Versions Compared

Old Version 7

changes.mady.by.user Gomathy Kumarakuruparan

Saved on

compared with

New Version 8

changes.mady.by.user Gomathy Kumarakuruparan

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

The authenticationendpoint contains the authentication URLs used in authentication flow. You can either host the authenticationendpoint webapp on the WSO2 Identity Server, or choose to host it on a separate server. You may want to host it separately for the purpose of having custom theming and branding. This section describes how you can host the authentication endpoint on a different server outside the WSO2 Identity Server  (e.g., in a different Tomcat Server). 

Table of Contents

Moving the authenticationendpoint from WSO2IS and hosting it on a separate web server
Note
titleBefore you begin:

First, get a copy of <IS_HOME>/repository/deployment/server/webapps/authenticationendpoin.war to <WebApp_HOME>/ and unzip it. Make sure to get the authenticationendpoin.war after the WUM update and NOT the extracted  authenticationendpoint in <IS_HOME>/repository/deployment/server/webapps/

  1. Copy the following .jar files from the <IS_HOME>/repository/components/plugins/ directory to the <WebApp_HOME>/authenticationendpoint/WEB-INF/lib directory.

    • abdera_1.0.0.wso2v3.jar
    • ant_1.7.0.wso2v1.jar
    • axiom_1.2.11.wso2v13.jar
    • axis2_1.6.1.wso2v34.jar
    • bcprov-jdk15on_1.60.0.wso2v1.jar
    • commons-cli_1.2.0.wso2v1.jar
    • commons-collections_3.2.2.wso2v1.jar
    • commons-dbcp_1.4.0.wso2v1.jar
    • commons-fileupload_1.3.3.wso2v1.jar
    • commons-httpclient_3.1.0.wso2v6.jar
    • commons-io_2.4.0.wso2v1.jar
    • commons-lang_2.6.0.wso2v1.jar
    • commons-pool_1.5.6.wso2v1.jar
    • compass_2.0.1.wso2v2.jar
    • encoder_1.2.0.wso2v1.jar
    • com.google.gson_2.8.5.jar
    • hazelcast_3.5.4.wso2v2.jar
    • httpclient_4.3.6.wso2v2.jar
    • httpcore_4.3.3.wso2v1.jar
    • javax.cache.wso2_4.4.38.jar
    • jdbc-pool_7.0.81.wso2v2.jar
    • joda-time_2.9.4.wso2v1.jar
    • json_3.0.0.wso2v1.jar
    • neethi_2.0.4.wso2v5.jar
    • opensaml_2.6.4.wso2v5.jar
    • org.eclipse.equinox.http.helper_1.1.0.wso2v1.jar
    • org.eclipse.osgi_3.9.1.v20130814-1242.jar
    • org.eclipse.osgi.services_3.3.100.v20130513-1956.jar
    • org.wso2.carbon.base_4.4.38.jar
    • org.wso2.carbon.core_4.4.38.jar
    • org.wso2.carbon.crypto.api_1.0.3.jar
    • org.wso2.carbon.database.utils_2.0.9.jar
    • org.wso2.carbon.identity.application.common_5.12.332.jar
    • org.wso2.carbon.identity.base_5.12.332.jar
    • org.wso2.carbon.identity.template.mgt_5.12.332.jar
    • org.wso2.carbon.logging_4.4.38.jar
    • org.wso2.carbon.queuing_4.4.38.jar
    • org.wso2.carbon.registry.api_4.4.38.jar
    • org.wso2.carbon.registry.core_4.4.38.jar
    • org.wso2.carbon.securevault_4.4.38.jar
    • org.wso2.carbon.user.api_4.4.38.jar
    • org.wso2.carbon.user.core_4.4.38.jar
    • org.wso2.carbon.utils_4.4.38.jar
    • org.wso2.securevault_1.0.0.wso2v2.jar
    • rampart-core_1.6.1.wso2v28.jar
    • slf4j.api_1.7.21.jar
    • tomcat-catalina-ha_7.0.93.wso2v1.jar
    • tomcat-servlet-api_7.0.93.wso2v1.jar
    • wsdl4j_1.6.2.wso2v4.jar
    • XmlSchema_1.4.7.wso2v6.jar
    • org.wso2.carbon.ui_4.4.38.jar
    • org.wso2.carbon.identity.application.authentication.endpoint.util_5.12.332.jar
    • org.wso2.carbon.identity.core_5.12.332.jar
    • org.wso2.carbon.identity.user.registration.stub_5.12.332.jar
    • jettison_1.3.4.wso2v1.jar

