OAuth 2.0 Support with WSO2 Identity Server


In this blog I will discuss how to configure and test the support WSO2 Identity Server has for OAuth 2.0, which was published in the year 2012. OAuth is an open standard for authorization enabling clients to access server resources on behalf of the resource owner.

As a precondition to follow this blog you need to download the playground2.war file available hear. Once the war file is downloaded, to deploy this within apache tomcat, place the war file within /apache-tomcat-7.0.37/webapps. Next move to the bin folder /apache-tomcat-7.0.37/bin and issue the command sh catalina.sh run to start the tomcat. This will deploy the war file.

Next, down tomcat and move to the web.xml file of the extracted playground2.0.war within apache-tomcat-7.0.37/webapps/playground2.0/WEB-INF and update the follwing details.

(a.) Service URL should have the port the application is started up with. If you have started the Identity Serve with an off set, then the matching port should be configured hear.

(b.) The UserName is the value used for the super admin. 

(c.) The Password is the value used for the supper admin.


 <servlet>
        <servlet-name>oAuth2ClientServlet</servlet-name>
        <servlet-class>com.wso2.identity.oauth.sample.OAuth2ClientServlet</servlet-class>
        <init-param>
             <description>serverUrl</description>
             <param-name>serverUrl</param-name>
             <param-value>https://localhost:9443/services/</param-value>
        </init-param>
        <init-param>
             <description>userName</description>
             <param-name>userName</param-name>
             <param-value>Administrator</param-value>
        </init-param>
        <init-param>
             <description>password</description>
             <param-name>password</param-name>
             <param-value>Admin1234</param-value>
        </init-param>
        <load-on-startup>0</load-on-startup>
    </servlet>

Once the above configurations are given, restart tomcat for the changes to take effect.

To work with the WSO2 Identity Server, we need to start the application. Go to the location of the Identity Serve ex:wso2is-4.1.1/bin and issue the command  ./wso2server.sh. This will start up the application.


First login to the Identity Server.  The default login for this is admin/admin

Once logged in, we need to access the OAuth configuration screen and specify the OAuth version, the name of the application and the callback URL to register the application.Ex:http://localhost:8080/playground2.0/oauth2client



Once the application is registered, next the system will generate the required parameters( client ID, Client Secret the Access Token URL and the Authorization URL) to connect with the external application as shown below.




Considering that the tomcat is started as explained  above, give the URL http://localhost:8080/playground2.0/ which will load the below web client.


Once the web page as shown above is loaded click on the button labelled "Import Photos". This will load a page where we need to give the 1.Client ID, 2. Callback URL and 3.Authorized End point values that were generated from the Identity Server when the client application was registered.


Once the detail for client id, callback url and the authorize end point are specified, clicking on the Authorize button will direct the user to a login screen where we need to specify the credentials that were specified within the web.xml file of the Playground2.0 application. 

For this example within the below screen, click on the "Authorize button", to generate the login screen, pass the user name as "Administrator" and the password as "Admin1234" and click on "Login" button.

Once, the login credentials are submitted, next we need to  obtain the  Authorization Token. To obtain this token, specify the 1.Client ID, 2.Client Secret, and the Authorized token endpoint. These details should tally the  values generated by the WSO2 Identity Server when the playground2.0 application was registered as shown below. Once the details are entered click on the "Authorize" button to generate the required authorization  key.


After obtaining the required Authorization, the system requires the user to specify the resource URL as shown below. For the resource URL enter "http://localhost:8080/playground2.0/oauth2-access-resource.jsp" and click on the "Get Photos" button which will provide access to obtain a set of photos from the client application.




Comments