- Install Java SE Development Kit 11
- Install Apache Maven 3.x.x(https://maven.apache.org/download.cgi#)
- Get a clone from https://github.com/wso2-incubator/identity-outbound-oidc-auth-service or download the source
Keystores and trust stores for development are attached with the repository source. Since this microservice communicates with Identity Server using mTLS, certificate exchange needs to be done before the communication. This can be done via GUI tool, keytool explorer or keytool CLI.
Execute following command inside the $MICROSERVICE_HOME/resources/security
directory.
keytool -export -alias localhost \
-keystore keystore.jks \
-file outbound-service.crt \
-rfc -storepass wso2carbon
Above command will generate a file named outbound-service.crt
. Move that to IS_HOME/repository/resources/security
directory.
Execute following command inside the IS_HOME/repository/resources/security
directory to import the certifate of the microservice to the IS truststore.
keytool -import -alias localhost -file outbound-service.crt \
-keystore client-truststore.jks \
-storepass wso2carbon \
-noprompt
Execute following command inside the IS_HOME/repository/resources/security
directory to extract the IS certificate.
keytool -export -alias wso2carbon \
-keystore wso2carbon.jks \
-file is.crt \
-rfc -storepass wso2carbon
Above command will generate a file named is.crt
. Move that file to $MICROSERVICE_HOME/resources/security
directory.
Execute following command inside $MICROSERVICE_HOME/resources/security
directory.
keytool -import -alias wso2carbon -file wso2carbon.crt \
-keystore client-truststore.jks \
-storepass wso2carbon \
-noprompt
Both server and client can be built using the following maven command.
mvn clean install
inside the $PROJECT_ROOT
directory.
This will build the jars for both server and client.
Maven build will build the microservice as a jar which can be run as a separate service.
The jar can be found in the PROJECT_HOME/components/org.wso2.identity.outbound.oidc.auth.service/target
directory as
org.wso2.identity.outbound.oidc.auth.service-<version>-full.jar
.
This jar needs the resources (keystores, properties files) to run. Copy the jar to the resources folder.
Run the microservice using the following command.
java -Dlog4j.configurationFile=log4j2.properties -jar com.wso2.identity.asgardeo.outbound.oidc.service-<version>-full.jar
Once the server is running following log can be seen in the terminal.
TID: [1] [2022-09-21 07:58:06,124] [] : iam-cloud-outbound-oidc-service : INFO {org.wso2.identity.outbound.oidc.auth.service.OutboundOIDCServer} - Outbound OIDC Service started successfully. Listening on port 5002
The microservice client jar can be found in PROJECT_HOME/components/org.wso2.identity.outbound.oidc.auth.client/target
directory as org.wso2.identity.outbound.oidc.auth.client-<version>.jar
Copy that jar file to IS_HOME/repository/components/dropins
directory.
Add following configuration to deployment.toml
file in IS.
[authentication.authenticator.microservice]
name = "MicroServiceAuthenticator"
enable = true
parameters.url = "localhost:5002"
- Start the Identity Server and set up an Identity Provider with
Microservice-Authenticator
as the Federated Authenticator. - Setup a Service Provider and use newly created Identity Provider in
Local & Outbound Authentication Configuration
. - Try logging into the configured Service Provider.