The arguments are as follows:

    • <Identity_Provider_Entity_Id> - This is the value of the saml:Issuer, which is a unique identifier of the identity provider.

    • <saml-subject> - This is the value of the name ID, which is found in the saml:Subject -> saml:NameId

    • <saml-recipient> - This is the value of the subject confirmation data recipient, which is found in the saml:Subject -> saml:SubjectConfirmationsaml:SubjectConfirmationData.Recipient

    • <saml-audience> - This is the value that is added to the saml:AudienceRestriction element of the token. This argument can take multiple values separated by commas. Each value is added as a saml:Audience element within saml:AudienceRestriction.

    • <Identity_Provider_JKS_file> - Pointer to the Java Key Store (JKS) file to be used for credentials.

    • <Identity_Provider_JKS_password> - The JKS password.
    • <Identity_Provider_certificate_alias> - The alias of the public certificate.
    • <Identity_Provider_private_key_password> - The password of the private key that is used for signing.

    This commend returns a SAML2 assertion XML string and a base64-URL encoded assertion XML string. 

  4. Access the Token API using a REST client such as curl. For example, the following Curl command generates an access token and a refresh token. You can use the refresh token at the time a token is renewed

    Code Block
    curl -k -d "grant_type=urn:ietf:params:oauth:grant-type:saml2-bearer&assertion=<base64-URL_encoded_assertion>&scope=PRODUCTION" -H "Authorization: Basic <base64_encoded_consumer-key:consumer-secret>" -H "Content-Type: application/x-www-form-urlencoded" https://localhost:8243/token
    Note

    Note that the Registered Users for Application statistics takes the number of users shared each of the Application. And for the users to be counted in the statistics, they should have to generate access tokens using Password Grant type.