Download and install Oracle Java SE Development Kit (JDK) 1.7.* or 1.8.* .
Install WSO2 IS 5.78.0 by downloading the installer.
The WSO2 IS installation location varies according to the OS as given below.
OS
Home directory
Mac OS
/Library/WSO2/IdentityServer/5.78.0
Windows
C:\Program Files\WSO2\IdentityServer\5.78.0
Ubuntu
/usr/lib/wso2/IdentityServer/5.78.0
CentOS
/usr/lib64/IdentityServer/5.8.700
Hereafter, the installation location of WSO2 IS is called <IS_HOME>.
Download and install curl. Make sure you install the binary type file of the version you choose.
For Mac OS, open the /etc/hosts file. For Windows, open the etc/hosts file in <Windows-Installation-Drive>\Windows\System32\drivers. Add the following entry to the file and save it.
xml
If you are planning to use Single Sign-On (SSO), use localhost.cominstead of localhost to resolve the naked host issue since some browsers do not allow to create cookies for a naked host name.
Make sure that this is the only such entry available for this IP address in the /etc/hosts file to avoid any conflicts.
Hereafter, the directory which contains the downloaded sample file is called <IS_SAMPLE_DISTR>.
Open the server.properties file in <IS_SAMPLE_DISTR>/IS-QSG/conf/ and make sure that wso2is.host.domain and wso2is.host.port are configured as shown below.
Navigate to <IS_HOME>/bin and start the server by executing either of the following commands.
Navigate to <IS_SAMPLE_DISTR>/IS-QSG/bin and execute either of the following commands to start the sample application.
To try out the samples, open a command prompt in the <IS_SAMPLE_DISTR>/IS-QSG/bin folder and run one of the following commands.
When prompted, confirm the configurations.
Note that a message appears to pick a scenario, which indicates that the samples are deployed and WSO2 IS is up and running.
What's Next? Let's try out the samples using the instructions in the next tab.
Auitabspage
id
test3
title
3. Trying the Samples
Let's try out the samples.
You might need to add a security exception when trying out the samples. This is due to the use of self-signed certificates that are not trusted by the browser and they do not have an impact on the sample testing process.
The first problem that Pickup faces is that each employee has to use separate sets of user names and passwords (credentials) to log in to Pickup Dispatch and Pickup Manager.
When the number of applications that are used in Pickup increases, the employees have to maintain more credentials. This is not scalable. Cameron decides to use Single Sign-On (SSO) to overcome this situation. With SSO, when a user signs in to one application (authentication), that user is automatically authenticated to other applications, eliminating the need to maintain multiple credentials.
Cameron decides to use WSO2 IS to configure SSO.
Let's use the command-line to check the SSO functionality with SAML2 or OIDC.
Configuring SSO with SAML2
If the two applications are using SAML2 as their authentication protocol, follow the steps below:
Enter 1 as the scenario number at the command prompt to:
Create the two users, Cameron and Alex.
Create and assign the user role Manager to Cameron.
Create service providers for Pickup Dispatch and Pickup Manager.
Configure SAML2 web SSO for Pickup Dispatch and Pickup Manager.
Note that a message with the user and web application details appears.
You can also perform the above using the WSO2 IS Management Console. For more information, see Creating users and roles, , and .
Enter either of the following credentials to sign in to the application.
Select the attributes that you want to share with Dispatch and click Approve.
Obtaining the user consent is one of the fundamental requirements of the GDPR regulation. WSO2 IS facilitates this through its Consent Management features. To know more about GDPR and how WSO2 IS handles consent, see Consent Management.
Note that the Pickup Dispatch home screen appears.
Enter either of the following credentials to sign in to the application.
Select the approval type that you wish provide and the attributes that you wish to share with the application and click Continue.
Obtaining the user consent is one of the fundamental requirements of GDPR regulation. WSO2 IS facilitates this through its Consent Management features. To know more about GDPR and how WSO2 IS handles consent, see Consent Management.
Note that the Pickup Dispatch home screen appears.
Similarly, enter http://localhost:8080/pickup-manager on a browser to access the Pickup Manager application. Notice that the Pickup Manager application opens without having to enter the user credentials.
Hurrah! You have set up SSO and your employees are happy with their experience as they only have to provide credentials once in order to access both Pickup Dispatch and Pickup Manager.
Next, in order to try out other scenarios, navigate back to the command prompt where you ran the Quick Start sample and enter y to clean the setup.
