Writing a Custom Local Authenticator to WSO2-IS with the Archetype-is
Local authenticators authenticate a user with the available local credentials. These are the local authenticators available in Wso2 Identity Server.
- Basic authenticator
- FIDO
- X509Certificate
- TOTP
The default authenticator available in the WSO2 Identity Server is the basic authenticator. It authenticates end users using a connected user store and the provided username and password.
With the WSO2 Identity Server, you can write your own local authenticator to define various authentication logic.
Steps to write a local authenticator
01 — Write a custom local authenticator
You can write a custom local authenticator by extending the AbstractApplicationAuthenticator class and implementing the CustomLocalAuthenticator class.
You can simply create a local authenticator with the help of archetype-is.
- Clone the repo archetype-is.
- Navigate to Local Authenticator.
- Run
mvn clean install
. - Create an empty folder in your machine (eg:
temp
) - Navigate to the temp folder.
- Run
mvn archetype:generate -DarchetypeCalalog=local
. (The event listener you build above will be listed here)
7. Select the appropriate event listener type and provide the listener-name, groupId, artifactId, version and package.
Sample parameters
8. Finally confirm the provided details: Y : : Y
Now, a folder will be created in the temp
folder. Your custom event listener is ready.
You can add your own implementations in the class: CustomLocalAuthenticator
.
For example, let’s try to authenticate with the telephone number
[1]. Once a user enters a telephone number, your authentication logic should identify the user and validate the user’s credentials. You can refer [1] to modify the class CustomLocalAuthenticator
.
02 — Deploy the authenticator to the Wso2-IS
Build the listener class with mvn clean install
and copy the generated jar to the <is server>/repository/components/dropins
folder of your IS-server.
03 — Configure the service provider
Now, you can start the IS-server by running sh wso2server.sh
from bin
directory.
- Login to carbon console
- Create a user and a service provider.
(Let’s try with the pickup-dispatch sample application. You can download it from here). - In the service provider configuration, under Inbound Authentication Configuration, click OAuth/OpenID Connect Configuration > Configure.
- callback URL as
http://localhost.com:8080/pickup-dispatch/oauth2client
- Under Local & Outbound Authentication Configuration, select Local authentication and then select CustomLocalAuthenticator from the list.
- Deploy the sample application (Refer this for more information).
04 — Try out the flow
Navigate to http://localhost:8080/pickup-dispatch/
and try to login.