Current trends require usage of services from hundreds of websites in a connected world. Most of these websites need the user to create an account with them by providing a valid email address and password. Remembering all the different user IDs and passwords that you use can be difficult and cumbersome. To make life easier most websites now provide the user with an option to log in using their Facebook account, Twitter account or Google account. Since most of the internet users have one of these accounts, it makes creating a new account an instant action.
WSO2 Identity Server enables users to log in to applications with their Facebook account. To do that, first you have to create a Facebook app after registering as a Facebook developer.
Tip | ||
---|---|---|
| ||
Please refer Refer this document to download the |
...
Excerpt | |||||||||
---|---|---|---|---|---|---|---|---|---|
Now you have finished configuring Facebook as an Identity Provider.
|
...
Tip | ||
---|---|---|
| ||
If you haven't downloaded the samples, please refer this document to download the |
Open a terminal window and add the following entry to the
/etc/hosts
file of your machine to configure the hostname.Code Block language bash 127.0.0.1 wso2is.local
Info title Why is this step needed? Some browsers do not allow you to create cookies for a naked hostname, such as
localhost
. Cookies are required when working with SSO. Therefore, to ensure that the SSO capabilities work as expected in this tutorial, you need to configure theetc/host
file as explained in this step.The
etc/host
file is a read-only file. Therefore, you won't be able to edit it by opening the file via a text editor. Instead, edit the file using the terminal commands.
For example, use the following command if you are working on a Mac/Linux environment.Code Block sudo nano /etc/hosts
- Deploy this sample web app on a web container.
- Use the Apache Tomcat server to do this.
- Since this sample is written based on Servlet 3.0, it needs to be deployed on Tomcat 7.x.
Copy the .war file into the webapps folder. For example,
<APACHE_HOME>/apache-tomcat-7.0.50/webapps
.- Start the tomcat server.
Open the
travelocity.properties
file found in the<APACHE_HOME>/webapps/travelocity.com/WEB-INF/classes
directory and configure the following property with the hostname (wso2is.local
) that you configured above. Finally restart the tomcat server.Code Block language text #The URL of the SAML 2.0 Assertion Consumer SAML2.AssertionConsumerURL=http://wso2is.local:8080/travelocity.com/home.jsp
Tip | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|
Tip: If you wish to change properties like the issuer ID, consumer URL, and IdP URL, you can edit the travelocity.properties file found in the This sample uses the following default values.
If you edit the travelocity.properties file, you must restart the Apache Tomcat server for the changes to take effect. |
...
Configuring the service provider
The next step is to configure the service provider.
- Return to the Management Console.
- In the Identity section under the Main tab, click Add under Service Providers.
- Enter travelocity.com in the Service Provider Name text box and click Register.
- In the Inbound Authentication Configuration section, click Configure under the SAML2 Web SSO Configuration section and set the configuration as follows:
Enter the following values:
Panel Issuer: travelocity.com
Assertion Consumer URL: http://wso2is.local:8080/travelocity.com/home.jsp
Select the following check-boxes:
Panel Enable Response Signing
Enable Single Logout
Enable Attribute Profile
Include Attributes in the Response Always
Click Register. Now you will be sent back to the Service Providers page.
Go to the Local and Outbound Authentication Configuration section.
Select the Federated Authentication radio button and select the Identity Provider you created from the dropdown list under Federated Authentication.
Click Update to save the changes.
You have now added and configured the service provider.
Note |
---|
The default client-truststore.jks found in the |
Panel | ||
---|---|---|
| ||
For more information on SSO, see Single Sign-On. |
...