My EyE

This blog is for the developers who is having a requirement to use WSO2IS as an authorization server. For an example, I'm going to use WSO2 Identity Server to demonstrate this use case. Step 1 :- Checkout a sample application from this[1] git location and build it. Take the .war file which is created inside the  <SAMPLE_HOME>/oauth2/playground2/target directory and deploy it in tomcat server(Its required to be deployed on tomcat 7.x version). Build and deployment details are available in this document[2]. Step 2 :-  Download WSO2 identity server from this link[1] and create a service provider  for sample application.  When you create a service provider, you need to add  service provider name first and click Register  button. Once you create a service  provider, you need to configure call back url for particular application.  Please click on Configure link which is defined under OAuth/OpenID Connect Configuration  box.  Service Provider Name: * playground

When you are doing some customizations, you may have to debug the custom codes. I'm going to give you steps to start the debug with Eclipse. Step 1 :- First you need to start the product with below command. sh wso2server.sh -debug 5005 When you start the server with above command, Server is listening for the port 5005. Step 2 :-  Open the debug configuration window and create a new Remote Java Application. Keep the host as localhost and give the port which you started in the first step. After do the modifications, you can start debug by clicking Debug button in Debug Configuration Window. If you configured correctly, Server will be started without any problem.

One of the main usage of Identity Server is for user management. It gives us a lot of features.List of features are available in this page . Some of them are, Multiple user store support User, password and profile management JDBC, LDAP/AD support Default user store of Identity Server is the embadded LDAP and its a forked implementation of ApacheDS . Other configuration Data, Registry are available in H2 database. Embedded LDAP and H2 database are not recommended in production environment. So; We have to use commercially available databases/LDAP implementations for production. Today I'm going to explain the way to use mysql database with Identity Server. We can do it following few steps. Step 1 :-  Disable embedded LDAP property in embedded-ldap.xml file which is located in <IS_HOME>/repository/conf/identity/ <Property name="enable">false</Property> Step 2 :-  Create a database and generate required tables using provided sql file

Script mediator is helpful in many ways and it can be written in different scripting languages such as JavaScript, Groovy and Ruby. I'm going t o use JavaScript for this example. I'm trying to show you the way that you can use to log some values when you are writing a mediator. This will be helpful when you need to log values when you are writing a complex script mediators. This is a sample script <script language= "js" > var log = mc.getServiceLog(); log.info( "started" ); var temp_auth = mc.getProperty('authheader'); log.info( "temp_auth : " + temp_auth); log.info( "out" ); </script> When you define a " var log = mc.getServiceLog();" variable, you can use log object to display values as below. log.info( "started" ); log.info( "temp_auth : " + temp_auth); This is a sample proxy service <?xml version= "1.0" encod

WSO2 Identity server comes with embedded LDAP as a primary user store. But its not recommended  to use in production environment. So; you have to use some other products for primary user store(OpenLDAP, AD, JDBC, etc..). You may required some other user store in practical scenarios. So; I'm going to talk about how to create a JDBC user store as a secondary user store with wso2 IS. I'm using wso2 Identity server latest version(current Identity server version is 5.1.0) for this example. Step 1 :- Log in to mysql using below command. Lets create a database first. mysql -u root -proot Create a database as below. create database sampledb; Use newly created database for other operations. use below command. use sampledb; Step 2 :- Then create tables which are required for user store. You can use mysql.sql file which is located in <IS_HOME>/dbscripts/ directory to import tables to newly created database. please use this command source /home/madura/D

Docker is a light weight container which runs on any computer or any cloud. It runs as an isolated process on the host operating system and its easier to create, deploy and run application. It is bit like a virtual machine, but it has different architectural approach which allow us to portable and efficient development. You can install docker using this documentation  on Linux. Step 1 :- You need to create a docker file. I have provided a simple docker file which use to copy identity server in to a docker image. Please copy below two lines in to a new file and modify file name as 'Docker'. I'm creating a directory 'is500image' somewhere  and put this file in to that directory. Sample Dockerfile to create a docker image with WSO2 IS 5.0.0. FROM cogniteev/oracle-java:java7 ADD ./wso2is-5.0.0.tar.gz /opt/wso2 Step 2 :- its better to create a tar.gz file using below commands. tar.gz file unzip its contend when its coping to docker image. You may creat

It is possible to access WSO2 identity server over HTTP protocol. But Its not recommended in production environment. When you enable HTTP protocol, you can access admin console using different port(9763) Step 1 :-  Open carbon.xml file which is located in <IS_HOME>/repository/conf directory and do below changes <EnableHTTPAdminConsole> true </EnableHTTPAdminConsole> You can log in to the management console using this url  http://localhost:9763/carbon/admin/login.jsp If you want to expose all WSO2 admin services via HTTP, you need to  enable following property in carbon.xml file. It is also commented by  default. <HttpAdminServices>*</HttpAdminServices> this is commented by default and you have to uncomment the line. These configurations are enough for WSO2 identity server 5.0.0. If you need to enable http for wso2 identity server 5.1.0, you have to modify web.xml file as mentioned in Step 2. Step 2 :- Modify the web.xml f

