Versions Compared

Old Version 16

changes.mady.by.user Former user

Saved on

compared with

New Version Current

changes.mady.by.user Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

This topic provides instructions on how to configure the Mobile Connect as a federated authenticator with WSO2 Identity Server. This scenario is illustrated using a sample application.

Info
titleBefore you begin

Look through the following prior to configuring the Mobile Connect authenticator.

...

  1. Log in to the WSO2 Identity Server management console as an administrator. In the Service Providers section under the Main tab of the management console, click Add.
  2. Add the Service Provider Name and click Register. In this instance, you can use travelocity as the name as it is the name of the sample application.
  3. Navigate to the Inbound Authentication Configuration section of the form and click Configure under the SAML2 Web SSO Configuration section.
  4. Do the following configurations and click Register to save your changes.
    • Issuer: travelocity
    • Assertion Consumer URLs: http://localhost:8080/travelocity.com/home.jsp

    • Select the following checkboxes:

      • Enable Response Signing.

      • Enable Single Logout.

      • Enable Attribute Profile.

      • Include Attributes in the Response Always

    See the following screen for a sample of how this configuration looks like.
  5. Navigate to the Local and Outbound Authentication Configuration section. Select the Federated Authentication radio button and select Mobile Connect from the dropdown list. 
  6. Click Update to save your changes.

Testing the federated authentication flow

The steps to test this flow vary depending on whether you have configured an on-net or off-net flow.

Testing the on-net flow

  1. Navigate to the following URL: http://<TOMCAT_HOST>:<TOMCAT_PORT>/travelocity.com/index.jsp and click the link to log in with SAML using the WSO2 Identity Server.
    Image Added
  2. If you are on the web application you are redirected to the https://discover.mobileconnect.io/gsma/v2/discovery/ endpoint application and you must provide the mobile number there. If you are in the mobile application, you will not see this page and you will be redirected to the page in step 3.
    Image Added
  3. Once you click Next you are redirected to the Mobile Connect Authorization Page, which is one of the network operators page you are registered with.
    Image Added
  4. When the authorization page appears, you are asked to confirm your identity via your mobile phone.
    Image Added
  5. Once you confirm your identity via the mobile device, you are taken to the home page of the travelocity sample application.

Testing the off-net flow

  1. Navigate to the following URL: http://<TOMCAT_HOST>:<TOMCAT_PORT>/travelocity.com/index.jsp and click the link to log in with SAML using the WSO2 Identity Server.
    Image Added
  2. You are redirected to the Mobile Connect authentication endpoint web application. Here you need to provide the mobile number.
    Image Added
  3. Once you provide the mobile number and click on Mobile Connect Log-in, you are redirected to the Authorization Page as in the on-net scenario and there is a popup to confirm your identity. Once you confirm your identity via the mobile device, you are taken to the home page of the travelocity sample application.


Configuring the Identity Server as multi-step authenticator

In order to configure the WSO2 Identity Server as multi-step authenticator, you do not need to do any configuration changes in the identity provider configuration since you have already configured this in the above flow. However, in addition to the changes done previously, you need to do a few changes to the service provider configuration. The following are the changes you need make in the service provider configuration to configure the identity server as a multi-step authenticator.

  1. Configure the first 4 steps in the Configuring the service provider section of this document and expand the Local & Outbound Authentication Configuration section as described in step 5. Select the Advanced Configuration option.
    Image Added
  2. Here you can use the basic authentication and mobile authentication as authentication steps (this can vary depending on your scenario and these are used for as a demonstration). You can add two steps by clicking Add Authentication Step.
    Image Added
  3. In step 1, add a basic authenticator to demonstrate this scenario. Select this from the drop-down under Local Authenticators. Click Add Authenticator to add the basic authenticator. Similarly, for step 2, add Mobile Connect as the federated authenticator by selecting it from the dropdown and clicking Add Authenticator.
    Image Added
    Tip

    Tip: You can add multiple steps and multiple authenticators. For example, if you have configured Facebook as an authenticator, you can select the basic authenticator as the first step, Mobile Connect as the second step, and Facebook as the third step.


  4. Click Update, the service provider is updated with the multi-step authentication option.