Saturday, November 30, 2013
Wednesday, November 27, 2013
How to access the H2 database of the WSO2 API Manager
1. Go to <APIM HOME>\repository\conf and open the carbon.xml
2. Enable the following configurations as shown below:-
<H2DatabaseConfiguration>
<property name="web" />
<property name="webPort">8082</property>
<property name="webAllowOthers" />
<!--property name="webSSL" />
<property name="tcp" />
<property name="tcpPort">9092</property>
<property name="tcpAllowOthers" />
<property name="tcpSSL" />
<property name="pg" />
<property name="pgPort">5435</property>
<property name="pgAllowOthers" />
<property name="trace" />
<property name="baseDir">${carbon.home}</property-->
</H2DatabaseConfiguration>
3. The start the server
4. Go to http://localhost:8082 where you can see the login page for the H2 database
5. Type jdbc:h2:repository/database/WSO2AM_DB as JDBC URL and wso2carbon as username and password.
2. Enable the following configurations as shown below:-
<H2DatabaseConfiguration>
<property name="web" />
<property name="webPort">8082</property>
<property name="webAllowOthers" />
<!--property name="webSSL" />
<property name="tcp" />
<property name="tcpPort">9092</property>
<property name="tcpAllowOthers" />
<property name="tcpSSL" />
<property name="pg" />
<property name="pgPort">5435</property>
<property name="pgAllowOthers" />
<property name="trace" />
<property name="baseDir">${carbon.home}</property-->
</H2DatabaseConfiguration>
3. The start the server
4. Go to http://localhost:8082 where you can see the login page for the H2 database
5. Type jdbc:h2:repository/database/WSO2AM_DB as JDBC URL and wso2carbon as username and password.
Monday, November 25, 2013
How to configure WSO2 API Manager to use WSO2 BAM for statistics
1. Download WSO2 API Manager from here and WSO2 BAM from here.
First lets configure the BAM. I am using BAM 2.3.0 and APIM 1.5.0
BAM configuration
----------------------------
1. Change the <offset> tag of carbon.xml to 1 which is in <BAM HOME>\repository\conf (We are going to run APIM on port 9443 and BAM on 9444)
You can refer this for introductory information on WSO2 product start up.
2. Then you have to copy the API_Manager_Analytics.tbox which is in <APIM HOME>\wso2am-1.5.0\statistics to <BAM HOME>/repository/deployment/server/bam-toolbox
3. Add the following to <BAM_HOME>/conf/datasources/master-datasources.xml file.
<datasource>
<name>WSO2AM_STATS_DB</name>
<description>The datasource used for getting statistics to API Manager</description>
<jndiConfig>
<name>jdbc/WSO2AM_STATS_DB</name>
</jndiConfig>
<definition type="RDBMS">
<configuration>
<!-- JDBC URL to query the database -->
<url>jdbc:h2:<BAM_HOME>/repository/database/APIMGTSTATS_DB;AUTO_SERVER=TRUE</url>
<username>wso2carbon</username>
<password>wso2carbon</password>
<driverClassName>org.h2.Driver</driverClassName>
<maxActive>50</maxActive>
<maxWait>60000</maxWait>
<testOnBorrow>true</testOnBorrow>
<validationQuery>SELECT 1</validationQuery>
<validationInterval>30000</validationInterval>
</configuration>
</definition>
</datasource>
<datasource>
<name>WSO2BAM_CASSANDRA_DATASOURCE</name>
<description>The datasource used for Cassandra data</description>
<definition type="RDBMS">
<configuration>
<url>jdbc:cassandra://localhost:9161/EVENT_KS</url>
<username>admin</username>
<password>admin</password>
</configuration>
</definition>
</datasource>
Note:- When adding the above configurations, please check whether some of those are already there. No need of duplicating. And also check whehter the cassandra port is set to 9161 since we are running the BAM on port 9444. (we changed the offset of BAM)
For <BAM HOME> you need to give the path where you have extracted the BAM product.
