A Jaggery App is deployed on WSO2 Application Server (AS) and we have enabled SAML 2.0 based SSO for the Jaggery app using WSO2 Identity Server (IS) . You can find more details on enabling SSO with IS at [1]. ESB also shares the same IDP.
What we are doing here is authenticating the Jaggery App from IDP by sending a SAML request and using the same SAML response to authenticate ESB and get a session cookie. This cookie can then be used to invoke admin services of ESB.
[JAGGERY_APP]/jagg/jaggery_acs file acts as the assertion consumer service (ACS). This is the same that is configured in the IDP. Once the request comes to jaggery_acs.jag we will validate the SAML response and get the cookie from ESB.
Once we have the SAML response, use the following code to authenticate ESB.
//authenticate ESB var ws = require("ws"); var requestESB = new ws.WSRequest(); var options = new Array(); options.useSOAP = 1.2; options.action = "urn:login"; var endPoint = "https://localhost:9453/services/SAML2SSOAuthenticationService"; var payload = '<sso:login xmlns:sso="http://sso.saml2.authenticator.identity.carbon.wso2.org"><sso:authDto><xsd:response xmlns:xsd="http://dto.sso.saml2.authenticator.identity.carbon.wso2.org/xsd">' + samlResponse + '</xsd:response></sso:authDto></sso:login>'; requestESB.open(options,endPoint, false); requestESB.send(payload); var responseESB = requestESB.responseE4X; var adminSession = requestESB.getResponseHeader("Set-Cookie"); session.put("esb-auth-cookie", adminSession);
Use the following code segment to invoke ESB Admin services with the above cookie
var restApiAdminUrl = site.esb.serverBaseURL + "t/" + tenantDomain + "/services/" + REST_API_ADMIN_SERVICE + "/"; var requestPayload = "<xsd:getAPIsForListing xmlns:xsd=\"http://org.apache.axis2/xsd\">" +" <xsd:pageNumber>0</xsd:pageNumber>" +" <xsd:itemsPerPage>100</xsd:itemsPerPage>" +"</xsd:getAPIsForListing>"; var ws = require("ws"); var request = new ws.WSRequest(); var options = new Array(); options.useSOAP = 1.2; options.action = "urn:getAPIsForListing"; options["HTTPHeaders"] = [{name: "cookie", value: session.get("esb-auth-cookie")}]; request.open(options, restApiAdminUrl, false); request.send(requestPayload); var response = request.responseE4X;
References
[1] https://docs.wso2.com/display/IS500/Configuring+Single+Sign-On+with+SAML+2.0
[2] http://wso2.com/library/articles/2016/02/article-how-to-setup-a-wso2-api-manager-store-login-with-google/
No comments:
Post a Comment