WSO2 IS and API Manager SAML SSO - Login to store/publisher fail

Question

I configure IS and AM with SAML SSO as described in official documentation. SSO login for AM console function well, I can log in as admin using unique credendital as defined in IS. When I try to login to publisher or store, login is redirected to IS SamlSSO page as expected, but when I insert uid/pwd, browser is redirected to publisher login page asking for user credentials. AM carbon log report this WARN and ERROR:

TID: [0] [AM] [2014-05-07 17:27:28,171]  WARN {org.wso2.carbon.server.admin.module.handler.AuthenticationHandler} -  
Illegal access attempt at [2014-05-07 17:27:28,0171] from IP address 192.168.50.60 : 
Service is RemoteAuthorizationManagerService
{org.wso2.carbon.server.admin.module.handler.AuthenticationHandler}
TID: [0] [AM] [2014-05-07 17:27:28,172] ERROR {org.apache.axis2.engine.AxisEngine} - 
Access Denied. Please login first. {org.apache.axis2.engine.AxisEngine} org.apache.axis2.AxisFault: Access Denied. Please login first.
at org.wso2.carbon.server.admin.module.handler.AuthenticationHandler.authenticate(AuthenticationHandler.java:97)

any suggestion on how to solve this?

Answer 1

Giovanni,

I made contact with WSO2 as I had the same problem and they directed me to https://wso2.org/jira/browse/APIMANAGER-2118

It appears that there maybe a bug in the priority of the SAMLSSOAuthentication and Basic Authentication. I followed the points in the above link and modified the APIMHOME/repository/conf/security/authenticators.xml and changed the priority for SAMLSSO from 10 to 0

I am now able to move between store/publisher and also carbon for API Manager, Identity Server also BAM.

Hope this helps

Carl.