Now lets go and configure APIM.
APIM configurations
--------------------------------------
1. Enable the following configurations in repository/conf/api-manager.xml.
<!--
Enable/Disable the API usage tracker.
-->
<Enabled>true</Enabled>
<!--
JNDI name of the data source to be used for getting BAM statistics.This data source should
be defined in the master-datasources.xml file in conf/datasources directory.
-->
<DataSourceName>jdbc/WSO2AM_STATS_DB</DataSourceName>
2. Configure the following in the <APIM HOME>/conf/datasources/master-datasources.xml file.
<datasource>
<name>WSO2AM_STATS_DB</name>
<description>The datasource used for getting statistics to API Manager</description>
<jndiConfig>
<!-- This jndi name should be same as the DataSourceName defined in api-manager.xml -->
<name>jdbc/WSO2AM_STATS_DB</name>
</jndiConfig>
<definition type="RDBMS">
<configuration>
<!-- JDBC URL to query the database -->
<url>jdbc:h2:<BAM_HOME>/repository/database/APIMGTSTATS_DB;AUTO_SERVER=TRUE</url>
<username>wso2carbon</username>
<password>wso2carbon</password>
<driverClassName>org.h2.Driver</driverClassName>
<maxActive>50</maxActive>
<maxWait>60000</maxWait>
<testOnBorrow>true</testOnBorrow>
<validationQuery>SELECT 1</validationQuery>
<validationInterval>30000</validationInterval>
</configuration>
</definition>
</datasource>
Note:- For <BAM HOME> you need to give the path where you have extracted the BAM product.
Now start the BAM server and then start the APIM.
Using WSO2 APIM you can create APIs and publish them to be used by external users by subscribing.
Lets learn about the WSO2 API Manager in the coming posts.
NOTE:-
In a clustered deployment change APIM setting in Gateway and Publisher nodes.
See ya'll for now :)
First lets configure the BAM. I am using BAM 2.3.0 and APIM 1.5.0
BAM configuration
----------------------------
1. Change the <offset> tag of carbon.xml to 1 which is in <BAM HOME>\repository\conf (We are going to run APIM on port 9443 and BAM on 9444)
You can refer this for introductory information on WSO2 product start up.
2. Then you have to copy the API_Manager_Analytics.tbox which is in <APIM HOME>\wso2am-1.5.0\statistics to <BAM HOME>/repository/deployment/server/bam-toolbox
3. Add the following to <BAM_HOME>/conf/datasources/master-datasources.xml file.
<datasource>
<name>WSO2AM_STATS_DB</name>
<description>The datasource used for getting statistics to API Manager</description>
<jndiConfig>
<name>jdbc/WSO2AM_STATS_DB</name>
</jndiConfig>
<definition type="RDBMS">
<configuration>
<!-- JDBC URL to query the database -->
<url>jdbc:h2:<BAM_HOME>/repository/database/APIMGTSTATS_DB;AUTO_SERVER=TRUE</url>
<username>wso2carbon</username>
<password>wso2carbon</password>
<driverClassName>org.h2.Driver</driverClassName>
<maxActive>50</maxActive>
<maxWait>60000</maxWait>
<testOnBorrow>true</testOnBorrow>
<validationQuery>SELECT 1</validationQuery>
<validationInterval>30000</validationInterval>
</configuration>
</definition>
</datasource>
<datasource>
<name>WSO2BAM_CASSANDRA_DATASOURCE</name>
<description>The datasource used for Cassandra data</description>
<definition type="RDBMS">
<configuration>
<url>jdbc:cassandra://localhost:9161/EVENT_KS</url>
<username>admin</username>
<password>admin</password>
</configuration>
</definition>
</datasource>
Note:- When adding the above configurations, please check whether some of those are already there. No need of duplicating. And also check whehter the cassandra port is set to 9161 since we are running the BAM on port 9444. (we changed the offset of BAM)
For <BAM HOME> you need to give the path where you have extracted the BAM product.
