Reputation: 2654
We are using WSO2 API Manager 2.6 with SSO enabled. In the site.json in the store jaggery app we have configured the following parameters:
"ssoConfiguration" : {
"enabled" : "true",
"issuer" : "API_STORE",
"identityProviderURL" : "https://identity.it/samlsso",
"keyStorePassword" : "",
"identityAlias" : "",
"responseSigningEnabled":"true",
"assertionSigningEnabled":"true",
"verifyAssertionValidityPeriod":"true",
"timestampSkewInSeconds":"300",
"audienceRestrictionsEnabled":"true",
"keyStoreName" :"",
"passive" : "true",
...
}
When we navigate through the store site as guest user (without logging in), the store redirects, silently, all the requests to https://identity.it/samlsso (without asking the credentials) before reaching the destination page. How can we enable a guest user to navigate through the store web site without redirecting all the requests to the identity?
In version 2.1, to get it we have configured the passive parameter to false, in this version it doesn't work because it redirects all the requests to the login page.
Upvotes: 0
Views: 113
Reputation: 61
I had the same problem. After a long searching I have found this statement
if ((!session.get("hasTriedSSO") || Boolean(user)) && site.ssoConfiguration.enabled == "true" && site.ssoConfiguration.passive == "true") {
jagg.includeBlock("sso/filter", {});
}
I think this condition is not right. Because It should include block only when site.ssoConfiguration.passive
is false not true.
It is located in
repository\deployment\server\jaggeryapps\store\site\blocks\api\api-info\block.jag
repository\deployment\server\jaggeryapps\store\site\blocks\site\pages\list-apis.jag
I've change this site.ssoConfiguration.enabled == "false"
and it worked for me. But I'm not sure that is the best solution.
Upvotes: 1