Enterprise Integration Zone is brought to you in partnership with:

Madhuka is Software Engineer and currently works on the Jaggery, UES, WSO2 Gadget Server team. He holds a B.Sc (Hons) degree in Information Technology from the Faculty of Information Madhuka is a DZone MVB and is not an employee of DZone and has posted 52 posts at DZone. You can read more from them at their website. View Full User Profile

Enabling SSO in WSO2 User Engagement Server (UES)

05.03.2013
| 3101 views |
  • submit to reddit

Currently wso2 User Engagement Server (UES) is in ALPHA stage  and it can contain jaggery APPs (javascritp applications) or webapps with gadgets. There you will need to have Single sign-on (SSO) for you applications. Currently UES have 2 application called portal and store. Single sign-on (SSO) is a property of access control of multiple related, but independent software systems. With this property a user logs in once and gains access to all systems without being prompted to log in again at each of them.

Post will explain how to have Single sign-on (SSO) among them with support of ‘org.wso2.carbon.identity.sso.saml.feature’ or you can used wso2 IS server for SSO. 

Dowload location : http://dist.wso2.org/milestone/gs/ues/ALPHA2/wso2ues-1.0.0-ALPHA2.zip

1. Unzip the pack

2. Open '\wso2ues-1.0.0-ALPHA2\wso2ues-1.0.0\repository\deployment\server\jaggeryapps\portal\portal.json' where contains portal app config data.

Change the 'ssoConfiguration' in portal.json for you need. Here I am using default wso2carbon.jkh file as keyStore

"ssoConfiguration" : {
  "enabled" : true,
  "issuer" : "portal",
  "identityProviderURL" : "https://localhost:9443/admin/samlsso",
  "keyStorePassword" : "wso2carbon",
  "identityAlias" : "wso2carbon",
  "responseSigningEnabled" : "true",
  "keyStoreName" : "C:/WSO2/WSO2Trunk/platform/branches/4.0.0/products/ues/1.0.0/modules/distribution/target/wso2ues-1.0.0-ALPHA2/wso2ues-1.0.0/repository/resources/security/wso2carbon.jks"
}

3. Then go to ‘store’ app and change ‘store.json’  as below ssoConfiguration

  "ssoConfiguration" : {
  "enabled" : true,
  "issuer" : "store",
  "identityProviderURL" : "https://localhost:9443/admin/samlsso",
  "keyStorePassword" : "wso2carbon",
  "identityAlias" : "wso2carbon",
  "responseSigningEnabled" : "true",
  "keyStoreName" : "C:/WSO2/WSO2Trunk/platform/branches/4.0.0/products/ues/1.0.0/modules/distribution/target/wso2ues-1.0.0-ALPHA2/wso2ues-1.0.0/repository/resources/security/wso2carbon.jks"
  }

4. After that Start wso2 UES server  from

wso2ues-1.0.0-ALPHA2\wso2ues-1.0.0\bin\wso2server.bat or wso2server.sh

5. Go to https://localhost:9443/admin/carbon/ and login using “admin” and “admin”

6. Navigagte to Home > Manage > SAML SSO

7. Enter
"Issuer" as "store" (you app name that is define in store.json sso congfig)
"Assertion Consumer URL" as "http://localhost:9763/store/sso.jag"

Check the Enable Single Logout, Use fully qualified username in the SAML Response and Enable Assertion Signing for requirement

image

8. Click  Register and you will be notified as "Service Provider Added Successfully"

9. Enter Portal data for SSO

image

10. SignOut from admin carbon now and go to below url for

portal : http://localhost:9763/portal/ 

11. Click on sign in button on the top

image

There you have to enter the use name and password as “admin” and “admin”

image

Here you see admin is logged in

image

12. go to Store : http://localhost:9763/store/assets/gadget/

and click Sign In or when where system (APP)

request for login SSO do it  so no need to enter user name, password again

image

13. As we enable single log out, click logout in any app and test is it effect to other App as well.

image

image

In console you can find logout infor as below

[2013-04-27 16:43:48,615]  INFO {org.wso2.carbon.identity.sso.saml.ui.logout.LogoutRequestSender} -  single logout request is sent to : http://localhost:9763/portal/sso.jag is returned with OK

NOTE

This above SSO work with data level storing concepts and

“org.wso2.stratos.identity.saml2.sso.mgt.feature.” will support predefine SSO configuration rather entering all data in carbon admin mgt.

go to “\wso2ues-1.0.0-ALPHA2\wso2ues-1.0.0\repository\conf\sso-idp-config.xml” and uncomment those line or enter you app data in there for ServiceProvider

eg:

  <ServiceProvider>
  <Issuer>portal</Issuer>  <AssertionConsumerService>http://localhost:9763/portal/sso.jag</AssertionConsumerService>
  <CustomLoginPage>ssoApp/login_processor.jag</CustomLoginPage>
  </ServiceProvider>

Start the UES Server again.

You can see that sso registration infor in console

[2013-04-27 16:55:52,619]  INFO {org.wso2.stratos.identity.saml2.sso.mgt.SSOServiceProviderUpdateManager} -  A SSO Service Provider is registered for : portal

image

Enjoy WSO2 UES with SSO feature!!

You can defein that SSO feature in remote wso2 IS server even. Smile

Published at DZone with permission of Madhuka Udantha, author and DZone MVB. (source)

(Note: Opinions expressed in this article and its replies are the opinions of their respective authors and not those of DZone, Inc.)