Let see how we can use Openid issued by WSO2IS in an actual environment. Here I am using Liferay portal as Openid consumer and assume that Liferay portal and Identity server have been setup in different hosts in a LAN.
Step 1. First download WSO2IS server from here and you can extract in to a directory in your file system. Lets call as CARBON_HOME
Step 2. You can start Identity server by running wso2server.sh (in unix) or wso2server.bat (in windows) file in the CARBON_HOME/bin directory
Identity server will be started with default configuration. if you examine openid url of a user(default admin username is admin) in identity server. It will look like
https://localhost:9443/openid/admin
But this openid url can not be accessed by other hosts in your network. So Lets change our host name.
Step 3. Lets assume we want to configure host name as “wso2identity” (or any ip address). First configure following parameters in carbon.xml which can be found in CARBON_HOME/conf .
<HostName>wso2identity</HostName> <MgtHostName>wso2identity</MgtHostName>
configure following parameters in identity.xml which can be found in same location
<OpenIDServerUrl>https://wso2identity:9443/openidserver</OpenIDServerUrl> <OpenIDUserPattern>https://wso2identity:9443/openid/</OpenIDUserPattern>
Step 4. Restart identity server. Now openid url
https://wso2identity:9443/openid/admin
Step 5. Download latest version of Liferay portal from here and you can extract in to a directory in your file system. Lets call as LIFERAY_HOME
Step 6. Set CATALINA_HOME =LIFERAY_HOME/tomcat_dir
Step 7. Start Liferay portal by running catalina.sh run (in unix) or calalina.bat file in CATALINA_HOME/bin directory.
Step 8. Create a user account in Liferay and configure an openid that is issued by identity server which is https://wso2identity:9443/openid/admin
Step 9. Now try to sign in by providing your openid
Step 10. You will probably get following error message. Because there are one configuration to do, if we use default keystore, wso2carbon.jks for identity server.
Liferay use java cacerts as its trust-store. But wso2carbon.jks contains self signed certificate. So public key should be imported to the cacerts that is used by Liferay. Then Liferay can trust the Openid provided by wso2identity server.
Step 11. Import Identity server public certificate to the cacerts
first export wso2carbon cert from wso2carbon.jks which can be found in CARBON_HOME/resources/security directory. sample keytool command
> keytool -export -keystore wso2carbon.jks -file carbon.cert -alias localhost -keypass wso2carbon
Then import it to cacerts in JAVA_HOME/jre/lib/security
> keytool -import -keystore cacerts -file carbon.cert -alias carbon -keypass changeit
Step 12. Then restart Liferay portal. Now you can sign in to Liferay portal using WSO2IS server’s Openid………!!!