WSO2’s Identity and Access Management Solution, Identity Server, allows you to introduce Federated Authentication in your IT landscape.
With Federated Authentication we mean that we use a third party (a so called Identity Provider) to authenticate a user.
Rather than keeping a separate and own user registration, authentication is done by a third party for instance Facebook, Google or another service.
We should clarify, btw, that is is not a question of either / or but rather question of choice. You can have a local authenticator and / or federated authenticator(s).
A Store full of authenticators
WOS2 IS supports a number of standards like OpenID, OAUTH2, SAML, OpenID Connect, WS Federation as well as Google, Yahoo, Facebook and so on. Since IS 5.1.0 we have seen the IS Connectors come into play, with a special store (store.wso2.com) offering Federal Authenticators (and other IS connectors) as well as ESB and DAS connectors.
Currently (October 2017) we count 25 Federated Authenticator connectors in the store for you to integrate in your Identity Server.
In this blog we will show you how to create a sample setup with the Bit.ly authenticator in WSO2 Identity Server. Step by step we will create the setup.
Deploying Bitly IS connector
The Bitly connector can be downloaded from the WSO2 Connector Store as a OSGI Bundle (Jar file). You should store the org.wso2.carbon.identity.authenticator.bitly.connector-1.0.0.jar file into the [IS_HOME]/repository/components/dropins
directory.
The jar is called wso2-extensions/identity-outbound-auth-bitly-1.0.0.jar and this is the key to finding the source code of the connector.
Google for the name (minus the version) and you end up on github. There, at https://github.com/wso2-extensions/identity-outbound-auth-bitly you find the source code. You can inspect the code as well as compile the code (mvn clean install).
It is actually all based on an mvn archetype that will create a structure for you to create your own connector.
The Connector Store is managed by WSO2 and if you created a connector that you would like to submit to the store you can do so.
Configuring the Bitly App
If we want to use Bitly as a federated authenticator we need an account with them. So create an account at https://bitly.com/a/sign_up.
Validate your account by replying to the email which you’ll receive upon registration.
Register your app (to get a client key and client secret) at https://bitly.com/a/oauth_apps.
Use https://localhost:9443/commonauth as the Redirect URL when you register the client. Assuming you will have your IS available on your localhost and you will test only from your local machine.
Copy the clientId and clientSecret of your created app at a later stage in the Identity provider you will create. In our screenshot we blurred out the actual values. You do not need to generate an access token.
Deploying travelocity.com sample app
To test it out we will download the Travelocity sample app. You can download the war file here.
If you prefer the source code to compile yourself, this can be found here at github. You need to deploy the war file on Tomcat7.x since the sample was developed using Servlets 3.0. Drop the warfile in your webapps directory of your Tomcat installation. Check by going to http://localhost:8080/travelocity.com/index.jsp.
Note that this blog assumes that you have a port offset of zero for your identity server. If not you need to change the travelocity.comWEB-INFclassestravelocity.properties for any port addresses pointing at the Identity Server.
Configuring the identity provider
We presume you have an installed copy of WSO2 Identity Server 5.3.0 up and running. If not please check our blog on installing WSO2 products if you need any help with that.
Log in to the Identity Server as administrator and add an Identity Provider on the main tab.
First add the Identity Provider:
Secondly, configure the BitlyAuthenticator Configuration with the information from the bitly app (client ID and client secret) and the callback URL https://localhost:9443/commonauth
Click on register to add the identity provider to IS.
Configuring the service provider
Now we need to configure the service provider. Please fill in the data exactly like you see here to make sure that you do not get any errors.
Return to the management console. Add a Service Provider. Enter travelocity.com in the Service Provider Name text box and click Register. Select the Inbound Authentication Configuration section, click Configure under the SAML2 Web SSO Configuration section.
Enter the following:
Issuer:
travelocity.com
Assertion Consumer URL: http://localhost:8080/travelocity.com/home.jsp and click Add.
Select the following check-boxes:
- Enable Response Signing.
- Enable Single Logout.
- Enable Attribute Profile
- Include Attributes in the Response Always.
Select Update to store the changes. Navigate to Local & Outbound Authentication Configuration and turn on Federated Authentication to Bitly Identity Provider created.
We have now configured the IS and can try it out.
Testing the sample
Go to the http://localhost:8080/travelocity.com. You will arrive at the Travelocity screen.
Login with SAML from the WSO2 Identity Server. You will be taken to the login page of bitly. After successful login you will be redirected to Travelocity and shown login details.
If you have any questions about this blogpost contact us via the comments section of this blog. View also our WSO2 Tutorials, webinars or white papers for more technical information. Need support? We do deliver WSO2 Product Support, WSO2 Development Support, WSO2 Operational Support and WSO2 Training Programs.