3

I have configured wso2am-2.6.0 using SAML with wso2is-5.7.0 following the example https://wso2.com/library/articles/2017/03/use-cases-of-utilizing-saml-with-wso2-api-manager/

Both app is installed on same server with Port Offset=3. In the IS is added the second store from Active Directory.

I have defined an API with some scopes. Any "scope" I would use, after going through the Authentication process the APIM returns the access_token with scope = default.

Example below:

{
  "access_token": "8f1cbaf3-6858-327e-9410-5210a1413e92",
  "refresh_token": "27cf0b3a-a3af-3826-94f3-9a0fd8518d33",
  "scope": "default",
  "token_type": "Bearer",
  "expires_in": 1024
}

What can be wrong?

Community
  • 1
  • 1
Alexandru Para
  • 139
  • 1
  • 9
  • 1
    Did you already subscribe to the API(which you have defined the scope) for the application? – Rans Dec 12 '18 at 02:08
  • Yes, I have subscribed to the API. In previous releases, this flow works without any problems. – Alexandru Para Dec 12 '18 at 07:29
  • In Database table for authorization code ( IDN_OAUTH2_AUTHORIZATION_CODE) SCOPE is "news_read". But in IDN_OAUTH2_ACCESS_TOKEN_SCOPE, after success authentification SCOPE is "default". – Alexandru Para Dec 12 '18 at 07:40
  • 1
    If from `Store` -> `Applications` have selected `MyApplication` (which has subscriptions to APIs) and select some scopes, the Regenerate button generate only access token with ( `default am_application_scope` ) scopes. – Alexandru Para Dec 12 '18 at 13:21

1 Answers1

1

I found the problem. Because I did not define any Role for the Scopes, to generate a token using my Scopes, it was necessary to add in the file <dir>/wso2am-2.6.0/repository/conf/api-manager.xml the list of Scopes in the tag ScopeWhitelist:

  <OAuthConfigurations>
    <ScopeWhitelist>
       <Scope> news_read </ Scope>
       <Scope> news_write </ Scope>
  </ ScopeWhitelist>

After that, access tokens were generated for my Scopes.

Alexandru Para
  • 139
  • 1
  • 9