Configuring Single Sign-On (SSO) of Application Using Open Id on WSO2 Identity Server (IS)
Single Sign-On by WSO2 Identity Server (IS)
Single single-on (SSO) is a system used to facilitate users in terms of authentication. With the SSO, a user can access many connected systems using one username and password. Examples of well-known services that provide SSO are Google and Facebook.
WSO2 Identity Server (WSO2 IS) is one of the open-source systems to implement SSO in our servers like Google and Facebook. It has five (5) different standards or protocols: SAML 2.0 Web SSO, WS-Trust, WS-Federation, Integrated Windows Authentication, and OAuth2-OpenID Connect.
SSO with an Open ID has great characteristics. It has RESTful services and JSON format. It also has many free identity providers. Developers also choose an Open ID to create their own SSO in their application ecosystem.
Implementation of SSO on WSO2 IS
Before implementing WSO2 IS Open ID Single Sign-On, we need to download and install the WSO2 Identity Server. We can download it through the link below:
https://wso2.com/identity-and-access-management/
To test the configuration, I have a sample application that we can use through the link below:
Download wso-aplikasi1.zip
· After installing the WSO2 IS, run it.
- Open this default admin login link:
https://localhost:9443/carbon/admin/login.jsp
We can use the default admin account:
username: admin
password: admin
- · Go to tab Identity > service provider and choose Add a new service provider. Type the name of a new provider, then click Register button.
After registering our service provider, we will be redirected to a page to complete the setting of a new service provider. Then click Configure inside of Inbound Authentication Configuration > OAuth/OpenID Connect Configuration tab.
- We can configure the OAuth settings that we need. For example, now fill in the callback URL, use the default setting, and then click Add. (Note: Callback URL is the URL that will be executed after users successfully authenticate and run the service of OAuth)
Callback url: http://localhost/wso-aplikasi1/actions/callback.php
- Then we will redirect back to the service provider configuration and get the OAuth Client Key and OAuth Client Secret.
- Before finishing the configuration, we can check skip login consent and skip logout consent. Click Update.
- · Now we can test the SSO using my sample application (wso-aplikasi1) that was downloaded before. Run it with our local server for testing (for example we can use Apache on Xampp). But before we run the sample application, we should set the conf.php file.
Note:
IS_PORT = port of WSO2 Identity Server
IS_HOST_NAME = host of WSO2 Identity Server
APP_HOST_NAME = host of the sample application
CLIENT_ID = the client ID of the OAuth configuration
CALLBACK_EP = callback URL
AUTHZ_EP = authorize API URL of WSO2 Identity Server
- Access the sample application with our browser, it will be like this:
- · Check the SSO WSO2 Identity Server by clicking the Login with WSI Identity Server button. And we will redirect to the SSO login page of the WSO2 Identity Server. We can try to log in with the default admin account (username: admin, password: admin).
- After successfully logging in, we will be asked to approve the service provider. We can choose Approve Once or Approve Always. Then click Continue.
- · Then, WSO2 Identity Server will access the callback URL, for this sample application we have this screen after the login success:
Conclusion
Try it on. Open ID Single Sign-On using WSO2 Identity Server has many features and is easy to use.