Now lets go and configure APIM.
APIM configurations
--------------------------------------
1. Enable the following configurations in repository/conf/api-manager.xml.
<!--
Enable/Disable the API usage tracker.
-->
<Enabled>true</Enabled>
<!--
JNDI name of the data source to be used for getting BAM statistics.This data source should
be defined in the master-datasources.xml file in conf/datasources directory.
-->
<DataSourceName>jdbc/WSO2AM_STATS_DB</DataSourceName>
2. Configure the following in the <APIM HOME>/conf/datasources/master-datasources.xml file.
<datasource>
<name>WSO2AM_STATS_DB</name>
<description>The datasource used for getting statistics to API Manager</description>
<jndiConfig>
<!-- This jndi name should be same as the DataSourceName defined in api-manager.xml -->
<name>jdbc/WSO2AM_STATS_DB</name>
</jndiConfig>
<definition type="RDBMS">
<configuration>
<!-- JDBC URL to query the database -->
<url>jdbc:h2:<BAM_HOME>/repository/database/APIMGTSTATS_DB;AUTO_SERVER=TRUE</url>
<username>wso2carbon</username>
<password>wso2carbon</password>
<driverClassName>org.h2.Driver</driverClassName>
<maxActive>50</maxActive>
<maxWait>60000</maxWait>
<testOnBorrow>true</testOnBorrow>
<validationQuery>SELECT 1</validationQuery>
<validationInterval>30000</validationInterval>
</configuration>
</definition>
</datasource>
Note:- For <BAM HOME> you need to give the path where you have extracted the BAM product.
Now start the BAM server and then start the APIM.
Using WSO2 APIM you can create APIs and publish them to be used by external users by subscribing.
Lets learn about the WSO2 API Manager in the coming posts.
NOTE:-
In a clustered deployment change APIM setting in Gateway and Publisher nodes.
See ya'll for now :)
Wednesday, November 6, 2013
How to connect a JDBC user store as a secondary user store for WSO2 IS 4.5.0
Hi All,
Today lets talk about how to connect WSO2 Identity Server to a JDBC user store to be used as a secondary user store.
Environment is :
WSO2 IS 4.5.0
Ubuntu
MySQL
You need to have MySQL server installed. Download WSO2 Identity Server from here and MySql jdbc driver from here. Extract the IS server into a local folder and extract jdbc driver .zip as well.
1) First type the following command for root user access.
mysql -u root -p
Note:- You have to have your domain registered in the hosts file. In this scenario we are using localhost.
2) Then you can create a user for your new database.
CREATE USER umesha@localhost IDENTIFIED BY 'umesha';
3) Then create a new database
create database userStoreTest;
4) Then grant all access to the new user for that database
grant all on userStoreTest.* TO umesha@localhost identified by "umesha";
5) Exit from root user
exit;
6) Go to [IS HOME] /wso2is-4.5.0/dbscripts$ and start MySql with newly created user
mysql -u umesha -p and enter the password
7) Use the newly created database
use userStoreTest;
8) Run the mysql database script provided by the WSO2 IS 4.5.0 to created the necessary tables for the storage of IS user information
source ./mysql.sql
9) Copy the jdbc driver .jar to <IS HOME>/repository/components/lib
10) Start the Identity Server with sh wso2server.sh and login to the management console by admin and admin as username and password respectively
11) Go to Configure/ User Store Management/ Add Secondary User Store
12) Fill as follows:
1. give a domain name
2. driverName : com.mysql.jdbc.Driver
3. give the database url, username and password
(please click on the image to maximize ;) )
Click on add and the userstore will be saved. You can create users and roles for the IS using this secondary user store.
Thanks :)
Today lets talk about how to connect WSO2 Identity Server to a JDBC user store to be used as a secondary user store.