  2. Copy the following .jar files from the <IS_HOME>/lib/runtimes/cxf3/ directory to the <WebApp_HOME>/authenticationendpoint/WEB-INF/lib directory.

    • cxf-core-3.2.8.jar
    • cxf-rt-frontend-jaxrs-3.2.8.jar
    • cxf-rt-rs-client-3.2.8.jar
    • cxf-rt-rs-extension-providers-3.2.8.jar
    • cxf-rt-rs-extension-search-3.2.8.jar
    • cxf-rt-rs-service-description-3.2.8.jar
    • cxf-rt-transports-http-3.2.8.jar

  3. Copy the following .jar files from the <IS_HOME>/bin/ directory to the <WebApp_HOME>/authenticationendpoint/WEB-INF/lib directory.

    • org.wso2.carbon.bootstrap-4.4.38.jar
    • tomcat-juli-7.0.93.jar
  4. Copy the following .jar file from the <IS_HOME>/lib/ directory to the <WebApp_HOME>/authenticationendpoint/WEB-INF/lib directory.
    •  xercesImpl-2.8.1.wso2v2.jar
  5. Copy the following .jar files from the <IS_HOME>/lib/endorsed/ directory to the <WebApp_HOME>/authenticationendpoint/WEB-INF/lib directory.
    • geronimo-jta_1.1_spec-1.1.jar
    • stax2-api-3.1.4.jar
    • woodstox-core-asl-4.4.1.jar

  6. Copy the following .jar files from the <IS_HOME>/repository/components/tools/forget-me/lib/ directory to the <WebApp_HOME>/authenticationendpoint/WEB-INF/lib directory.

    • log4j-1.2.17.jar

  7. Uncomment following section in <WebApp_HOME>/authenticationendpoint/WEB-INF/web.xml and point to identity server URLs.

    Code Block
    languagexml
    ...   
<context-param>
       <param-name>IdentityManagementEndpointContextURL</param-name>
<param-value>https://$WEB_SERVER_HOST:$WEB_SERVER_PORT/accountrecoveryendpoint</param-value>
   </context-param>
    <context-param>
       <param-name>AccountRecoveryRESTEndpointURL</param-name>
     <param-value>https://localhost:9443/t/tenant-domain/api/identity/user/v0.9/</param-value>
   </context-param>
...
    <context-param>
        <param-name>IdentityServerEndpointContextURL</param-name>
        <param-value>https://localhost:9443</param-value>
    </context-param>
...

  8. Change the following configuration in <IS_HOME>/repository/conf/identity/application-authentication.xml file

    Code Block
    languagexml
    <AuthenticationEndpointURL>/authenticationendpoint/login.do</AuthenticationEndpointURL>
<AuthenticationEndpointRetryURL>/authenticationendpoint/retry.do</AuthenticationEndpointRetryURL>
<AuthenticationEndpointMissingClaimsURL>/authenticationendpoint/claims.do</AuthenticationEndpointMissingClaimsURL>

    as follows:

    Code Block
    languagexml
    <AuthenticationEndpointURL>https://$WEB_SERVER_HOST:$WEB_SERVER_PORT/authenticationendpoint/login.do</AuthenticationEndpointURL>
<AuthenticationEndpointRetryURL>https://$WEB_SERVER_HOST:$WEB_SERVER_PORT/authenticationendpoint/retry.do</AuthenticationEndpointRetryURL>
<AuthenticationEndpointMissingClaimsURL>https://$WEB_SERVER_HOST:$WEB_SERVER_PORT/authenticationendpoint/claims.do</AuthenticationEndpointMissingClaimsURL>

    You will need to add AuthenticationEndpointMissingClaimsURL configuration, as it is not already available in this configuration file.

