This documentation is for WSO2 IoT Server 3.2.0. View the documentation for the latest release.
Page Comparison - Setting Up A Federated IdP with OpenID Connect (v.2 vs v.3) - IoT Server 3.2.0 - WSO2 Documentation

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. Create a file named openid-extension-deployer.xml in the <IOTS_HOME> directory.
  2. Copy the content given below to the openid-extension-deployer.xml file you created.

    Panel
    Expand
    titleClick here to expand and copy the content.
    Code Block
    <!--
     ~ Copyright (c) 2017, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
     ~
     ~ WSO2 Inc. licenses this file to you under the Apache License,
     ~ Version 2.0 (the "License"); you may not use this file except
     ~ in compliance with the License.
     ~ You may obtain a copy of the License at
     ~
     ~ http://www.apache.org/licenses/LICENSE-2.0
     ~
     ~ Unless required by applicable law or agreed to in writing,
     ~ software distributed under the License is distributed on an
     ~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
     ~ KIND, either express or implied. See the License for the
     ~ specific language governing permissions and limitations
     ~ under the License.
     -->
    <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
       <parent>
          <groupId>org.wso2</groupId>
          <artifactId>wso2</artifactId>
          <version>1</version>
       </parent>
       <modelVersion>4.0.0</modelVersion>
       <groupId>org.wso2.iot.devicemgt-plugins</groupId>
       <artifactId>openid-extension-script</artifactId>
       <version>3.1.0</version>
       <packaging>pom</packaging>
       <name>OpenID Extension Script</name>
       <url>http://wso2.org</url>
       <build>
          <plugins>
             <plugin>
                <groupId>org.wso2.maven</groupId>
                <artifactId>carbon-p2-plugin</artifactId>
                <version>1.5.4</version>
                <executions>
                   <execution>
                      <id>2-p2-repo-generation</id>
                      <phase>package</phase>
                      <goals>
                         <goal>p2-repo-gen</goal>
                      </goals>
                      <configuration>
                         <metadataRepository>file:${basedir}/p2-repo</metadataRepository>
                         <artifactRepository>file:${basedir}/p2-repo</artifactRepository>
                         <publishArtifacts>true</publishArtifacts>
                         <publishArtifactRepository>true</publishArtifactRepository>
                         <featureArtifacts>
                            <featureArtifactDef>org.wso2.carbon.identity.outbound.auth.oidc:org.wso2.carbon.identity.application.authenticator.oidc.server.feature:${identity-application-auth-oidc.version}</featureArtifactDef>
                         </featureArtifacts>
                      </configuration>
                   </execution>
                   <execution>
                      <id>default-feature-install</id>
                      <phase>package</phase>
                      <goals>
                         <goal>p2-profile-gen</goal>
                      </goals>
                      <configuration>
                         <profile>default</profile>
                         <metadataRepository>file:${basedir}/p2-repo</metadataRepository>
                         <artifactRepository>file:${basedir}/p2-repo</artifactRepository>
                         <destination>${basedir}/wso2/components</destination>
                         <deleteOldProfileFiles>false</deleteOldProfileFiles>
                         <features>
                            <feature>
                               <id>org.wso2.carbon.identity.application.authenticator.oidc.server.feature.group</id>
                               <version>${identity-application-auth-oidc.version}</version>
                            </feature>
                         </features>
                      </configuration>
                   </execution>
                </executions>
             </plugin>
             <plugin>
                <groupId>org.apache.maven.plugins</groupId>
                <artifactId>maven-antrun-plugin</artifactId>
                <version>1.6</version>
                <executions>
                   <execution>
                      <id>default-feature-install</id>
                      <phase>package</phase>
                      <configuration>
                         <target>
                            <replaceregexp file="./wso2/components/default/configuration/org.eclipse.equinox.simpleconfigurator/bundles.info" match="(org.wso2.carbon.identity.application.authenticator.oidc.*)false" replace="\1true" byline="true" />
                         </target>
                      </configuration>
                      <goals>
                         <goal>run</goal>
                      </goals>
                   </execution>
                </executions>
             </plugin>
          </plugins>
       </build>
       <pluginRepositories>
          <pluginRepository>
             <id>wso2.releases</id>
             <name>WSO2 internal Repository</name>
             <url>http://maven.wso2.org/nexus/content/repositories/releases/</url>
             <releases>
                <enabled>true</enabled>
                <updatePolicy>daily</updatePolicy>
                <checksumPolicy>ignore</checksumPolicy>
             </releases>
          </pluginRepository>
          <pluginRepository>
             <id>wso2.snapshots</id>
             <name>Apache Snapshot Repository</name>
             <url>http://maven.wso2.org/nexus/content/repositories/snapshots/</url>
             <snapshots>
                <enabled>true</enabled>
                <updatePolicy>daily</updatePolicy>
             </snapshots>
             <releases>
                <enabled>false</enabled>
             </releases>
          </pluginRepository>
          <pluginRepository>
             <id>wso2-nexus</id>
             <name>WSO2 internal Repository</name>
             <url>http://maven.wso2.org/nexus/content/groups/wso2-public/</url>
             <releases>
                <enabled>true</enabled>
                <updatePolicy>daily</updatePolicy>
                <checksumPolicy>ignore</checksumPolicy>
             </releases>
          </pluginRepository>
       </pluginRepositories>
       <repositories>
          <!-- Before adding ANYTHING in here, please start a discussion on the dev list.
                Ideally the Axis2 build should only use Maven central (which is available
                by default) and nothing else. We had troubles with other repositories in
                the past. Therefore configuring additional repositories here should be
                considered very carefully. -->
          <repository>
             <id>wso2-nexus</id>
             <name>WSO2 internal Repository</name>
             <url>http://maven.wso2.org/nexus/content/groups/wso2-public/</url>
             <releases>
                <enabled>true</enabled>
                <updatePolicy>daily</updatePolicy>
                <checksumPolicy>ignore</checksumPolicy>
             </releases>
          </repository>
          <repository>
             <id>wso2.releases</id>
             <name>WSO2 internal Repository</name>
             <url>http://maven.wso2.org/nexus/content/repositories/releases/</url>
             <releases>
                <enabled>true</enabled>
                <updatePolicy>daily</updatePolicy>
                <checksumPolicy>ignore</checksumPolicy>
             </releases>
          </repository>
          <repository>
             <id>wso2.snapshots</id>
             <name>WSO2 Snapshot Repository</name>
             <url>http://maven.wso2.org/nexus/content/repositories/snapshots/</url>
             <snapshots>
                <enabled>true</enabled>
                <updatePolicy>daily</updatePolicy>
             </snapshots>
             <releases>
                <enabled>false</enabled>
             </releases>
          </repository>
       </repositories>
       <properties>
          <identity-application-auth-oidc.version>5.1.8</identity-application-auth-oidc.version>
       </properties>
    </project>