Pickup has a secure, hassle-free identity management system in place to better protect the data resources and applications. However, the traditional authentication mechanism that uses a user ID and password is not sufficient. Cameron wants to enhance the security standards by introducing another level of authentication. As a result, Cameron decides to use the Multi-factor Authentication (MFA) capability in WSO2 IS using the following factors:
First factor: password
Second factor: Twitter
Let's use the command-line to check the MFA functionality.
Configuring Multi-factor Authentication
Follow the steps below to configure MFA on the Pickup Dispatch and Pickup Manager applications where Twitter is the second authentication factor.
Before you begin
Create a Twitter application to try out multi-factor or federated authentication.
If you have run any other samples in this Quick Start Guide, navigate back to the is-samples-1.0.0/IS-QSG/samples /QSG-bundle/QSG/bin using the command-line and execute either of the following commands to start the Quick Start samples.
A message appears to pick a scenario.
Enter 3 as the scenario number at the command prompt.
Enter y to confirm that you have already registered an app in Twitter. (See the Prerequisites tab)
Enter the API key and the secret of the Twitter application when prompted.
Note that a message with the user and application details appears.
Enter either of the following credentials to sign in to the application.
The Twitter login page appears as Twitter is the second authentication factor.
Enter your Twitter username and password and click Sign In.
After successful authentication, the User Consents form of the Dispatch application appears.
Select the attributes that you want to share with Dispatch and click Approve.
Obtaining user consent is one of the fundamental requirements of the GDPR regulation. WSO2 IS facilitates this through its Consent Management features. To know more about GDPR and how WSO2 IS handles consent, see Consent Management.
Note that the Dispatch home screen appears.
To try out other scenarios, navigate back to where you ran the Quick Start sample on the command-line and enter y to clean the setup.
Pickup works with a team of external consultants. Cameron wants to grant them access to the Pickup Dispatch and Pickup Manager applications. However, it is a hassle to keep adding and maintaining their accounts in the employee database as these consultants are temporary and they keep rotating. Therefore, Cameron decides to use the identity federation capability of WSO2 IS. This facilitates the external consultants to use their already existing Twitter account credentials to sign in to the Pickup applications.
Let's use the command line utility to check out how an external consultant uses the command utility to configure federated authentication.
Configuring Federated Authentication
Follow the steps below to configure federated authentication using WSO2 IS:
Before you begin
Create a Twitter application to try out multi-factor or federated authentication.
If you have run any other samples in this Quick Start Guide, navigate back to the is-samples-1.0.0/IS-QSG/samples /QSG-bundle/QSG/bin on the command prompt and execute either of the following commands to start the Quick Start samples.
A message appears to pick a scenario.
Enter 4 as the scenario number at the command prompt to:
Create the two users: Cameron and Alex.
Create and assign the user role Manager to Cameron.
Create service providers for Pickup Dispatch and Pickup Manager.
Configure SAML2 web SSO for Pickup Dispatch and Pickup Manager.
Enter y to confirm that you have already registered an app in Twitter. (See Prerequisites tab)
Enter the API key and the secret of the Twitter application when prompted.
Note that a message with the user and application details appears.
Enter your Twitter username and password and click Sign In .
After a successful authentication, the User Consents form of the Dispatch application appears.
Select the attributes that you wish to share with Pickup Dispatch and click Approve.
Obtaining the user consent is one of the fundamental requirements of GDPR regulation. WSO2 IS facilitates this through its Consent Management features. To know more about GDPR and how WSO2 IS handles consent, see Consent Management.
Note that the Pickup Dispatch home screen appears.
Hurrah! You have just signed in to the Pickup Dispatch application as an external consultant using your Twitter credentials.
Next, in order to try out other scenarios, navigate back to the command prompt where you ran the Quick Start sample and enter y to clean the setup.
#ffffff#ffffff#FF7F00Self Sign-up
SSUTOPProblem Scenario
Pickup is going through a major expansion and is in the process of hiring new employees. Currently, when a new employee joins, the Pickup HR team requests for their details, and creates user accounts and then asks them to verify, edit and customize their user profiles. This process sometimes takes a few days. Thus, the Rowan and the Pickup HR team is having a hard time doing this one by one for especially when a larger number of employees come on-board. Cameron realizes that allowing the new employees to self sign-up to Pickup web applications will speed up the onboarding process. As a result Cameron sets this up for Pickup HR using WSO2 IS.
Let's use the command line utility to check out the self sign-up functionality.
Configuring Self Sign-up
Follow the steps below to configure self sign-up for Pickup Dispatch and Pickup Manager applications using WSO2 IS.
