Tuesday, January 28, 2014

Configure SAML2 Single Sign-On on WSO2 servers with WSO2 Identity Server.

By following this post you will be able to find out how to configure WSO2 servers to have SAML2 SSO with WSO2 Identity Server (IS) as the identity provider. It is really simple to configure SAML2 SSO for carbon servers.
I am going to address the server that you need to have SSO configured as 'Carbon Server' and just by following the below 2 steps you can configure SSO in your carbon server with WSO2 IS.

1. Configure your carbon server to enable SSO

All the required configuration to have SSO in your carbon server are in Carbon server/repository/conf/security/authenticators.xml

  • Enable SSOAuthenticator in authenticators.xml

( 1 ) Set disabled="false"

( 2 ) This should be unique to your carbon server. You will need this value when configuring IS too.

  • Start your carbon server with an offset ( offset can be configured in carbon.xml)


2. Register a service provider in IS side
  • Start IS in default port ( 9443 ) and log in 
  • Follow Main > Manage > SAML SSO > Register New Service Provider
  • Add the unique identifier ( 2 ) as the Issuer
  • Provide Assertion Consumer URL with your carbon server info as https://[host name]:[port]/acs
  • Tick on Enable Response Signing and Enable Assertion Signing
  • Click on "Register"

Now you are done. You can simply try to log into your carbon server with SSO.
To verify
    - Try to access https://[host name]:[port]/carbon
    - This will direct you to the authentication endpoint of IdentityProviderSSOServiceURL specified in authenticators.xml
      ( here https://localhost:9443/authenticationendpoint )
    - Give the credentials and hit Sign in
    - You will be logged in to your carbon server