Tuesday, January 12, 2016

WSO2 Identity Server Dropbox Authenticator

Each authenticator provides you a way to authenticate the user using specific external authentication system. For example if you want to authenticate a user who logs into your application using Dropbox authenticator, you need to configure the Dropbox authenticator for your identity provider .The Dropbox authenticator allows you to authenticate user using Dropbox through WSO2 IS. 

Before you can get started, you'll need to register your app with Dropbox by creating a new app in My apps. That page will guide you through the process of registering your app, including choosing which permission your app needs, and specifying an app name. After creating your app, you're ready to set up the authorization process in your app. The Dropbox SDKs will take care of some of the OAuth 2 process automatically for you, and you can use the tutorials and sample apps for reference.

Configuring the Dropbox App

Step 1. go to https://www.dropbox.com/developers/apps and create new app as described  in the Doc.

Step 2.Enter the name of your new app and redirect URL https://localhost:9443/commonauth in the window that appears.

Step 3.  Copy App key and App Secret from above page

Deploying travelocity.com sample app

The next step is to deploy the sample app in order to use it in this scenario.
  1. You can download travelocity.com.war file from here.
  2. Deploy this sample web app on a web container.
    1. Use the Apache Tomcat server to do this.
    2. Since this sample is written based on Servlet 3.0, it needs to be deployed on Tomcat 7.x.
    3. Copy the .war file into the webapps folder. For example, <APACHE_HOME>/apache-tomcat-7.0.50/webapps.
Once this is done, the next step is to configure the WSO2 Identity Server by adding a service provider and identity provider.

Now you have to configure WSO2 Identity Server by adding a new identity provider.
  1. Download the WSO2 Identity Server from here and run it.
  2. Log in to the management console as an administrator.
  3. In the Identity Providers section under the Main tab of the management console, click Add.
  4. Give a suitable name for Identity Provider Name.

  1. Go to Dropbox Configuration under Federated Authenticators.
  2. Enter the values as given in the above figure.
    • Client Id: App key for your app.
    • Client Secret: App Secret for your app.
    • Callback URL: Service Provider's URL where code needs to be sent .
  3. Select both checkboxes to Enable the Foursquare Authenticator and make it the Default.
  4. Click Register.
You have now added the identity provider.

Configuring the service provider

The next step is to configure the service provider.
  1. Return to the management console.
  2. In the Service Providers section under the Main tab, click Add.
  3. Since you are using travelocity as the sample, enter travelocity.com in the Service Provider Name text box and click Register.
  4. In the Inbound Authentication Configuration section, click Configure under the SAML2 Web SSO Configuration section.

  5. Now set the configuration as follows:
    1. Issuer: travelocity.com
    2. Assertion Consumer URL: http://localhost:8080/travelocity.com/home.jsp
  6. Select the following check-boxes:
    1. Enable Response Signing.
    2. Enable Single Logout.
    3. Enable Attribute Profile.
    4. Include Attributes in the Response Always.
  7. Click Update to save the changes. Now you will be sent back to the Service Providers page.
  8. Go to the Local and Outbound Authentication Configuration section.
  9. Select the identity provider you created from the dropdown list under Federated Authentication.

  10. Ensure that the Federated Authentication radio button is selected and click Update to save the changes.

 You have now added and configured the service provider.

Testing the sample

  1. To test the sample, go to the following URL: http://<TOMCAT_HOST>:<TOMCAT_PORT>/travelocity.com/index.jsp E.g., http://localhost:8080/travelocity.com
  2. Click the link to log in with SAML from WSO2 Identity Server.
You are redirected to the Foursquare Login page. Enter your Dropbox credentials and you will be taken to the home page of the travelocity.com app.
After Successfully Login you will get a page with claims. Dropbox will provide below information for claims

uidThe user's unique Dropbox ID.
display_nameThe user's display name.
name_details/given_nameThe user's given name.
name_details/surnameThe user's surname.
name_details/familiar_nameThe locale-dependent familiar name for the user.
referral_linkThe user's referral link.
countryThe user's two-letter country code, if available.
localeLocale preference set by the user (e.g. en-us).
emailThe user's email address.
email_verifiedIf true, the user's email address has been verified to belong to that user.
is_pairedIf true, there is a paired account associated with this user.
teamIf the user belongs to a team, contains team information. Otherwise, null.
team/nameThe name of the team the user belongs to.
team/team_idThe ID of the team the user belongs to.
quota_info/normalThe user's used quota outside of shared folders (bytes).
quota_info/sharedThe user's used quota in shared folders (bytes). If the user belongs to a team, this includes all usage contributed to the team's quota outside of the user's own used quota (bytes).
quota_info/quotaThe user's total quota allocation (bytes). If the user belongs to a team, the team's total quota allocation (bytes).