Versions Compared

Old Version 9

changes.mady.by.user Former user

Saved on

compared with

New Version 10

changes.mady.by.user Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

WSO2 Identity Server (WSO2 IS) provides identity management across many platforms such as enterprise applications, services, and APIs. In other words, it provides a comprehensive solution that allows you to manage the identity and access management (IAM) activities of an enterprise. The Quick Start Guide takes you on a quick tour of WSO2 IS to help you understand what you can achieve using this product. 

...

  1. Enter 1 as scenario number.

  2. Enter the paths to your WSO2 IS pack and the Tomcat pack.
                                                                                                                                                                                                                                                                                                                                                   
    Running scenario 1:

    • creates two users - Cameron and Alex 
    • creates the role 'manager' and assigns that role to Cameron
    • creates service providers for two web apps
    • configures SAML2 web SSO for Dispatch and Swift 
    Info

    This QSG uses the command line utility to do the above. To know how each can be done through the Management Console, click the below links:

    a. Creating users and roles

    b. Configuring service providers

    c. Configuring web app for SSO

    Once the above step is done, it displays the following screen:


    Now you can open the web applications by entering the following URL in a web browser.
    Dispatch: http://localhost:8080/saml2-web-app-dispatch.com/
    Swift: http://localhost:8080/saml2-web-app-swift.com/ 

    The following Login screen is displayed:

  3. Click Log in and use the following credentials:

    Manager 
    Username: cameron
    Password: cameron123Employee 
    Username: alex
    Password: alex123

  4. Give your consent by selecting the attribute you want to give access to as part of sharing your profile information and click Approve.

    Note

    Obtaining the user consent is one of the fundamental requirements of GDPR regulation. WSO2 IS facilitates this through its Consent Management features. To know more about GDPR and how WSO2 IS handles consent, click here.

    The following page is displayed for the Dispatch application and can be accessed at http://localhost:8080/saml2-web-app-dispatch.com/.

  5. Now open a new tab in your browser and access http://localhost:8080/saml2-web-app-swift.com/. You see the following page for the Swift application.

    The Swift application opens without having to enter the user credentials again.

...

  1. Enter 2 as the scenario number.

  2. Enter the paths to your WSO2 IS pack and the Apache Tomcat pack.

    Running scenario 2, creates two users (Cameron and Alex), a role as 'manager' and assigns the role to Cameron. It also creates service providers for each application and configures SSO for them. 
    Once this scenario is run, the following screen is displayed:

    Once you open the web applications by entering the following URL in a web browser (Dispatch: http://localhost:8080/Dispatch/ or Swift: http://localhost:8080/Swift/), the following login screen appears:

  3. Click Log in and sign in to the web application you accessed using any of the following credentials:

    Manager 
    Username: cameron
    Password: cameron123

    Employee 
    Username: alex
    Password: alex123

  4. In the OPENID USER CLAIMS page, select the approval type and give the consent by selecting the attribute you wish to share with the service provider and click Continue

    The following page appears if you accessed http://localhost:8080/Dispatch/. The Swift application opens if you attempted to access that instead.
  5. Now open a new tab in your browser and access the other web application. For example, http://localhost:8080/Swift/. The following screen appears.

...

  1. Enter 3 to configure the Multi-factor Authentication scenario. 
  2. Enter the paths where WSO2 IS and Apache Tomcat are installed.

  3. Enter 'y' to confirm that you have already registered an app in Twitter (see Prerequisites).

    Expand
    Image Removed

  4. Enter the API key and the API secret of your registered Twitter application.

    Image Removed

    The following screen is displayed:
    Image Removed

  5. Open up a web browser and paste the application URL for Dispatch (http://localhost:8080/saml2-web-app-dispatch.com) or Swift (http://localhost:8080/saml2-web-app-swift.com). Click Log in

    Image Removed

  6. Sign in to the application using the following user credentials.

    Manager 
    Username: cameron
    Password: cameron123

    Image Removed

    You are redirected to the Twitter login page (as Twitter is the second authentification factor).

  7. Enter your Twitter username and password. 
    Image Removed

  8. Give consent and click Approve.
    Image Removed
  9. After a successful authentication, you are redirected back to the web application. 
    Image Removed

Federated authentication

Problem scenario

Pickup works with a team of external consultants and you want to give them access to the web apps. However, it is a hassle to keep adding and maintaining their accounts in the employee database as these consultants are temporary and they keep rotating. Therefore, you decide to use Identity Server's identity federation capability where the external consultants can use their already existing Twitter account credentials to log in to the apps.  

