OpenID Connect is the new emerging standard for single sign-on and identity provision on the internet. The WSO2 Identity Server allows you to use implement an authentication mechanism using OpenID Connect. Follow the configuration steps below to set up OpenID Connect with the WSO2 Identity Server.
Getting Started
To get a better understanding on what OpenID Connect and WSO2 Identity Server are, please refer the below links.
This page provides instructions on how configure the OpenID Connect Protocol and the WSO2 Identity Server using a sample application to demonstrate the authentication process.
1) Deploying OAuth 2.0 Playground Sample App
1.1 Download the code from github using this link: https://github.com/Keetmalin/OAuth2.0-Playground
1.2 Build the code (using "mvn clean install") and locate the playground2.war file in "/OAuth2.0-Playground/target/" directory
1.3 Deploy this sample web app on a web container.
Use the Apache Tomcat server to do this.
Since this sample is written based on Servlet 3.0, it needs to be deployed on Tomcat 7.x.
Copy the .war file into the webapps folder.
For example, "<TOMCAT_HOME>/apache-tomcat-<version>/webapps".
1.4 To check the sample application, navigate to http://<TOMCAT_HOST>:<TOMCAT_PORT>/playground2/oauth2.jsp on your browser. For example, http://localhost:8080/playground2/oauth2.jsp
2) Configuring the Service Provider
2.1 Run the WSO2 Identity Server according to these instructions.
2.2 Log in to the Management Console as an administrator.
username : admin
password : admin
2.3 From the main menu, navigate to "Service Provider" and click "Add"
2.4 Add a service provider name (Any name) and click "Register"
2.5 Go to "Inbound Authentication Configuration" and under "OAuth/OpenID Connect Configuration" click on "Configure"
2.6 Fill in the below fields with the given values and click "Add"
OAuth Version - 2.0
Callback URL - http://localhost:8080/playground2/oauth2client Allowed Grant Types - Code, Implicit
Leave the rest as in the picture given below
2.7 After successful registration, the Service Provider is given a Key and a Secret. Then Click "Update"
OAuth Client Key: This is the client key of the service provider, which will be checked for authentication by the Identity Server before providing the access token.
OAuth Client Secret: This is the client secret of the service provider, which will be checked for authentication by the Identity Server before providing the access token. Click the Show button to view the exact value of this.
3) Create a new user profile
3.1 in the left hand side menu, under "Users and Roles" click on "Add"
3.2 Click on "Add New User"
3.3 Keep the Domain as "Primary". Add a "User Name" and a "Password", and click "Next>"
3.4 Optionally, select the role(s) you want this user to have. If you have many roles in your system, you can search for them by name. Click "Finish"
4) Test via the Sample Application
4.1 Visit the URL http://localhost:8080/playground2/oauth2.jsp to start the application.
4.2 Enter the following information and click "Authorize"
Authorization Grant Type: Authorization Code Client ID: (the client id received at the application registration) Scope: openid Callback URL: http://localhost:8080/playground2/oauth2client Authorize Endpoint: https://localhost:9443/oauth2/authorize
4.3 Log in with the created user's credentials.
4.4 Click on "Approve" or "Approve Always"
4.5 Provide the following and click on Get Access Token.
Callback URL: http://localhost:8080/playground2/oauth2client Access Token Endpoint: https://localhost:9443/oauth2/token Client Secret: (client secret received at the application registration)
4.6 Now the user has already been authorized and the Token Endpoint has returned the "ID Token" along with the "Access Token". "ID Token" is used to log in the user to the application. The "Access Token" is used to access the user information from the system.
Now enter "UserInfo Endpoint" as "https://localhost:9443/oauth2/userinfo?schema=openid"
And click "Get UserInfo"
References: