WSO2 Identity Server 5.0.0 release has provided several default federated authenticators like Google, Facebook, Yahoo. Even it's possible to write custom authenticator as well, in addition to default authenticators provided.
In this post we are going to demonstrate, how we can configure WSO2 API Manager with WSO2 Identity Server, so that users comes to API Store can use their Facebook account as well to login to API Store.
Step 1 : Configure SSO between API Store and API Publisher
First you need to configure SSO between publisher and store as mentioned in this document.
Step 2 : You need to have App Id and App secret key pair generated for a application registered in facebook developers site. This can be done by login to facebook developer site and creating a new app.
Step 3 : Login to the Identity Server and register a IdP with Facebook authenticator
This can be done by navigating to Main -> Identity Providers -> Add. This will prompt the following window. In the "Federated Authenticators" section expand the "Facebook Configuration" and provide the details.
App Id and App Secrete generated in the step two maps to Client Id and Client Secret values asked in the form.
Step 4 : Go to the two service providers created in step-1 and associate the above created IdP to it.
This configuration is available under "Local & Outbound Authentication Configuration" section of the SP.
Step 5 : If you try to access store url (i.e: https://localhost:9443/store) , it should redirect to the facebook login page.
Step 6: In order to store users to capable in using their facebook account as a login, they need to follow this step and associate their facebook account to their user account in the API Store.
Identity Server has provided a dashboard which gives multiple features for users in maintaining their user accounts. Associating a social login for their account is a one option provided in this dashboard.
This dashboard can be accessed in the following url .
https://<IS_HOST>:<IS_PORT>/dashboard
eg: https://localhost:9444/dashboard
Note: If you are running Identiry Server with port offset, you need to do changes mentioned here, in order to get this dashboard working.
Login to the dashboard with API Store user account. It will give you a dashboard like follows.
Click on the "View details" button provided in "Social Login" gadget. In the prompt window, there is a option to "Associate Social Login". Click on this and give your Facebook account id as follows.
Once account is registered, it will list down as follows.
That's all we have to configure . This user should be able to login to API Store using his facebook account now.
Note: This post explained , when there is already a user account is exist in the API Store , how these users can associate their facebook account to authenticate to API Store. If someone needs to enable API Store login for all facebook accounts without having user account in API Store, that should be done though a custom authenticator added to Identity Server. i.e Provision this user using JIT (Just In Time Provisioning) functionality provided in IdP and using custom authenticator associate "subscriber" role to this provisioned user.
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.