Twitter can be used as a federated authenticator in WSO2 Identity Server. Follow the steps below to configure WSO2 Identity Server to authenticate users using their Twitter login credentials:
Before you begin
- Go to https://twitter.com/, create an account, and register an application on Twitter.
- Sign in to the WSO2 Identity Server Management Console at
https://<Server Host>:9443/carbon
using yourusername
andpassword
.
- Navigate to the Identity Provider section under Main > Identity menu-item.
- Click Add.
- Provide values for the following fields under the Basic Information section:
Field Description Sample Value Identity Provider Name The Identity Provider Name must be unique as it is used as the primary identifier of the identity provider.
FacebookIdP, Twitter Display Name The Display Name is used to identify the identity provider. If this is left blank, the Identity Provider Name is used. This is used in the login page when selecting the identity provider that you wish to use to log in to the service provider.
Facebook, Twitter Description The Description is added in the list of identity providers to provide more information on what the identity provider is. This is particularly useful in situations where there are many identity providers configured and a description is required to differentiate and identify them. This is the identity provider configuration. Federation Hub Identity Provider Select the Federation Hub Identity Provider check-box to indicate if this points to an identity provider that acts as a federation hub. A federation hub is an identity provider that has multiple identity providers configured to it and can redirect users to the correct identity provider depending on their Home Realm identifier or their Identity Provider Name. When we have this check-box selected additional window will pop-up in the multi-option page in the first identity server to get the home realm identifier for the desired identity provider in the identity provider hub.
Selected Home Realm Identifier The Home Realm Identifier value can be specified in each federated IDP and can send the Home Realm Identifier value as the “fidp” query parameter (e.g., fidp=googleIdp) in the authentication request by the service provider. The WSO2 Identity Server finds the IDP related to the “fidp” value and redirects the end user to the IDP directly rather than showing the SSO login page. By using this, you can avoid multi-option, in a multi-option scenario without redirecting to the multi-option page.
FB, TW Identity Provider Public Certificate The Identity Provider Public Certificate is the public certificate belonging to the identity provider. Uploading this is necessary to authenticate the response from the identity provider. See Using Asymmetric Encryption in the WSO2 Product Administration Guide for more information on how public keys work and how to sign these keys by a certification authority.
This can be any certificate. If the identity provider is another Identity Server, this can be a
wso2.
crt
file.Alias The Alias is a value that has an equivalent value specified in the identity provider that we are configuring. This is required for authentication in some scenarios.
http://localhost:9443/oauth2/token
Expand Twitter Configuration under Federated Authenticators.
Fill in the following fields details:Field Description Sample Value Enable This option enables Twitter to be used as an authenticator for user provisioned to the WSO2 Identity Server. Checked Default This options sets the Twitter to be used as the default authentication mechanism. If you have already selected any other Identity Provider as the default federated authenticator, selecting this option deselects it. Checked API Key This is the consumer key
generated at the Twitter application registration.wuerRmdgwlqX0oE1WNDdsh17o
API Secret This is the consumer secret
generated at the Twitter application registration.771tqnkpcbRyTBSCRQvVud1x8j1uQlCDpNZo3hRG0s4cEtsFky
Callback URL This is the Callback URL you entered at the Twitter application registration. This is the URL to which the browser should be redirected after the authentication is successful.
URL format:
https://<host-name>:<port>/acs
The acs indicates the Assertion Consumer URL of the WSO2 Identity Server endpoint that accepts the responses sent by Twitter.
https://wso2.com:9443/commonauth
- Click Register.