Thursday, October 1, 2015

WSO2 Identity Server configure with Apache HTTP Server for Reverse Proxy

This blog describes how to configure WSO2 Identity Server 5.0.0 with Apache HTTPD server on reverse proxy scenario.


Environment: Ubuntu 14.04 



Step 1 : Run the below given command to install Apache HTTP Server.

    $sudo apt-get update
    $sudo apt-get install apache2

    To stop the Apache Service
$sudo service apache2 stop

    To start Apache Service
$sudo service apache2 start

    To check status of Apache Service
$sudo service apache2 status



Step 2 :  Enable the following required modules.

    $sudo a2enmod proxy_http
    $sudo a2enmod ssl
    $sudo a2enmod proxy_balancer



Step 3 : Creating self-signed certificate for Apache httpd.

  Generate private key.
    $sudo openssl genrsa -out ca.key 1024

  Generate a Certificate Signing Request (CSR).
    $sudo openssl req -new -key ca.key -out ca.csr

  Generate a self-signed key
    $sudo openssl x509 -req -days 365 -in ca.csr -signkey ca.key -out ca.crt


  NOTE: While creating the keys, enter the host name (localhost) as the Common Name



Step 4 : Creating self-signed keystores.

  Create a new keystore with a private and public key pair.
    $keytool -genkey -keyalg RSA -alias wso2carbon -keystore wso2carbon.jks -storepass wso2carbon -validity 360 -keysize 2048

  Export the public certificate.
    $keytool -export -alias wso2carbon -keystore wso2carbon.jks -storepass wso2carbon -file wso2carbon.pem

  Import public certificate into client-truststore.jks.
  (copy “wso2carbon.pem” file into /wso2is-5.0.0/repository/resources/security and insert following     command from the copied location)
    $keytool -import -alias wso2carbon -file wso2carbon.pem -keystore client-truststore.jks -storepass wso2carbon

  NOTE: While creating keys, enter the host name (localhost) as the Common Name.



Step 5 : Configure to direct the HTTP requests to IS.

  (Create new .conf file using below command and do the configurations as provided sample  proxy       configuration for apache http server)
    $sudo vi /etc/apache2/sites-available/wso2.is.com.conf


<ifModule mod_proxy.c>
<VirtualHost *:443>
 ServerAdmin techops@wso2.com
 ServerName localhost
 ServerAlias localhost

 ProxyRequests Off

 SSLEngine On
 SSLProxyEngine On

 SSLCertificateFile /home/shanaka/certs/ca.crt
 SSLCertificateKeyFile /home/shanaka/certs/ca.key

<Proxy>
Order deny,allow
Allow from all
</Proxy>

ProxyPass /carbon https://localhost:9443/carbon
ProxyPassReverse /carbon https://localhost:9443/carbon

ProxyPass /commonauth https:// localhost:9443/commonauth
ProxyPassReverse /commonauth https:// localhost:9443/commonauth

ProxyPass /authenticationendpoint https:// localhost:9443/authenticationendpoint
ProxyPassReverse /authenticationendpoint https:// localhost:9443/authenticationendpoint

ProxyPass /samlsso https:// localhost:9443/samlsso
ProxyPassReverse /samlsso https:// localhost:9443/samlsso
</VirtualHost>
</ifModule>





Step 6 : Enable virtual host configurations.

    $sudo a2ensite wso2.is.com.conf




Step 7 : Restart Apache Httpd.

    $sudo service apache2 restart




Please login to Identity Server using new url i.e  https://localhost/carbon.

If you use any application, it is required to create a Service Provider on Identity Server side. So make sure to use the correct url to send the request through the proxy server.   

Ex urls:
https://localhost/samlsso
https://localhost/commonauth
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)