WSO2 Integration

WSO2 is an open-source technology provider which offers a platform of middleware products such as identity and access management.

The MIRACL Trust platform offers OIDC support which allows an easy integration with the WSO2 Identity management products. For more information on OIDC, please read our setup guide here.

# WSO2 Setup

# Local OIDC Sample Application

In order to be able to test the whole authentication flow a local sample application is required which can guide you through the whole OIDC flow.

# MIRACL Trust Application Creation

An application on the MIRACL Trust Portal is required. It is used by the external identity provider created on the WSO2 platform. Learn how to register a new MIRACL Trust app here.

# WSO2 Identity Server Setup

To set MIRACL Trust as an external identity provider you first need to configure the WSO2 Identity Server. There are two ways you could manage this:

• Local installation by following their documentation WSO2 Installation.

• Start the platform in a docker container WSO2 Docker Setup.

# WSO2 Identity Provider Setup

Once the WSO2 platform is up and running you are ready to setup an identity provider.

• Go to Identity Providers > Add and fill in the required fields.
• Under Federated Authentication > OAuth2/OpenID Connect Configuration check Enable OAuth2/OpenIDConnect and fill the required OIDC settings. The values for these settings can be found in the MIRACL Trust OIDC setup.
  • Client ID - the Client ID of the MIRACL Trust application created in the previous step.
  • Client Secret - the Client Secret of the MIRACL Trust application created in the previous step.
  • Callback URL - the URL which redirects from the identity provider to the service provider. By default it is the common authentication endpoint of the WSO2 Identity Server Platform (https://localhost:9443/commonauth)

Additionally, the identity provider’s SSL/TLS Certificate must be imported in the WSO2 Platform. The certificate can be retrieved in several ways, more information can be found here. Detailed information on how to import the certificate in WSO2 can be found on Step 7 of this documentation.

Once the certificate has been imported the platform needs to be restarted.

# WSO2 Service Provider Setup

Once the identity provider is up and running you are ready to setup a service provider.

• Go to Service Providers > Add, fill in the required fields and register the service provider.

• Under Inbound Authentication Configuration > OAuth/OpenID Connect Configuration click Configure and add the necessary information. After you apply the settings, the generated OAuth Client Key and OAuth Client Secret are the ones that should be added to your local sample application when asked for a Client ID and Client Secret.

• Callback Url this should be the Redirect URL pointing to your local sample application.

• Under Local & Outbound Authentication Configuration change the Authentication Type to Federated Authentication and select the identity provider created from the previous step.

More detailed information on how to setup WSO2 service providers is available here.

# Additional Notes

# OIDC Discovery Endpoint (.well-known/openid-configuration)

If your local sample application depends on the OIDC configuration endpoint then you must configure the endpoint and make it public.

• Change the Discovery URL to one your application requires (most of the time it is the default .well-known/openid-configuration) - WSO2 - Set OIDC Discovery endpoint
• Remove OIDC Discovery endpoint authentication - inside your WSO2 platform directory go in /repository/conf/identity/identity.xml and modify the secured flag for .well-known to false.

<ResourceAccessControl>
...
  <Resource context="(.*)/.well-known(.*)" secured="FALSE" http-method="all"/>
...
</ResourceAccessControl>