Wednesday, October 12, 2016

WSO2 Identity Server with Google federated authenticator.

WSO2 Identity Server supports for social login feature such as Google, Facebook, Azure and etc. Once you configure Google as federated authenticator, Identity Server will facilitate to authenticate with your Google credential. So it is not required to have those user details within identity server user store. 

 I'm using Identity Server 5.1.0 and travelocity sample web application for this demonstration. Also I'm testing this scenario with Google sub domain (i.e. wso2.com)

 1. Download the identity server from [1].

2. You can configure travelocity sample web application by following the documentation [2]. If you have already deployed and configured service provider, you can ignore this step.

3. Register OAuth 2.0 Application in Google.
Here I'm configuring OAuth web application in Google by selecting OAuth Client ID. You can find more details form [3]. 
4. Create an OAuth 2.0 application in Google and generate the client id and secret from the application. Make sure to provide "Authorized redirect URI" as following, 
https://{hostname}:{port}/commonauth
According to the default configuration of the identity Server, redirect URI should be,
https://localhost:9443/commonauth
5. Log into Identity server Management Console and add new Identity provider by providing Identity Provider Name (I'm providing "wso2.com" as my IDP name). Then configure the Google authenticator as shown below. Make sure to add your Redirect Uri as the Callback Url and Client id and Secret which is generated from above Google application [1].
6. Now navigate to your service provider configuration and expand the Local & Outbound Authentication Configuration section. Under that, please select "Advanced Configuration". Once you select this, you will be able to add multi-step authentication or multiple authenticators within one step. For the moment, we are selecting basic authenticator & configured Google authenticator within step one as shown below.
7. Now we have done the basic configuration, so check the scenario now. You will be getting a login screen as shown below,
8. Once you select Google authenticator(in my scenario its "wso2.com") , you will be redirect to Google login page. If you successfully authenticate, you will be redirecting to the web application with federated user details. 


Hope this will helpful. Thanks you.



[1] http://wso2.com/products/identity-server/
[2] https://docs.wso2.com/display/IS510/Configuring+Single+Sign-On
[3] https://developers.google.com/identity/protocols/OpenIDConnect
Posted by at 2 comments:
Subscribe to: Posts (Atom)