fb
WSO2 Identity Server 4 min

Authentication with BIT.LY in WSO2 Identity Server

Rob Blaauboer
Rob Blaauboer
Integration Consultant & WSO2 Trainer
Federated Authenticator connectors in your Identity Server
Scroll

WSO2’s Identity and Access Management Solution, Identity Server, allows you to introduce Federated Authentication in your IT landscape.

With Federated Authentication we mean that we use a third party (a so called Identity Provider) to authenticate a user.

Rather than keeping a separate and own user registration, authentication is done by a third party for instance Facebook, Google or  another service.

We should clarify, btw, that is is not a question of either / or but rather question of choice. You can have a local authenticator and / or federated authenticator(s).

A Store full of authenticators

WOS2 IS supports a number of standards like OpenID, OAUTH2, SAML, OpenID Connect, WS Federation as well as Google, Yahoo, Facebook and so on.  Since IS 5.1.0 we have seen the IS Connectors come into play, with a special store (store.wso2.com) offering Federal Authenticators (and other IS connectors) as well as ESB and DAS connectors.

Currently (October 2017) we count 25 Federated Authenticator connectors in the store for you to integrate in your Identity Server.

Federated Authenticator connectors in your Identity Server.png

In this blog we will show you how to create a  sample setup with the Bit.ly authenticator in WSO2 Identity Server. Step by step we will create the setup.

Deploying Bitly IS connector

The Bitly connector can be downloaded from the WSO2 Connector Store as a OSGI Bundle (Jar file). You should store the org.wso2.carbon.identity.authenticator.bitly.connector-1.0.0.jar file into the [IS_HOME]/repository/components/dropins directory.

The jar is called wso2-extensions/identity-outbound-auth-bitly-1.0.0.jar and this is the key to finding the source code of the connector.

Google for the name (minus the version) and you end up on github. There, at https://github.com/wso2-extensions/identity-outbound-auth-bitly you find the source code. You can inspect the code as well as compile the code (mvn clean install).

It is actually all based on an mvn archetype that will create a structure for you to create your own connector.

mvn archetype to create your own connector.png

The Connector Store is managed by WSO2 and if you created a connector that you would like to submit to the store you can do so.

Configuring the Bitly App

If we want to use Bitly as a federated authenticator we need an account with them. So create an account at https://bitly.com/a/sign_up.

Create bit.ly account.png

Validate your account by replying to the email which you’ll receive upon registration.

Register your app (to get a client key and client secret) at https://bitly.com/a/oauth_apps.

Register bitly app.png

Use https://localhost:9443/commonauth  as the Redirect URL when you register the client. Assuming you will have your IS available on your localhost and you will test only from your local machine.

Copy the clientId and clientSecret - bitly.png

Copy the clientId and clientSecret of your created app at a later stage in the Identity provider you will create.  In our screenshot we blurred out the actual values. You do not need to generate an access token.

Deploying travelocity.com sample app

To test it out we will download the Travelocity sample app. You can download the war file here.

If you prefer the source code to compile yourself, this can be found here at github. You need to deploy the war file on Tomcat7.x since the sample was developed using Servlets 3.0. Drop the warfile in your webapps directory of your Tomcat installation. Check by going to http://localhost:8080/travelocity.com/index.jsp.

Note that this blog assumes that you have a port offset of zero for your identity server. If not you need to change the travelocity.comWEB-INFclassestravelocity.properties for any port addresses pointing at the Identity Server.

Add Identity Provider to WSO2IS.png

Configuring the identity provider

We presume you have an installed copy of WSO2 Identity Server 5.3.0 up and running. If not please check our blog on installing WSO2 products if you need any help with that.

Log in to the Identity Server as administrator and add an Identity Provider on the main tab.

First add the Identity Provider:

Add new Identity provider - WSO2 IS.png

Secondly, configure the BitlyAuthenticator Configuration with the information from the bitly app (client ID and client secret) and the callback URL https://localhost:9443/commonauth

configure the BitlyAuthenticator Configuration.png

Click on register to add the identity provider to IS.

Configuring the service provider

Now we need to configure the service provider. Please fill in the data exactly like you see here to make sure that you do not get any errors.

Register New Service Provider.png

Return to the management console. Add a Service Provider. Enter travelocity.com in the Service Provider Name text box and click Register. Select the Inbound Authentication Configuration section, click Configure under the SAML2 Web SSO Configuration section.

Enter the following:

Issuer:
travelocity.com

Assertion Consumer URLhttp://localhost:8080/travelocity.com/home.jsp and click Add.

Select the following check-boxes:

  • Enable Response Signing.
  • Enable Single Logout.
  • Enable Attribute Profile
  • Include Attributes in the Response Always.

Select Update to store the changes. Navigate to Local & Outbound Authentication Configuration and turn on Federated Authentication to Bitly Identity Provider created.

Service Providers.png

We have now configured the IS and  can try it out.

Testing the sample

Go to the  http://localhost:8080/travelocity.com. You will arrive at the Travelocity screen.

Travelocity.com.png

Login with SAML from the WSO2 Identity Server. You will be taken to the login page of bitly. After successful login you will be redirected to Travelocity and shown login details.

Login details travelocity.png

If you have any questions about this blogpost contact us via the comments section of this blog. View also our WSO2 Tutorials, webinars or white papers for more technical information. Need support? We do deliver WSO2 Product SupportWSO2 Development SupportWSO2 Operational Support and WSO2 Training Programs.

Full API lifecycle Management Selection Guide

WHITEPAPER

smartmockups l0qqucke