[Dev] Configure SSO for WSO2 products using WSO2 puppet modules

Pubudu Gunatilaka Wed, 29 Jun 2016 04:59:58 -0700

Hi,

I have completed setting up sso for WSO2 products using WSO2 puppet
modules. This is really helpful when you need to automate the entire
process of setting up sso for WSO2 products. Basically you need to do the
sso changes in the product as well as in the WSO2 Identity Server or any
other Identity providers. Following are the changes that needs to be done
in hiera yaml files.


*Any WSO2 product configuration:*

Following hiera values [1] should be set in the product hiera file to
enable sso. Configurations include enable sso, login page url, service
provider id, sso serverice url and consumer service url.

 wso2::sso_authentication:
    disabled: *false*
    login_page: */carbon/admin/login.jsp*
    service_provider_id: *wso2esb*
    sso_service_url: *https://wso2is-default:10113/samlsso
<https://wso2is-default:10113/samlsso>*
    consumer_service_url: *https://wso2esb-default:10095/acs
<https://wso2esb-default:10095/acs>*

*WSO2 IS configuration:*

You can create service providers in WSO2 IS based on the details you have
given to each and every product. Other fully automated option is to provide
the list of products that needs to be created service providers in WSO2 IS
hiera data file as below.

wso2::sso_product_list:
    wso2esb:
      assertion_consumer_service_url: *https://wso2esb-default:9443/acs
<https://wso2esb-default:9443/acs>*
      default_assertion_consumer_service_url: *https://wso2esb-default:9443/acs
<https://wso2esb-default:9443/acs>*
    wso2as:
      assertion_consumer_service_url: *https://wso2as-default:9443/acs
<https://wso2as-default:9443/acs>*
      default_assertion_consumer_service_url: *https://wso2as-default:9443/acs
<https://wso2as-default:9443/acs>*

This will do the following changes in WSO2 IS side.
1. Add a new service_provider block in sso-idp-config.xml.
2. Create a new file under
<WSO2_IS>/repository/conf/identity/service-providers/ directory with the
same name of the service provider.

The advantage of this is we can use this with docker containers. I have
tested this in Mesos. Please share your thoughts.

[1] -
https://github.com/wso2/puppet-modules/blob/master/hieradata/dev/wso2/common.yaml#L169
[2] -
https://github.com/wso2/puppet-modules/blob/master/hieradata/dev/wso2/wso2is/5.1.0/default/default.yaml#L35

Thank you!
-- 
*Pubudu Gunatilaka*
Committer and PMC Member - Apache Stratos
Software Engineer
WSO2, Inc.: http://wso2.com
mobile : +94774078049 <%2B94772207163>

_______________________________________________
Dev mailing list
[email protected]
http://wso2.org/cgi-bin/mailman/listinfo/dev

[Dev] Configure SSO for WSO2 products using WSO2 puppet modules

Reply via email to