Access token can be retrieve in different ways. This blog is explained the way you can get access token using cURL command. As a next step, I'm going to explain the way you can retrieve an access token using Advance REST client(Firefox plugin). Step 1 :- First create a service provider in WSO2 Identity server. Register a new application by providing callback url and allowed grant types. You must tick a password grant type because I'm going to get an access token using password grant type After above configurations are done. You can see the generated client key and secret as below Now you have client key and client secret for particular application. That means, you have completed the first step. Step 2 :- Get the base64 encoded value for client key and secret. before get the encoded value, client key and secret should be separated by colon. <client_key>:<client_secret> VbUbPR4a5c8wSIlRFfVq9j3UYCka:KBkyfyEtop2pOvOuiODCZIHqN0Ma This

Wso2 ESB can convert anything to anything. Today I'm going to explain the below scenario. Scenario :-  1. Soap client send a request to ESB with soap header. 2. ESB remove soap header and invoke the REST service which only accept XML format. 3. REST service generate a response in xml format 4. ESB adding soap headers to response and send back to SOAP client. As an example REST service, I'm going to use  jaxrs_basic  service in WSO2 Application server. Download wso2 application server from this link Step 1 :-            Change the offset value in carbon.xml file which is located in <AS_HOME>/repository/conf directory.                 If you started WSO2 ESB in offset "0" set offset in application server as "1"   <Offset>1</Offset>                Start wso2 application server Step 2 :-            Start ESB (make sure you do not have same offset value in both ESB and Application Server)            Go to the man

WSO2 Identity server supports all grant types those are defined in oAuth2 core specification Four grant types: Authorization Code Grant Implicit Grant Resource Owner Password Credentials Grant (password) Client Credentials Grant We cannot use curl command directly to get an access token for Authorization code grant type and Implicit grant type. I'm going through other two grant types one by one and provide the curl command to get access token. 3. Get access token using password grant type curl -k -d "grant_type=password&username=admin&password=admin" -H "Authorization: Basic ME5fbXdWRXpTVnhfalJIbDV2cmc4RHIycHZBYTp0RmZjcHVFRFM5V1d2eFFEc1ZCd0tWVGd0dE1h, Content-Type: application/x-www-form-urlencoded" https://localhost:9443/oauth2/token ME5fbXdWRXpTVnhfalJIbDV2cmc4RHIycHZBYTp0RmZjcHVFRFM5V1d2eFFEc1ZCd0tWVGd is the encoded value of 0N_mwVEzSVx_jRHl5vrg8Dr2pvAa:tFfcpuEDS9WWvxQDsVBwKVTgttMa (<client_id>:<client_secret>). these

WSO2 Identity server supports all grant types those are defined in oAuth2 core specification Four grant types: Authorization Code Grant Implicit Grant Resource Owner Password Credentials Grant (password) Client Credentials Grant We cannot use curl command directly to get an access token for Authorization code grant type and Implicit grant type. I'm going through other two grant types one by one and provide the curl command to get access token. 3. Get access token using password grant type curl -k -d "grant_type=password&username=admin&password=admin" -H "Authorization: Basic ME5fbXdWRXpTVnhfalJIbDV2cmc4RHIycHZBYTp0RmZjcHVFRFM5V1d2eFFEc1ZCd0tWVGd0dE1h, Content-Type: application/x-www-form-urlencoded" https://localhost:9443/oauth2/token ME5fbXdWRXpTVnhfalJIbDV2cmc4RHIycHZBYTp0RmZjcHVFRFM5V1d2eFFEc1ZCd0tWVGd is the encoded value of 0N_mwVEzSVx_jRHl5vrg8Dr2pvAa:tFfcpuEDS9WWvxQDsVBwKVTgttMa (<client_id>:<client_secret>). these

When you are using same access token for some period, you may need to renew the old token due to expiration or security concerns. You can renew an access token using a refresh token, by a REST  call with below curl command. curl -k -d "grant_type=refresh_token&refresh_token=eaa3683b1cf78496b6c1e5b7ffc882&scope=PRODUCTION" -H "Authorization: Basic ME5fbXdWRXpTVnhfalJIbDV2cmc4RHIycHZBYTp0RmZjcHVFRFM5V1d2eFFEc1ZCd0tWVGd0dE1h, Content-Type: application/x-www-form-urlencoded" https://localhost:9443/oauth2/token eaa3683b1cf78496b6c1e5b7ffc882 is a refresh token. ME5fbXdWRXpTVnhfalJIbDV2cmc4RHIycHZBYTp0RmZjcHVFRFM5V1d2eFFEc1ZCd0tWVGd is the encoded value of <client_id>:<client_secret>. these value should be separated by colon(:). https://localhost:9443/oauth2/token is the token endpoint url. when you use above request, you may get this type of response {"token_type":"bearer","expires_in":3600,&

I'm going to show you configuration steps to use PostgresSQL with WSO2 Identity server 5.1.0. Step 1 :- install postgresql 9.3 using below command. When you are installing this, you may have to give special permissions for /var/lib/cache directory.  sudo apt-get update sudo apt-get install postgresql When you are giving permission, Do not use below command to give permission for /var/ directory. because it will override the super user and you may have to re install linux. sudo chmod 777 -R /var/lib/sudo/ Step 2 :- start postgresql server with below command sudo /etc/init.d/postgresql start download Create a database and the login role from a GUI using the  PGAdminIII tool . Start  PGAdminIII tool  using below command.  sudo ./postgresql-9.3.10-3-linux-x64.run Step 3 :-  Create a database 'gregdb' and add a new user Login Role('postgres', 'postgres') click OK Step 4 :-