Hi Isuru,
In [1] it explains configuring SSO with internal IS components.(not
external Identity Server).
However, I see that it is missing some information and need to be corrected
at the point you mentioned above.
1. Information that is mentioned in [2] has to be updated.
2. Below section need to be moved to "*Configuring clustering for the
publisher nodes*" section in [1]. Corresponding configurations need to
be added to *"Configuring clustering for the store nodes" *section as
well.(refer the Note at the end of this email).
4. Configure single sign-on with the Identity Server. To do this, modify
> the <ES_HOME>/repository/deployment/server/jaggeryapps/publisher/config/
> publisher-tenant.json file with the following. You must configure this
> for all nodes that require single sign-on.
> "authentication":{
> "activeMethod":"sso",
> "methods":{
> "sso":{
> "attributes":{
> "issuer":"publisher",
> "identityProviderURL":"
> https://publisher.es-wso2.com/samlsso";,
> <https://publisher.es-wso2.com/samlsso>
> "keyStorePassword":"wso2carbon",
> "identityAlias":"wso2carbon",
> "responseSigningEnabled":"true",
> "acs":"%https.host%/publisher/acs",
>
> "keyStoreName":"/repository/resources/security/wso2carbon.jks"
> }
> },
> "basic":{
> "attributes":{
> }
> }
> }
> }
>
Referring to above highlighted section,we have to clearly
mention that SSO is configured with Identity components within the ES
server and correct config file.
Note:
store-tenant.json and publisher-tenant-json
In
[ES_HOME]/repository/deployment/server/jaggeryapps/publisher/config/publisher-tenant.json
file change authentication.sso.attributes values as below.
"identityProviderURL": "https:// <https://es.wso2.com/samlsso>
publisher.es-wso2.com <https://publisher.es-wso2.com/samlsso>/samlsso"
[ES_HOME]/repository/deployment/server/jaggeryapps/store/config/store-tenant.json
file change authentication.sso.attributes values as below.
"identityProviderURL": "https://store.es-wso2.com
<https://store.es-wso2.com/samlsso> <https://publisher.es-wso2.com/samlsso>
/samlsso"
Additionally in
[ES_HOME]/repository/deployment/server/jaggeryapps/store/config/store-tenant.json
change features.social.keys.socialAppUrl value as,
"socialAppUrl": "https://store.es-wso2.com/social
<https://es.wso2.com/social>"
Note: If you have started the server before you will have log into
management console and make the changes in above step in
/_system/config/publisher/configs/publisher.json and
/_system/config/store/configs/store.json
Enabling sticky sessions in load balancer is important.
@DocTeam: Can you please update above information.
[1]. https://docs.wso2.com/display/CLUSTER44x/Clustering+ES+2.0.0
[2]. https://wso2.org/jira/browse/DOCUMENTATION-2704
<https://wso2.org/jira/browse/DOCUMENTATION-2704>
Thanks!
-Ayesha
On Wed, May 11, 2016 at 7:32 AM, Isuru Haththotuwa <[email protected]> wrote:
> Hi Devs,
>
> In ES 2.0.0 distributed deployment documentation [1], it is mentioned that
> its using SSO with Identity Server. However, the store node's
> publisher.json file's identityProviderURL is pointing to the publisher node
> [2]. Is this intentional? Are we using the Publisher node also as an IDP?
> If so, shouldn't both Publisher and Store point to the same IDP URL?
>
> [1]. https://docs.wso2.com/display/CLUSTER44x/Clustering+ES+2.0.0
>
> [2]. "identityProviderURL":"https://publisher.es-wso2.com/samlsso";,
> <https://publisher.es-wso2.com/samlsso>
>
> --
> Thanks and Regards,
>
> Isuru H.
> +94 716 358 048* <http://wso2.com/>*
>
>
>
> _______________________________________________
> Dev mailing list
> [email protected]
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>
--
*Ayesha Dissanayaka*
Software Engineer,
WSO2, Inc : http://wso2.com
<http://www.google.com/url?q=http%3A%2F%2Fwso2.com&sa=D&sntz=1&usg=AFQjCNEZvyc0uMD1HhBaEGCBxs6e9fBObg>
20, Palmgrove Avenue, Colombo 3
E-Mail: [email protected] <[email protected]>
_______________________________________________
Dev mailing list
[email protected]
http://wso2.org/cgi-bin/mailman/listinfo/dev
