Versions Compared

Old Version 8

changes.mady.by.user Former user

Saved on

compared with

New Version 9

changes.mady.by.user Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. Enter 1 as scenario number.

  2. Enter the paths to your WSO2 - IS pack and the Tomcat pack.
                                                                                                                                                                                                                                                                                                                                                   
    Running scenario 1:

    • creates two users - Cameron and Alex 
    • creates the role 'manager' and assigns that role to Cameron
    • creates service providers for two web apps
    • configures SAML2 web SSO for Dispatch and Swift 
    Info

    This QSG uses the command line utility to do the above. To know how each can be done through the Management Console, click the below links:

    a. Creating users and roles

    b. Configuring service providers

    c. Configuring web app for SSO

    Once the above step is done, it displays the following screen:


    Now you can open the web applications by entering the following URL in a web browser.
    Dispatch: http://localhost:8080/saml2-web-app-dispatch.com/
    Swift: http://localhost:8080/saml2-web-app-swift.com/ 

    The following Login screen is displayed:

  3. Click Log in and use the following credentials:

    Manager 
    Username: cameron
    Password: cameron123

    Employee 
    Username: alex
    Password: alex123

  4. Give your consent by selecting the attribute you want to give access to as part of sharing your profile information and click Approve.

    Note

    Obtaining the user consent is one of the fundamental requirements of GDPR regulation. WSO2 IS facilitates this through its Consent Management features. To know more about GDPR and how WSO2 IS handles consent, click here.

    The following page is displayed for the Dispatch application and can be accessed at http://localhost:8080/saml2-web-app-dispatch.com/.

  5. Now open a new tab in your browser and access http://localhost:8080/saml2-web-app-swift.com/. You see the following page for the Swift application.

    The Swift application opens without having to enter the user credentials again.

...

  1. Enter 2 as the scenario number.

  2. Enter the paths to your WSO2 - IS pack and the Apache Tomcat pack.

    Running scenario 2, creates two users (Cameron and Alex), a role as 'manager' and assigns the role to Cameron. It also creates service providers for each application and configures SSO for them. 
    Once this scenario is run, the following screen is displayed:

    Once you open the web applications by entering the following URL in a web browser (Dispatch: http://localhost:8080/Dispatch/ or Swift: http://localhost:8080/Swift/), the following login screen appears:

  3. Click Log in and sign in to the web application you accessed using any of the following credentials:

    Manager 
    Username: cameron
    Password: cameron123

    Employee 
    Username: alex
    Password: alex123

  4. In the OPENID USER CLAIMS page, select the approval type and give the consent by selecting the attribute you wish to share with the service provider and click Continue

    The following page appears if you accessed http://localhost:8080/Dispatch/. The Swift application opens if you attempted to access that instead.
  5. Now open a new tab in your browser and access the other web application. For example, http://localhost:8080/Swift/. The following screen appears.

...

  1. Enter 3 to configure the Multi-factor Authentication scenario. 
  2. Enter the paths where WSO2 - IS and Apache Tomcat are installed.

  3. Enter 'y' to confirm that you have already registered an app in Twitter (see Prerequisites).

  4. Enter the API key and the API secret of your registered Twitter application.

    The following screen is displayed:

  5. Open up a web browser and paste the application URL for Dispatch (http://localhost:8080/saml2-web-app-dispatch.com) or Swift (http://localhost:8080/saml2-web-app-swift.com). Click Log in

  6. Sign in to the application using the following user credentials.

    Manager 
    Username: cameron
    Password: cameron123

    You are redirected to the Twitter login page (as Twitter is the second authentification factor).

  7. Enter your Twitter username and password. 

  8. Give consent and click Approve.
  9. After a successful authentication, you are redirected back to the web application. 

...

  1. Enter number 4 to configure Twitter a Federated Authenticator.

  2. Enter the paths where WSO2 - IS and Tomcat are installed.

  3. Enter 'y' to confirm that you have already registered an app in Twitter (see Prerequisites).
  4. Enter the API key and the API secret of your registered Twitter application.

    The following screen is displayed:

  5. Open up a web browser and paste the application URL for Dispatch (http://localhost:8080/saml2-web-app-dispatch.com) or Swift (http://localhost:8080/saml2-web-app-swift.com). 

  6. Log in to the application using the following user credentials.

    Manager 
    Username: cameron
    Password: cameron123

  7. Give consent and click Approve.

  8. After a successful authentication, you are redirected back to the web application.

...

  1. Enter 5 to select the Configuring Self-Signup scenario.

  2. Enter the paths where WSO2 - IS and Tomcat are installed.

    There are three approaches to enabling users to register themselves:

    1. Self User Registration (without any setting).
      This enables self-sign up in WSO2 IS without any other configuration changes. It sends an email to the user-provided email address but enables self-registration in WSO2 IS.
    2. Enable account lock on creation.
      This will lock the user account during user registration. The user can only log into the app after clicking the verification link sent to the user-provided email address. A confirmation mail is sent to the user but user account is locked until the user confirms the account by clicking on the account confirmation mail sent by WSO2 IS.
    3. Enable Notification Internally Management.
      This approach notifies the user of the account creation. A confirmation mail is sent to the user-provided email address but the account is locked in the process. 

  3. Select the approach you would like to try.

  4. Open the Dispatch web application and try to log in.

  5. In the Sign In page, click the Register Now link.

  6. Fill the user details and create a user account. 


    Note

    Note: If you want a user to self register for a specific tenant, you need to provide the username in the following format: <USERNAME>@<TENAND_DOMAIN>. The following step is required only if you picked option 2 or 3 in the step (3).

  7. Click Confirm Registration in the email or copy the link in the email to your browser to confirm the account. Once you confirm the account, the account is unlocked and an email is sent. Now you can log into the Dispatch application using the new user credentials.

...

  1. Enter number 6 to select the Creating a workflow scenario.
  2. Enter the paths to your WSO2 - IS pack and the Tomcat pack.
  3. Open the Dispatch web application and try to log in.
  4. In the Sign In page, click the Register Now link.

  5. Fill the user details and create a user account. (If you want a user to sign up by themselves for a specific tenant, you need to provide the username in the following format: <USERNAME>@<TENAND_DOMAIN>. (Even though the new user is created successfully, it is still disabled. To enable the user, you need to log in to the WSO2 dashboard and approve the pending workflow requests.)

  6. Access the WSO2 Identity Server dashboard.

  7. Log in to the dashboard with the junior manager’s credentials.

    Username: alex
    Password: alex123

  8. Click on View Details button under Pending Approvals.

  9. Click on the task ID.

  10. Approve the pending task and log out of junior manager’s profile.

  11. Log in to the dashboard with senior manager’s credentials.

    Username: cameron
    Password: cameron123

  12. Click on View Details button under Pending Approvals.

  13. Click on Task ID.

  14. Approve the pending task and log out of the senior manager’s profile.

  15. Log in to the Dispatch application with the new user's credentials.

...