Environment is :
WSO2 IS 4.5.0
Ubuntu
MySQL
You need to have MySQL server installed. Download WSO2 Identity Server from here and MySql jdbc driver from here. Extract the IS server into a local folder and extract jdbc driver .zip as well.
1) First type the following command for root user access.
mysql -u root -p
Note:- You have to have your domain registered in the hosts file. In this scenario we are using localhost.
2) Then you can create a user for your new database.
CREATE USER umesha@localhost IDENTIFIED BY 'umesha';
3) Then create a new database
create database userStoreTest;
4) Then grant all access to the new user for that database
grant all on userStoreTest.* TO umesha@localhost identified by "umesha";
5) Exit from root user
exit;
6) Go to [IS HOME] /wso2is-4.5.0/dbscripts$ and start MySql with newly created user
mysql -u umesha -p and enter the password
7) Use the newly created database
use userStoreTest;
8) Run the mysql database script provided by the WSO2 IS 4.5.0 to created the necessary tables for the storage of IS user information
source ./mysql.sql
9) Copy the jdbc driver .jar to <IS HOME>/repository/components/lib
10) Start the Identity Server with sh wso2server.sh and login to the management console by admin and admin as username and password respectively
11) Go to Configure/ User Store Management/ Add Secondary User Store
12) Fill as follows:
1. give a domain name
2. driverName : com.mysql.jdbc.Driver
3. give the database url, username and password
(please click on the image to maximize ;) )
Click on add and the userstore will be saved. You can create users and roles for the IS using this secondary user store.
Thanks :)
Monday, October 7, 2013
Fine-grained authorization with PIP points - WSO2 IS
Use Case Scenario :-
•User
‘john’ trying to get READ access by using his user id.
•Authorization
should be given by validating the user id against user name, requesting use
name information via PIP point.
•PIP
requesting information from a web service.
Now lets see how to implement this use case scenario.
1 ) First of all you need to have the jax-rs service implemented.
Refer the blog post : http://umeshagunasinghe.blogspot.com/2013/09/how-to-create-jax-rs-service-using-wso2.html
2) Then you need to deploy it in the application server.
Refer the blog post: http://umeshagunasinghe.blogspot.com/2013/09/how-to-deploy-jax-rs-service-in-wso2.html
3) Then you have to write the PIP :http://umeshagunasinghe.blogspot.com/2013/10/how-to-write-pip-point-for-wso2-is.html
4) Now, register it in the Identity Server : http://umeshagunasinghe.blogspot.com/2013/10/how-to-register-pip-in-wso2-is.html
5) Write the XACML policy : http://umeshagunasinghe.blogspot.com/2013/10/how-to-write-simple-xacml-policy-in.html
6) You can use the TryIt tool in Identity Server as the PEP to test the XACML policy
7) You need to expose the entitlement service of the IS and then send request via SoapUI (you can also configure WSO2 ESB to further enhance the use case )
Sunday, October 6, 2013
How to expose the entitlement service in WSO2 Identity Server and send requests via SoapUI
Hi All,
First lets talk about how to expose the entitlement service in the Identity Server.
1) Go to <IS HOME>\wso2is-4.5.0\repository\conf and open the carbon.xml.
2) Change <HideAdminServiceWSDLs> to false as follows.
3) Start the Identity Server.
4) Copy and paste the following url on the browser address bar.
First lets talk about how to expose the entitlement service in the Identity Server.
1) Go to <IS HOME>\wso2is-4.5.0\repository\conf and open the carbon.xml.
2) Change <HideAdminServiceWSDLs> to false as follows.
3) Start the Identity Server.
4) Copy and paste the following url on the browser address bar.
https://localhost:9444/services/EntitlementService?wsdl
If you have saved the settings correctly , you should be able to view the entitlement server wsdl.
5) Save the wsdl file.
Now lets see how to use the wsdl and SoapUI to send requests.
1) Open SoapUI.
2) Go to File in top menu bar and select New SoapUI Project.
3) Give a project and browse for the wsdl file.
4) Then click OK and the simple requests for all operations will be created automatically.
