...
- First download WSO2 Identity Server from here and extract it into a directory in your file system. Lets call this directory
<PRODUCT_HOME>
. Start the Identity Server by running wso2server.sh (in UNIX) or wso2server.bat (in Windows) file found in the
<PRODUCT_HOME>/bin
directory. Identity Server starts with a default configuration. If you examine the OpenID URL of a user (the default admin user in this instance) in Identity Server, it will look like the following:Code Block https://localhost:9443/openid/admin
However, this OpenID URL cannot be accessed by other hosts in your network, so the next logical step is to change the name of the host.
- Configure the host name as "wso2identity" (or any IP address).
First configure the following parameters in carbon.xml which can be found in the
<PRODUCT_HOME>/repository/conf
directory.Code Block <ServerURL>https://wso2identity:${carbon.management.port}${carbon.context}/services/</ServerURL> <HostName>wso2identity</HostName>
Configure the following parameters in identity.xml which can be found in same location.
Code Block <OpenIDServerUrl>https://wso2identity:9443/openidserver</OpenIDServerUrl> <OpenIDUserPattern>https://wso2identity:9443/openid/</OpenIDUserPattern>
Restart the Identity Server. Now the OpenID URL is as follows:
Code Block https://wso2identity:9443/openid/admin
- Download latest version of Liferay portal from here and extract it into a directory in your file system. Lets call this
<LIFERAY_HOME>
for the purposes of our scenario. - Set
CATALINA_HOME =<LIFERAY_HOME>/tomcat_dir
. - Start the Liferay portal by running the catalina.sh file (in UNIX) or the catalina.bat file (in Windows), which is found in the
<CATALINA_HOME>/bin
directory. - Create a user account in Liferay and configure an OpenID that is issued by Identity Server: (https://wso2identity:9443/openid/admin).
- Now try to sign in by providing your OpenID. Do this by clicking on Sign In at the top right of your screen. You may see the following error message. This occurs because there is one more configuration to do, if we use default keystore, wso2carbon.jks for identity server.
Liferay uses Java cacerts as its trust-store. However, wso2carbon.jks contains a self-signed certificate. So the public key should be imported to the Java cacerts that are used by Liferay. Then Liferay can trust the OpenID provided by WSO2 Identity Server. - Import the WSO2 Identity Server public certificate to the cacerts.
First export the wso2carbon certificate from wso2carbon.jks which can be found in the
<PRODUCT_HOME>/repository/resources/security
directory. The following is the sample keytool command:Code Block > keytool -export -keystore wso2carbon.jks -file carbon.cert -alias localhost -keypass wso2carbon
Import this to the cacerts which are found in the
<JAVA_HOME>/jre/lib/security
directory.Code Block > keytool -import -keystore cacerts -file carbon.cert -alias carbon -storepass changeit
- Then restart the Liferay portal. Now you can sign in to the Liferay portal using WSO2 Identity Server's Openid.