Wednesday, April 29, 2009

WebSEAL authentication for WSO2 Carbon based products

WebSEAL authentication is now enabled on all carbon based products [in the latest trunk].

You can simply verify it by downloading a WSO2 Identity Server[IS] build from here.

To get this working, here are few steps to follow.

First you need to setup Identity Server [or any other Carbon based product]to accept WebSEAL authentication and build the trust relationship with WebSEAL.

To do that, you need to login to IS as an admin - and create a new 'role' [through User Manager] with 'Delegate Identity' permission.

Now create a user account [say 'websealuser/password"] for WebSEAL, which belongs to the above role.

Also - you need to point Identity Server's external user store to the same, used by WebSEAL for authentication - since IS will use this to perform authorization against the logged in user.

Next step is to configure WebSEAL.

The WebSEAL server must have a user ID and password it can use when it authenticates to Identity Server. That is what we created in the above step [websealuser/password]

We need to put this user ID and the associated password in the WebSEAL configuration file iv.conf. In this file, you need to have the following:


Also - you need to point login-redirect-page to https://localhost:9443/carbon/admin/login_action.jsp, which specifies the URL that the user to be redirected after login.