Monday, July 14, 2008

Deploying your OpenID relying party behind a proxy

This post dicusses how you can deploy your OpenID relying party behind an Apache front-end, which acts as a reverse proxy.

First, lets configure Apache to act as a reverse proxy. I assume your Apache server is running at identity-rp:12081 and your web application is running on Tomcat at http://localhost:12080/javarp. If you have different settings, please do the modifications appropriately.

Do the following changes in the httpd.conf.

LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule proxy_connect_module modules/mod_proxy_connect.so

ProxyRequests Off
ProxyPreserveHost On

ProxyPass /javarp http://localhost:12080/javarp

<Location /javarp/>
     ProxyPassReverse /
     SetOutputFilter proxy-html
     RequestHeader unset Accept-Encoding
</Location>
Now let's download the latest code from the SVN repo: https://svn.wso2.org/repos/wso2/trunk/solutions/identity

Then, from the root directory (say [Identity] ) of the downloaded code.

[Make sure you have installed Maven2]

:\> mvn -Drelease clean install

You need the following two jars from the build and copy them to your classpath.

1.[Identity]\modules\base\target\wso2is-base-SNAPSHOT.jar
2.[Identity]\modules\token-verifier-core\target\wso2is-token-verifier-core-SNAPSHOT.jar

This article explains how you can develop an OpenID Relying Party web site with WSO2 OpenID RP components. Please refer the section "Adding OpenID Support with Simple Registration".

You also need to do the following changes in addition to what is mentioned in the above document.

Set the return_to url;

openIDAuthRequest.setReturnUrl("http://localhost:12080/javarp/openidcallback.jsp");

Add the following to the web.xml of your web application.

<filter>
  <filter-name>OpenIDTokenValidator</filter-name>
  <filter-class>org.wso2.solutions.identity.relyingparty.servletfilter.OpenIDRelyingPartyFilter</filter-class>
    <init-param>
      <param-name>MappingHost</param-name>
      <param-value>localhost</param-value>
    </init-param>
    <init-param>
      <param-name>MappingPort</param-name>
      <param-value>12080</param-value>
    </init-param>
    <init-param>
      <param-name>MappedHost</param-name>
      <param-value>identity-rp</param-value>
    </init-param>
    <init-param>
      <param-name>MappedPort</param-name>
      <param-value>12081</param-value>
    </init-param>
</filter>

<filter-mapping>
    <filter-name>OpenIDTokenValidator</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>
All done and now you are set to run your web application.

Start both the Apache and your Tomcat servers and hit the url http://identity-rp:12081/javarp to access your web application.

0 comments: