Step 1 : Configuring Passive STS sample application
- Download the sample application .war file fom https://svn.wso2.org/repos/wso2/people/dulanja/samples/passive-sts/bin/PassiveSTSSampleApp.war
- You can use a application server such as Apache Tomcat to deploy the application. Apache Tomcat can be download form http://mirrors.gigenet.com/apache/tomcat/tomcat-7/v7.0.54/bin/apache-tomcat-7.0.54.zip
- Extract the zip file and copy the .war file into the webapps folder inside the extracted apache-tomcat folder.
- Run Tomcat by running the catalina.sh file inside the bin folder using : sh catalina.sh run
- Extract the zip file and copy the .war file into the webapps folder inside the extracted apache-tomcat folder.
- Run Tomcat by running the catalina.sh file inside the bin folder using : sh catalina.sh run
Step 2 : Configuring the Facebook App
- Go to https://developers.facebook.com/ and login with your Facebook credentials.
- Go to Apps > Create a New App
- Enter an App Name and select an appropriate category and click on Create App. This will take you to the App Dashboard where you can find the AppID and AppSecret.
- Go to Settings and click on Add platform
Click on website and configure as shown in the screenshot.
- Go to Settings > Advanced
Here you need to configure security settings as shown in the screenshot
- Client OAuth Login should be set to Yes and OAuth redirect URL should be set to https://localhost:9443/commonauth . Click on Save Changes button to save the changes.
The app is not available to general public yet. To make to app available to every Facebook user, you have to submit the app for review. After a review Facebook make the app available to every Facebook user. More information on review process can be find by clicking on Status and Review.
Because the review process is taking some time, you can specify some Facebook users as Developers or Testers. Only the specified here can use this app to Login with Facebook until the App go public.
- Click on Roles to go the below page and specify the required Facebook users as Developers or Testers.
Click on website and configure as shown in the screenshot.
Because the review process is taking some time, you can specify some Facebook users as Developers or Testers. Only the specified here can use this app to Login with Facebook until the App go public.
Step 3 : Configuring Identity Provider
Now you have to configure WSO2 Identity Server. First you need to download the latest version from
http://wso2.com/products/identity-server/ (If you are new to WSO2 Identity Server please refer https://docs.wso2.org/display/IS460/Getting+Started )
- Extract the zip file and run wso2server.sh file inside the bin directory. (If you are using windows run wso2server.bat instead).
- Login to the management console using
User Name : Admin Password : Admin
- In the Identity Section in the Main tab, click on Add button under Identity Providers.
- Give a suitable name as the Identity Provider Name.
- Go to Federated Authenticators > Facebook Configuration and enter the App ID and App Secret values form Facebook app into Client ID and Client Secret fields respectively.
- Tick both check boxes to enable Facebook Authenticator and Make it the default.
Step 4 : Configuring Service Provider
- Now go back to the WSO2 IS Management console. In the Manage Section in the Main tab, click on Add button under Service Providers.
- Enter PassiveSTSSampleApp in the Service Provider Name text box and click Register.
- Go to Inbound Authentication Configuration > WS-Federation (Passive) Configuration.
- Now set the configuration as follows:
Passive STS Realm: :PassiveSTSSampleApp
- Now set the configuration as follows:
Passive STS Realm: :PassiveSTSSampleApp
- Go to Local and Outbound Authentication Configuration.
- Select the Identity Provider you created form the drop down under Federated Authentication.
- Select the Federated Authenticator option button and select facebook. Click on Update button to save the changes.
Step 5 : Configuring claim mappings for Facebook.
- In the Identity Section in the Main tab, click on List button under Identity Providers.
- Click on the Edit button to edit the facebook identity provider.
- Go to Claim Configuration > Basic Claim Configuration
- Select Define Custom Claim Dialect option under Select Claim mapping Dialect
- Click on Add Claim Mapping to add custom claim mappings as follows.
- You can retrieve all the public information of the user and the email address. Here are some common attribute names.
- id
- email
- name
- first_name
- last_name
- link
- gender
- locale
- age_range
- More information is available from the following link.
https://developers.facebook.com/docs/facebook-login/permissions/v2.0
- id
- name
- first_name
- last_name
- link
- gender
- locale
- age_range
- You can map these attributes to any Local Claim URI which you feels suitable.
Step 6 : Configuring requested claims for PassiveSTSSampleApp
- In the Identity Section in the Main tab, click on List button undeNOwr Service Providers.
- Click on the Edit button to edit the PassiveSTSSampleApp service provider.
- Go to Claim Configuration
- Click on Add Claim URI under Requested Claims to add the requested claims as follows. Here you should add the claims you mapped in the Identity Provider claim configuration.
- Select a suitable claim for the Subject Claim URI. (Please not that email address cannot use without allowing using email addresses as user names in carbon.xml. To allow using email address as usernames uncomment <!--EnableEmailUserName>true</EnableEmailUserName--> in carbon.xml file inside wso2is-5.0.0/repository/conf)
Step 7 : Login to PassiveSTSSampleApp using Facebook credentials.
- Go to the following URL.
http://localhost:8080/PassiveSTSSampleApp
- Now you will be redirected to Facebook Login page. Enter your Facebook credentials and you will be taken to the following page.
