Wednesday, July 28, 2010
WSO2 Identity Server as OpenID Provider
I am going to explain how we can use Openid issued by WSO2Identity server in an actual environment. Here I am using Liferay portal as Openid consumer and assume that Liferay portal and Identity server have been setup in different hosts in a LAN.
1. First download WSO2Identity server from here and you can extract in to a directory in your file system. Lets call as CARBON_HOME
2. You can start Identity server by running wso2server.sh (in unix) or wso2server.bat (in windows) file in the CARBON_HOME/bin directory
Identity server will be started with default configuration. if you examine openid url of a user(default admin username is admin) in identity server. It will look like
https://localhost:9443/openid/admin
But this openid url can not be accessed by other hosts in your network. So Lets change our host name.
3. Lets assume we want to configure host name as "wso2identity" (or any ip address). First configure following parameters in carbon.xml which can be found in CARBON_HOME/conf
<ServerURL>https://wso2identity:${carbon.management.port}${carbon.context}/services/</ServerURL>
<HostName>wso2identity</HostName>
configure following parameters in identity.xml which can be found in same location
<OpenIDServerUrl>https://wso2identity:9443/openidserver</OpenIDServerUrl>
<OpenIDUserPattern>https://wso2identity:9443/openid/</OpenIDUserPattern>
4. Restart identity server. Now openid url
https://wso2identity:9443/openid/admin
5. Download latest version of Liferay portal from here and you can extract in to a directory in your file system. Lets call as LIFERAY_HOME
6. Set CATALINA_HOME =LIFERAY_HOME/tomcat_dir
7. Start Liferay portal by running catalina.sh run (in unix) or calalina.bat file in CATALINA_HOME/bin directory.
8. Create a user account in Liferay and configure an openid that is issued by identity server (https://wso2identity:9443/openid/admin)
9. Now try to sign in by providing your openid
10. You will probably get following error message. Because there are one configuration to do, if we use default keystore, wso2carbon.jks for identity server.
Liferay use java cacerts as its trust-store. But wso2carbon.jks contains self signed certificate. So public key should be imported to the cacerts that is used by Liferay. Then Liferay can trust the Openid provided by wso2identity server.
11. Import Identity server public certificate to the cacerts
first export wso2carbon cert from wso2carbon.jks which can be found in CARBON_HOME/resources/security directory. sample keytool command
> keytool -export -keystore wso2carbon.jks -file carbon.cert -alias localhost -keypass wso2carbon
Then import it to cacerts in JAVA_HOME/jre/lib/security
> keytool -import -keystore cacerts -file carbon.cert -alias carbon -keypass changeit
12. Then restart Liferay portal. Now you can sign in to Liferay portal using wso2identity server's Openid.........!!!
Subscribe to:
Post Comments (Atom)
This comment has been removed by the author.
ReplyDeleteafter authenticating from wso2 identity it is giving forbidden error in liferay , please any solution is there , please reply fast,
ReplyDelete