Tech Journey

How to use Mutual TLS with client id and client secret In wso2 IS 5.5.0 This authenticator has the same architecture as the mutual authenticator,   https://docs.wso2.com/display/IS550/Mutual+TLS+for+OAuth+Clients. The only difference is we need to pass the client secret as an query param in the token request. In order to consume the request we need to follow the steps as below. 1.  Verify whether the org.wso2.carbon.identity.oauth2.token.handler.clientauth.tlswithidsecret-1.0.7.jar exists in <IS_Home/repository/components/dropins 2. To enable this feature put following configurations in identity.xml which is located in <IS_HOME>/repository/conf/identity    <EventListener type = "org.wso2.carbon.identity.core.handler.AbstractIdentityHandler" name = "org.wso2.carbon.identity.oauth2.token.handler.clientauth.tlswithidsecret.MutualTLSWithIdSecretAuthenticator" orderId = "200" enable = "true" > </EventListener&

In previous wso2 IS versions OIDC scope-claim mapping is maintained in the registry level. From IS 5.7.0 this mapping will be persisted in the db layer. How OIDC scope-claim mapping works? In the location of {product_home}/repository/conf/identity the file oidc-scope-config.xml can be found with the default OIDC scope claim mappings. In the very first server startup scopes and claims defined in this file will be stored in the db and the same data will be displayed in the management console UI. In the tenant creation also the data which is defined in the aforementioned file will be stored in the db against the tenant id. After the very server start up and the tenant creation the changes done to the oidc-scope-config.xml wont get affected. So adding, removing and editing oidc scopes should be done through the Management console UI. OIDC Scope-Claim Mapping UI. In the management console under 'Manage' collapsing panel it can be seen 'OIDC Scopes' section as below.