Applies to:
- WSO2 Identity Server (4.0.0 onwards)
- WSO2 Application Server (5.0.1 onwards)
- WSO2 Enterprise Service Bus (4.5.1 onwards)
- WSO2 Governance Registry (4.5.1 onwards)
By default all WSO2 Servers starts servers start in the HTTPS port 9443 and HTTP port 9763. Therefore, when we you run multiple WSO2 Servers we need to servers you must change the default ports so that there would be no port conflicts. So here is the plan we will follow in you must do the following port allocations for this scenario:
- IS runs in https port 9443 (default)
- AS runs in https port 9444 (offset = 1)
- ESB runs in https port 9445 (offset = 2)
- G-Reg runs in https port 9446 (offset = 3)
By default WSO2 Servers servers use basic authentication for its authentication purposes. However, in a Single-Sign-On (SSO) environment, we need to you must use SAML-based authentication to authenticate users to WSO2 servers. The following needs to be done in order to enable SSO:
...
Configuring WSO2 Application Server
We need to do There are two main configurations at to be done in the WSO2 Application Server. Changing These are changing the port configuration and changing the configuration in the <PRODUCT_HOME>/repository/conf/security/authenticators.xml file.
Port
...
configuration
- Download the WSO2 Application Server from here.
- Extract the .zip file. This unzipped folder is referred to as
<AS_HOME>in this topic. - Navigate to the
<AS_HOME>/repository/conf/carbon.xmlfile in the unzipped folder. - Open the carbon.xml file and search for the following configuration:
<offset>0</offset> - Change the
offsetvalue from0to1. - Save the carbon.xml file and close it.
Authenticators
...
configuration
- Navigate to the
<AS_HOME>/repository/conf/security/authenticators.xmlfile. Open the authenticators.xml file and set the "
disabled" attribute value to "false" for theSAML2SSOAuthenticatorconfiguration.
Info title Additional configuration When the cluster is hosted on the cloud or on a remote server, the
IdentityProviderSSOServiceURLtag must be changed in the<PRODUCT_HOME>/repository/conf/security/authenticators.xmlfile. This should point to the host URL of the load balancer of the cluster. This is done because the authentication is done by the WSO2 Identity Server cluster and the load balancer will decide where the authentication request is sent to.
Configuring WSO2 Enterprise Service Bus
Similar to the WSO2 Application Server we need to , configure the port and the authenticator of the WSO2 Enterprise Service Bus.
Port
...
configuration
- Download the WSO2 ESB from here and extract it. This unzipped folder is referred to as
<ESB_HOME>in this topic. - Similar to the WSO2 Application Server, open the
<ESB_HOME>/repository/conf/carbon.xmlfile and change the port offset to2.
Authenticators
...
configuration
- Follow the exact same steps done for the WSO2 Application Server and enable the
SAML2SSOAuthenticatorin the<ESB_HOME>/repository/conf/security/authenticators.xmlfile. Change the
ServiceProviderID. This ID is used by the Identity Server to identify the ESB's requests. Change this value tocarbonServer2.
Info title Additional configuration When the cluster is hosted on the cloud or on a remote server, the
IdentityProviderSSOServiceURLtag must be changed in the<PRODUCT_HOME>/repository/conf/security/authenticators.xmlfile. This should point to the host URL of the load balancer of the cluster. This is done because the authentication is done by the WSO2 Identity Server cluster and the load balancer will decide where the authentication request is sent to.
Configuring WSO2 Governance Registry
Port
...
configuration
- Download the WSO2 Governance Registry from here.
- Set the port offset to
3.
Authenticators
...
configuration
Enable the SAML2SSOAuthenticator and change the ServiceProviderID value to carbonServer3.
...