Before you begin
If you have run any other samples in this Quick Start Guide, navigate back to the is-samples-1.0.0/IS-QSG/samples / QSG-bundle/QSG/bin on the command prompt and execute either of the following commands to start the Quick Start samples.
A message appears to pick a scenario.
Open the <IS_HOME>/repository/conf/output-event-adapters.xml file.
Locate the adapter configurations for emails and update the email address, username, and password parameters with the values of a valid email account.
Restart WSO2 IS.
Navigate to is-samples-1.0.0/IS-QSG/samples /QSG-bundle/QSG/bin and execute either of the following commands to start the Quick Start samples.
Enter 5 as the scenario number at the command prompt.
WFStep01A prompt appears to choose the user sign-up approach.
Enable self user registration (without any config): This enables self sign-up without having to do additional configurations. Once registered, the user receives an email to the provided email address.
Enable account lock on creation: This locks the user account during user registration. The user can only sign in to the application after clicking the verification link sent to the user-provided email address. A confirmation mail is sent to the user but user account is locked until the user confirms the account by clicking on the account confirmation mail sent by WSO2 IS.
Enter number that matches with the approach you would like to try.
Enter a username for your user account and click Proceed to Self Register.
If you want a user to self register for a specific tenant, provide the username in the following format: <USERNAME>@<TENAND_DOMAIN>.
Provide the user profile details, agree to the Privacy Policy, and click Register.
A confirmation message appears.
Click Close.
If you selected Enable User Registration (without any config) at , navigate back to the Pickup Dispatch application and sign in using the new user credentials.
If you selected Account Lock on Creation at , access your email account to view the account registration confirmation mail.
Click Confirm Registration in the email or copy the link in the email to your browser and confirm the account creation.
The account gets unlocked and an email is sent.
Navigate back to the Pickup Dispatch application and sign in using the new user credentials.
Note that the Dispatch home screen appears.
Hurrah! You have just self-signed up to a Pickup web application.
Next, in order to try out other scenarios, navigate back to the command prompt where you ran the Quick Start sample and enter y to clean the setup.
#ffffff#ffffff#FF7F00Creating a Workflow
Problem Scenario
After Cameron sets up self registration for Pickup web applications, Rowan is concerned about the security. Rowan prefers to review and approve new user accounts before granting access to the Pickup web applications. Thus, Rowan reaches out to Cameron with these concerns. Cameron realizes the possibility of creating a workflow using WSO2 IS and granting role-based authorization,so that each account registration will be subject to approval.
Let's use the command-line to check out the workflow functionality.
In this workflow, whenever a new user account is created, first it creates a task for a junior manager (Alex) to approve/reject the account creation. Upon the junior manager approving the account creation, a task will be created for the senior manager (Cameron) to approve or reject the user account.
Configuring a Workflow
Follow the steps below to configure a workflow.
Before you begin
If you have run any other samples in this Quick Start Guide, navigate back to the is-samples-1.0.0/IS-QSG/samples /QSG-bundle/QSG/bin on the command prompt and execute either of the following commands to start the Quick Start samples.
A message appears to pick a scenario.
Enter 6 as the scenario number at the command prompt.
Note that a message with the user and web application details appears.
Enter a username for your user account and click Proceed to Self Register.
If you want a user to self register for a specific tenant, provide the username in the following format: <USERNAME>@<TENAND_DOMAIN>.
Provide the user profile details, agree to the Privacy Policy, and click Register.
Even though a new user account is created successfully, it is in disabled state. To enable the user, you need to sign in to the WSO2 dashboard and approve the pending workflow requests.
Enter the following credentials to sign in as Alex and click Sign In.
Provide the consents.
Click Pending Approvals > View Details.
Click the Task ID.
Click Approve to approve the user account creation.
Note that a confirmation message appears.
Click OK.
Click Sign out to sign out of WSO2 Dashboard as Alex.
Enter the following credentials to sign in as Cameron and click Sign In.
Provide consents.
Click Pending Approvals > View Details.
Click the Task ID.
Click Approve to approve the user account creation.
Navigate back to the Pickup Dispatch application and sign in using the new user credentials.
Select the attributes that you wish to share with Pickup Dispatch and click Approve.
Obtaining the user consent is one of the fundamental requirements of GDPR regulation. WSO2 IS facilitates this through its Consent Management features. To know more about GDPR and how WSO2 IS handles consent, see Consent Management.
Note that the Pickup Dispatch home screen appears.
This concludes the Quick Start Guide!
You have set up WSO2 IS and gone through the basic use cases of the product. For more advanced use cases, check our Tutorials.