This post demonstrates how to setup travelocity.com sample webapp which acts as a relying party for obtaining Identity from WSO2 Identity Server. Here I use the Identity Server 5.0.0 version and for authentication, SAML 2.0 is used. Here the Identity Server is running in localhost on port 9443.
First, login to the management console of the Identity Server as the admin. Then we need to create a Service Provider. Here I name the service provider as travelocity.com.
Next step is to configure the ‘SAML2 Web SSO Configuration’ which is listed under the ‘Inbound Authentication Configuration’ in the Service Provider configuration.
Set the SAML2 configuration of the service provider as shown below.
Here I’m going to host the travelocity.com sample web app in Tomcat which runs in the port 8080. For the hostname localhost is used. Therefore the Assertion Consumer URL of the service provider is http://localhost:8080/travelocity.com/home.jsp. This is the URL where the Identity Server should redirect upon successful login to the travelocity app. After making the configuration as above, ‘Register’ the Service Provider.
Note :
Once the travelocity sample is hosted in tomcat, the properties file of the app can be found in following file path.
<TOMCAT_HOME>/webapps/travelocity.com/WEB-INF/classes/travelocity.properties
This property file defines the required properties in SAML2 protocol and some other protocols.
The corresponding property names related to SAML2 are shown in following image which are defined in this property file. The values for these properties in the file should match with the values given in the travelocity.com Service Provider in Identity Server. The above configuration in the Service Provider was done such that it match with the default SAML2 property values defined in the travelocity.com app’s property file so that you don’t need to make any change to these property values.
If the Identity Server is running on a different hostname/port number, following property in the travelocity.com properties file should be changed accordingly.
SAML.IdPUrl=https://localhost:9443/samlsso
The keystore of travelocity.com sample can be found in following path.
<TOMCAT_HOME>/webapps/travelocity.com/WEB-INF/classes/wso2carbon.jks
The public certificate of the Identity Server (default keystore) is already imported to the keystore of travelocity sample because the SAML2 response and the Assertion sent by the Identity Server are signed by the private key of the Identity Server with above Service Provider configuration.
|
After setting SAML2 Web SSO Configuration, ‘Update’ the Service Provider.
Now the configurations in Identity Server are complete. Next step is to host the travelocity.com sample webapp in Tomcat.
The source code of the sample can be downloaded from [1] and the built war file of the web app can be downloaded from [2]. Copy the travelocity.com.war to the <TOMCAT_HOME>/webapps and deploy the webapp.
After the webapp is successfully deployed, go to the index page with the following link.
http://localhost:8080/travelocity.com/index.jsp
Here Tomcat is running in localhost on port 8080.
Here Tomcat is running in localhost on port 8080.
Login to the webapp with SAML2.
Then the webapp redirects the browser to the Identity Server where the user has to login to the Identity Server.
Upon the successful login to the Identity Server, it redirects back to the travelocity webapp (to the Assertion Consumer URL) and now the user is logged into to the travelocity webapp.
Tharindu Edirisinghe
Identity Server Team
WSO2
This tavelocity app confused me more than it solved any problems
ReplyDeletei am looking for basic answers like how do we configure wso2 to say after OAuth and open id go to this page of some app
and how do i pass the authentication information to the sp app ?
from what i see in documentation is it can only communicate to sp apps via saml, openid, etc . which confuses me , if an app was ok to implement oauth spec for this WSO2 to App communication , why would it go for WSO2 in first place , can it not implement SAML or OAUTH directly with Google or SAML IDPS ?