Tuesday, February 15, 2011

WSO2Identity Server as OpenID consumer

WSO2Identity Server can be act as both OpenId provider and OpenId consumer. My previous blog post described how we can use  WSO2Identity Server as an OpenId provider. Today lets see how we can sign up to the WSO2Identity Server using external OpenId (myopenid).

1. Download latest versions of WSO2Identity from here.

2. Extract WSO2Identity  zip file in to a directory in your file system. Lets call  as IS_HOME

3. Start WSO2Identity by running  wso2server.sh (in unix) or wso2server.bat (in windows)  which can be found in IS_HOME/bin directory.

4. Go to WSO2IS Management console by pointing your browser to https://localhost:9443/carbon/ 

5. Go to the InfoCard/OpenID Sign-in Page and provide your OpenId (I have given my openId which is  http://pathberiya.myopenid.com)

6. Provide your password and select your persona to associate 

7. Sign up to the WSO2Identity server (As I am a new user)

8. Use associated openId to sign-in to the WSO2Identiry server.

2-legged OAuth for securing a RESTful service

This is step by step guide to secure a RESTful service with 2-legged OAuth using WSO2Identity Server and WSO2ESB.

1. Download latest versions of WSO2Identity server and WSO2ESB from here.

2. Extract WSO2Identity and WSO2ESB zip files in to a directory in your file system. Lets call them as IS_HOME and ESB_HOME respectively

3. Start WSO2Identity and WSO2ESB by running  wso2server.sh (in unix) or wso2server.bat (in windows)  which can be found in IS_HOME/bin and ESB_HOME/bin directory respectively.
If  Both servers are running in the localhost, You should change the default ports.
Here I changed the WSO2ESB https port to 9445 and  http port to 9765 (default 9443 and 9763 respectively) by configuring mgt-transport.xml  which can be found in ESB_HOME/repository/conf

4. Go to WSO2IS Management console by pointing your browser to https://localhost:9443/carbon/

5. Register a User with WSO2Identity Server by providing User name and password.

6. Download sample OAuth client source code from following svn location

You can build the sample using maven (mvn clean install) or add the jars in IS_HOME/repository/components/plugins directory to sample project class path.

7. Go to ESB Management console by pointing your browser to https://localhost:9445/carbon/  and sign-in to it by providing admin user name and password. 

8. Create a proxy service in WSO2ESB by adding following configuration in to the service bus configuration which can be found under Manage ->Service Bus -> Source View 

(or simply update the synapse configuration of ESB with the content in org.wso2.carbon.identity.samples.oauth/src/main/resources/synapse.xml)

   <proxy name="OAuthProxy" transports="https http" startOnLoad="true" trace="disable">
                <oauthService remoteServiceUrl="https://localhost:9443/services/"/>
                        <address uri="http://localhost:8280/services/echo" format="rest"/>
             Please note that remoteServiceUrl contains the Host name and the port that WSO2Identity server is running.
9. Run sample Client........ Make sure to update variables  IDENTITY_SERVER, ESB_SERVER, USER_NAME, PASSWORD according to your configurations

Lets briefly go through the scenario and identity what is happening here
  • Register user with WSO2Identity Server.
  • Consumer secret is registered with WSO2Identity Server 
            1. Invoke AuthenticationAdmin  service and user is authenticated with WSO2ISentity server
            2. Invoke OAuthAdminService service and register consumer secret.

  •  Consumer key would be the User Name of the User  
  • Generate OAuth Authorization header and Sign it with OAuth Consumer Secret
  • Invoke the proxy service which is deployed in ESB
  • OAuth mediator in ESB invoke the OAuthService  in WSO2Identity Server to verify that consumer is valid.
  • Verify consumer key (Valid User ?) and Verify oauth_signature value using consumer secret  which has been registered by the user.
  • If Signature verification is done, request is Authenticated, and send it to the RESTful service


Thursday, February 3, 2011

How to get the operation list from a given WSDL Uri

Today i needed to list the operation of a given WSDL uri. I went through the axis2 source code.. and  just found some code block in the CodeGenerationEngine class. Following is the java code that modified.. You want to have the axis2 and wsdl4j jars in your class path...

import org.apache.axis2.AxisFault;
import org.apache.axis2.description.AxisOperation;
import org.apache.axis2.description.AxisService;
import org.apache.axis2.description.WSDL11ToAxisServiceBuilder;
import org.apache.axis2.wsdl.codegen.CodeGenConfiguration;
import org.apache.axis2.wsdl.codegen.CodeGenerationEngine;
import org.apache.axis2.wsdl.codegen.CodeGenerationException;

import java.util.Iterator;
import javax.wsdl.Definition;
import javax.wsdl.WSDLException;

public class WSDLToOperation {

    public static void main(String args[]) throws CodeGenerationException, WSDLException, AxisFault {

        String wsdlUri = "";

        CodeGenConfiguration codeGenConfiguration = null;

        CodeGenerationEngine codeGenerationEngine  = new CodeGenerationEngine(codeGenConfiguration);
        Definition wsdl4jDef = codeGenerationEngine.readInTheWSDLFile(wsdlUri);

        WSDL11ToAxisServiceBuilder wsdl11ToAxisServiceBuilder = new
                WSDL11ToAxisServiceBuilder(wsdl4jDef, null, null, false);

        AxisService axisService = wsdl11ToAxisServiceBuilder.populateService();

        Iterator iterator = axisService.getOperations();

        while (iterator.hasNext()) {
            AxisOperation operation  =  (AxisOperation) iterator.next();