Being WSO2 a piece of our architecture, I proposed to test its identity and access management.

IAM Essentials:

  • Handing of new accounts. Create multiple user accounts and give them access to the application.
  • Roles and permissions. Set different levels of permissions for each user.
  • APIs Security. Manage the organization’s data, including users exchanging their username and password or reminding them which IdP they chose.
  • Integration. With a third-party authentication provider if necessary.
  • Scalability. Different actions, resources, conditions… etc.

Install the IS:

The first step is to install and configure properly WSO2 Identity Server.

Doing a recap:

  1. Download and install Oracle JDK 8.
  2. Download and install WSO2 Identity Server (Linux).
  3. Run the wso2server.sh script on Linux located inside /bin subdirectory.

Create the app:

We will create the application to integrate OAuth 2.0 standard protocol for authorization. I used Spring Security and the ClientRegistration object for that.

Here the client:

@Configuration
public class OAuth2Config {

    @Autowired
    private SoyouRegistrationProperties soyou;    

    @Bean
    public ClientRegistrationRepository clientRegistrationRepository() {
        return new InMemoryClientRegistrationRepository(getRegistration());
    }

    private ClientRegistration getRegistration() {

        return ClientRegistration
              .authorizationUri(soyou.getAuthorizationUri())
              .clientSecret(soyou.getClientSecret())
              .tokenUri("http://localhost:9763/oauth2/token")
              .redirectUri(soyou.getRedirectUri())
              .scope(soyou.getScopes().split(","))
              .clientName(soyou.getClientName())
              .clientAlias(soyou.getClientAlias())
              .jwkSetUri("http://localhost:9763/oauth2/jwks")
              .authorizationGrantType("http://localhost:9763/oauth2/authorize")
              .userInfoUri(soyou.getUserInfoUri())
              .clientAuthenticationMethod(ClientAuthenticationMethod.POST)
              .build();
    }
}

Now let’s deploy the application.