wso2 - WSO2IS OAuth/OpenId Connect SSO Setup -
i'm trying figure out how setup applications sso using wso2 identity server. use case have 2 applications secured oauth/openid connect using wso2is. if i'm logged application 1, launching application 2 should automatically log me in. should flow be?
currently, have created 2 service providers, 1 each application. each service provider inbound authentication configuration configured using oauth/openid connect. else need do?
i've followed https://docs.wso2.com/display/is530/configuring+oauth2-openid+connect+single-sign-on. i'm success on being redirected login , each application able obtain access token , jwt. however, i'm being asked login each application separately---no automatic login when access application 2.
thank you!
wso2is output when login application 1 follow application 2, within same browser , tab.
<<< application 1 >>>
[2017-07-27 21:30:17,117] debug {org.wso2.carbon.identity.oauth2.oauth2service} - validate client information request client_id : l7c7zqf9qpdkjyetoq74r__rsy0a , callback_uri http://[hostname]:[8080]/xxxx/ [2017-07-27 21:30:17,124] debug {org.wso2.carbon.identity.oauth2.oauth2service} - registered app found given client id : l7c7zqf9qpdkjyetoq74r__rsy0a ,app name : application1, callback url : http://[hostname]:[8080]/xxxx/ [2017-07-27 21:30:30,506] debug {org.wso2.carbon.identity.oauth2.oauth2service} - authorization request received user : testuser@carbon.super, client id : l7c7zqf9qpdkjyetoq74r__rsy0a, authorization response type : code, requested callback uri : http://[hostname]:[8080]/xxxx/, requested scope : email openid profile [2017-07-27 21:30:30,507] debug {org.wso2.carbon.identity.oauth2.util.oauth2util} - added oauthauthzreqmessagecontext threadlocal [2017-07-27 21:30:30,508] debug {org.wso2.carbon.identity.oauth2.authz.handlers.coderesponsetypehandler} - issued authorization code user : testuser@carbon.super, using redirect url : http://[hostname]:[8080]/xxxx/, scope : email openid profile, validity period : 300000 [2017-07-27 21:30:30,510] debug {org.wso2.carbon.identity.oauth2.util.oauth2util} - cleared oauthauthzreqmessagecontext [2017-07-27 21:30:30,756] debug {org.wso2.carbon.identity.oauth2.oauth2service} - access token request received client id l7c7zqf9qpdkjyetoq74r__rsy0a, user id null, scope : [] , grant type : authorization_code [2017-07-27 21:30:30,756] debug {org.wso2.carbon.identity.oauth2.token.handlers.clientauth.abstractclientauthhandler} - can authenticate client id , secret. client id: l7c7zqf9qpdkjyetoq74r__rsy0a [2017-07-27 21:30:30,756] debug {org.wso2.carbon.identity.oauth2.token.handlers.clientauth.abstractclientauthhandler} - grant type : authorization_code strict client validation set : null [2017-07-27 21:30:30,757] debug {org.wso2.carbon.identity.oauth2.util.oauth2util} - client credentials fetched database. [2017-07-27 21:30:30,757] debug {org.wso2.carbon.identity.oauth2.util.oauth2util} - authenticated client client id : l7c7zqf9qpdkjyetoq74r__rsy0a [2017-07-27 21:30:30,757] debug {org.wso2.carbon.identity.oauth2.token.handlers.grant.authorizationcodegranthandler} - authorization code info not available in cache client id : l7c7zqf9qpdkjyetoq74r__rsy0a [2017-07-27 21:30:30,758] debug {org.wso2.carbon.identity.oauth2.token.handlers.grant.authorizationcodegranthandler} - found authorization code, client : l7c7zqf9qpdkjyetoq74r__rsy0a, authorized user : testuser@carbon.super, scope : email openid profile [2017-07-27 21:30:30,758] debug {org.wso2.carbon.identity.oauth2.util.oauth2util} - added oauthtokenreqmessagecontext threadlocal [2017-07-27 21:30:30,759] debug {org.wso2.carbon.identity.oauth2.token.handlers.grant.abstractauthorizationgranthandler} - infinite lifetime access token c6d1b10e-cd51-379a-9162-4f5228aaa5dc found in cache [2017-07-27 21:30:30,759] debug {org.wso2.carbon.identity.oauth2.util.oauth2util} - cleared oauthtokenreqmessagecontext [2017-07-27 21:30:30,759] debug {org.wso2.carbon.identity.oauth2.token.accesstokenissuer} - access token issued client id: l7c7zqf9qpdkjyetoq74r__rsy0a username: testuser@carbon.super , scopes: email openid profile
