Monday, February 17, 2014

Simple web-app with SSO capability which showcase CarbonContext usage

I'm going to use WSO2 Application Server 5.2.1[1] and WSO2 Identity Server 4.5.0[2] to deploy simple web-app with SSO capability to showcase CarbonContext[3] usage.

Without writing this webapp from the scratch I will use/modify the SSOAgentSample which can find here[4].

First let's checkout the source from this location[4] and modify it for our purpose.

a) Open travelocity.properties which can find under SSOAgentSample/src/main/resources/ directory,
vi src/main/resources/travelocity.properties
b) Update following properties, update the port from 8080 to 9764 and comment out AttributeConsumingServiceIndex property.
#The URL of the SAML 2.0 Assertion Consumer
SAML.ConsumerUrl=http://localhost:9764/travelocity.com/samlsso-home.jsp


#Identifier given for the Service Provider for SAML 2.0 attributes
#exchange
#SAML.AttributeConsumingServiceIndex=1701087467
 c) Run following command within SSOAgentSample directory to build the webapp.
mvn clean install
 We are done with the sample webapp for now, but I will update this to showcase CarbonContext usage and provide source in github.

d) Start WSO2 Identity Server, run following within Identity Server home.
sh bin/wso2server.sh
e) Lets register a new service provider in IS, browse Home> Manage> SAML SSO
and press  Register New Service Provider link.Provide following details and press Register.

Issuer : travelocity.com
Assertion Consumer URL:http://localhost:9764/travelocity.com/samlsso-home.jsp

Select other stuff according to your requirements, I'm going to select
Enable Response Signing, Enable Assertion Signing, Enable Single Logout and Enable Attribute Profile. 

Since I'm going to display roles, email address and given name of the logged in user within webapp I will select and add following three claims.

http://wso2.org/claims/role
http://wso2.org/claims/emailaddress
http://wso2.org/claims/givenname


f) Lets upload our webapp to AS and start using a port offset. Copy travelocity.com.war from SSOAgentSample/target to <AS_HOME>/repository/deployment/server/webapps/ directory.

In my local setup,
cp target/travelocity.com.war /home/udara/wso2/workspace/wso2as-5.2.1/repository/deployment/server/webapps
Since I'm starting Application Server in the same local machine which Identity Server instance resides, In-order to avoid port conflicts lets update port-offset within <AS_HOME>repository/conf/carbon.xml.
 <Offset>1</Offset>
g) Start WSO2 Application Server, run following within Application Server home.
sh bin/wso2server.sh
h) Browse http://localhost:9764/travelocity.com/ and select login with SAML from Identity Server and it will automatically redirects to the Identity Server login page.

 



Provide your username/password and Identity Server will automatically redirects you back to the http://localhost:9764/travelocity.com/samlsso-home.jsp with claims that we select in step e.

CarbonContext[3] usage

Lets update our webapp to list down all users within same tenant.

Add following import statements to the src/main/webapp/samlsso-home.jsp file along with current import statements.

<%@page import="org.wso2.carbon.context.CarbonContext" %>
<%@page import="org.wso2.carbon.user.api.UserRealm" %>
Add following highlighted snippet to obtain the reference to the user-realm from the CarbonContext and print user list.

        </table>
        <a href="index.jsp">Go to Login page</a>
        <hr/>
        <!--Start of The user list-->
        <p><b>The user list</b></p>
            <%
                CarbonContext context = CarbonContext.getCurrentContext();
                UserRealm realm = context.getUserRealm();
                String[] names = realm.getUserStoreManager().listUsers("*", 100);
                    for (String name : names) {
                       %><%=name%><br/><%
                    }
            %>
            <!--End of The user list-->

        <form action="logout">
        <input type="submit" value="Logout">


i) Build(Step c) and re-deploy your webapp.
j) Browse http://localhost:9764/travelocity.com/samlsso-home.jsp and you will get,



I have created a repo to provide the updated source, you can find related repo here[5].


[1]. http://wso2.com/products/application-server/
[2]. http://wso2.com/products/identity-server/
[3]. http://docs.wso2.org/display/Carbon420/CarbonContext+API
[4]. https://svn.wso2.org/repos/wso2/carbon/platform/branches/turing/products/is/4.5.0/modules/samples/sso/SSOAgentSample/
[5]. https://github.com/udarakr/SSOAgentSample-1.0

No comments:

Post a Comment