5) Then Select getDecisionByAttributes request as follows.
6) Then fill in the parameter details as follows for our xacml policy we have written.
7) Then you have to authorize the request by entering authorization values as admin , admin for username and password respectively.
Now you can send the request and check for the decisions. The Permit is received as the decision only when the user id 124 trying to READ.
In the next post we will look at a use case scenario where fine grained authorization achieved via xacml engine in WSO2 IS 4.5.0 with PIP points.
Thank you!
How to use the TryIt tool in WSO2 IS
Lets try out the xacml policy we have written using WSO2 IS TryIt tool.
Login to IS and go to PEP > TryIt
Lets look at the picture above and understand the input values for xacml request.
Here we are using the TryIt tool as the Policy Enforcement Point in XACML engine.
We are trying to send the request and enforce the policy and get the policy decision from PEP.
Lets fill out the input values as follows in the tool :-
1) Resource - the service name you have given in the policy
2) Subject Name :- the user trying to access . Here, we are sending the user id of the user, where the policy send the request to PIP to get the user informaiton
3) Action - We are mentioning the action of the user in this case is READ
4) Environment Name - since we haven't mentioned any in the policy , we do not have to input it here
Now lets look at the Request created by the TryIt tool. Click on the Create Request button.
The request is created with the values we have filled out.
Now lets Evaluate with PDP to get the decision. Click on Evaluate with PDP button.
You can see the decision is Permit.
You can go back and try to evaluate with different input values and see the decision of the PDP.
The policy only permits when user id 124 trying to READ.
Thank you and see you all soon :)
Login to IS and go to PEP > TryIt
Lets look at the picture above and understand the input values for xacml request.
Here we are using the TryIt tool as the Policy Enforcement Point in XACML engine.
We are trying to send the request and enforce the policy and get the policy decision from PEP.
Lets fill out the input values as follows in the tool :-
1) Resource - the service name you have given in the policy
2) Subject Name :- the user trying to access . Here, we are sending the user id of the user, where the policy send the request to PIP to get the user informaiton
3) Action - We are mentioning the action of the user in this case is READ
4) Environment Name - since we haven't mentioned any in the policy , we do not have to input it here
Now lets look at the Request created by the TryIt tool. Click on the Create Request button.
The request is created with the values we have filled out.
Now lets Evaluate with PDP to get the decision. Click on Evaluate with PDP button.
You can see the decision is Permit.
You can go back and try to evaluate with different input values and see the decision of the PDP.
The policy only permits when user id 124 trying to READ.
Thank you and see you all soon :)
How to write a simple XACML policy in WSO2 IS
Lets talk about how to write a simple xacml policy in WSO2 IS.
First lets recall our scenario.
Please refer the following links on understanding the scenario.
1) http://umeshagunasinghe.blogspot.com/2013/09/how-to-create-jax-rs-service-using-wso2.html
2) http://umeshagunasinghe.blogspot.com/2013/09/how-to-deploy-jax-rs-service-in-wso2.html
3) http://umeshagunasinghe.blogspot.com/2013/10/how-to-write-pip-point-for-wso2-is.html
4) http://umeshagunasinghe.blogspot.com/2013/10/how-to-register-pip-in-wso2-is.html
We wrote our jax-rs service with users initialized.
Lets say we had 'john' user with user id 124 and another user with user id 125.
Now we have a requirement that we need to permit john to read something.
But nobody else should be able to read it.
So how can we handle this authorization situation??
It is really simple to write xacml policies with new user interface provided by WSO2 IS 4.5.0.
Login to IS and go to
|
Now lets fill in the necessary information.
1) First give the xacml policy a name
2) Then you can fill in a description
3) Then select on what this policy is based on. For our scenario this based on the resource we have which is the web service that is deployed on the Application Server. Therefore we can select Resource.
4) Then give the resource name
Note that the input values may change on what the policy is based on
5) Now lets focus on the bottom part. We do not intend to give child resource.
