Orchestrator reference
Configuration reference
Connectors
WS02 Identity Server

WS02 Identity Server

The WS02 connector provides a way for Maverics to integrate with a WS02 Identity Server instance. WS02 may be the target of a migration workflow and can be the authentication and attribute provider for applications protected by a proxy app.

Configuration options

The following values can be provided to the WSO2 connector via the Maverics configuration file.

OAuth Client ID

oauthClientID is the client ID of the inbound OAuth service provider created in WSO2.

OAuth Client Secret

oauthClientSecret is the client secret of the inbound OAuth service provider created in WSO2.

OAuth Login Redirect

oauthLoginRedirect is used to define login redirect callback URLs.

It defines the urls that the OIDC provider will use to redirect the client back to after authentication. The urls must be absolute URLs and match exactly with one of the registered URLs on the provider. If no matches are found during the auth flow, the first URL from the urls list will be used.

The orchestrator will serve the callback handlers on all URLs specified in the urls field under this section.

ℹ️
The urls paths should not conflict with the path of any application resources. The path can be arbitrary (e.g. /maverics-oidc or /oidc-handler).

OIDC Well-known URL

oidcWellKnownURL is the URL that returns OpenID Connect metadata about the WSO2 authorization server.

OAuth Logout Redirect

oauthLogoutRedirect is used to define urls that an OIDC provider will use to redirect the client back to the application after logging out the user.

The urls must be absolute URLs and match exactly with one of the registered URLs on the provider. If no matches are found during the logout flow, the first URL from the urls list will be used.

The orchestrator will serve the callback handlers on all URLs specified in the urls field under this section.

ℹ️
The urls paths should not conflict with the path of any application resources. The path can be arbitrary (e.g. /oidc-logout or /logout-handler).

Disable PKCE

disablePKCE disables the OIDC Proof Key for Code Exchange (PKCE) extension (enabled by default).

HTTP Basic User

httpBasicUser is the username used for authenticated API requests made to WSO2.

HTTP Basic Password

httpBasicPassword is the password used for authenticated API requests made to WSO2.

SCIM URL

scimURL is the WSO2 URL used for CRUD actions on users.

Examples

Connector Configuration 

connectors:
  - name: wso2
    type: wso2
    httpBasicUser: username
    httpBasicPassword: password
    oauthClientID: clientID
    oauthClientSecret: clientSecret
    oauthLoginRedirect:
    urls:
      - https://host1.example.com/oidc
      - https://host2.example.com/oidc
    oauthLogoutRedirect:
    urls:
      - https://host1.example.com/logout
      - https://host2.example.com/logout
    oidcWellKnownURL: https://wso2.organization.com:9443/oauth2/oidcdiscovery/.well-known/openid-configuration
    scimURL: https://wso2.organization.com:9443/wso2/scim
    disablePKCE: false
Windows Client Authenticator