Currently wso2 User Engagement Server (UES) is in ALPHA stage  and it can contain jaggery APPs (javascritp applications) or webapps with gadgets. There you will need to have Single sign-on (SSO) for you applications. Currently UES have 2 application called portal and store. Single sign-on (SSO) is a property of access control of multiple related, but independent software systems. With this property a user logs in once and gains access to all systems without being prompted to log in again at each of them.

Post will explain how to have Single sign-on (SSO) among them with support of ‘org.wso2.carbon.identity.sso.saml.feature’ or you can used wso2 IS server for SSO. 

Dowload location : http://dist.wso2.org/milestone/gs/ues/ALPHA2/wso2ues-1.0.0-ALPHA2.zip

1. Unzip the pack

2. Open '\wso2ues-1.0.0-ALPHA2\wso2ues-1.0.0\repository\deployment\server\jaggeryapps\portal\portal.json' where contains portal app config data.

Change the 'ssoConfiguration' in portal.json for you need. Here I am using default wso2carbon.jkh file as keyStore

"ssoConfiguration" : {
    "enabled" : true,
    "issuer" : "portal",
    "identityProviderURL" : "https://localhost:9443/admin/samlsso",
    "keyStorePassword" : "wso2carbon",
    "identityAlias" : "wso2carbon",
    "responseSigningEnabled" : "true",
    "keyStoreName" : "C:/WSO2/WSO2Trunk/platform/branches/4.0.0/products/ues/1.0.0/modules/distribution/target/wso2ues-1.0.0-ALPHA2/wso2ues-1.0.0/repository/resources/security/wso2carbon.jks"
}

3. Then go to ‘store’ app and change ‘store.json’  as below ssoConfiguration

    "ssoConfiguration" : {
        "enabled" : true,
        "issuer" : "store",
        "identityProviderURL" : "https://localhost:9443/admin/samlsso",
        "keyStorePassword" : "wso2carbon",
        "identityAlias" : "wso2carbon",
        "responseSigningEnabled" : "true",
        "keyStoreName" : "C:/WSO2/WSO2Trunk/platform/branches/4.0.0/products/ues/1.0.0/modules/distribution/target/wso2ues-1.0.0-ALPHA2/wso2ues-1.0.0/repository/resources/security/wso2carbon.jks"
    }

4. After that Start wso2 UES server  from

wso2ues-1.0.0-ALPHA2\wso2ues-1.0.0\bin\wso2server.bat or wso2server.sh

5. Go to https://localhost:9443/admin/carbon/ and login using “admin” and “admin”

6. Navigagte to Home > Manage > SAML SSO

7. Enter
"Issuer" as "store" (you app name that is define in store.json sso congfig)
"Assertion Consumer URL" as "http://localhost:9763/store/sso.jag"

Check the Enable Single Logout, Use fully qualified username in the SAML Response and Enable Assertion Signing for requirement

8. Click  Register and you will be notified as "Service Provider Added Successfully"

9. Enter Portal data for SSO

10. SignOut from admin carbon now and go to below url for

portal : http://localhost:9763/portal/ 

11. Click on sign in button on the top

There you have to enter the use name and password as “admin” and “admin”

Here you see admin is logged in

12. go to Store : http://localhost:9763/store/assets/gadget/

and click Sign In or when where system (APP)

request for login SSO do it  so no need to enter user name, password again

13. As we enable single log out, click logout in any app and test is it effect to other App as well.

In console you can find logout infor as below

[2013-04-27 16:43:48,615]  INFO {org.wso2.carbon.identity.sso.saml.ui.logout.LogoutRequestSender} -  single logout request is sent to : http://localhost:9763/portal/sso.jag is returned with OK

 

NOTE

This above SSO work with data level storing concepts and

“org.wso2.stratos.identity.saml2.sso.mgt.feature.” will support predefine SSO configuration rather entering all data in carbon admin mgt.

go to “\wso2ues-1.0.0-ALPHA2\wso2ues-1.0.0\repository\conf\sso-idp-config.xml” and uncomment those line or enter you app data in there for ServiceProvider

eg:

        <ServiceProvider>
            <Issuer>portal</Issuer>        <AssertionConsumerService>http://localhost:9763/portal/sso.jag</AssertionConsumerService>
            <CustomLoginPage>ssoApp/login_processor.jag</CustomLoginPage>
        </ServiceProvider>

Start the UES Server again.

You can see that sso registration infor in console

[2013-04-27 16:55:52,619]  INFO {org.wso2.stratos.identity.saml2.sso.mgt.SSOServiceProviderUpdateManager} -  A SSO Service Provider is registered for : portal

Enjoy WSO2 UES with SSO feature!!

You can defein that SSO feature in remote wso2 IS server even.