Our user is john
The action is READ
you can give an environment even.
Now we have filled the information we need to implement the policy.
You can follow the following links to get in depth understanding of writing xacml policies in WSO2 IS.
1) http://xacmlinfo.org/2013/09/02/how-write-xacml-policies-1/
2) http://xacmlinfo.org/2013/09/03/how-to-write-xacml-policies-part-2/
3) http://xacmlinfo.org/2013/09/05/how-to-write-xacml-policies-part-3-basic-policy-editor/
After filling the information regarding the xacml policy click on finish button.
Now lets think about what is the purpose of we registered the PIP. The reason because we needed to get user information needed for authorization.
What user information we were trying to access form the web service? It was the username that is given to the user id.
So what we have actually done? We have written a xacml policy to permit READ access to john.
Now, we need to mention in the policy that "Look, you have to give permit 'john' to give READ rights to certain information, but only the user id of john is provided. So you have to verify the user id with the username before giving any permission. You have to look for a PIP to get this information."
But actually we haven't mention in the policy how to get this information.
Lets go do that. Go to
You can see the information we have given. Check out the user information section. There you have to mention where to get the user information to permit access to john. There you have to mention the attribute Id you have given when you wrote the PIP. In this case it is 'USERNAME'.
Now the policy knows everything :). Go to Policy Administration and Click on Publish to My PDP to publish the policy.
Then click on Publish.
Then go to Policy View and Enable the policy.
Now the policy is all ready. In the next post lets talk about the Try It tool to checkout the policy.
See y'all!
Saturday, October 5, 2013
How to register a PIP in WSO2 IS
Okay, in the previous post I explained a sample PIP code.
Now we need to register this PIP in WSO2 IS.
I am using the newly released WSO2 IS 4.5.0 for the scenario.
Following are the steps that you should follow to register the PIP point with IS.
1) First of all you have to build the code the create the .jar file for the PIP. e.g:-using maven
2) Then download the WSO2 IS 4.5.0 from here and go to <IS HOME>\wso2is-4.5.0\repository\components\lib and put that .jar file there.
Important : - you should remember to include other dependency .jar files you have downloaded to build the PIP code in the above location.
3) Finally . go to <IS HOME>\wso2is-4.5.0\repository\conf\security and add the following line to the entitlement.properties file.
UserPIPAttributeFinder is our sample PIP.
Now you have your PIP registered with IS.
In my next post , I will be focusing on how to write a simple XACML policy to access the PIP we registered for authorization.
Thank You!
Now we need to register this PIP in WSO2 IS.
I am using the newly released WSO2 IS 4.5.0 for the scenario.
Following are the steps that you should follow to register the PIP point with IS.
1) First of all you have to build the code the create the .jar file for the PIP. e.g:-using maven
2) Then download the WSO2 IS 4.5.0 from here and go to <IS HOME>\wso2is-4.5.0\repository\components\lib and put that .jar file there.
Important : - you should remember to include other dependency .jar files you have downloaded to build the PIP code in the above location.
3) Finally . go to <IS HOME>\wso2is-4.5.0\repository\conf\security and add the following line to the entitlement.properties file.
UserPIPAttributeFinder is our sample PIP.
Now you have your PIP registered with IS.
In my next post , I will be focusing on how to write a simple XACML policy to access the PIP we registered for authorization.
Thank You!
How to write a PIP point for WSO2 IS
Today, we are going to talk about how to write a PIP for WSO2 IS.
In my previous posts I have discussed how to write a jax-rs service and how to deploy it in WSO2 Application Server and send requests.
In this post we are going a step forward and discuss how we can access that service deployed in Application server to get information needed for authorization purpose.
WSO2 Identity server supports fine grained authorization with XACML 3.0 in IS 4.5.0.
We can register PIP points to retrieve information related for authorization. For that, a PIP should be written and registered with IS.
You can download a sample PIP from here.
