This documentation is for WSO2 Identity Server 5.7.0 . View documentation for the latest release.

All docs This doc

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. Copy the following .jar files from the <IS_HOME>/repository/components/plugins/ directory to the <WebApp_HOME>/authenticationendpoint/WEB-INF/lib directory.

    • org.wso2.carbon.base_4.4.35.jar

    • org.wso2.carbon.identity.base_5.12.153.jar

    • org.wso2.carbon.ui_4.4.35.jar

    • org.wso2.carbon.identity.application.authentication.endpoint.util_5.12.153.jar

    • org.wso2.carbon.identity.core_5.12.153.jar

    • httpcore_4.3.3.wso2v1.jar

    • org.wso2.carbon.identity.user.registration.stub_5.12.153.jar

    • axis2_1.6.1.wso2v28.jar

    • org.wso2.carbon.user.api_4.4.35.jar

    • opensaml_2.6.4.wso2v3.jar

    • org.wso2.carbon.utils_4.4.35.jar

    • jettison_1.3.4.wso2v1.jar

    • org.wso2.carbon.user.core_4.4.35.jar

    • org.wso2.carbon.logging_4.4.35.jar

    • com.google.gson_2.7.0.jar
    • commons-collections_3.2.2.wso2v1.jar

  2. Copy the following .jar files from the <IS_HOME>/lib/runtimes/cxf/ directory to the <WebApp_HOME>/authenticationendpoint/WEB-INF/lib directory.
    • javax.ws.rs-api-2.0-m10.jar
    • cxf-bundle-2.7.16.wso2v1.jar 
    • neethi-3.0.3.jar
    • wsdl4j-1.6.3.jar
  3. Uncomment the following section in the <WebApp_HOME>/authenticationendpoint/WEB-INF/web.xml file and point to the WSO2 Identity Server URLs.

    Code Block
    languagexml
    ...   
    <context-param>
           <param-name>IdentityManagementEndpointContextURL</param-name>
    <param-value>https://$WEB_SERVER_HOST:$WEB_SERVER_PORT/accountrecoveryendpoint</param-value>
       </context-param>
        <context-param>
           <param-name>AccountRecoveryRESTEndpointURL</param-name>
         <param-value>https://localhost:9443/t/tenant-domain/api/identity/user/v1.0/</param-value>
       </context-param>
    ...
        <context-param>
            <param-name>IdentityServerEndpointContextURL</param-name>
            <param-value>https://localhost:9443</param-value>
        </context-param>
    ...
  4. Add the following servlet to the <WebApp_HOME>/authenticationendpoint/WEB-INF/web.xml file.

    Code Block
    <servlet>
            <servlet-name>jsp</servlet-name>
     
          <servlet-class>org.apache.jasper.servlet.JspServlet</servlet-class>
      
         <init-param>
       
            <param-name>fork</param-name>
       
            <param-value>false</param-value>
    
           </init-param>
     
          <init-param>
      
             <param-name>xpoweredBy</param-name>
       
            <param-value>false</param-value>
       
        </init-param>
    
           <init-param>
     
              <param-name>compilerSourceVM</param-name>
      
             <param-value>1.8</param-value>
       
        </init-param>
       
        <init-param>
    
               <param-name>compilerTargetVM</param-name>
     
              <param-value>1.8</param-value>
      
         </init-param>
       
        <load-on-startup>3</load-on-startup>
       
    </servlet>
  5. Change the following configuration in <IS_HOME>/repository/conf/identity/application-authentication.xml file

    Code Block
    languagexml
    <AuthenticationEndpointURL>/authenticationendpoint/login.do</AuthenticationEndpointURL>
    <AuthenticationEndpointRetryURL>/authenticationendpoint/retry.do</AuthenticationEndpointRetryURL>
    <AuthenticationEndpointMissingClaimsURL>/authenticationendpoint/claims.do</AuthenticationEndpointMissingClaimsURL>

    as follows:

    Code Block
    languagexml
    <AuthenticationEndpointURL>https://$WEB_SERVER_HOST:$WEB_SERVER_PORT/authenticationendpoint/login.do</AuthenticationEndpointURL>
    <AuthenticationEndpointRetryURL>https://$WEB_SERVER_HOST:$WEB_SERVER_PORT/authenticationendpoint/retry.do</AuthenticationEndpointRetryURL>
    <AuthenticationEndpointMissingClaimsURL>https://$WEB_SERVER_HOST:$WEB_SERVER_PORT/authenticationendpoint/claims.do</AuthenticationEndpointMissingClaimsURL>

    You will need to add AuthenticationEndpointMissingClaimsURL configuration, as it is not already available in this configuration file.

  6. Change the following configuration in <IS_HOME>/repository/conf/identity/identity.xml file to point to the authentication endpoint hosted outside the wso2 server.

    Code Block
    languagexml
    ...
    <OpenID>
    	...
    	<OpenIDLoginUrl>https://$WEB_SERVER_HOST:$WEB_SERVER_PORT/authenticationendpoint/openid_login.do</OpenIDLoginUrl>
    	...
    </OpenID>
    ...
    <OAuth>
    	...
    	<OAuth2ConsentPage>https://$WEB_SERVER_HOST:$WEB_SERVER_PORT/authenticationendpoint/oauth2_authz.do</OAuth2ConsentPage>
    	<OAuth2ErrorPage>https://$WEB_SERVER_HOST:$WEB_SERVER_PORT/authenticationendpoint/oauth2_error.do</OAuth2ErrorPage>
    	<OIDCConsentPage>https://$WEB_SERVER_HOST:$WEB_SERVER_PORT/authenticationendpoint/oauth2_consent.do</OIDCConsentPage>
    	<OIDCLogoutConsentPage>https://$WEB_SERVER_HOST:$WEB_SERVER_PORT/authenticationendpoint/oauth2_logout_consent.do</OIDCLogoutConsentPage>
    	<OIDCLogoutPage>https://$WEB_SERVER_HOST:$WEB_SERVER_PORT/authenticationendpoint/oauth2_logout.do</OIDCLogoutPage>
    	...
    </OAuth>
    ...
    <SSOService>
    	...  
    	<DefaultLogoutEndpoint>https://$WEB_SERVER_HOST:$WEB_SERVER_PORT/authenticationendpoint/samlsso_logout.do</DefaultLogoutEndpoint>
        <NotificationEndpoint>https://$WEB_SERVER_HOST:$WEB_SERVER_PORT/authenticationendpoint/samlsso_notification.do</NotificationEndpoint>
        ...
    </SSOService>
    ...
    <PassiveSTS>
    	...
       <RetryURL>https://$WEB_SERVER_HOST:$WEB_SERVER_PORT/authenticationendpoint/retry.do</RetryUR>
    	...
    <PassiveSTS>
    ...
  7. Import the public certificate of the identity server to the javaca certs (or web-serverstruststore) of the JVM that the authenticationendpoint is running.

    Code Block
    languagexml
    keytool -export -keystore $IS_HOME/repository/resources/security/wso2carbon.jks -alias wso2carbon -file wso2carbon.cer
    Code Block
    languagexml
    keytool -import -alias wso2carbon -keystore  $WEB_APP_TRUSTSTORE -file wso2carbon.cer
  8. Import the public certificate of the Web_server’s keystore to the Identity Server truststore.


    Code Block
    languagexml
    keytool -export -keystore $WEB_APP_KEYSTORE -alias wso2carbon -file webserver.cer
    Code Block
    languagexml
    keytool -import -alias <alias> -keystore  $IS_HOME/repository/resources/security/client-trustore.jks -file webserver.cer

...