Configuring federated authentication

You can use the following steps to configure federated authentication using WSO2 IS:

  1. Enter number 4 to configure Twitter a Federated Authenticator.

    Image Removed

  2. Enter the paths where WSO2 IS and Tomcat are installed.

    Image Removed

  3. Enter 'y' to confirm that you have already registered an app in Twitter (see Prerequisites).
    titleClick here for instructions on registering a Twitter app.

    To try out multi-factor authentication, you must first register a Twitter application if you have not done so already. 

    1. Go to https://twitter.com/ and create an account.

    2. Register a new application on Twitter at https://apps.twitter.com. For more information, see Create Twitter Application
      You can use the following URL as the Callback URL for your twitter app: https://localhost:9443/commonauth.

    3. Note down the API key and secret for later use.

    Image Added

  4. Enter the API key and the API secret of your registered Twitter application.

    Image Added

    The following screen is displayed:
    Image Added

  5. Open up a web browser and paste the application URL for Dispatch (http://localhost:8080/saml2-web-app-dispatch.com) or Swift (http://localhost:8080/saml2-web-app-swift.com). Click Log in

    Image Added

  6. Sign in to the application using the following user credentials.

    Manager 
    Username: cameron
    Password: cameron123

    Image Added

    You are redirected to the Twitter login page (as Twitter is the second authentification factor).

  7. Enter your Twitter username and password. 
    Image Added

  8. Give consent and click Approve.
    Image Added
  9. After a successful authentication, you are redirected back to the web application. 
    Image Added

Federated authentication

Problem scenario

Pickup works with a team of external consultants and you want to give them access to the web apps. However, it is a hassle to keep adding and maintaining their accounts in the employee database as these consultants are temporary and they keep rotating. Therefore, you decide to use Identity Server's identity federation capability where the external consultants can use their already existing Twitter account credentials to log in to the apps.  

Configuring federated authentication

You can use the following steps to configure federated authentication using WSO2 IS:

  1. Enter number 4 to configure Twitter a Federated Authenticator.

    Image Added

  2. Enter the paths where WSO2 IS and Tomcat are installed.

    Image Added

  3. Enter 'y' to confirm that you have already registered an app in Twitter.

    Expand
    titleClick here for instructions on registering a Twitter app.

    To try out this federation scenario, you must first register a Twitter application if you have not done so already. 

    1. Go to https://twitter.com/ and create an account.

    2. Register a new application on Twitter at https://apps.twitter.com. For more information, see Create Twitter Application
      You can use the following URL as the Callback URL for your twitter app: https://localhost:9443/commonauth.

    3. Note down the API key and secret for later use.


    Image Modified

  4. Enter the API key and the API secret of your registered Twitter application.

    The following screen is displayed:

  5. Open up a web browser and paste the application URL for Dispatch (http://localhost:8080/saml2-web-app-dispatch.com) or Swift (http://localhost:8080/saml2-web-app-swift.com). 

  6. Log in to the application using the following user credentials.

    Manager 
    Username: cameron
    Password: cameron123

  7. Give consent and click Approve.

  8. After a successful authentication, you are redirected back to the web application.

...

  1. Enter number 6 to select the Creating a workflow scenario.
  2. Enter the paths to your WSO2 IS pack and the Tomcat pack.
  3. Open the Dispatch web application and try to log in.
  4. In the Sign In page, click the Register Now link.

  5. Fill the user details and create a user account. (If you want a user to sign up by themselves for a specific tenant, you need to provide the username in the following format: <USERNAME>@<TENAND_DOMAIN>. (Even though the new user is created successfully, it is still disabled. To enable the user, you need to log in to the WSO2 dashboard and approve the pending workflow requests.)

  6. Access the WSO2 Identity Server dashboard.

  7. Log in to the dashboard with the junior manager’s credentials.

    Username: alex
    Password: alex123

  8. Click on View Details button under Pending Approvals.

  9. Click on the task ID.

  10. Approve the pending task and log out of junior manager’s profile.

  11. Log in to the dashboard with senior manager’s credentials.

    Username: cameron
    Password: cameron123

  12. Click on View Details button under Pending Approvals.

  13. Click on Task ID.

  14. Approve the pending task and log out of the senior manager’s profile.

  15. Log in to the Dispatch application with the new user's credentials.

...