Here , lets talk about main sections of the code sample on how to customize to access the jax-rs service deployed in App Server.
1) Supported attributes should be initiated.
2) Then, getAttributeValues method should be implemented to setup the connection to the service in the application server and get the required values.
As you can see in the above code sample, the serviceURL is set to the the username and the subject is passed to the method as user id.
In the next post we will talk about how to register the PIP in WSO2 IS.
In my previous posts I have discussed how to write a jax-rs service and how to deploy it in WSO2 Application Server and send requests.
In this post we are going a step forward and discuss how we can access that service deployed in Application server to get information needed for authorization purpose.
WSO2 Identity server supports fine grained authorization with XACML 3.0 in IS 4.5.0.
We can register PIP points to retrieve information related for authorization. For that, a PIP should be written and registered with IS.
You can download a sample PIP from here.
Here , lets talk about main sections of the code sample on how to customize to access the jax-rs service deployed in App Server.
1) Supported attributes should be initiated.
2) Then, getAttributeValues method should be implemented to setup the connection to the service in the application server and get the required values.
In the next post we will talk about how to register the PIP in WSO2 IS.
Thursday, September 26, 2013
Wednesday, September 25, 2013
How to deploy a jax-rs service in WSO2 Application Server and send request via Advanced Rest Client
In my previous post I have described how to write a simple jax-rs service using WSO2 Developer Studio.
In this post lets see how we can deploy the service using WSO2 Application Server and send request using Advanced Rest Client.
First of all you will have to download the Application Server from the WSO2 product page.
Extract the product to a local folder and run the server. You can refer to this previous post on how to start the server.
Once the server is started, go to the management control and type admin, admin to login as username and password respectively.
Then go to
| 1.Manage | > Applications | > Add | > JAX-WS/JAX-RS |
2. Upload the .war file
When the service is deployed you can see the service in application list.
When you click on the service you deployed in the list, you can get the following view where you can see the service details.
Get the service endpoint url and give the service path in the Advanced Rest Client to send the requests as represented in the following image.
See y'all next time. Cheers!
Tuesday, September 24, 2013
How to create a jax-rs service using WSO2 Developer Studio
Hi All,
Today we are going to talk about how to create a jax-rs
service using WSO2 Developer Studio.
First of all you have to download the WSO2 Developer Studio form
the WSO2 product page.
Developer studio comes as a plugin for eclips.
Using Developer Studio it is really easy to create the
service and deploy.
Once you have WSO2 Developer Studio Downloaded, extract the
content to a local folder. Then open eclips.
There you can find “Developer Studio” on the top menu bar
and select open dashboard.
Here you have to select JSX-RS Service Project.
Select Create New JAX-RS Service and click Next.
Fill in the project details
Then click on finish.
Then the environment for the jax-rs service project will be
created.
Here we are creating a simple service with User Object class
and service class to get user information.
You can create a simple user object class as follows with defining
it as the root element.
Developer Studio provides the options to auto generate the
getters and setters as well.
Then you can write the jax-rs
service using the object creted as User as follows:-
When you are writing a jax-rs service, the attention should
be given to jax-rs annotations.
You can see that the @Path element is set for the service and
two @GET methods are written each having the specific @Path defined.
You can follow the below links to read more about jax-rs and
xml annoatations:-
Once the service is completed, you can simply deploy it by
right clicking on the project -> and selecting Export Project as Deployable
Archive.
Here you can mention the path you want to create the .war
file.
See you next time. Cheers!
Thursday, August 1, 2013
How to set up Single Sign-On between different Carbon instances
Hello all, I am back :)
Today we are going to look into a use case scenario where SAML2 Single Sign-On is enabled between two carbon instances.
Note : In this blog post I am using two WSO2 IS 4.0.0 instances for the setup. One instance we consider as the Identity Provider, and the other instance is the Identity Relying Party.
First of all download the WSO2 IS, and copy the binary file into two separate folders(ex:- Identity Provider and Identity Relying Party) that you have created, and extract the content.
