All docs This doc
||
Skip to end of metadata
Go to start of metadata

The functionality described in this section is not yet released.

SSO (Single Sign-On) allows you to be authenticated to access one application, and gain access to multiple other applications without having to repeatedly provide your credentials for authentication purposes. This section explains how you can configure single sign-on for the WSO2 Dashboard Portal, Status Dashboard and the Business Rules Manager.

Before you begin:

Configure the external identity provider (IdP) that you are using for SSO. By default, WSO2 SP uses WSO2 IS (versions 5.4.0 and later) as the Identity Provider. For detailed instructions to configure WSO2 IS for this scenario, see OAuth2 Token Validation and Introspection.

If you want to use any other identity provider, make sure that it supports OAuth 2 Dynamic Client Registration, and do the required configurations (which differ based on the IdP).


Enabling SSO

To configure SSO for the WSO2 SP, open the <SP_HOME>/conf/dashboard/deployment.yaml file and update it as follows:

  1. In the auth.configs section, start creating a new entry with a new client type. You need an external IdP client for SSO. Therefore, enter external as the type.

    auth.configs:
    type: external

  2. To enable SSO, set the ssoEnabled property as shown below.

    auth.configs:
    type: external
    ssoEnabled: true

  3. In order to allow SSO to function in your SP setup, you need to set the following properties under the ssoEnabled property.

    auth.configs:
    type: external
    ssoEnabled: true
    properties:
     kmDcrUrl: https://localhost:9443/identity/connect/register
     kmTokenUrl: https://localhost:9443/oauth2
     kmUsername: admin
     kmPassword: admin
     idpBaseUrl: https://localhost:9443/scim2
     idpUsername: admin
     idpPassword: admin
     portalAppContext: portal
     statusDashboardAppContext: monitoring
     businessRulesAppContext : business-rules
     databaseName: WSO2_OAUTH_APP_DB
     cacheTimeout: 900
     baseUrl: https://localhost:9643
     grantType: authorization_code

    The purposes of these properties are explained in the table below.

    PropertyDefault ValueDescription
    kmDcrUrl https://localhost:9443/identity/connect/registerThe Dynamic Client Registration (DCR) endpoint of the key manager in the IdP.
    kmTokenUrl https://localhost:9443/oauth2The token endpoint of the key manager in the IdP.
    kmUsername adminThe username for the key manager in the IdP.
    kmPassword adminThe password for the key manager in the IdP.
    idpBaseUrl https://localhost:9443/scim2The SCIM2 endpoint of the IdP.
    idpUsername adminThe username for the IdP.
    idpPassword adminThe password for the IdP.
    portalAppContext portalThe application context of the Dashboard Portal application in WSO2 SP.
    statusDashboardAppContext monitoringThe application context of the Status Dashboard application in WSO2 SP.
    businessRulesAppContext business-rulesThe application context of the Business Rules application in WSO2 SP.
    databaseName WSO2_OAUTH_APP_DBThe application context of the Business Rules application in WSO2 SP.
    cacheTimeout 900The cache timeout for the validity period of the token in seconds.
    baseUrl https://localhost:9643

    The base URL to which the token should be redirected after the code returned

    from the Authorization Code grant type is used to get the token.

    grantType authorization_codeThe grant type used in the OAuth application token request.
    externalLogoutURL https://localhost:9443/samlssoThe URL via which you can llog out from the external IDP provider side in the SSO.
  4. Save your changes.

Testing the SSO configuration

Once the above changes are made, you can start the dashboard server of WSO2 SP and access all the UIs in it with a single sign-on. To try this out, follow the steps below:

  1. Start the dashbaord server by issuing one of the following commands:
    • On Windows:  dashboard.bat --run
    • On Linux/Mac OS:  sh dashboard.sh

  2. Access the Dashboard Portal via the following URL. 

    https://localhost:9643/portal

  3. In the dialog box that appears to sign in, enter admin as both the user name and the password, and then click LOG IN.
  4. Now access the Business Rules Manager via the following URL.
    https://localhost:9643/business-rules

    No dialog box appears for the Business Rules Manager. This because you provided your credentials to access the Dashboard Portal, and the activation of SSO makes that sign-in valid for all the UIs accessible via the dashboard profile.
  • No labels