This post will help you to enable Single Sign-On (SSO) in WSO2 Dashboard Server (DS) 2.0.0 It has the WSO2 Identity Server (IS) components embedded. Hence, you have multiple options to enable SSO in DS.
1. Use DS as the identity provider
2. Use IS as the identity provider
3. Use any other external identity provider
Follow the below steps to enable SSO.
Configuring SSO
2. Navigate to the following path and open the designer.json file
/repository/deployment/server/jaggeryapps/portal/configs/designer.json
3. Configure the designer.json file with correct information as follows
{
"store": {
"type": "fs"
},
"authentication": {
"activeMethod": "sso",
"methods": {
"sso": {
"attributes": {
"issuer": "portal",
"identityProviderURL": "https://localhost:9443/samlsso",
"responseSigningEnabled": "true",
"acs": "https://localhost:9443/portal/acs",
"identityAlias": "wso2carbon",
"useTenantKey": false
}
},
"basic": {
"attributes": {}
}
}
},
"designers": [
"Internal/everyone"
],
"tenantPrefix": "/t",
"shareStore": false,
"theme": "basic",
"cacheTimeoutSeconds": "5",
"cacheSizeBytes": "1073741824",
"defaultDashboardRedirect": false,
"oauth": {
"username": "admin",
"password": "admin"
}
}
Notes:
- To enable SSO the "activeMethod" property should be set to "sso"
- To disable SSO the "activeMethod" property should be set to "basic"
- The value set to "issuer" property should be the issuer id used when registering the service provider
- "identityProviderURL" should be the URL to your identity provider in the format https://<hostname_of_identityProvider>:<port>/samlsso
- If you want to enable response signing set "responseSigningEnabled" parameter to true. Then, you have to keep in mind to enable the same in the Service Provider as well. (we will discuss about it later in this post)
- The Assertion Consumer Service (ACS) URL of the service provider defines where the browser is redirected to after successful authentication. It should be in the format https://<hostname_of_DS>:<port>/portal/acs
- useTenantKey should be set to false if you want the tenants to access the portal
5. Set the ServiceProviderID property to issuer id. In our case, it is portal. Without configuring this property with the correct issuer id, users won't be able to login to the portal successfully.
<!-- Authenticator Configurations for SAML2SSOAuthenticator -->
<Authenticator name="SAML2SSOAuthenticator" disabled="true">
<Priority>10</Priority>
<Config>
<Parameter name="LoginPage">/carbon/admin/login.jsp</Parameter>
<Parameter name="ServiceProviderID">portal</Parameter>
<Parameter name="IdentityProviderSSOServiceURL">https://localhost:9443/samlsso</Parameter>
<Parameter name="NameIDPolicyFormat">urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</Parameter>
<Parameter name="AssertionConsumerServiceURL">https://localhost:9443/acs</Parameter>
.......
Creating a Service Provider
So, let's create the Service Provider.
1. Navigate to the management console using the below link.
https://localhost:9443/carbon/
2. Go to Identity tab -> Service Providers and click on Add
3. Enter a service provider name (Eg: Portal) and click on Register
4. Enable the SAAS Application property
5. Go to Inbound Authentication Configuration tab -> SAML2 Web SSO Configuration and click on Configure
6. Fill the form with correct details and click on Register and Update to create the service provider. Make sure to use the same details you used to configure designer.json file in Step 3.
All done. Let's try to login to the portal and verify SSO is working fine. Go to https://localhost:9443/portal/.
You will be directed to the identity server's login page to login to portal as expected. Once you login with valid credentials, you will be directed to the portal.
Note: If you use IS as the Identity Provider, share the user and registry databases between IS and DS so that users will be shared across the two applications.
Hope you got it done without any issue. Please put a comment if you have any queries :)
No comments:
Post a Comment