This site contains the documentation that is relevant to older WSO2 product versions and offerings.
For the latest WSO2 documentation, visit https://wso2.com/documentation/.

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

This page consists of the procedure to secure a RESTful service with 2-legged OAuth using WSO2 Identity Server and WSO2 ESB.

  1. Download WSO2 Identity Server and WSO2 ESB.
  2. Extract the WSO2 Identity Server and WSO2 ESB ZIP files into a directory in your file system. Call them IS_HOME and ESB_HOME respectively.
  3. Start WSO2 Identity Server and WSO2 ESB by running wso2server.sh (in unix) or wso2server.bat (in windows) which can be found in IS_HOME/bin and ESB_HOME/bin directories respectively. 

    Note

    If both servers are running in the localhost, change the default ports. For example, change the WSO2 ESB https port to 9445 and http port to 9765 (default 9443 and 9763 respectively) by configuring mgt-transport.xml which can be found in ESB_HOME/repository/conf.

  4. Go to WSO2 IS Management Console by pointing your browser to https://localhost:9443/carbon/.
  5. Register a user with WSO2 Identity Server by providing a username and password.
  6. Download sample OAuth client source code from following svn location: https://svn.wso2.org/repos/wso2/carbon/platform/trunk/components/identity/org.wso2.carbon.identity.samples.oauth/.
  7. You can build the sample using maven (mvn clean install) or add the Jars in the IS_HOME/repository/components/plugins directory to a sample project class path.
  8. Go to the ESB Management Console by entering the following your browser: https://localhost:9445/carbon/.
  9. Sign-in as an admin by providing a username and password.
  10. Create a proxy service in WSO2 ESB by adding following configuration in to the service bus configuration which can be found under Manage > Service Bus > Source View. Alternatively, simply update the synapse configuration of ESB with the content in org.wso2.carbon.identity.samples.oauth/src/main/resources/synapse.xml.

    <proxy name="OAuthProxy" transports="https http" startOnLoad="true" trace="disable">
            <target>
                <inSequence>
                    <oauthService remoteServiceUrl="https://localhost:9443/services/"/>
                    <send>
                        <endpoint>
                            <address uri="http://localhost:8280/services/echo" format="rest"/>
                        </endpoint>
                    </send>
                </inSequence>
                <outSequence>
                    <send/>
                </outSequence>
            </target>
    </proxy>

    Note

    Please note that remoteServiceUrl contains the host name and the port that WSO2 Identity Server is running.

  11. Run the sample client. Make sure to update variables: IDENTITY_SERVER, ESB_SERVER, USER_NAME and PASSWORD, according to your configurations.

The following steps iterate what is occurring during this process:

  1. The user is registered with WSO2 Identity Server.
  2. The consumer secret is registered with WSO2 Identity Server. 

    1. Invoke the AuthenticationAdmin service and the user is authenticated with the WSO2 IS entity server
    2. Invoke the OAuthAdminService service and register the consumer secret.
  3. The consumer key is set as the username of the user.
  4. Generate OAuth Authorization header and sign it with the OAuth Consumer Secret.
  5. Invoke the proxy service which is deployed in ESB.
  6. OAuth mediator in ESB invokes the OAuthService in WSO2 Identity Server to verify that the consumer is valid.
  7. Verify consumer key (check if the user is a valid user) and verify the oauth_signature value using the consumer secret which has been registered by the user.
  8. If signature verification is done, the request is authenticated and sent to the RESTful service
     
  • No labels