Page Comparison

This section provides instructions on how to configure the Token2 authenticator and WSO2 Identity Server using a sample app.  See the following sections for more information.

Deploying Token2 artifacts

The artifacts can be obtained from the store for this authenticator.

1. Place the token2authenticationendpoint.war file into the <IS_HOME>/repository/deployment/server/webapps directory.

2. Place the org.wso2.carbon.extension.identity.authenticator.token2.connector-1.0.0.jar file into the <IS_HOME>/repository/components/dropins directory.
   

   Note
   If you want to upgrade the Token2 Authenticator in your existing IS pack, please refer upgrade instructions.

Anchor
ConfiguringtheToken2HWDevice ConfiguringtheToken2HWDevice

Configuring the Token2 hardware device

1. Register a Token2 account using "https://token2.com/register". Ensure that you do the following.
   1. Enter the Mobile phone number in e164 format (+94 77 ** ** ***) 
   2. Select SMS Based as the User type.
   3. Click Register.
       
2. Once you have registered with Token2, log in using your email, password and the OTP that is sent to the registered mobile number through Token2.
3. Add a new site using "https://token2.com/manage" and obtain the API Key and site_id for the site.
4. As mentioned in the Token2 API page, create the user and you can find the userid in the response.
5. You have to obtain the hardware token device and send the userid, site_id and token serial number to Token2 support to enable it.
6. Then logout and login again with your email, password and use the token generated in the hardware token device.

You have now enabled the token2 hardware device.

Anchor
Deploying travelocity.com sample Deploying travelocity.com sample

Deploying travelocity.com sample

The next step is to deploy the sample app in order to use it in this scenario.

Once this is done, the next step is to configure the WSO2 Identity Server by adding an identity provider and a service provider.

Anchor
Configuring the identity provider Configuring the identity provider

Configuring the identity provider

Now you have to configure WSO2 Identity Server by adding a new identity provider.

1. Download the WSO2 Identity Server from here.

2. Run the WSO2 Identity Server.
3. Log in to the management console as an administrator.
4. In the Identity Providers section under the Main tab of the management console, click Add.
5. Give a suitable name for Identity Provider Name (e.g., token2).
6. Navigate to Token2Authenticator Configuration under Federated Authenticators.

7. Select both check boxes to Enable the Token2 authenticator and make it the Default.
   

8. Enter the following values: 

   Field	Description	Sample Value
   ApiKey	This is the API key you obtained when configuring the Token2 hardware device.	7cf6eof73be1c38952ca81dd68a
   Callback URL	This is the service provider's URL to which the code is sent.	https://localhost:9443/commonauth

9. Click Register. 
   You have now added the identity provider.

Anchor
Configuring User Claims Configuring User Claims

Configuring user claims

1. In the Main menu, click Add under Claims.
2. Click Add New Claim.

3. Click Add Local Claim. The Dialect URI will be automatically set to http://wso2.org/claims, which is the internal claim dilectclaim dialect. 

   Insert excerpt
   IS530:Adding Claim Mapping IS530:Adding Claim Mapping MultiExcerptName Claims nopanel true PageWithExcerpt IS530:Adding Claim Mapping

   
   

4. Next click List under Main > Identity > Users and Roles.
5. Click User Profile under Admin and update the User Id.

Now you have configured the claim.

Configuring the service provider

The next step is to configure the service provider.

1. Return to the management console.

2. In the Identity section under the Main tab, click Add under Service Providers.

3. Enter travelocity.com in the Service Provider Name text box and click Register.

4. In the Inbound Authentication Configuration section, click Configure under the SAML2 Web SSO Configuration section.
   

   Expand
   title Click here to view the field definitions
   Insert excerpt IS530:Configuring SAML2 Web Single-Sign-On IS530:Configuring SAML2 Web Single-Sign-On nopanel true

5. Now set the configuration as follows:

   1. Issuer: travelocity.com

   2. Assertion Consumer URL: http://localhost:8080/travelocity.com/home.jsp

6. Select the following check-boxes:

   1. Enable Response Signing

   2. Enable Single Logout

   3. Enable Attribute Profile

   4. Include Attributes in the Response Always 

7. Click Update to save the changes. Now you will be sent back to the Service Providers page.

8. Go to Claim configuration and select the userId claim as Subject Claim URI.
   

9. Go to Local and Outbound Authentication Configuration section.

10. Select the Advanced configuration radio button option .

11. Add the basic authentication as a first step and token2 authentication as a second step. This is done to configure multi-step authentication. What this means is that a user who logs in would first have to enter their credentials that are configured with the Identity Server and then get authenticated using Token2 as the second step. This is an added security measure and a common use of the Token2 authenticator.
    

    Expand
    title Click here to view the field definitions
    Insert excerpt IS530:Configuring Local and Outbound Authentication for a Service Provider IS530:Configuring Local and Outbound Authentication for a Service Provider nopanel true

You have now added and configured the service provider.

Anchor
Testing the sample Testing the sample

 Testing the sample

1. To test the sample, go to the following URL: http://localhost:8080/travelocity.com 
   

2. Click the link to log in with SAML from WSO2 Identity Server.

3. Basic authentication page will be visible, use your IS username and password.
   

4.  Enter the code that is generated with token2 hardware device to authenticate. You are directed to the home page of the travelocity.com app.