Skip to main content

Setup SSO with WSO2DAS 3.0.0 portal

Versions:
WSO2DAS 3.0.0 - https://docs.wso2.com/display/DAS300/WSO2+Data+Analytics+Server+Documentation
WSO2IS 5.1.0 as IDP - https://docs.wso2.com/display/IS510/WSO2+Identity+Server+Documentation

learn more about SSO 
http://wso2.com/library/articles/2010/07/saml2-web-browser-based-sso-wso2-identity-server/

Sharing user space
1. create mysql database um_db
mysql -u root -p 
create database um_db
mysql -u root -proot um_db < <IS_HOME>/dbscripts/mysql.sql

2. Add the following to the <IS_HOME>/repository/conf/datasources/master-datasources.xml and <DAS_HOME>/repository/conf/datasources/master-datasources.xml files.

<datasource>
     <name>WSO2_UM_DB</name>
     <description>The datasource used for registry and user manager</description>
     <jndiConfig>
              <name>jdbc/WSO2UMDB</name>
     </jndiConfig>
     <definition type="RDBMS">
              <configuration>
                  <url>jdbc:mysql://localhost:3306/um_db</url>
                  <username>root</username>
                  <password>root</password>
                  <driverClassName>com.mysql.jdbc.Driver</driverClassName>
                  <maxActive>50</maxActive>
                  <maxWait>60000</maxWait>
                  <testOnBorrow>true</testOnBorrow>
                  <validationQuery>SELECT 1</validationQuery>
                  <validationInterval>30000</validationInterval>
              </configuration>
       </definition>
</datasource>

3. Copy the mysql driver to the <IS_HOME>/repository/component/lib and <DAS_HOME>/repository/component/lib

4. Update the following value in <IS_HOME>/repository/conf/user-mgt.xml and <DAS_HOME>/repository/conf/user-mgt.xml 

<Realm>
        <Configuration>
            ...
            <Property name="dataSource">jdbc/WSO2UMDB</Property>
        </Configuration>
        ...
</Realm>

5. Disable the LDAP user store configuration in <IS_HOME>/repository/conf/user-mgt.xml and enable JDBC user store configuration.

Sharing registry space
1. create mysql database reg_db
mysql -u root -p 
create database reg_db
mysql -u root -proot reg_db < <IS_HOME>/dbscripts/mysql.sql

2. Add the following to the <IS_HOME>/repository/conf/datasource/master-datasource.xml and <DAS_HOME>/repository/conf/datasource/master-datasource.xml 

<datasource>
    <name>WSO2REG_DB</name>
    <description>The datasource used for registry</description>
    <jndiConfig>
        <name>jdbc/WSO2REG_DB</name>
    </jndiConfig>
    <definition type="RDBMS">
        <configuration>
            <url>jdbc:mysql://localhost:3306/reg_db?autoReconnect=true&amp;relaxAutoCommit=true&amp;</url>
            <username>root</username>
            <password>root</password>
            <driverClassName>com.mysql.jdbc.Driver</driverClassName>
            <maxActive>50</maxActive>
            <maxWait>60000</maxWait>
            <testOnBorrow>true</testOnBorrow>
            <validationQuery>SELECT 1</validationQuery>
            <validationInterval>30000</validationInterval>
        </configuration>
    </definition>
</datasource

3. Add the following to <IS_HOME>/repository/conf/registry.xml and <DAS_HOME>/repository/conf/registry.xml

<dbConfig name="govregistry">
        <dataSource>jdbc/WSO2REG_DB</dataSource>
</dbConfig>
  
<remoteInstance url="https://localhost">   
        <id>gov</id>
        <dbConfig>govregistry</dbConfig>
        <readOnly>false</readOnly>
        <enableCache>true</enableCache>
        <registryRoot>/</registryRoot>
</remoteInstance>
  
<mount path="/_system/governance" overwrite="true">
        <instanceId>gov</instanceId>
        <targetPath>/_system/governance</targetPath>
</mount>
  
<mount path="/_system/config" overwrite="true">
       <instanceId>gov</instanceId>
       <targetPath>/_system/config</targetPath>
</mount>