  9. Change the following configuration in <IS_HOME>/repository/conf/identity/identity.xml file to point to the authentication endpoint hosted outside the wso2 server.

    Code Block
    languagexml
    ...
<OpenID>
	...
	<OpenIDLoginUrl>https://$WEB_SERVER_HOST:$WEB_SERVER_PORT/authenticationendpoint/openid_login.do</OpenIDLoginUrl>
	...
</OpenID>
...
<OAuth>
	...
	<OAuth2ConsentPage>https://$WEB_SERVER_HOST:$WEB_SERVER_PORT/authenticationendpoint/oauth2_authz.do</OAuth2ConsentPage>
	<OAuth2ErrorPage>https://$WEB_SERVER_HOST:$WEB_SERVER_PORT/authenticationendpoint/oauth2_error.do</OAuth2ErrorPage>
	<OIDCConsentPage>https://$WEB_SERVER_HOST:$WEB_SERVER_PORT/authenticationendpoint/oauth2_consent.do</OIDCConsentPage>
	<OIDCLogoutConsentPage>https://$WEB_SERVER_HOST:$WEB_SERVER_PORT/authenticationendpoint/oauth2_logout_consent.do</OIDCLogoutConsentPage>
	<OIDCLogoutPage>https://$WEB_SERVER_HOST:$WEB_SERVER_PORT/authenticationendpoint/oauth2_logout.do</OIDCLogoutPage>
	...
</OAuth>
...
<SSOService>
	...  
	<DefaultLogoutEndpoint>https://$WEB_SERVER_HOST:$WEB_SERVER_PORT/authenticationendpoint/samlsso_logout.do</DefaultLogoutEndpoint>
    <NotificationEndpoint>https://$WEB_SERVER_HOST:$WEB_SERVER_PORT/authenticationendpoint/samlsso_notification.do</NotificationEndpoint>
    ...
</SSOService>
...
<PassiveSTS>
	...
   <RetryURL>https://$WEB_SERVER_HOST:$WEB_SERVER_PORT/authenticationendpoint/retry.do</RetryUR>
	...
<PassiveSTS>
...

  10. Import the public certificate of the identity server to the javaca certs (or web-serverstruststore) of the JVM that the authenticationendpoint is running.

    Code Block
    languagexml
    keytool -export -keystore $IS_HOME/repository/resources/security/wso2carbon.jks -alias wso2carbon -file wso2carbon.cer
    Code Block
    languagexml
    keytool -import -alias wso2carbon -keystore  $WEB_APP_TRUSTSTORE -file wso2carbon.cer

  11. Import the public certificate of the Web_server’s keystore to the Identity Server truststore.


    Code Block
    languagexml
    keytool -export -keystore $WEB_APP_KEYSTORE -alias wso2carbon -file webserver.cer
    Code Block
    languagexml
    keytool -import -alias <alias> -keystore  $IS_HOME/repository/resources/security/client-trustore.jks -file webserver.cer

...

  1. In <WebApp_HOME>/accountrecoveryendpoint/WEB-INF/classes/RecoveryEndpointConfig.propertiesfile, uncomment and change it to identity server.

