Friday, February 27, 2015

Enabling SSO for WSO2 Servers

You can follow [1] for enabling SSO for WSO2 Servers.


When you configure SSO for WSO2 Servers, either you have to share the user stores or internal roles, otherwise you will end up with a authorization failure



In this blog post I am going to post the steps to share the internal roles in WSO2IS and WSO2ESB.


i)  Download WSO2IS 5.0.0 and WSO2ESB 4.8.1
ii) Configure WSO2ESB's offset to 1 from <ESB_HOME>/repository/conf/carbon.xml file

iii) Open <IS_HOME>/repository/conf/datasource/master-datasources.xml file and add following data-source configuration

     <datasource>
            <name>WSO2UM_DB</name>
            <description>The datasource used for user management</description>
            <jndiConfig>
                <name>jdbc/WSO2UM_DB</name>
            </jndiConfig>
            <definition type="RDBMS">
                <configuration>
           <url>jdbc:mysql://localhost:3306/userstore?autoReconnect=true&amp;relaxAutoCommit=true&amp;
                    </url>
                    <username>db_username</username>
                    <password>db_password</password>
                    <driverClassName>com.mysql.jdbc.Driver</driverClassName>
                    <maxActive>50</maxActive>
                    <maxWait>60000</maxWait>
                    <testOnBorrow>true</testOnBorrow>
                    <validationQuery>SELECT 1</validationQuery>
                    <validationInterval>30000</validationInterval>
                </configuration>
            </definition>
        </datasource>

iv) Open <ESB_HOME>/repository/conf/datasource/master-datasources.xml file and add following data-source configuration

     <datasource>
            <name>WSO2UM_DB</name>
            <description>The datasource used for user management</description>
            <jndiConfig>
                <name>jdbc/WSO2UM_DB</name>
            </jndiConfig>
            <definition type="RDBMS">
                <configuration>
           <url>jdbc:mysql://localhost:3306/userstore?autoReconnect=true&amp;relaxAutoCommit=true&amp;
                    </url>
                    <username>db_username</username>
                    <password>db_password</password>
                    <driverClassName>com.mysql.jdbc.Driver</driverClassName>
                    <maxActive>50</maxActive>
                    <maxWait>60000</maxWait>
                    <testOnBorrow>true</testOnBorrow>
                    <validationQuery>SELECT 1</validationQuery>
                    <validationInterval>30000</validationInterval>
                </configuration>
            </definition>
        </datasource>


v) Open <IS_HOME>/repository/conf/user-mgt.xml file and configure datasource as follows [change the property dataSource ]


<Configuration>
        <AddAdmin>true</AddAdmin>
                <AdminRole>admin</AdminRole>
                <AdminUser>
                     <UserName>admin</UserName>
                     <Password>admin</Password>
                </AdminUser>
            <EveryOneRoleName>everyone</EveryOneRoleName> <!-- By default users in this role sees the registry root -->
            <Property name="dataSource">jdbc/WSO2UM_DB</Property>
        </Configuration>

 vi)

v) Open <ESB_HOME>/repository/conf/user-mgt.xml file and configure datasource as follows [change the property dataSource ]


<Configuration>
        <AddAdmin>true</AddAdmin>
                <AdminRole>admin</AdminRole>
                <AdminUser>
                     <UserName>admin</UserName>
                     <Password>admin</Password>
                </AdminUser>
            <EveryOneRoleName>everyone</EveryOneRoleName> <!-- By default users in this role sees the registry root -->
            <Property name="dataSource">jdbc/WSO2UM_DB</Property>
        </Configuration>
 v) Open <IS_HOME>/repository/conf/user-mgt.xml file and configure datasource as follows [change the property dataSource ]


<Configuration>
        <AddAdmin>true</AddAdmin>
                <AdminRole>admin</AdminRole>
                <AdminUser>
                     <UserName>admin</UserName>
                     <Password>admin</Password>
                </AdminUser>
            <EveryOneRoleName>everyone</EveryOneRoleName> <!-- By default users in this role sees the registry root -->
            <Property name="dataSource">jdbc/WSO2UM_DB</Property>
        </Configuration>

vii) Add mysql connector jar [2] to <IS_HOME>/repository/components/lib folder


viii) Add mysql connector jar [2] to <ESB_HOME>/repository/components/lib folder

viii) Create Database named  WSO2UM_DB and run following script on it

<IS_HOME>/dbscripts/mysql.sql


viii) Now start both WSO2IS and WSO2ESB. When you add internal role in WSO2IS, it will show in the WSO2ESB as well.


ix) Now you can create a user in WSO2IS and assign a internal role which has login permission to that user. Then try to log into ESB, you will be able to successfully log in.








[1] https://docs.wso2.com/display/IS500/Enabling+SSO+for+WSO2+Servers
[2] http://dev.mysql.com/downloads/connector/j/