We need these two instances to run in two different ports.
Therefore, we need to select one of the instances and change the port. In order to do that go to the selected folder <productHome>\repository\conf and open the carbon.xml file.
Search for the <offset> tag and replace 0 with 1 to increment the default server running port by 1.
In this example I selected the Identity Relying Party, and changed the default port. Therefore it will run on port 9444.
Now , start a new command line window and run the Identity Provider. (You can refer the post How to Start Up WSO2 Identity Server for help)
Get the Identity Provider server running port from the command prompt, and go to Identity Relying Party <productHome>\repository\conf\security. Open the authenticators.xml file and set the following settings.
Priority : This should be grater than five to be picked up as the highest priority authenticator.
Parameter LoginPage : default login page url of carbon
Parameter ServiceProviderID: This is the unique identifier for the carbon server in an SSO setup, and this value should be used as the value of the issuer in the Identity Single Sign-On provider configurations.
Parameter IdentityProviderSSOServiceURL: This is the url of the Identity Provider and this should be in the following format https://(host-name):(port)/samlsso
Now go and open the management console of the Identity Provider on the browser window, and Login using admin, admin for username and password respectively.
Run the Identity Relying party server, opening another command prompt window, and get the server running port.
From the left menu panel of the Identity Provider, select Main and click on SAML SSO, and enter the following configurations.
Assertion Consumer URL should be in the format of https://(host-name):(port)/acs.
Now save the issuer, and log off from the management console of the Identity Provider.
Get the Identity Relying Party management console url and type it into your web browser.
Here you can see that you will be redirected to the Identity Provider with SAML2 SSO enabled, to enter the username and password.
Sign in using admin, admin as username and password respectively, and you will be redirected to your Identity Relying Party management console Home.
Thank you!
Today we are going to look into a use case scenario where SAML2 Single Sign-On is enabled between two carbon instances.
Note : In this blog post I am using two WSO2 IS 4.0.0 instances for the setup. One instance we consider as the Identity Provider, and the other instance is the Identity Relying Party.
First of all download the WSO2 IS, and copy the binary file into two separate folders(ex:- Identity Provider and Identity Relying Party) that you have created, and extract the content.
We need these two instances to run in two different ports.
Therefore, we need to select one of the instances and change the port. In order to do that go to the selected folder <productHome>\repository\conf and open the carbon.xml file.
Search for the <offset> tag and replace 0 with 1 to increment the default server running port by 1.
In this example I selected the Identity Relying Party, and changed the default port. Therefore it will run on port 9444.
Now , start a new command line window and run the Identity Provider. (You can refer the post How to Start Up WSO2 Identity Server for help)
Get the Identity Provider server running port from the command prompt, and go to Identity Relying Party <productHome>\repository\conf\security. Open the authenticators.xml file and set the following settings.
Parameter LoginPage : default login page url of carbon
Parameter ServiceProviderID: This is the unique identifier for the carbon server in an SSO setup, and this value should be used as the value of the issuer in the Identity Single Sign-On provider configurations.
Parameter IdentityProviderSSOServiceURL: This is the url of the Identity Provider and this should be in the following format https://(host-name):(port)/samlsso
Now go and open the management console of the Identity Provider on the browser window, and Login using admin, admin for username and password respectively.
Run the Identity Relying party server, opening another command prompt window, and get the server running port.
From the left menu panel of the Identity Provider, select Main and click on SAML SSO, and enter the following configurations.
Assertion Consumer URL should be in the format of https://(host-name):(port)/acs.
Now save the issuer, and log off from the management console of the Identity Provider.
Get the Identity Relying Party management console url and type it into your web browser.
Here you can see that you will be redirected to the Identity Provider with SAML2 SSO enabled, to enter the username and password.
Sign in using admin, admin as username and password respectively, and you will be redirected to your Identity Relying Party management console Home.
Thank you!
Subscribe to:
Posts (Atom)