In this post I will discuss how I tested the WSO2 Identity Server for single sign on with the WSO2 Identity Server. Single-Sign-On is mechanism in which access control of multiple software applications can be achieved through a single interface.
The SSO functionality requires by design that both the service provider and the relying party have the same data source. The expected output is that when we issue a username and password from a relying party data source on the single sign onn screen, it should validate and direct the user to the relaying party home page as a logged in user.
For this blog I will be using showing how to configure the SSO facility between the identity server and the travelocit.com. As a precondition to follow this blog, you need to download the playground2.war file available hear. Once the war file is downloaded, to deploy this within apache tomcat by placing the war file within /apache-tomcat-7.0.37/webapps. Next move to the bin folder /apache-tomcat-7.0.37/bin and issue the command sh catalina.sh run to start the tomcat. This will deploy the war file.
The SSO functionality requires by design that both the service provider and the relying party have the same data source. The expected output is that when we issue a username and password from a relying party data source on the single sign onn screen, it should validate and direct the user to the relaying party home page as a logged in user.
For this blog I will be using showing how to configure the SSO facility between the identity server and the travelocit.com. As a precondition to follow this blog, you need to download the playground2.war file available hear. Once the war file is downloaded, to deploy this within apache tomcat by placing the war file within /apache-tomcat-7.0.37/webapps. Next move to the bin folder /apache-tomcat-7.0.37/bin and issue the command sh catalina.sh run to start the tomcat. This will deploy the war file.
Next, down tomcat and move to the web.xml file of the extracted travelocity.com war file within
apache-tomcat-7.0.37/webapps/travelocity.com/WEB-INF and update the following details. The port in bold has to be the same port as which the IS is running.
<init-param>
<param-name>IdpUrl</param-name>
<param-value>https://localhost:9443/samlsso</param-value>
</init-param>
<param-name>IdpUrl</param-name>
<param-value>https://localhost:9443/samlsso</param-value>
</init-param>
Once the above configurations are given, restart tomcat for the changes to take effect.
To work with the WSO2 Identity Server, we need to start the application. Go to the location of the Identity Serve ex:wso2is-4.1.1/bin and issue the command ./wso2server.sh. This will start up the application.
To work with the WSO2 Identity Server, we need to start the application. Go to the location of the Identity Serve ex:wso2is-4.1.1/bin and issue the command ./wso2server.sh. This will start up the application.
The above diagram shows the console output when the Identity Server is started.
Next login to the Identity server. The default login is admin/admin.
Once logged in, we need to configure the SSO settings within the identity server. First click on the SAML SSO configuration from the main menu as shown on below image.
Once the SAML SSO configuration screen is loaded and click on the link "Register New Service Provider". as shown below. This will open up the SAML SSO configuration screen.
In the above screen we need to give the URL "http://localhost:8080/travelocity.com/consumer" as the issuer name as well as the assertion consumer URL. This is the URL of the assertion consumer service of the service provider.
Once the above configurations are done we click on the register button for the configurations to take effect.
To test our SSO configurations. Open a new browser tab and give the URL http://localhost:8080/travelocity.com, this should now direct to a URL https://localhost:9443/samlsso displaying a page similar to below screen.
Comments
Post a Comment