This documentation is for WSO2 App Manager 1.1.0. View documentation for the latest release.
Obtaining an OAuth2 Token by Providing a SAML Token - Pizza Shack App - App Manager 1.1.0 - WSO2 Documentation
||
Skip to end of metadata
Go to start of metadata

Introduction

WSO2 App Manager generates a SAML token for the apps published through it during the SSO authentication. This sample demonstrates how to retrieve an access token from WSO2 API Manager, by giving the SAML token generated by WSO2 App Manager for a Web app named Pizza Shack. The sample uses WSO2 API Manager as the API Gateway, and the PIzza Shack Web application to call APIs that are deployed on API Manager, which are secured using OAuth 2.0. 

Pre-requisites

  • Download WSO2 API Manager, and start the server with a port offset of five.

    To set a port offset of 5 in WSO2 API Manager, change the value of the <Offset> element in <AM_HOME>/repository/conf/carbon.xml file as follows: <Offset>5</Offset>. For instructions on using WSO2 AM, see  WSO2 AM documentation .

  • After you set the port offset in WSO2 API Manager, change the Thrift client and server ports with the new port accordingly.

  • Download WSO2 App Manager, and start the server.

  • Download WSO2 Application Server, and start the server.

    To set a port offset of 2 in WSO2 Application Server, change the value of the <Offset> element in <AS_HOME>/repository/conf/carbon.xml file as follows: <Offset>2</Offset>. For instructions on using WSO2 AS, see WSO2 AS documentation.

Building the sample

Follow the steps below to build the Pizza Shack sample app.

  1. Navigate to <AppM_HOME>/samples/PizzaShack/ directory using the CLI.
  2. Execute the following command in the CLI to build the source code: mvn clean install

  3. Copy the  following files file to <AS_HOME>/repository/deployment/server/webapps/ directory, to host the file in WSO2 AS.

    • <AppM_HOME>/samples/PizzaShack/pizza-shack-api/target/pizzashack-api-1.0.0.war
    • <AppM_HOME>/samples/PizzaShack/pizza-shack-web/target/pizzashack.war

    If you are using Apache Tomcat as the Web server to deploy the WAR files, embed the commons-logging-1.2.jar file inside the <TOMCAT_HOME>/lib/ directory.

  4. After deploying, access the application using the following URL:  http://<AS_HOST>:9765/pizzashack. It opens the application in a Web browser.

Executing the sample

Follow the steps below to execute the sample.

Updating the Resident Identity Provider

WSO2 App Manager uses WSO2 API Manager as the API Provider. In order to obtain an OAuth2 token using the SAML token provided by the IDP of WSO2 App Manager (WSO2 IS), WSO2 API Manager needs to include IS as a trusted IDP. Follow the steps below to configure WSO2 API Manager to create an Identity Provider (IDP).

  1. Log in to the management console of WSO2 App Manager using the following URL with admin/admin credentials: https://<AppM_HOST>:9443/carbon/
  2. Click Main, and then click List in the Identity Providers menu.
  3. Click Resident Identity provider.
  4. Click Inbound Authentication Configuration, and then click SAML2 Web SSO Configuration.
  5. Change the Identity Provider Entity Id to appm as shown below.
    add resident IDP
  6. Click Update.
  7. Log in to the management console of WSO2 API Manager using the following URL with admin/admin credentials: https://<AM_HOST>:9448/carbon/
  8. Click Main, and then click Add in the Identity Providers menu.
  9. Enter AppManager for Identity Provider Name.
  10. Navigate to the <AppM_HOME>/repository/resources/security/ directory, and run the following command: keytool -export -alias wso2carbon -file appm.crt -keystore wso2carbon.jks
  11. Select and upload the certificate you created in the above step for Identity Provider Public Certificate.
  12. Enter http://<AM_HOST>:8285/token for Alias.
  13. Click Federated Authenticators, and then click SAML2 Web SSO Configuration.
  14. Tick the option Specifies if SAML2 Web SSO is enabled for this identity provider for Enable SAML2 Web SSO.
  15. Enter appm for Identity Provider Entity id.
  16. Enter Pizza-1.0.0 for Service Provider Entity id.
  17. Enter  https://<AppM_HOST>:9443/samlsso  for SSO URL.
  18. Click Update.

Creating the APIs in WSO2 API Manager

To configure WSO2 API Manager for this sample demonstration, you need to define three APIs named Delivery API, Order API, and Menu API, and push them to the API gateway as follows. 