    Code Block
    languagexml
    identity.server.service.contextURL=https://localhost:9443/services

  2. Uncomment and change the user portal reference in  <WebApp_HOME>/accountrecoveryendpoint/WEB-INF/web.xml

    Code Block
    languagexml
    <context-param>
        <param-name>UserPortalUrl</param-name>
        <param-value>https://localhost:9443/dashboard/index.jag</param-value>
</context-param>

  3. Export the following paths. 

    Code Block
    languagexml
    export WEB_APP_HOME=/Users/userfoo/apache-tomcat-7.0.81/webapps
export IS_HOME=/Users/userfoo/wso2is-5.6.0
export WEB_APP_LIB=${WEB_APP_HOME}/accountrecoveryendpoint/WEB-INF/lib/
    Note
    Note:
     WEB_APP_HOME and IS_HOME paths are given as examples. You may have to change them according to your environment.
     

  4. Copy the following .jar files from the <IS_HOME>/repository/components/plugins/ directory to the <WebApp_HOME>/accountrecoveryendpoint/WEB-INF/lib directory.

    • commons-lang_2.6.0.wso2v1.jar

    • encoder_1.2.0.wso2v1.jar

    • com.google.gson_2.8.5.jar

    • httpclient_4.3.6.wso2v2.jar

    • httpcore_4.3.3.wso2v1.jar

    • json_3.0.0.wso2v1.jar

    • org.wso2.carbon.identity.mgt.stub_5.12.332.jar

    • org.wso2.carbon.identity.user.registration.stub_5.12.332.jar

    • org.wso2.carbon.base_4.4.38.jar

    • org.wso2.carbon.identity.base_5.12.332.jar

    • org.wso2.carbon.ui_4.4.38.jar

    • org.wso2.carbon.identity.application.authentication.endpoint.util_5.12.332.jar

    • org.wso2.carbon.identity.core_5.12.332.jar

    • org.wso2.carbon.utils_4.4.38.jar

    • org.wso2.carbon.user.core_4.4.38.jar

    • org.wso2.carbon.user.api_4.4.38.jar

    • org.wso2.carbon.logging_4.4.38.jar

    • axis2_1.6.1.wso2v34.jar

    • opensaml_2.6.4.wso2v5.jar

    • jettison_1.3.4.wso2v1.jar

    • neethi_2.0.4.wso2v5.jar

    • wsdl4j_1.6.2.wso2v4.jar

    • org.apache.commons.commons-codec_1.12.0.jar

    • commons-collections_3.2.2.wso2v1.jar

    • org.wso2.carbon.identity.mgt_5.12.332.jar

    • org.wso2.carbon.tomcat.ext_4.4.38.jar

  5. Copy the following .jar files from the <IS_HOME>/lib/runtimes/cxf3/ directory to the <WebApp_HOME>/accountrecoveryendpoint/WEB-INF/lib directory.

    1. javax.ws.rs-api-2.1.1.jar

    2. cxf-core-3.2.8.jar

    3. cxf-rt-frontend-jaxrs-3.2.8.jar

    4. cxf-rt-rs-client-3.2.8.jar

    5. cxf-rt-rs-extension-providers-3.2.8.jar

    6. cxf-rt-rs-extension-search-3.2.8.jar

    7. cxf-rt-rs-service-description-3.2.8.jar

    8. cxf-rt-transports-http-3.2.8.jar

    9. jackson-annotations-2.9.7.jar

    10. jackson-core-2.9.7.jar

    11. jackson-databind-2.9.7.jar

    12. jackson-jaxrs-base-2.9.7.jar

    13. jackson-jaxrs-json-provider-2.9.7.jar

    14. jackson-module-jaxb-annotations-2.9.7.jar

    Note

    Note: Make sure the WebApp container server (of endpoint apps) is running with SSL enabled.

    e.g., if tomcat enabled the https connector, add the following to catalina.sh.

    Code Block
    languagexml
    JAVA_OPTS="$JAVA_OPTS -Djavax.net.ssl.keyStore=$WEB_SERVER_KEYSTORE -Djavax.net.ssl.keyStorePassword=$password"
JAVA_OPTS="$JAVA_OPTS -Djavax.net.ssl.trustStore=$WEBSERVER_TRUSTORE -Djavax.net.ssl.trustStorePassword=$password"

...