How to Use Mutual SSL with WSO2 Identity Server

1. Build mutual-ssl-authenticator soruce code on here. https://svn.wso2.org/repos/wso2/carbon/platform/branches/turing/components/authenticators/mutual-ssl-authenticator/4.2.0/

2. Build jar put it ‘wso2is-4.7.0\repository\components\dropins’

3. Open ‘wso2is-4.7.0\repository\conf\tomcat\catelina-server.xml’ file and set  clientAuth=”true” to make server to (always) expect two-way SSL authentication.

4. Extract WSO2 public certificate from:

<IS_Home>/repository/resources/security/wso2carbon.jks
Add it to client’s trust store:
<IS_Home>/repository/resources/security/client-truststore.jks.

keytool -export -alias wso2carbon -file carbon_public2.crt -keystore wso2carbon.jks -storepass wso2carbon
keytool -import -trustcacerts -alias <Client_Alias> -file carbon_public2.crt -keystore client-truststore.jks -storepass wso2carbon

5. Start the server.

For Client:

6. Create new SoapUI project using  https://localhost:9443/services/RemoteUserStoreManagerService?wsdl

7. SSL setting for SOAP UI

8. Make call for ‘isExistingUser’

Make sure you sure you add soup header.

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ser="http://service.ws.um.carbon.wso2.org">
      <soapenv:Header>
        <m:UserName xmlns:m="http://mutualssl.carbon.wso2.org"
        soapenv:mustUnderstand="0">admin</m:UserName>
    </soapenv:Header>
   <soapenv:Body>
      <ser:isExistingUser>
         <!--Optional:-->
         <ser:userName>admin</ser:userName>
      </ser:isExistingUser>
   </soapenv:Body>
</soapenv:Envelope>

Here is testing no password, used crt for aut.