Versions Compared

Old Version 9

changes.mady.by.user Former user

Saved on

compared with

New Version 10

changes.mady.by.user Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. Create new tenants in the  service provider IS .

    Note

    Note: You cannot provide access to the service provider and identity provider for a specific tenant domain. This is accessible to all the tenants configured.

  2. Open the <TOMCAT_HOME>/webapps/travelocity.com/WEB­INF/classes/travelocity.properties file.

    Expand
    titleClick here to see the full contents of the travelocity.properties file.
    Code Block
    EnableSAMLSSOLogin=true
EnableOpenIDLogin=true
EnableSAML2Grant=false
#This is the URL of the page that is used to choose the login scheme
#such as SAML SSO or OpenID. This Url will not be processed by the
#SSOAgentFilter
LoginUrl=index.jsp

#Url to do send SAMLSSO AuthnRequest
SAMLSSOUrl=samlsso

#Url to do send SAML2 Grant OAuth2 Request
SAML2GrantUrl=token

#Url to send OpenID Authentication Request
OpenIDUrl=openid

#A unique identifier for this SAML 2.0 Service Provider application
SAML.IssuerID=travelocity.com

#QueryParams=tenantDomain=tenant.domain


#The URL of the SAML 2.0 Assertion Consumer
SAML.ConsumerUrl=http://wso2is.local/travelocity.com/home.jsp

#The URL of the SAML 2.0 Identity Provider
SAML.IdPUrl=https://localhost:9443/samlsso

#This is the attribute name under which the authenticated session information
#of SAML SSO and OpenID are stored
SSOAgentSessionBeanName=SSOAgentSessionBean

#Identifier given for the Service Provider for SAML 2.0 attributes
#exchange
#SAML.AttributeConsumingServiceIndex=1701087467

#Specify if SingleLogout is enabled/disabled
SAML.EnableSLO=true

#This is the URL that is used for SLO
SAML.LogoutUrl=logout

#Specify if SAMLResponse element is signed
SAML.EnableResponseSigning=false

#Specify if SAMLAssertion element is signed
SAML.EnableAssertionSigning=false

#Specify if SAMLAssertion element is encrypted
SAML.EnableAssertionEncryption=false

#Specify if AuthnRequests and LogoutRequests should be signed
SAML.EnableRequestSigning=false

#Specify if force authentication enabled
SAML.EnableForceAuthentication=false

#Custom credentials class
SAML.SSOAgentCredentialImplClass=org.wso2.carbon.identity.sso.agent.saml.SSOAgentKeyStoreCredential

#KeyStore to cryptographic credentials
#KeyStore=/home/johann/Desktop/wso2is­4.1.0/repository/resources/security/wso2carbon.jks

#Password of the KeyStore for SAML and OpenID
KeyStorePassword=wso2carbon

#Alias of the IdP's public certificate
SAML.IdPCertAlias=wso2carbon#Alias of the SP's private key
SAML.PrivateKeyAlias=wso2carbon

#Private key password to retrieve the private key used to sign
#AuthnRequest and LogoutRequest messages
SAML.PrivateKeyPassword=wso2carbon

#OAuth2 token endpoint URL
SAML.OAuth2TokenEndpoint=https://localhost:9443/oauth2/token

#OAuth2 Client ID
SAML.OAuth2ClientID=Qn5DQHCYfshxeZh6R9SL1HM2lsMa

#OAuth2 Client Secret
SAML.OAuth2ClientSecret=cbkAs1gajdwPAMbrSR54hPAIcz0a

#OpenId Provider Url
OpenID.OpenIdProviderUrl=https://localhost:9443/openid/

#openid.return_to parameter
OpenID.ReturnToUrl=http://wso2is.local/travelocity.com/home.jsp

#This is the request parameter name under which to find the
#openid.claimed_id value to send OpenID authentication request
OpenID.ClaimedIDParameterName=claimed_id

#Custom OpenID AttributesRequestor class
OpenID.AttributesRequestorImplClass=SampleAttributesRequestor

#Additional request parameters
#SAML.Request.Query.Param=&forceAuth=true

  3. In the travelocity.properties file, locate and uncomment the following value. Replace the tenant domain (tenant.domain) with your newly created tenant domain.

    Code Block
    #QueryParams=tenantDomain=tenant.domain
    Tip

    Tip: You can uncomment values in this file by removing the “#”.

  4. In order to enable response signature validation from the Travelocity side, first, you need to download the public certificate of the tenant. 
    1. Login using tenant credentials to the management console and navigate to Home > Manage > Keystores > List. Click on Public Key link to download the certificate.

    2. Now you need to import this public certificate to <APACHE_HOME>/webapps/travelocity.com/WEB-INF/classes/wso2carbon.jks file using the following command.

      Code Block
      keytool -import -alias <key_alias> -file <download_file> -keystore wso2carbon.jks
      Info

      Default password of the wso2carbon.jks is "wso2carbon"

    3. Update IdPPublicCertAlias property in the <APACHE_HOME>/webapps/travelocity.com/WEB-INF/classes/travelocity.properties with provided alias in the previous step.

      Info

      Also, it is possible to disable response signature validation from the Travelocity application using the SAML2.EnableResponseSigning property available in <APACHE_HOME>/webapps/travelocity.com/WEB-INF/classes/travelocity.properties file.

  5. If you made any changes to the port offset, you must ensure that this change is reflected in the port value of the following property.

    Code Block
    SAML.IdPUrl=https://localhost:9443/samlsso

  6. Restart Apache Tomcat and access the travelocity application. You will be able to log in using the identity provider credentials regardless of the tenant domain you are using. Access the travelocity application using the following: http://wso2is.local/travelocity.com/index.jsp


...