The Actual Configurations for SSO and How to get it Working..
Prerequisites :
Identity Server 5.1.0 (Download : http://wso2.com/products/identity-server/)
Dashboard Server 2.0.0 (Download : https://github.com/wso2/product-ds/releases/tag/v2.0.0-beta)
Configurations for both DS and IS to point to a common User database/store.
1. Create a MySQL database (e.g., ustore) and run the <DS_HOME>/dbscripts/mysql.sql script on it to create the required tables.
2.Open <DS_HOME>/repository/conf/datasources/master-datasources.xml file and add the datasource configuration for the database that you use for the shared user store and user management information. For example,
<Property name="dataSource">jdbc/ustore</Property>
Note - DS will have the the jdbc user store as the default user store. So in the same file the jdbcUserStoreManager will be uncommented. Leave it as it is.
4.Open <IS_HOME>/repository/conf/datasources/master-datasources.xml file and add the USTORE datasource that you added to DS listed above. So now both IS and DS will point to the same database.
5. Open <IS_HOME>/repository/conf/user-mgt.xml and point to jdbc/ustore
<Property name="dataSource">jdbc/ustore</Property>
Note - IS will have the ldap user store as the default user store. So you have to comment out the ldap configuration and uncomment the jdbc user store in the same file. So both DS and IS will be accessing one common user store.
6. Open <IS_HOME>/repository/conf/identity/embedded-ldap.xml and disable the embedded ldap by setting <Property name="enable">false</Property> within <EmbeddedLDAP> tags.
Now Both DS and IS will be pointing to one common user store..
7. Remember to copy the database driver into <DS_HOME>/repository/components/lib> and <IS_HOME>/repository/components/lib and restart the servers
Now Let's Register the Dashboard Server portal as Service Providers in IS
1. Start the IS pack
2. Go to IS Management Console > Main > Service Providers > Add
3. Give a unique name for service provider and click Register
4. Click on Inbound Authentication Configuration > SAML2 Web SSO Configuration > Configure
5. Fill on the details as follows for the DS portal
Note - Assertion Consumer URL has my local/machine ip address. Configure it with your correct ip address and my Dashboard Server is running on port 9444 which I have stated the offset as 1. This will be done in the future steps.
Now the Service Provider is successfully registered.
Now Let's Do the Configurations for Dashboard Server to Enable SSO with WSO2 Identity Server
1. Open <DS_HOME>/repository/conf/carbon.xml and change the offset to 1
2. Open <DS_HOME>/repository/deployment/server/jaggeryapps/portal/configs/designer.json
"authentication": {
"activeMethod": "sso",
"methods": {
"sso": {
"attributes": {
"issuer": "ues",
"identityProviderURL": "https://10.100.7.57:9443/samlsso",
"responseSigningEnabled": "true",
"acs": "https://10.100.7.57:9443/portal/acs",
"identityAlias": "wso2carbon",
"useTenantKey": false
}
},
"basic": {
"attributes": {}
}
}
}
Here the identityProviderURL will point to the IS and the issuer is given as "ues" since when we were adding the service provider for the Dashboard Portal we gave the issuer as "ues". Both should be the same.
Also "activeMethod" should be changed from "basic" to "sso"
"acs" is the Dashboard Server portal acs URL
Now We are Done with the Configurations!!
Start the DS server and Open up a Browser. Hit the portal URL (https://10.100.7.57:9444/portal). You should be directed to the IS login. Enter admin/admin username/password and sign in.
Following is the IS login page that you will be directed to :
No comments:
Post a Comment