WSO2 is an open-source technology provider which offers a platform of middleware products such as identity and access management.
The MIRACL platform offers OIDC support which allows an easy integration with the WSO2 Identity management products. For more information on OIDC, please read our setup guide here.
Local OIDC sample application
In order to be able to test the whole authentication flow a local sample application is required which can guide you through the whole OIDC flow.
MIRACL Application creation
WSO2 Identity Server Platform Setup
To set MIRACL as an external Identity Provider you first need to configure the WSO2 Identity Server. There are two ways you could manage this:
Local installation by following their documentation WSO2 Installation.
Start the platform in a docker container WSO2 Docker Setup.
WSO2 Identity Provider Setup
Once the WSO2 platform is up and running you are ready to setup an Identity Provider.
Go to Identity Providers > Add and fill in the required fields.
Under Federated Authentication > OAuth2/OpenID Connect Configuration check Enable OAuth2/OpenIDConnect and fill the required OIDC settings. The values for these settings can be found in the MIRACL OIDC Setup.
Client Id - the Client ID of the MIRACL application created in the previous step.
Client Secret - the Client Secret of the MIRACL application created in the previous step.
Callback URL - the URL which redirect from the Identity Provider to the Service Provider. By default it is the common authentication endpoint of the WSO2 Identity Server Platform (https://localhost:9443/commonauth)
Additionally the Identity Provider's SSL/TLS Certificate must be imported in the WSO2 Platform. The certificate can be retrieved in several ways, more information can be found here. Detailed information on how to import the certificate in WSO2 can be found on Step 7 of this documentation.
Once the certificate has been imported the platform needs to be restarted.
WSO2 Service Provider Setup
Once the Identity Provider is up and running you are ready to setup a Service Provider.
Go to Service Providers > Add, fill in the required fields and register the service provider.
Under Inbound Authentication Configuration > OAuth/OpenID Connect Configuration click
Configureand add the necessary information. After you apply the settings, the generated OAuth Client Key and OAuth Client Secret are the ones that should be added to your local sample application when asked for a Client ID and Client Secret.
Callback Url this should be the redirect url pointing to your local sample application.
Under Local & Outbound Authentication Configuration change the Authentication Type to Federated Authentication and select the Identity Provider created from the previous step.
More detailed information on how to setup WSO2 Service Providers here.
OIDC Discovery Endpoint (.well-known/openid-configuration)
If your local sample application depends on the OIDC configuration endpoint then you must configure the endpoint and make it public.
- Change the Discovery URL to one your application requires (most of the time it is the default
.well-known/openid-configuration) - WSO2 - Set OIDC Discovery endpoint
- Remove OIDC Discovery endpoint authentication - inside your WSO2 platform directory go in
/repository/conf/identity/identity.xmland modify the
<ResourceAccessControl> ... <Resource context="(.*)/.well-known(.*)" secured="FALSE" http-method="all"/> ... </ResourceAccessControl>