Tuesday, January 26, 2016

Setup SSO with WSO2DAS 3.0.0 portal

Versions:
WSO2DAS 3.0.0 - https://docs.wso2.com/display/DAS300/WSO2+Data+Analytics+Server+Documentation
WSO2IS 5.1.0 as IDP - https://docs.wso2.com/display/IS510/WSO2+Identity+Server+Documentation

learn more about SSO 
http://wso2.com/library/articles/2010/07/saml2-web-browser-based-sso-wso2-identity-server/

Sharing user space
1. create mysql database um_db
mysql -u root -p 
create database um_db
mysql -u root -proot um_db < <IS_HOME>/dbscripts/mysql.sql

2. Add the following to the <IS_HOME>/repository/conf/datasources/master-datasources.xml and <DAS_HOME>/repository/conf/datasources/master-datasources.xml files.

<datasource>
     <name>WSO2_UM_DB</name>
     <description>The datasource used for registry and user manager</description>
     <jndiConfig>
              <name>jdbc/WSO2UMDB</name>
     </jndiConfig>
     <definition type="RDBMS">
              <configuration>
                  <url>jdbc:mysql://localhost:3306/um_db</url>
                  <username>root</username>
                  <password>root</password>
                  <driverClassName>com.mysql.jdbc.Driver</driverClassName>
                  <maxActive>50</maxActive>
                  <maxWait>60000</maxWait>
                  <testOnBorrow>true</testOnBorrow>
                  <validationQuery>SELECT 1</validationQuery>
                  <validationInterval>30000</validationInterval>
              </configuration>
       </definition>
</datasource>

3. Copy the mysql driver to the <IS_HOME>/repository/component/lib and <DAS_HOME>/repository/component/lib

4. Update the following value in <IS_HOME>/repository/conf/user-mgt.xml and <DAS_HOME>/repository/conf/user-mgt.xml 

<Realm>
        <Configuration>
            ...
            <Property name="dataSource">jdbc/WSO2UMDB</Property>
        </Configuration>
        ...
</Realm>

5. Disable the LDAP user store configuration in <IS_HOME>/repository/conf/user-mgt.xml and enable JDBC user store configuration.

Sharing registry space
1. create mysql database reg_db
mysql -u root -p 
create database reg_db
mysql -u root -proot reg_db < <IS_HOME>/dbscripts/mysql.sql

2. Add the following to the <IS_HOME>/repository/conf/datasource/master-datasource.xml and <DAS_HOME>/repository/conf/datasource/master-datasource.xml 

<datasource>
    <name>WSO2REG_DB</name>
    <description>The datasource used for registry</description>
    <jndiConfig>
        <name>jdbc/WSO2REG_DB</name>
    </jndiConfig>
    <definition type="RDBMS">
        <configuration>
            <url>jdbc:mysql://localhost:3306/reg_db?autoReconnect=true&amp;relaxAutoCommit=true&amp;</url>
            <username>root</username>
            <password>root</password>
            <driverClassName>com.mysql.jdbc.Driver</driverClassName>
            <maxActive>50</maxActive>
            <maxWait>60000</maxWait>
            <testOnBorrow>true</testOnBorrow>
            <validationQuery>SELECT 1</validationQuery>
            <validationInterval>30000</validationInterval>
        </configuration>
    </definition>
</datasource

3. Add the following to <IS_HOME>/repository/conf/registry.xml and <DAS_HOME>/repository/conf/registry.xml

<dbConfig name="govregistry">
        <dataSource>jdbc/WSO2REG_DB</dataSource>
</dbConfig>
  
<remoteInstance url="https://localhost">   
        <id>gov</id>
        <dbConfig>govregistry</dbConfig>
        <readOnly>false</readOnly>
        <enableCache>true</enableCache>
        <registryRoot>/</registryRoot>
</remoteInstance>
  
<mount path="/_system/governance" overwrite="true">
        <instanceId>gov</instanceId>
        <targetPath>/_system/governance</targetPath>
</mount>
  
<mount path="/_system/config" overwrite="true">
       <instanceId>gov</instanceId>
       <targetPath>/_system/config</targetPath>
</mount>


Configure WSO2IS as a SAML 2.0 SSO identity provider
1. Start the IS server and login to management console (offset =1) https://localhost:9444/carbon

2. Add service provider
Expand SAML2 Web SSO Configuration inside the Inbound Authentication Configuration and set
Issuer : portal
Assertion Consumer URL: https://localhost:9443/portal/acs

Configure WSO2DAS as SAML 2.0 SSO service provider
DAS 3.0.0 does not come with jaggery-sso module installed by default. In order to use SSO in portal application we have to install it from the feature management. Following are the steps to install SSO-Module(org.jaggeryjs.modules.sso.feature.group) to DAS.

1. Go to feature management on carbon console of DAS. (Learn more on feature management : https://docs.wso2.com/display/DAS300/Installing+and+Managing+Features)
2. Add a new repository. Add following URL http://product-dist.wso2.com/p2/carbon/releases/wilkes/ to the repository.
3. After adding repository click find features.
4. Find a module named as sso-Module(org.jaggeryjs.modules.sso.feature.group). install the 1.4.4 version of it.
6. Then restart the DAS server to apply the changes.

You can find the SSO configs @ <DAS_HOME> repository/deployment/server/jaggeryapps/portal/configs/designer.json

Testing 
Now request https://localhost:9443/portal - it will redirect to IS and ask login username and password - and then will be redirected to DAS portal

No comments: