Over a million developers have joined DZone.

Enabling SSO in WSO2 User Engagement Server (UES)

DZone's Guide to

Enabling SSO in WSO2 User Engagement Server (UES)

· Integration Zone
Free Resource

Today’s data climate is fast-paced and it’s not slowing down. Here’s why your current integration solution is not enough. Brought to you in partnership with Liaison Technologies.

Currently wso2 User Engagement Server (UES) is in ALPHA stage  and it can contain jaggery APPs (javascritp applications) or webapps with gadgets. There you will need to have Single sign-on (SSO) for you applications. Currently UES have 2 application called portal and store. Single sign-on (SSO) is a property of access control of multiple related, but independent software systems. With this property a user logs in once and gains access to all systems without being prompted to log in again at each of them.

Post will explain how to have Single sign-on (SSO) among them with support of ‘org.wso2.carbon.identity.sso.saml.feature’ or you can used wso2 IS server for SSO. 

Dowload location : http://dist.wso2.org/milestone/gs/ues/ALPHA2/wso2ues-1.0.0-ALPHA2.zip

1. Unzip the pack

2. Open '\wso2ues-1.0.0-ALPHA2\wso2ues-1.0.0\repository\deployment\server\jaggeryapps\portal\portal.json' where contains portal app config data.

Change the 'ssoConfiguration' in portal.json for you need. Here I am using default wso2carbon.jkh file as keyStore

"ssoConfiguration" : {
  "enabled" : true,
  "issuer" : "portal",
  "identityProviderURL" : "https://localhost:9443/admin/samlsso",
  "keyStorePassword" : "wso2carbon",
  "identityAlias" : "wso2carbon",
  "responseSigningEnabled" : "true",
  "keyStoreName" : "C:/WSO2/WSO2Trunk/platform/branches/4.0.0/products/ues/1.0.0/modules/distribution/target/wso2ues-1.0.0-ALPHA2/wso2ues-1.0.0/repository/resources/security/wso2carbon.jks"

3. Then go to ‘store’ app and change ‘store.json’  as below ssoConfiguration

  "ssoConfiguration" : {
  "enabled" : true,
  "issuer" : "store",
  "identityProviderURL" : "https://localhost:9443/admin/samlsso",
  "keyStorePassword" : "wso2carbon",
  "identityAlias" : "wso2carbon",
  "responseSigningEnabled" : "true",
  "keyStoreName" : "C:/WSO2/WSO2Trunk/platform/branches/4.0.0/products/ues/1.0.0/modules/distribution/target/wso2ues-1.0.0-ALPHA2/wso2ues-1.0.0/repository/resources/security/wso2carbon.jks"

4. After that Start wso2 UES server  from

wso2ues-1.0.0-ALPHA2\wso2ues-1.0.0\bin\wso2server.bat or wso2server.sh

5. Go to https://localhost:9443/admin/carbon/ and login using “admin” and “admin”

6. Navigagte to Home > Manage > SAML SSO

7. Enter
"Issuer" as "store" (you app name that is define in store.json sso congfig)
"Assertion Consumer URL" as "http://localhost:9763/store/sso.jag"

Check the Enable Single Logout, Use fully qualified username in the SAML Response and Enable Assertion Signing for requirement


8. Click  Register and you will be notified as "Service Provider Added Successfully"

9. Enter Portal data for SSO


10. SignOut from admin carbon now and go to below url for

portal : http://localhost:9763/portal/ 

11. Click on sign in button on the top


There you have to enter the use name and password as “admin” and “admin”


Here you see admin is logged in


12. go to Store : http://localhost:9763/store/assets/gadget/

and click Sign In or when where system (APP)

request for login SSO do it  so no need to enter user name, password again


13. As we enable single log out, click logout in any app and test is it effect to other App as well.



In console you can find logout infor as below

[2013-04-27 16:43:48,615]  INFO {org.wso2.carbon.identity.sso.saml.ui.logout.LogoutRequestSender} -  single logout request is sent to : http://localhost:9763/portal/sso.jag is returned with OK


This above SSO work with data level storing concepts and

“org.wso2.stratos.identity.saml2.sso.mgt.feature.” will support predefine SSO configuration rather entering all data in carbon admin mgt.

go to “\wso2ues-1.0.0-ALPHA2\wso2ues-1.0.0\repository\conf\sso-idp-config.xml” and uncomment those line or enter you app data in there for ServiceProvider


  <Issuer>portal</Issuer>  <AssertionConsumerService>http://localhost:9763/portal/sso.jag</AssertionConsumerService>

Start the UES Server again.

You can see that sso registration infor in console

[2013-04-27 16:55:52,619]  INFO {org.wso2.stratos.identity.saml2.sso.mgt.SSOServiceProviderUpdateManager} -  A SSO Service Provider is registered for : portal


Enjoy WSO2 UES with SSO feature!!

You can defein that SSO feature in remote wso2 IS server even. Smile

Is iPaaS solving the right problems? Not knowing the fundamental difference between iPaaS and iPaaS+ could cost you down the road. Brought to you in partnership with Liaison Technologies.


Published at DZone with permission of Madhuka Udantha, DZone MVB. See the original article here.

Opinions expressed by DZone contributors are their own.


Dev Resources & Solutions Straight to Your Inbox

Thanks for subscribing!

Awesome! Check your inbox to verify your email so you can start receiving the latest in tech news and resources.


{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}