DZone
Thanks for visiting DZone today,
Edit Profile
  • Manage Email Subscriptions
  • How to Post to DZone
  • Article Submission Guidelines
Sign Out View Profile
  • Post an Article
  • Manage My Drafts
Over 2 million developers have joined DZone.
Log In / Join
Refcards Trend Reports
Events Video Library
Refcards
Trend Reports

Events

View Events Video Library

Zones

Culture and Methodologies Agile Career Development Methodologies Team Management
Data Engineering AI/ML Big Data Data Databases IoT
Software Design and Architecture Cloud Architecture Containers Integration Microservices Performance Security
Coding Frameworks Java JavaScript Languages Tools
Testing, Deployment, and Maintenance Deployment DevOps and CI/CD Maintenance Monitoring and Observability Testing, Tools, and Frameworks
Culture and Methodologies
Agile Career Development Methodologies Team Management
Data Engineering
AI/ML Big Data Data Databases IoT
Software Design and Architecture
Cloud Architecture Containers Integration Microservices Performance Security
Coding
Frameworks Java JavaScript Languages Tools
Testing, Deployment, and Maintenance
Deployment DevOps and CI/CD Maintenance Monitoring and Observability Testing, Tools, and Frameworks

The software you build is only as secure as the code that powers it. Learn how malicious code creeps into your software supply chain.

Apache Cassandra combines the benefits of major NoSQL databases to support data management needs not covered by traditional RDBMS vendors.

Generative AI has transformed nearly every industry. How can you leverage GenAI to improve your productivity and efficiency?

Modernize your data layer. Learn how to design cloud-native database architectures to meet the evolving demands of AI and GenAI workloads.

Related

  • What D'Hack Is DPoP?
  • Installing and Debugging an Apereo Cas Application
  • How to Configure, Customize, and Use Ballerina Logs
  • Configuring Anypoint Platform as an Azure AD Service Provider SSO

Trending

  • Build a Simple REST API Using Python Flask and SQLite (With Tests)
  • MCP Servers: The Technical Debt That Is Coming
  • System Coexistence: Bridging Legacy and Modern Architecture
  • Optimizing Integration Workflows With Spark Structured Streaming and Cloud Services
  1. DZone
  2. Testing, Deployment, and Maintenance
  3. Maintenance
  4. Custom Authenticator for WSO2 Identity Server (WSO2IS) SSO Login

Custom Authenticator for WSO2 Identity Server (WSO2IS) SSO Login

Need a custom authenticator for your WSO2 Identity Server SSO login? We've got you covered. Let's look at implementing a WSO2IS authenticator, and extend the basic authenticator.

By 
Asela Pathberiya user avatar
Asela Pathberiya
·
Oct. 20, 15 · Analysis
Likes (6)
Comment
Save
Tweet
Share
7.0K Views

Join the DZone community and get the full member experience.

Join For Free

in sso login, you can plug different custom authenticators in to the wso2is. there are two major types. one is local authenticators and other one is federated authenticators. federated authenticators are needed when you need to provide browser based redirections to another idp. as an example salesforce, google, facebook idps. (more details from here ). in other cases, we can implement a local authenticator.

default authenticator of wso2is, is the basic authenticator and it is also a local authenticator which authenticates the end user with connected user store using provided username and password.

in this post, lets try to implement a local authenticator for wso2is by extending the basic authenticator.
lets take following two sample requirements.

1. users who are login using “openid connect” must be authenticated with user store and must be authorized. in authorization, user must be verified that user is assigned to the specific role called “openidconnectrole”

2. users who are from application (service provider) “soasecurity.org” must be authenticated with user store and must be authorized. in authorization, user must be verified that user contains a specific attribute. as an example, user contains a mail with domain “soasecurity.org”

step 1 . extend the basic authenticator and implement a new authenticator.

as we are only worry about authorization, authentication can be happened as in the basic authenticator level. we need to add authorization logic after the authentication. therefore we only need to extend an one method in the basic authenticator which is “processauthenticationresponse()”

also, we need to modify the authenticator name by extending “getfriendlyname() ” and “getname()” methods.

you can fine the extend authenticator source from here .

step 2 . create osgi bundle out of your extended authenticator. sample project can be found from here . you can build the project using maven3

step 3. deploy osgi bundle in wso2 identity server (or apim) by copying in to /repository/components/dropins directory.

step 4. you need to edit the /repository/deployment/server/webapps/authenticationendpoint/login.jsp page with your new authenticator name.

because currently it is set to “basicauthenticator”. you can modify it as following by adding check for “basiccustomauthenticator”

if(localauthenticatornames.contains("basicauthenticator") | localauthenticatornames.contains("basiccustomauthenticator")){

 if(localauthenticatornames.size()>0 && (localauthenticatornames.contains("basicauthenticator") || } else if(localauthenticatornames.size()>0 && (localauthenticatornames.contains("basicauthenticator") || localauthenticatornames.contains("basiccustomauthenticator"))) {localauthenticatornames.contains("basiccustomauthenticator"))) {

step 5 . (optional) if you need to make this as the default authenticator for all service providers, you can configure it using /repository/conf/identity/service-providers/default.xml file.

this file is configured to “basicauthenticator” by default...you can modify it to “basiccustomauthenticator” by changing following two properties.

<name>basicauthenticator</name>
 <displayname>basicauth</displayname>

in to

<name>basiccustomauthenticator</name>
 <displayname>basiccustom</displayname>

step 6. restart the server.

step 7 . you can login to management console and configure new authenticator for each service provider using “local & outbound authentication configuration”

customauth1

step 8. try out.

you can debug the custom authenticator source by starting server in debug mode.

>sh wso2server.sh -debug 5005

thanks for reading…!!!

authentication Service provider Browser-based End user Debug (command) application Console (video game CLI) Mail (Apple)

Published at DZone with permission of Asela Pathberiya, DZone MVB. See the original article here.

Opinions expressed by DZone contributors are their own.

Related

  • What D'Hack Is DPoP?
  • Installing and Debugging an Apereo Cas Application
  • How to Configure, Customize, and Use Ballerina Logs
  • Configuring Anypoint Platform as an Azure AD Service Provider SSO

Partner Resources

×

Comments

The likes didn't load as expected. Please refresh the page and try again.

ABOUT US

  • About DZone
  • Support and feedback
  • Community research
  • Sitemap

ADVERTISE

  • Advertise with DZone

CONTRIBUTE ON DZONE

  • Article Submission Guidelines
  • Become a Contributor
  • Core Program
  • Visit the Writers' Zone

LEGAL

  • Terms of Service
  • Privacy Policy

CONTACT US

  • 3343 Perimeter Hill Drive
  • Suite 100
  • Nashville, TN 37211
  • support@dzone.com

Let's be friends: