Skip to main content

Manage User Account Associations & Federated User IDs in WSO2 IS 5.1.0

Manage User Account Associations

In  WSO2 Identity Server(IS) 5.1.0 we can find a new feature called user account association feature. With this feature IS enables its users to merge their different accounts and switch between them after logged in to a merged account.
Users can consume this feature in following ways,
  • As an admin service
  • As a gadget in the IS user dash board

Admin Service

You can access this admin service using the URL

Following actions can be performed using above admin service.
  • Create a new user account association
  • Delete an exciting user account association
  • Get all associated user accounts of the logged in user
  • Switch between associated user accounts without re-authenticate with the system

Dashboard Gadget - Associated User Account

In the user dashboard of IS 5.1.0 there is a new gadget called "Associated User Accounts" as follows,



This gadget provides following functionality,
  1. List all associated user accounts of the logged in user
When an user maximize the previous gadget view using "View details" button, user can see all associated accounts of him or her. This table includes user domain, tenant domain and user name of all associated user accounts of the logged in user.


   2. Associate user account to the logged in user account

User can initiate new user account association by clicking "Add Association" button under "User Account Association". In the "Associate User Account" dialog-box, user can enter user name and password of the connecting user account. After that user can click on "Associate" button and the IS server will authenticate that user and if it is authentic, IS will save that user account as a association to logged in user account.



     3. Delete existing user account association

Users can remove their user associations if they are no longer needed using the "Remove" button in the "User Account Association" table.

      4. Switch logged in user account to an associated account 

When logged in user has associated user accounts, he or she can switch between them without re authenticate with the IS server. In the user dashboard UI associated user accounts will appear under the drop down at top right end. You can switch between them by selecting required user account. Session key will not change during this operation.




Manage Federated User IDs

We can use this feature to connect your federated user IDs with your WSO2 Identity Server account. To associate federated user ID, first user need to click on "Add Association" button under "Federated User IDs" which pops the following,


Here, user need to select the identity provider and provide its federated user ID. After clicking on the "Associate" button, IS will save this federated ID as a association to the logged in account.

Users can view and remove their federated user IDs using "Federated User IDs" table in the same gadget.


Labels:

Comments

Post a Comment

Popular posts from this blog

UUID Generation with WSO2 ESB

There are use cases which we need to generate a UUID( universally unique identifier ) from the WSO2 ESB server for the back end services. There are two commonly used UUID types, Version 1 UUID or Time UUID A Version 1 UUID use a scheme relying only on timestamp and the MAC address of the computer on which it is generated Version 4 UUID Version 4 UUIDs use a scheme relying only on random numbers Getting a version 4 UUID is really easy in ESB, since we already have one in the message flow. So we can extract it like follows, <property name="MessageID" expression="fn:substring-after(get-property('MessageID'), 'urn:uuid:')"/> But in case of version 1 UUID or Time UUID, we have to use script mediator or class mediator to generate a UUID . Script mediator is slower compared to the class mediator.  A simple class mediator which can use for version 1 UUID generation can be found here . This class mediator uses this library to gene
Post a Comment
Read more

SAML2 IdP Initiated Single Logout with WSO2 Identity Server 5.1.0

With this feature WSO2 Identity Server facilitates IdP initiated SAML2 single log out requests. In the SAML service provider configuration UI here is a new configuration called “Enable IdP Initiated SLO”. You can enable this feature using this checkbox. Also you can define redirect URL after the single log out using "Return to URL" under “Enable IdP Initiated SLO” option. Following parameters can be used with IdP initiated SLO request. Parameter Description slo This is a mandatory parameter and must have the value “true” to mark the request as an IdP initiated log out request. spEntityID This is an optional parameter. Value of the parameter should be the SAML issuer name as in “Issuer” field in the SAML service provider configuration UI. returnTo This is an optional parameter. Value of the parameter should be the URL which needs to be redirected to, after the log out. If this parameter is present
Post a Comment
Read more

How to extract and import certificate from a SAML SP metadata file to a Keystore

Extract certificate from the SAML service provider metadata file as follows, <X509Data> <X509Certificate> MIICNTCCAZ6gAwIBAgIES343gjANBgkqhkiG9w0BAQUFADBVMQswCQYDVQQGEwJVUzELMAkGA1UE CAwCQ0ExFjAUBgNVBAcMDU1vdW50YWluIFZpZXcxDTALBgNVBAoMBFdTTzIxEjAQBgNVBAMMCWxv Y2FsaG9zdDAeFw0xMDAyMTkwNzAyMjZaFw0zNTAyMTMwNzAyMjZaMFUxCzAJBgNVBAYTAlVTMQsw CQYDVQQIDAJDQTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzENMAsGA1UECgwEV1NPMjESMBAGA1UE AwwJbG9jYWxob3N0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCUp/oV1vWc8/TkQSiAvTou sMzOM4asB2iltr2QKozni5aVFu818MpOLZIr8LMnTzWllJvvaA5RAAdpbECb+48FjbBe0hseUdN5 HpwvnH/DW8ZccGvk53I6Orq7hLCv1ZHtuOCokghz/ATrhyPq+QktMfXnRS4HrKGJTzxaCcU7OQID AQABoxIwEDAOBgNVHQ8BAf8EBAMCBPAwDQYJKoZIhvcNAQEFBQADgYEAW5wPR7cr1LAdq+IrR44i QlRG5ITCZXY9hI0PygLP2rHANh+PYfTmxbuOnykNGyhM6FjFLbW2uZHQTY1jMrPprjOrmyK5sjJR O4d1DeGHT/YnIjs9JogRKv4XHECwLtIVdAbIdWHEtVZJyMSktcyysFcvuhPQK8Qc/E/Wq8uHSCo= </X509Certificate> </X509Data> Copy extracted certificate to
Post a Comment
Read more