Sample Questions

Standards and Technology

Which grant type should be used when the client makes requests to an API that does not require the user's permission?

  • a) Client Credentials Grant
  • b) Authorization Code Grant
  • c) Implicit Grant
  • d) Resource Owner Password Credentials Grant

Answer: a


Which of the following statements is true about Just-in-Time (JIT) provisioning?

  • a) JIT provisioning is configured against service providers
  • b) In JIT provisioning the user will be always provisioned to the primary userstore
  • c) Just-in-Time provisioning gets triggered when the Identity Server receives a successful authentication response from the external identity provider
  • d) In JIT provisioning the authentication flow will always be blocked till the provisioning finishes

Answer: c

Deployment, Configuration and Management

What is true about the "returnTo" parameter in IdP initiated SLO request?

  • a) This is a mandatory parameter
  • b) If this parameter is present in the request, then the "spEntityID" parameter must also be present
  • c) The value of "returnTo" that comes with the request may not match with one of the assertion consumer URLs or returnTo URLs of the service provider
  • d) This should be the endpoint URL which sends the logout request

Answer: b

Extensions and Customization

A customer is using the SAML2 web browser SSO with WSO2IS and their internal applications. The customer has a requirement to inject an authorization statement into the SAML2 assertion which is generated based on the user's roles. What is the best extension point to achieve this?

  • a) Implement a custom SAML assertion builder by implementing the SAMLAssertionBuilder interface
  • b) Implement a custom SAML response builder by extending the DefaultResponseBuilder class
  • c) Implement a custom SAML assertion builder by extending the DefaultSAMLStatementBuilder class
  • d) Implement a custom SAML assertion builder by extending the DefaultSAMLAssertionBuilder class

Answer: a