Following this blog, you can configure SSO for DAS Portal and Management Console. This post is applicable to DAS 3.1.0+.
- Share user store between WSO2 DAS and WSO2 Identity Server following this.
- Mount and share registry between WSO2 DAS and WSO2 Identity Server following this.
- Login to Identity Server and Go to Home > Identity > Service Providers > Add page.
- Create a service provider for Management Console with following configuration.
- Issuer : carbonServer
- Assertion Consumer URL : https://<DAS_URL>:<DAS_PORT>/acs
- Select the following options:
- Enable Response Signing
- Enable Single Logout For Example :
- Create a service provider for DAS Portal with following configuration.
- Issuer : portal
- Assertion Consumer URL : https://<DAS_URL>:<DAS_PORT>/portal/acs
- Select the following options:
- Enable Response Signing
- Enable Single Logout
- Enable Audience Restriction and enter following 2 audiences.
- Token endpoint url (eg: https://<IDP_URL>:<IDP_PORT>/oauth2/token )
- Management console issuer name (i.e. carbonServer)
- Enable Recipient Validation and enter the following recipient.
- Token endpoint url (eg: https://<IDP_URL>:<IDP_PORT>/oauth2/token )
For Example :
- Change the SAML2SSOAuthenticator configuration in <DAS_HOME>/repository/conf/security/authenticators.xml file as follows:
- Set disabled = false in <Authenticator> element
- ServiceProviderID : it is the issuer name of the service provider created in step 4 (carbonServer)
- IdentityProviderSSOServiceURL : https://<IDP_URL>:<IDP_PORT>/samlsso
- AssertionConsumerServiceURL: https://<DAS_URL>:<DAS_PORT>/acs
- Change the "authentication" configuration in <DAS_HOME>/repository/deployment/server/jaggeryapps/portal/configs/designer.json
- activeMethod :sso
- issuer: portal
- identityProviderURL: https://<IDP_URL>:<IDP_PORT>/samlsso
- acs : https://<DAS_URL>:<DAS_PORT>/portal/acs
- Restart DAS server.
No comments:
Post a Comment