Skip to main content

WSO2 Identity Server use as an authorization server

This blog is for the developers who is having a requirement to use WSO2IS as an authorization server. For an example, I'm going to use WSO2 Identity Server to demonstrate this use case.

 Step 1 :-

 Checkout a sample application from this[1] git location and build it. Take the .war file which is created inside the <SAMPLE_HOME>/oauth2/playground2/target directory and deploy it in tomcat server(Its required to be deployed on tomcat 7.x version). Build and deployment details are available in this document[2].
Step 2 :- 


Download WSO2 identity server from this link[1] and create a service provider for sample application. 
When you create a service provider, you need to add service provider name first and click Register 
button. Once you create a service provider, you need to configure call back url for particular application. 
Please click on Configure link which is defined under OAuth/OpenID Connect Configuration box. 

 Service Provider Name:* playground2

  

 Once you clicked the highlighted link in above screen, you will see below screen
You have to add a call back url for particular sample application in relevant field.

 Callback Url* : http://localhost:8080/playground2/oauth2client 

Step 3 :- 
Start tomcat server and navigate to the playground2 application using below url.

http://localhost:8080/playground2/oauth2.jsp

 Once you create a service provider as I explained in step 2, you will get clientId and 
client secret for particular application.

 Authorization Grant Type : Select a grant type from the drop down menu
Client Id                            : Client ID which is generated in step 2
Scope                                : openid
Callback URL                   : http://localhost:8080/playground2/oauth2client 
call back url which is given when you create a service provider. 
Authorize Endpoint           : https://localhost:9443/oauth2/authorize

 If you have configured above service provider in a tenant, you have to use tenant name as a query parameter for authorization endpoint. For an example, if you have configured service provider in 
tenant (madura.com), you have to use below url for authorize endpoint.

 https://localhost:9443/oauth2/authorize?tenantDomain=madura.com
Once you click on the Authorize button, You have to log in to the Identity server  by providing 
user credentials. Then you will get the consent page as below. 



Once you click on Approve button or Approve Always button, you will get the below screen with 
authorization code
Callback URL : http://localhost:8080/playground2/oauth2client
Access Token Endpoint : https://localhost:9443/oauth2/token
Client Secret : client secret which you generated in step 2
When you provide above information and click on the Get Access Token button, you are able to get an access token.


 [1]https://github.com/wso2/product-is/tree/v5.1.0/modules/samples/oauth2/playground2

 [2]https://docs.wso2.com/display/IS510/OAuth+2.0+with+WSO2+Playground
Labels:

Comments

Post a Comment

Popular posts from this blog

Reverse Proxy configuration with WSO2 Identity Server 5.0.0

Reverse proxy is a type of a proxy which can hide back end servers from the client applications. According to the above figure, Original servers are not exposed to the internet. Only reverse proxy is exposed to the internet.Client knows only the reverse proxy IP address. So he thinks that he is sending a request to the reverse proxy.He doesn't know anything about the original server. You can avoid some attacks using this architecture. Today I'm going to configure Apache HTTPD server(reverse proxy) and WSO2 identity server 5.0. Please download WSO2 identity server 5.0 from here You can install apache httpd server using below commands sudo apt - get update sudo apt - get install apache2 Restart the newly install apache server sudo service apache2 restart Apache is a modular server. This implies that only the most basic functionality is included in the core server.So You have to enable few other required features. Please use below command
Post a Comment
Read more

Essential Debug Logs for WSO2 Identity Server

Essential Debug loggers for WSO2 Identity Server  When you are working with WSO2 products, you have to enable debug logs to investigate issues. Its better to enable debug logs only for particular module that you need to investigate. It reduce debug writing time and unnecessary debug reading time.So you can easily understand the root cause when you are reading the console.I'm going to discuss about debug lines one by one. You have to add debug line to [WSO2_HOME]\repository\conf\log4j.properties file, all debug lines are displayed in the console and write to the wso2carbon.log file. To enable loggers for user core.This is helpful to investigate user related issues. log4j.logger.org.wso2.carbon.user.core=DEBUG      To enable debug logs for identity module. This debug log will be helpful to investigate identity related issues. log4j.logger.org.wso2.carbon.identity=DEBUG If you need to investigate saml assertion or assertion related issue, you can enable debug
Post a Comment
Read more

CURL commands to get access token from WSO2 Identity Server

WSO2 Identity server supports all grant types those are defined in oAuth2 core specification Four grant types: Authorization Code Grant Implicit Grant Resource Owner Password Credentials Grant (password) Client Credentials Grant We cannot use curl command directly to get an access token for Authorization code grant type and Implicit grant type. I'm going through other two grant types one by one and provide the curl command to get access token. 3. Get access token using password grant type curl -k -d "grant_type=password&username=admin&password=admin" -H "Authorization: Basic ME5fbXdWRXpTVnhfalJIbDV2cmc4RHIycHZBYTp0RmZjcHVFRFM5V1d2eFFEc1ZCd0tWVGd0dE1h, Content-Type: application/x-www-form-urlencoded" https://localhost:9443/oauth2/token ME5fbXdWRXpTVnhfalJIbDV2cmc4RHIycHZBYTp0RmZjcHVFRFM5V1d2eFFEc1ZCd0tWVGd is the encoded value of 0N_mwVEzSVx_jRHl5vrg8Dr2pvAa:tFfcpuEDS9WWvxQDsVBwKVTgttMa (<client_id>:<client_secret>). these
Post a Comment
Read more