Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. First download WSO2 Identity Server from here and extract it into a directory in your file system. Lets call this directory <PRODUCT_HOME>.
  2. Start the Identity Server by running wso2server.sh (in UNIX) or wso2server.bat (in Windows) file found in the <PRODUCT_HOME>/bin directory. Identity Server starts with a default configuration. If you examine the OpenID URL of a user (the default admin user in this instance) in Identity Server, it will look like the following:

    Code Block
    https://localhost:9443/openid/admin

    However, this OpenID URL cannot be accessed by other hosts in your network, so the next logical step is to change the name of the host.

  3. Configure the host name as "wso2identity" (or any IP address). 
    1. First configure the following parameters in carbon.xml which can be found in the <PRODUCT_HOME>/repository/conf directory.

      Code Block
      <ServerURL>https://wso2identity:${carbon.management.port}${carbon.context}/services/</ServerURL>
      <HostName>wso2identity</HostName>
    2. Configure the following parameters in identity.xml which can be found in same location.

      Code Block
      <OpenIDServerUrl>https://wso2identity:9443/openidserver</OpenIDServerUrl>
      <OpenIDUserPattern>https://wso2identity:9443/openid/</OpenIDUserPattern>
  4. Restart the Identity Server. Now the OpenID URL is as follows:

    Code Block
    https://wso2identity:9443/openid/admin
  5. Download latest version of Liferay portal from here and extract it into a directory in your file system. Lets call this <LIFERAY_HOME> for the purposes of our scenario.
  6. Set CATALINA_HOME =<LIFERAY_HOME>/tomcat_dir.
  7. Start the Liferay portal by running the catalina.sh file (in UNIX) or the catalina.bat file (in Windows), which is found in the <CATALINA_HOME>/bin directory.
  8. Create a user account in Liferay and configure an OpenID that is issued by Identity Server: (https://wso2identity:9443/openid/admin).
    Image RemovedImage RemovedImage Added
    Image Added
  9. Now try to sign in by providing your OpenID. Do this by clicking on Sign In at the top right of your screen. You may see the following error message. This occurs because there is one more configuration to do, if we use default keystore, wso2carbon.jks for identity server.
    Image RemovedImage Added

    Liferay uses Java cacerts as its trust-store. However, wso2carbon.jks contains a self-signed certificate. So the public key should be imported to the Java cacerts that are used by Liferay. Then Liferay can trust the OpenID provided by WSO2 Identity Server.
  10. Import the WSO2 Identity Server public certificate to the cacerts.
    1. First export the wso2carbon certificate from wso2carbon.jks which can be found in the <PRODUCT_HOME>/repository/resources/security directory. The following is the sample keytool command:

      Code Block
      > keytool -export -keystore wso2carbon.jks -file carbon.cert -alias localhost -keypass wso2carbon
    2. Import this to the cacerts which are found in the <JAVA_HOME>/jre/lib/security directory.

      Code Block
      > keytool -import -keystore cacerts -file carbon.cert -alias carbon -storepass changeit
  11. Then restart the Liferay portal. Now you can sign in to the Liferay portal using WSO2 Identity Server's Openid.