Writing a Custom Local Authenticator to WSO2-IS with the Archetype-is

Local authenticators authenticate a user with the available local credentials. These are the local authenticators available in Wso2 Identity Server.

• Basic authenticator
• FIDO
• X509Certificate
• TOTP

The default authenticator available in the WSO2 Identity Server is the basic authenticator. It authenticates end users using a connected user store and the provided username and password.

With the WSO2 Identity Server, you can write your own local authenticator to define various authentication logic.

Steps to write a local authenticator

01 — Write a custom local authenticator

You can write a custom local authenticator by extending the AbstractApplicationAuthenticator class and implementing the CustomLocalAuthenticator class.

You can simply create a local authenticator with the help of archetype-is.

1. Clone the repo archetype-is.
2. Navigate to Local Authenticator.
3. Run mvn clean install .
4. Create an empty folder in your machine (eg: temp )
5. Navigate to the temp folder.
6. Run mvn archetype:generate -DarchetypeCalalog=local . (The event listener you build above will be listed here)

7. Select the appropriate event listener type and provide the listener-name, groupId, artifactId, version and package.

Sample parameters

8. Finally confirm the provided details: Y : : Y

Now, a folder will be created in the temp folder. Your custom event listener is ready.

You can add your own implementations in the class: CustomLocalAuthenticator .

For example, let’s try to authenticate with the telephone number [1]. Once a user enters a telephone number, your authentication logic should identify the user and validate the user’s credentials. You can refer [1] to modify the class CustomLocalAuthenticator .

02 — Deploy the authenticator to the Wso2-IS

Build the listener class with mvn clean install and copy the generated jar to the <is server>/repository/components/dropins folder of your IS-server.

03 — Configure the service provider

Now, you can start the IS-server by running sh wso2server.sh from bin directory.

1. Login to carbon console
2. Create a user and a service provider.
   (Let’s try with the pickup-dispatch sample application. You can download it from here).
3. In the service provider configuration, under Inbound Authentication Configuration, click OAuth/OpenID Connect Configuration > Configure.
4. callback URL as http://localhost.com:8080/pickup-dispatch/oauth2client
5. Under Local & Outbound Authentication Configuration, select Local authentication and then select CustomLocalAuthenticator from the list.
6. Deploy the sample application (Refer this for more information).

04 — Try out the flow

Navigate to http://localhost:8080/pickup-dispatch/ and try to login.

References

Writing a Custom Local Authenticator - WSO2 Identity Server Documentation