Trying out saml2-pick-up-dispatch app with WSO2 Identity Server in a tenant

4 min readDec 1, 2019

There are some sample applications that demonstrates SAML2 SSO with WSO2 Identity Server(IS).

saml2-web-app-pickup-dispatch.com

2. saml2-web-app-pickup-manager.com

3. travelocity

But saml2-web-app-pickup-dispatch.com and saml2-web-app-pickup-manager.com are the recent samples app and we recommend to use this app with the latest IS versions.

Lets see how to configure saml2-web-app-pickup-dispatch.com app in a tenant.

1. Building from source

Get a clone or download source of WSO2 sample-is repository.
We will refer this directory as <IS_SAMPLE_REPO> here onwards.
Run the Maven command mvn clean install from the <IS_SAMPLE_REPO>/saml2-sso-sample directory.

4. You can find SSO sample applications in target directory of <IS_SAMPLE_REPO>/saml2-sso-sample/saml2-web-app-pickup-dispatch and <IS_SAMPLE_REPO>/saml2-sso-sample/saml2-web-app-pickup-manager directories. Application distributions are named saml2-web-app-pickup-dispatch.com.war and saml2-web-app-pickup-manager.com.war respectively.

5. Download the apache tomcat.

6. Copy the saml2-web-app-pickup-dispatch.com.war file into <tomcat_home>/webapps folder.

7. Start the tomcat server

8. Once you start the tomcat server, you can see the extracted folder of saml2-web-app-pickup-dispatch.com. Hence refer to this as <saml2-web-app-pickup-dispatc_home>

2. Configuring the SAML service provider in a tenant

Download the latest Identity Server from here

2. Extract the Identity Server and Run the WSO2 Server.

3. Open the management console using http://localhost:9443/carbon

4. Login as an admin user to the carbon.super tenant

5. Navigate to Configure > Multitenancy > Add new Tenant

6. Add a new tenant abc.com and Register it.

7.Login to the new tenant with the tenant admin username & password

8. Navigate to Main > Service Providers > Add

9. Add saml2-web-app-pickup-dispatch as a saml application and register it.

10. Navigate to Inbound Authentication Configuration > SAML2 Web SSO Configuration > Configure

11. Configure the saml2-web-app-pickup-dispatch app.

issuer- saml2-web-app-pickup-dispatch.com

Assertion Consumer URLs : http://localhost.com:8080/saml2-web-app-pickup-dispatch.com/home.jsp

3. Download the public certificate of the tenant and Add it to keystore

Navigate to Main > Manage > KeyStores > list

2. You can view the keystores of abc.com tenant.

3. Click on Public Key and download the public key of the Keystore

4. Import the public certificate of the tenant into the saml2-pickup-dispatch app’s Keystore. Keystore of the app is located into <saml2-pickup-dispatch_home>/WEB-INF/classes/ folder.

keytool -import -alias <alias_name> -file <public_key_of_the_tenant's keystore> -keystore <keystore_name>Eg: 
keytool -import -alias abc.com -file abc-com-96255.cert -keystore wso2carbon.jks

6. Now the keystore has changed. Export the public key(wso2carbon) of Keystore using the following command. When it prompts for password, give wso2carbon.

keytool -export -alias <alias_name> -keystore <keystore> -rfc -file <output_cert.pem>Eg:keytool -export -alias wso2carbon -keystore wso2carbon.jks -rfc -file publickey.pem

8. Change the IDP alias in sso.properties file located in <saml2-pickup-dispatch_home>/WEB-INF/classes/ folder.

#Alias of the IdP’s public certificate
IdPPublicCertAlias=abc.com

7. Upload the public certificate of the app in the management console.

8. Go to Service Providers > List > saml2-web-app-pickup-dispatch.com and click on Edit

9. Click on Upload SP certificate

Note: If you want to skip signature validation, then you can skip these steps

4. Configuring the saml2-pickup-dispatch app

Go the <saml2-pickup-dispatch_home>/WEB-INF/classes/ folder. Open the sso.properties file.
Add QueryParams=tenantDomain=<tenant_domain_name> in the sso.properties file