How to configure SSO in WSO2 Micro Integrator Dashboard
Connect WSO2 Identity Server as a third party Identity provider to WSO2 Micro Integrator Dashboard using OIDC based SSO.
Hello everyone đź‘‹ In this guide, I will be showing you how to configure OIDC based SSO between WSO2 Micro Integrator Dashboard and WSO2 Identity Server.
Before we begin, make sure you have Micro Integrator Dashboard version 4.0.1 or above to enable this feature. You can download it from the official website.
I will be using WSO2 Identity Server 5.10.0 in this tutorial.
Let’s get started!
Configuring WSO2 Identity Server
First, we need to register the Micro Integrator Dashboard as a service provider in the Identity Server. To do this start the Identity Server and log in to the Carbon Management console. Select the Add under the Service Providers and define a service provider name and click register.
Next, expand Inbound Authentication Configuration > OAuth/OpenID Connect Configuration and click Configure to set the following,
- Select Code and Refresh token as the allowed grant types.
- For the Callback Url, you need to append “sso” to the Dashboard server’s root path. eg
https://{host}:{port}/sso
. Since I’m running the Dashboard locally with default configuration, I will be usinghttps://localhost:9743/sso
as the Callback Url. - In this example, I have also checked “allow authentication without client secret”. Depending on your requirement you may disable this.
- Select JWT as the Token Issuer.
Leave the rest of the configuration as it is and click Add.
Take note of the OAuth Client Key and OAuth Client Secret, we will need those values to configure SSO in our Micro Integrator Dashboard.
Configuring WSO2 Micro Integrator Dashboard
The SSO configuration in the Micro Integrator Dashboard is done through the deployment.toml
file. Open [DASHBOARD_HOME]/conf/deployment.toml
with your favourite text editor and add the following configuration,
[sso]
enable = true
client_id = "8e4uDF4ewc2aEa"
idp_url = "https://localhost:9443"
jwt_issuer = "https://localhost:9443/oauth2/token" resource_server_URLs = ["https://localhost:9743"] sign_in_redirect_URL = "https://localhost:9743/sso"
This is the minimum configuration you need to enable SSO. I will quickly go through each of the above parameters.
client_id
— The client ID generated from the Identity Provideridp_url
— The URL of the Identity Providerjwt_issuer
— The Identity Provider’s issuer identifierresource_server_URLs
— The URL of the Micro Integrator Dashboardsign_in_redirect_URL
— The Sign In redirect URL of the Micro Integrator Dashboard. This needs to be in the following formathttps://{host}:{port}/sso
.
You can refer to the official documentation to see the complete list of parameters you can configure for the single sign-on.
One last step, You will also need to add the public certificate of the IDP provider to the trust store.
Is this the first time importing the certificates? Check out this article to easily get the job done.
Once you have imported the certificate to a JKS trust store, add the following configuration with necessary changes to the deployment.toml
. In this example, I have placed the JKS trust store file in the[DASHBOARD_HOME]/conf/security
directory.
[truststore]
file_name = “conf/security/client-truststore.jks”
password = “wso2carbon”
Try out time
Start the WSO2 Micro Integrator Dashboard and direct your browser to https://localhost:9743/. If you have configured everything correctly you will see an option to sign in with SSO. Once you click Sign In with SSO, you will be redirected to the Identity server’s login page.