Tuesday, August 9, 2016

How to Configure SAML2 SSO in WSO2 DAS Portal

Single sign-on (SSO) allows users, who are authenticated against one application, gain access to multiple other related applications without having to repeatedly authenticate themselves.

Following this blog, you can configure SSO for DAS Portal and Management Console. This post is applicable to DAS 3.1.0+.
  1. Share user store between WSO2 DAS and WSO2 Identity Server following this.
  2. Mount and share registry between WSO2 DAS and WSO2 Identity Server following this.
  3. Login to Identity Server and Go to Home > Identity > Service Providers > Add page.
  4. Create a service provider for Management Console with following configuration.
    • Issuer : carbonServer
    • Assertion Consumer URL : https://<DAS_URL>:<DAS_PORT>/acs
    • Select the following options:
      • Enable Response Signing
      • Enable Single Logout 

        For Example :

  5. Create a service provider for DAS  Portal with following configuration.
    • Issuer : portal
    • Assertion Consumer URL : https://<DAS_URL>:<DAS_PORT>/portal/acs
    • Select the following options:
      • Enable Response Signing
      • Enable Single Logout
      • Enable Audience Restriction and enter following 2 audiences.
        • Token endpoint url (eg: https://<IDP_URL>:<IDP_PORT>/oauth2/token )
        • Management console issuer name (i.e. carbonServer)
      • Enable Recipient Validation and enter the following recipient.
        • Token endpoint url (eg: https://<IDP_URL>:<IDP_PORT>/oauth2/token )
          For Example :
  6. Change the SAML2SSOAuthenticator configuration in <DAS_HOME>/repository/conf/security/authenticators.xml file as follows:
    • Set disabled = false in <Authenticator> element
    • ServiceProviderID : it is the issuer name of the service provider created in step 4 (carbonServer)
    • IdentityProviderSSOServiceURL : https://<IDP_URL>:<IDP_PORT>/samlsso
    • AssertionConsumerServiceURL: https://<DAS_URL>:<DAS_PORT>/acs
  7. Change the "authentication" configuration in <DAS_HOME>/repository/deployment/server/jaggeryapps/portal/configs/designer.json
    • activeMethod :sso
    • issuer: portal
    • identityProviderURL: https://<IDP_URL>:<IDP_PORT>/samlsso
    • acs : https://<DAS_URL>:<DAS_PORT>/portal/acs
  8. Restart DAS server.

No comments:

Post a Comment