FrancescoAzzola
FrancescoAzzola

Reputation: 2654

WSO2 API + SSO - Passive mode and anonymous store access

We are using WSO2 API Manager 2.6 with SSO enabled. In the site.json in the store jaggery app we have configured the following parameters:

"ssoConfiguration" : {
"enabled" : "true",
"issuer" : "API_STORE",
"identityProviderURL" : "https://identity.it/samlsso",
"keyStorePassword" : "",
"identityAlias" : "",
"responseSigningEnabled":"true",
"assertionSigningEnabled":"true",
"verifyAssertionValidityPeriod":"true",
"timestampSkewInSeconds":"300",
"audienceRestrictionsEnabled":"true",
"keyStoreName" :"",
"passive" : "true",
...

}

When we navigate through the store site as guest user (without logging in), the store redirects, silently, all the requests to https://identity.it/samlsso (without asking the credentials) before reaching the destination page. How can we enable a guest user to navigate through the store web site without redirecting all the requests to the identity?

In version 2.1, to get it we have configured the passive parameter to false, in this version it doesn't work because it redirects all the requests to the login page.

Upvotes: 0

Views: 113

Answers (1)

Glauco
Glauco

Reputation: 61

I had the same problem. After a long searching I have found this statement

if ((!session.get("hasTriedSSO") || Boolean(user)) && site.ssoConfiguration.enabled == "true" && site.ssoConfiguration.passive == "true") {
  jagg.includeBlock("sso/filter", {});
}

I think this condition is not right. Because It should include block only when site.ssoConfiguration.passive is false not true.

It is located in

repository\deployment\server\jaggeryapps\store\site\blocks\api\api-info\block.jag
repository\deployment\server\jaggeryapps\store\site\blocks\site\pages\list-apis.jag

I've change this site.ssoConfiguration.enabled == "false" and it worked for me. But I'm not sure that is the best solution.

Upvotes: 1

Related Questions