2008/11/16
16 Nov, 2008

Deploying the WSO2 Identity Solution Over an Active Directory

  • Prabath Siriwardena
  • Senior Director - Security Architecture - WSO2

WSO2 Identity Solution can be used as an identity provider to issue InfoCards/OpenIDs. At the same time, it comes with a set of relying party [RP] components to facilitate InfoCard/OpenID based logins.

1. You can set up the AD on Windows 2003 Server, and it would look like as shown in the image below.

2. Let's first create an AD user, which can be used by WSO2 IS to access AD. This user can be of any name. We will use identity

3. Now we need to delegate the task 'Read all user information'  to the user 'identity'.  Right click on 'Users' and then click  'Delegate Control'.

4. Now let's create another user called 'prabath'. This user represents any user in the AD who can connect to the WSO2 IS and download an Information Card against his correspomding AD profile.

We have completed the AD configurations. Now let's set up WSO2 Identity Solution.

5. Download the latest code from the SVN repo: https://svn.wso2.org/repos/wso2/trunk/solutions/identity .

Then, from the root directory (say [Identity] ) of the downloaded code, type the following command. :\> mvn -Drelease clean install

The above will create a zip file distribution at [Identity]\modules\distribution\target. Unzip the Zip file to a local folder. Download Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files 5.0 from here and copy the two jar files from the extracted jce directory (local_policy.jar and US_export_policy.jar) to $JAVA_HOME/jre/lib/security.

6. Start WSO2 Identity Solution with [IS_INSTALLED_DIR]\bin\wso2is.bat. Go to the URL : https://localhost:12443/admin and login with admin/admin [user/password] Click User Stores and then click Add new user store.

7. Select LDAPRealm. 

8. Set LDAPRealm properties. You can find the availabe AD attribute names from here.

9. Set Active_Directory realm as the default value.

10. Click Define Claims and then select 'Given name' and 'Email address' (Do not change any pre selected claims.)

11. Click  Claim Mappings.

12. Click Given name' and 'Email address' and do the claim mapping appropriately.

13. Go to the URL https://localhost:12443 and login with your AD user credentials. Now you can download an Information Card from WSO2 Identity Solution against your AD account.

Author

[Prabath Siriwardena, Senior Software Engineer, WSO2, prabath +AT+ wso2 +dot+ com]

 

About Author

  • Prabath Siriwardena
  • Senior Director - Security Architecture
  • WSO2