This Blog Is Not Updated Any More.

Check out my new blog on Medium:

Topics: Identity and Access Management, Blockchain, Ethereum, Bitcoin, Security, PSD2, GDPR

Wednesday, April 29, 2009

WebSEAL authentication for WSO2 Carbon based products

WebSEAL authentication is now enabled on all carbon based products [in the latest trunk].

You can simply verify it by downloading a WSO2 Identity Server[IS] build from here.

To get this working, here are few steps to follow.

First you need to setup Identity Server [or any other Carbon based product]to accept WebSEAL authentication and build the trust relationship with WebSEAL.

To do that, you need to login to IS as an admin - and create a new 'role' [through User Manager] with 'Delegate Identity' permission.

Now create a user account [say 'websealuser/password"] for WebSEAL, which belongs to the above role.

Also - you need to point Identity Server's external user store to the same, used by WebSEAL for authentication - since IS will use this to perform authorization against the logged in user.

Next step is to configure WebSEAL.

The WebSEAL server must have a user ID and password it can use when it authenticates to Identity Server. That is what we created in the above step [websealuser/password]

We need to put this user ID and the associated password in the WebSEAL configuration file iv.conf. In this file, you need to have the following:


Also - you need to point login-redirect-page to https://localhost:9443/carbon/admin/login_action.jsp, which specifies the URL that the user to be redirected after login.