WSO2 Identity Solution, v1.5 : Relying party in minutes - A pre-configured login

Introduction

This is a preconfigured implementation of the Identity Login for J2EE web applications. For more information please refer the Relying party developer guide.

Configuration Steps

Step 1 : Add the servlet filter to you application and setup the keystore

Include the following entry in the web.xml file of the application:


    <filter>
        <filter-name>TokenValidator</filter-name>
        <filter-class>org.wso2.solutions.identity.relyingparty.servletfilter.RelyingPartyFilter</filter-class>
        <init-param>
	    <param-name>Keystore</param-name>
	    <param-value>keys/wso2is.jks</param-value>
  	</init-param>
        <init-param>
	    <param-name>StorePass</param-name>
	    <param-value>wso2is</param-value>
  	</init-param>
        <init-param>
	    <param-name>KeyAlias</param-name>
	    <param-value>localhost</param-value>
  	</init-param>
    	<init-param>
	    <param-name>KeyPass</param-name>
	    <param-value>wso2is</param-value>
  	</init-param>
        <init-param>
	    <param-name>StoreType</param-name>
	    <param-value>JKS</param-value>
  	</init-param>
    </filter>
	
    <filter-mapping>
        <filter-name>TokenValidator</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>


Add the keystore containing the private key to the web application.

Create a directory called "keys" directly inside the war directory. Download the keystore from here and add it into it.

Step 2 : Add the information card login page


The user loing page must contain a form with an object tag as shown below:
   <form name="frm" id="frm" method="post" action="InfoCardLogin.action">  
		<input type="hidden" name="InfoCardSignin" value="Log in" /><br/>
		<OBJECT type="application/x-informationCard" name="xmlToken">
			<PARAM  Name="tokenType"
					Value="urn:oasis:names:tc:SAML:1.0:assertion">
			<PARAM  Name="requiredClaims"
					Value="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/privatepersonalidentifier">
			<PARAM Name="issuer" value="http://schemas.xmlsoap.org/ws/2005/05/identity/issuer/self">
		</OBJECT>
  </form>

The object tag here is the standard information card object as defined here .

It is important that you include the hidden field called "InfoCardSignin" with the value "Log in". The filter will process the HTTP POST request to extract the token sent when this request parameter is available.



Step 3 : Add the required jars to your classpath.

Ant script available here will create a directory named "required-lib" and copy all the required jar files into it. Download the ant script and copy it to the identity distribution. Then run the script by typing ant create-required-lib. This will create the required-lib directory with the required libraries

Step 4 : Obtain the information in the verified token and process

The results of token processing will be available as attributes in the ServletRequest object.

To indicate whether token verification was successful or not there will be an attribute by the name "org.wso2.solutions.identity.rp.State". On successful verification value of this attribute will be "success". Otherwise it will be "failure".

Initiate a user session in a web application using these values.

The ServletRequest will also contain a set of attrbites by the names of the claims (the part of claim URI after the final "/")

with their values.
	String auth = (String)request.getAttribute(TokenVerifierConstants.SERVLET_ATTR_STATE);
	String welcomeString = "";
	
	if(auth != null && TokenVerifierConstants.STATE_SUCCESS.equals(auth)) {
		welcomeString = "Welcome "
		String issuerInfo = request.getAttribute("issuerInfo");
		//retrieving claims made by the user
		String givenName = (String)request.getAttribute(IdentityConstants.CLAIM_GIVEN_NAME);
		String surname = (String)request.getAttribute(IdentityConstants.CLAIM_SURNAME);
		String email = (String)request.getAttribute(IdentityConstants.CLAIM_EMAIL_ADDRESS);
		welcomeString = welcomeString + givenName + " " + surname + " "+email;
	}else{
		welcomeString = "Login Failure!!"
	}