Enabling SSO for WSO2 APIM 3.0.0
In APIM 3.0.0 earlier we did not have enabled the Single Sign On (SSO) for Store/Publisher applications and now we have enabled SSO for Store/Publisher applications. That is, as a Store user when you authenticated against Store, now you do not have to authenticate yourself again for the Publisher.
SSO has implemented using the OpenID Connect (OIDC) with authorization code grant type.
Authentication flow of the authorization code grant type contains following main steps as per the specification.
- Register a Service Provider -> Register the application as a Service Provider in the Identity Server.
- Authorization Code Request -> When you log into the WSO2 Identity Server (IS), it sends the authorization code request to the authorization endpoint of the IS with the following query parameters.
client_id=<Client ID of the Service Provider>
redirect_uri=<Callback URL given when registering the Service Provider>
- Authorization Code Response -> In the authorization code response, you will be retrieving an authorization code and the session state.
- Access Token Request -> Send a request to the token endpoint of the IS with the following query parameters.
client_id=<Client ID of the registered Service Provider>
client_secret=<Client secret of the registered Service Provider>
code=<Authorization code received>
redirect_uri=<Same callback URL given in authorization code request>
- Access Token Response -> In the access token response, you will retrieving an access token and optionally a refresh token.
How to Configure and Enable SSO for WSO2 APIM 3.0.0
In order to configure and enable SSO for APIM 3.0.0 Store/Publisher applications, follow the below instructions.
- Open the
<API-M_HOME>/conf/deployment.yamlfile and add the following authentication configurations to it.
# APIM Store/Publisher Configuration Parameters
# APIM Base URL
# Authorization Endpoint
# SSO Enabled or not
- To enable SSO for the API Store/Publisher, set the
- Save your changes and restart the API Manager server.
Now you can experience the SSO feature for APIM 3.0.0.