  3. Navigate to the <IOTS_HOME> via the terminal.

    Code Block
    cd <IOTS_HOME>


  4. Execute the mvn script to install the org.wso2.carbon.identity.application.authenticator.oidc.server.feature.

    Code Block
    mvn clean install -f openid-extension-deployer.xml

Configuring the WSO2 IoT Server IdP

You need to add the federated OpenID connect authentication configurations to the WSO2 IoT Server's default Identity Provider (IdP) configs. Follow the steps given below:

  1. Open the <IOTS_HOME>/conf/identity/identity-providers/iot_default.xml file.
  2. Add the following configurations before the <FederatedAuthenticatorConfigs> tag.

    Code Block
    <IsEnabled>true</IsEnabled>
  3. Add the folowing configurations inside the <FederatedAuthenticatorConfigs> tag.

    Info

    The IdentiyServerV4's hosted demo server is available at http://demo.identityserver.io. If you are using your own external Identity Server, makse sure to replace http://demo.identityserver.io with the URL of your hosted Identity Server.


    Code Block
    <OpenIDConnectFederatedAuthenticatorConfig>
       <Name>OpenIDConnectAuthenticator</Name>
       <DisplayName>openidconnect</DisplayName>
       <IsEnabled>true</IsEnabled>
       <Properties>
          <Property>
             <Name>ClientId</Name>
             <Value>server.code</Value>
          </Property>
          <Property>
             <Name>ClientSecret</Name>
             <Value>secret</Value>
          </Property>
          <Property>
             <Name>OAuth2AuthzEPUrl</Name>
             <Value>http://demo.identityserver.io/connect/authorize</Value>
          </Property>
          <Property>
             <Name>OAuth2TokenEPUrl</Name>
             <Value>http://demo.identityserver.io/connect/token</Value>
          </Property>
          <Property>
             <Name>callbackUrl</Name>
             <Value>https://localhost:9443/commonauth</Value>
          </Property>
          <Property>
             <Name>IsUserIdInClaims</Name>
             <Value>false</Value>
          </Property>
          <Property>
             <Name>commonAuthQueryParams</Name>
             <Value>scope=openid</Value>
          </Property>
       </Properties>
    </OpenIDConnectFederatedAuthenticatorConfig>
  4. Add OpenIDConnectAuthenticator as the value for the <DefaultAuthenticatorConfig> tag.
    Example:
    Code Block
    <DefaultAuthenticatorConfig>OpenIDConnectAuthenticator</DefaultAuthenticatorConfig>
  5. Add the following configurations inside the <ClaimConfig> tag.
    Code Block
    <ClaimMappings>
       <ClaimMapping>
          <RemoteClaim>
             <ClaimUri>idp</ClaimUri>
          </RemoteClaim>
          <LocalClaim>
             <ClaimUri>http://wso2.org/claims/role</ClaimUri>
          </LocalClaim>
          <DefaultValue />
       </ClaimMapping>
    </ClaimMappings>

Open “iot_default.xml” file inside the “$IOT_HOME/conf/identity/identity-providers/” path and add / change the elements as following.