Thursday, February 11, 2016

How to Configure WSO2 Identity Server's Travelocity Sample Application in Tenant Domain

In this blog post my aim is to cover how to register the travelocity application in tenant domain.

Prerequsities :

Download WSO2 Identity Server 5.1.0 



Steps to Follow :


1. Configure the travelocity SSO web application
2. Configure the Service Provider in Tenant Domain
3. Configuring the travelocity SSO application properties file
4. Running the Sample


Configure the travelocity SSO web application

 

To obtain and configure the single sign-on sample, follow the steps below.

  1. You can check out the repository of the SSO sample from GitHub. - https://github.com/wso2/product-is/tree/master/modules/samples/sso 
  2. In your command line, navigate to <SAMPLE_HOME>/sso in the folder you checked out and build the sample using mvn clean install. You must have Apache Maven installed to do this.
  3.  After successfully building the sample, a .war file named travelocity.com can be found inside the <HOME>/sso/SSOAgentSample/ target folder. Deploy this sample web app on a web container. To do this, use the Apache Tomcat server.
  4. Use the following steps to deploy the web app in the web container:
        Stop the Apache Tomcat server if it is already running.
        Copy the travelocity.war file to the <TOMCAT_HOME>/webapps folder.
        Start the Apache Tomcat server. 

Configure the Service Provider in Tenant Domain 


The next step is to configure travelocity.com as service provider in tenant domain. For this you have to first create tenant domain using WSO2 Identity Server

Steps to Create Tenant Domain  :

1.Login to Identity Server with admin/admin credentials
2.Go to Configure Tab > Add New Tenant

Steps to Create the Service Provider in Tenant Domain :

 1.Login to Identity Server with the tenant admin credentials ( tenant@wso2.com)

2.Next navigate to the Main menu and click Add under Service Provider 

3.Expand the Inbound Authentication Configuration section and then expand SAML2 Web SSO Configuration.  



 Issuer : travelocity.com
 Assertion Consumer URL : http://localhost:8080/travelocity.com/home.jsp
 Enable Response Signing
 Enable Single Logout 

4.Save the Service Provider Configuration.

5.Next you have to export the public certificate of the private key used at webapp side to sign the SAML Authentication Request. Following command can be used to export it.

keytool -export -alias travelocity -file travelocity -keystore <path to wso2carbon.jks> '''

6.Import the above exported public certificate to the tenant key store of the internal IDP, identity server as below. 



 7. After the import it will be listed as the following :


8. Edit the Service Provider Configuration and select "travelocity" as the Certificate Alias.


9. The configurations are mostly done to get the SSO scenario work with the webapp. We need to export the tenant public certificate to be imported to the trust store at webapp side. This is in order to verify the SAML Response/Assertion signed signature at the webapp side. We can export the certificate as below from the UI, using public key link.

 10. The exported key needs to be imported to webapp truststore(in this case wso2carbon.jks located inside the {Tomcat_Home}/webapps/travelocity.com/WEB_INF/classes

 keytool -import -alias <The given alias name. Here travel.com> -file <path to downloaded public certificate> -keystore <path to trust store of webapp. Here the wso2carbon.jks file> 


 Configuring the travelocity SSO application properties file


Now you have to change the following properties in the travelocity.properties file located in {Tomcat_Home}/webapps/travelocity.com/WEB_INF/classes

Approach 1 :

 
SAML2.SPEntityId=travelocity.com@wso2.com (Here you have to add the Service Provider issuer name appended with the tenant domain)

IdPPublicCertAlias=travel.com (This is the alias you gave when executing Step 10 in Configuring the Service Provider to import the tenant public certificate   to web app)

 Approach 2 :


 Apart from the above their is another way that you can specify the tenant domain in travelocity properties file. You can try the above mentioned way, or either the below mentioned way. You can pass the tenant domain as QueryParams as follows:

Give the SAML2.SPEntityID = travelocity.com

Uncomment the following in the propertied file :

QueryParams=tenantDomain=wso2.co

IdPPublicCertAlias=travel.com


Now you can test the SSO with travelocity application and login with tenant domain.


Running the Sample

 

Visit http://localhost:8080/travelocity.com . You are directed to the following page:


Since you need to use SAML2 for this sample, click the first link, i.e., Click here to login with SAML from Identity Server. You are redirected to the Identity Server for authentication.

 Enter Tenant Admin credentials and you'd be able to successfully log in.

  
 
at

1 comment:

  1. UnknownApril 9, 2016 at 9:17 PM

    This comment has been removed by a blog administrator.

    ReplyDelete

Subscribe to: Post Comments (Atom)

Importance of Daily Scrum Meeting and Sprint Retrospective

Importance of Daily Scrum Meeting What is a Daily Scrum Meeting? A Scrum meeting is usually held for Projects that are focusing on Agi...