Configure WSO2IS as a SAML 2.0 SSO identity provider
1. Start the IS server and login to management console (offset =1) https://localhost:9444/carbon

2. Add service provider
Expand SAML2 Web SSO Configuration inside the Inbound Authentication Configuration and set
Issuer : portal
Assertion Consumer URL: https://localhost:9443/portal/acs

Configure WSO2DAS as SAML 2.0 SSO service provider
DAS 3.0.0 does not come with jaggery-sso module installed by default. In order to use SSO in portal application we have to install it from the feature management. Following are the steps to install SSO-Module(org.jaggeryjs.modules.sso.feature.group) to DAS.

1. Go to feature management on carbon console of DAS. (Learn more on feature management : https://docs.wso2.com/display/DAS300/Installing+and+Managing+Features)
2. Add a new repository. Add following URL http://product-dist.wso2.com/p2/carbon/releases/wilkes/ to the repository.
3. After adding repository click find features.
4. Find a module named as sso-Module(org.jaggeryjs.modules.sso.feature.group). install the 1.4.4 version of it.
6. Then restart the DAS server to apply the changes.

You can find the SSO configs @ <DAS_HOME> repository/deployment/server/jaggeryapps/portal/configs/designer.json

Testing 
Now request https://localhost:9443/portal - it will redirect to IS and ask login username and password - and then will be redirected to DAS portal

Labels:

Comments

Post a Comment

Popular posts from this blog

How to generate random unique number in SOAP UI request

eg 1: ${=System.currentTimeMillis() + ((int)(Math.random()*10000))} eg 2: ${=java.util.UUID.randomUUID()} ${=java.util.UUID.randomUUID()} ${=System.currentTimeMillis() + ((int)(Math.random()*10000))} - See more at: http://tryitnw.blogspot.com/2014/03/generating-random-unique-number-in-soap.html#sthash.m2S4tUFu.dpuf ${=System.currentTimeMillis() + ((int)(Math.random()*10000))} - See more at: http://tryitnw.blogspot.com/2014/03/generating-random-unique-number-in-soap.html#sthash.m2S4tUFu.dpuf ${=System.currentTimeMillis() + ((int)(Math.random()*10000))} - See more at: http://tryitnw.blogspot.com/2014/03/generating-random-unique-number-in-soap.html#sthash.m2S4tUFu.dpuf
Post a Comment
Read more

Tips on using environment variables in WSO2 Integration Cloud

Environment variables allow you to change an application's internal configuration without changing its source code. Let’s say you want to deploy the same application in development, testing  and production environments. Then database related configs and some other internal configurations may change from one environment to another. If we can define these configurations as an environment variables we can easily set those without changing the source code of that application. When you deploy your application in WSO2 Integration Cloud, it lets you define environment variables via the UI. Whenever you change the values of environment variables, you just need to redeploy the application for the changes to take effect. Predefined environment variables Key Concepts - Environment Variables   provides you some predefined set of environment variables which will be useful when deploying applications in WSO2 Integration Cloud. Sample on how to use environment variables U se
Post a Comment
Read more

VFS access SFTP with special character password

Learn WSO2 ESB VFS Transport https://docs.wso2.com/display/ESB481/VFS+Transport When we need to access the FTP server using SFTP, VFS connection-specific URL need to be given as : <parameter name="transport.vfs.FileURI">vfs:sftp://username:p@ssword@ftp.server.com/filePath?vfs.passive=true</parameter> When the password contains a special characters (eg: p@ssword), it gives the following error. 2015-03-27 13:06:03,766  [-]   [PassThroughMessageProcessor-5]  ERROR VFSTransportSender cannot resolve replyFile org.apache.commons.vfs2.FileSystemException: Invalid absolute URI "sftp://username:***@ftp.server.com/filePath?vfs.passive=true". Solution 1: Replace the special characters with the respective hex representation. <parameter name="transport.vfs.FileURI">vfs:sftp://username:p%40ssword@ftp.server.com/filePath?vfs.passive=true</parameter> Char Hex Code ------- -------- [space] %20 &
Post a Comment
Read more