<<< application 2 >>>
[2017-07-27 21:30:42,014] debug {org.wso2.carbon.identity.oauth2.oauth2service} - validate client information request client_id : fwm8a593ouxufw2zabxyx9f1mrea , callback_uri http://[hostname]:[8090]/xxxx/ [2017-07-27 21:30:42,016] debug {org.wso2.carbon.identity.oauth2.oauth2service} - registered app found given client id : fwm8a593ouxufw2zabxyx9f1mrea ,app name : application2, callback url : http://[hostname]:[8090]/xxxx/ [2017-07-27 21:30:55,454] debug {org.wso2.carbon.identity.oauth2.oauth2service} - authorization request received user : testuser@carbon.super, client id : fwm8a593ouxufw2zabxyx9f1mrea, authorization response type : code, requested callback uri : http://[hostname]:[8090]/xxxx/, requested scope : email openid profile [2017-07-27 21:30:55,455] debug {org.wso2.carbon.identity.oauth2.util.oauth2util} - added oauthauthzreqmessagecontext threadlocal [2017-07-27 21:30:55,457] debug {org.wso2.carbon.identity.oauth2.authz.handlers.coderesponsetypehandler} - issued authorization code user : testuser@carbon.super, using redirect url : http://[hostname]:[8090]/xxxx/, scope : email openid profile, validity period : 300000 [2017-07-27 21:30:55,458] debug {org.wso2.carbon.identity.oauth2.util.oauth2util} - cleared oauthauthzreqmessagecontext [2017-07-27 21:30:55,739] debug {org.wso2.carbon.identity.oauth2.oauth2service} - access token request received client id fwm8a593ouxufw2zabxyx9f1mrea, user id null, scope : [] , grant type : authorization_code [2017-07-27 21:30:55,739] debug {org.wso2.carbon.identity.oauth2.token.handlers.clientauth.abstractclientauthhandler} - can authenticate client id , secret. client id: fwm8a593ouxufw2zabxyx9f1mrea [2017-07-27 21:30:55,739] debug {org.wso2.carbon.identity.oauth2.token.handlers.clientauth.abstractclientauthhandler} - grant type : authorization_code strict client validation set : null [2017-07-27 21:30:55,739] debug {org.wso2.carbon.identity.oauth2.util.oauth2util} - client credentials fetched database. [2017-07-27 21:30:55,739] debug {org.wso2.carbon.identity.oauth2.util.oauth2util} - authenticated client client id : fwm8a593ouxufw2zabxyx9f1mrea [2017-07-27 21:30:55,739] debug {org.wso2.carbon.identity.oauth2.token.handlers.grant.authorizationcodegranthandler} - authorization code info not available in cache client id : fwm8a593ouxufw2zabxyx9f1mrea [2017-07-27 21:30:55,739] debug {org.wso2.carbon.identity.oauth2.token.handlers.grant.authorizationcodegranthandler} - found authorization code, client : fwm8a593ouxufw2zabxyx9f1mrea, authorized user : testuser@carbon.super, scope : email openid profile [2017-07-27 21:30:55,740] debug {org.wso2.carbon.identity.oauth2.util.oauth2util} - added oauthtokenreqmessagecontext threadlocal [2017-07-27 21:30:55,740] debug {org.wso2.carbon.identity.oauth2.token.handlers.grant.abstractauthorizationgranthandler} - infinite lifetime access token a01c94d9-c889-3a38-a67e-38a7f0350aa0 found in cache [2017-07-27 21:30:55,740] debug {org.wso2.carbon.identity.oauth2.util.oauth2util} - cleared oauthtokenreqmessagecontext [2017-07-27 21:30:55,740] debug {org.wso2.carbon.identity.oauth2.token.accesstokenissuer} - access token issued client id: fwm8a593ouxufw2zabxyx9f1mrea username: testuser@carbon.super , scopes: email openid profile
next step setup client application try authenticate user wso2 using openid connect. follow these steps:
https://docs.wso2.com/display/is530/openidconnect
once done, create copy of application , run on different port , play sso , slo. example this:
https://docs.wso2.com/display/is530/configuring+openid+connect+single+logout
Comments
Post a Comment