Configuration ParametrsRequired Values
  Delivery API Order API Menu API
API NamepizzaShackpizzashack-orderpizzashack-menu
Context/pizzashack/delivery/pizzashack/order/pizzashack/menu
Version1.0.01.0.01.0.0
Production Endpoint URLhttp://<AS_HOST>:9765/pizzashack-api-1.0.0/api/deliveryhttp://<AS_HOST>:9765/pizzashack-api-1.0.0/api/order http://<AS_HOST>:9765/pizzashack-api-1.0.0/api/menu 
API ResourcesKeep the default values.Keep the default values.Keep the default values.
Adding the APIs

Follow the steps below to add and publish the above APIs in WSO2 API Manager.

Adding the Delivery API
  1. Log in to the API Publisher of WSO2 API Manager using the following URL with admin/admin credentials: http://<AM_HOST>:9448/publisher 
  2. Click Add.
  3. Enter the details as shown below in the General Details section to create the Delivery API.
    design API of creating a new API
  4. Click Implement, and then click Yes in the message that pops up to add a wildcard resource.
  5. Enter  http://<AS_HOST>:9765/pizzashack-api-1.0.0/api/delivery  for the Production Endpoint in the Endpoints section as shown below. 
    endpoints section of creating an API
  6. Click Manage.
  7. Select Unlimited for Tier Availability in the Configurations section as shown below.
    Configurations section
  8. Click Save & Publish.
Adding the Order API
  1. Log in to the API Publisher of WSO2 API Manager using the following URL with admin/admin credentials: http://<IP_ADDRESS>:9768/publisher 
  2. Click Add.
  3. Enter the details as shown below in the General Details section to create the Order API.
    Design of Order API
  4. Click Implement, and then click Yes in the message that pops up to add a wildcard resource.
  5. Enter  http://<AS_HOST>:9765/pizzashack-api-1.0.0/api/order  for the Production Endpoint as shown below in the Endpoints section.
    endpoints section of creating an APi
  6. Click Manage.
  7. Select Unlimited for Tier Availability in the Configurations section as shown below.
    Configurations section
  8. Click Save & Publish.
Adding the Menu API
  1. Log in to the API Publisher of WSO2 API Manager using the following URL with admin/admin credentials: http://<IP_ADDRESS>:9768/publisher 
  2. Click Add.
  3. Enter the details as shown below in the General Details section to create the Menu API.
    Design section of the Menu API
  4. Click Implement, and then click Yes in the message that pops up to add a wildcard resource.
  5. Enter  http://<AS_HOST>:9765/pizzashack-api-1.0.0/api/menu  for the Production Endpoint as shown below in the Endpoints section.
    endpoints section of creating an API
  6. Click Manage.
  7. Select Unlimited for Tier Availability in the Configurations section as shown below.
    Configurations section of Menu API
  8. Click Save & Publish.
Subscribing to the APIs

Follow the steps below to subscribe to the published APIs, and generate production keys for them.

  1. Log in to the API Store of WSO2 API Manager using the following URL with admin/admin credentials: http://<AM_HOST>:9448/store 
  2. Click on the published Delivery API named pizzaShack-1.0.0 .
  3. Select DefaultApplication for Applications, and click Subscribe as shown below.
    subscribe to published APIs
  4. Click Go To My Subscriptions in the message box which pops up. 

  5. Click Generate. This displays the production keys generated for the DefaultApplication app as shown below.
    consumer secret keys

    The production keys generated above will be matched for all the APIs which you subscribe to using the DefaultApplication app.

  6. Click on the Order API named pizzashack-order-1.0.0 in the left menu.
  7. Repeat step3 to step 5 above, to subscribe to the Order API through the DefaultApplication.
  8. Click on the Menu API named pizzashack-menu-1.0.0 in the left menu.
  9. Repeat step3 to step 5 above, to subscribe to the menu API through the DefaultApplication.

Configuring WSO2 App Manager

Follow the steps below to configure WSO2 App Manager for this sample demonstration.

Creating the Web app

Follow the steps below to create a new Web app in App Publisher to publish the Plan Your Trip app.

Completing the Overview section

Follow the steps below to complete the first step of creating a new Web app.

  1. Log in to the App Publisher of WSO2 App Manager using the following URL with admin/admin credentials: http://<AppM_HOST>:9443/publisher
  2. Click Add New Web Application, to add the Pizza Shack Web app using the App Publisher. 

  3. Enter the details in the Overview section as shown below. For instructions on the Overview section of adding a Web app, see Step 1 - Overview
    creating a new Web app
Completing the Advanced Configuration section
  1. Click Advanced Configuration, and then click OAuth2 Key Manager Configuration.

  2. Enter http://<AM_HOST>:8285/token (assuming WSO2 API Manager is running with port a offset of 5. In case it uses a different port offset, give the server URL accordingly.), which is the token endpoint of WSO2 API Manager for API Token Endpoint.
  3. Enter an alias name (e.g. pizzashack) for the API.
  4. Enter the details of the production keys generated when subscribing to the APIs in WSO2 API Manager, for API Consumer Key and API Consumer Secret as shown below.
    adding OAUTH2 parameters
  5. Click Create.
Publishing the Web app

Follow the steps below to publish the Web app in the App Publisher. For more instructions on publishing a Web app, see Publishing Web Applications.

  1. In the All Web Applications list, click Submit for Review button corresponding to the app.
  2. Click Approve.
  3. Click Publish.
Subscribing to the Web app

Follow the steps below to subscribe to the Web app. For instructions on subscribing to a Web app, see Subscribing to Applications.

  1. Log in to the App Store of WSO2 App Manager using the following URL: http://<ApM_HOST>:9443/store
  2. Click on the image of the Web app.
  3. Click Subscribe Me.

Updating the service provider 

Once you create a Web app a Service Provider (SP) is created in WSO2 AppM. Follow the steps below to update the service provider created for the Pizza Shack Web app.

  1. Log in to the management console of WSO2 App Manager using the following URL with admin/admin credentials: https://<AppM_HOST>:9443/carbon/ 
  2. Click Main, and then click List in the Service Providers menu. You see the SP created for the Pizza Shack Web app as follows.
    service provider created for the Pizza Shack Web app
  3. Click the Edit link associated with the Pizza Shack-1.0 service provider.
  4. Click Inbound Authentication Configuration, and then click SAML2 Web SSO Configuration
  5. Click the Edit link associated with the Pizza Shack-1.0 service provider in the SAML2 SSO Web Configuration list as follows.
    SAML2 SSO Web configurations list
  6. Select Enable Assertion Signing.
  7. Select Enable Audience Restriction.
  8. Enter  http://<Am_HOST>:8285/token  for the Audience, and click Add Audience as follows.
  9. Select  Enable Recipient Validation.
  10. Enter  http://<AM_HOST>:8285/token  for the Recipient, and click Add Recipient as follows.
  11. Click Update.

Deploying the actual service implementation

Follow the steps below to deploy the actual service implementation.

  1. Log in to the App Publisher of WSO2 App Manager using the following URL with admin/admin credentials: http://<AppM_HOST>:9443/publisher
  2. Click on the Pizza Shack application in the Web applications list.
  3. In the the Overview section of the Web application, click OAUTH Parameters tab.
    You can see the consumer/secret keys generated for it in WSO2 App Manager as follows.
    OAUTH2 parameters in WSO2 App Manager
  4. Set the port of the serverURL parameter in the <AS_HOME>/repository/deployemnt/server/webapps/pizzashack/WEB-INF/web.xml file to 8285. (Assuming WSO2 API Manager is running with port a offset of five. In case it uses a different port offset, give the server URL accordingly).
  5. Set the port of the loginURL parameter in the <AS_HOME>/repository/deployemnt/server/webapps/pizzashack/WEB-INF/web.xml file to 8280. (This points to the token API of WSO2 App Manager.)
  6. Replace the values of the consumerKey and consumerSecret parameters in the <AS_HOME>/repository/deployemnt/server/webapps/pizzashack/WEB-INF/web.xml file with the Webapp Consumer Key and Webapp Consumer Secret of the above step.

Accessing the Web app

Follow the steps below to access the Pizza Shack Web app through WSO2 App Manager. 

  1. Log in to the App Store of WSO2 App Manager using the following URL: http://<AppM_HOST>:9443/store

  2. Click on the Pizza Shack Web app.

  3. Click the Gateway Endpoint URL of the Web app as shown below.
    Gateway Endpoint URL of the Web app

  4. Log in to the app using admin/admin (or any user account you used for subscription). This lists all available pizza menus by invoking the pizza-menu API published in WSO2 API Manager. The OAUTH2 access token, which is used to invoke the APIs through WSO2 API Manager is generated by passing the SAML token generated by WSO2 App Manager during the SSO authentication.
  • No labels