5

I am testing WSO2 API Manager v1.9.0 for its possible use in my company, we are building some new apps using Rest API's for the backend and SPA's for our frontends. We conclude that it would require the use of OpenID Connect and WSO2 supports it.

We use ADFS 3.0 as our Identity Provider and I already managed to federate ADFS with WSO2 API Manager and I am able to authenticate the company users to obtain an access token. The process passes through the following steps:

  1. The user clicks on the login link and it is redirect to the ADFS login page;
  2. The user authenticates itself and it is redirected to a consent page;
  3. The user approves the access and he is redirected to a link that contains the access token.

Considering that my company already owns the user data, is there a way to disable the consent page and requires only the user to login?

The OpenID Connect specification is new for me so if you need more information please let me know.

Best regards

Michael
  • 508
  • 6
  • 16
  • Did you build up the OIDC for API Manager + ADSF, through WSO2 Identity Server? – ironrainbow Dec 26 '18 at 06:21
  • At the time, yes, I used WSO2 Identity Server as the key manager and federate it with ADFS. However, for my use case, I realized that I could just federate WSO2 API Manager with ADFS without the need of WSO2 Identity Server. – Michael Dec 27 '18 at 11:23
  • Sounds great. I was trying to do what you had done. I mean, WSO2 APIM + 3rd party IDP without WSO2 Identity Server. If possible, could you let me know any references or documents? – ironrainbow Dec 28 '18 at 04:28

1 Answers1

7

I find out how to disable the consent page. Edit the [WSO_API_MANAGER]/repository/conf/identity.xml and change the parameter SkipUserConsent to true.

<OpenIDConnect>
    ...
    <SkipUserConsent>true</SkipUserConsent>
    ...
</OpenIDConnect>
Michael
  • 508
  • 6
  • 16