Skip to content

Latest commit

 

History

History
 
 

apim-is-as-keymanager-sso

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
 
 
 
 

API Manager - IS as Key Manager - SSO setup

This docker setup demonstrate the Single Sign On integration between API Manager Publisher and Store applications. Identity Server is configured as the Key Manager.

Versions

How to run

  1. Install docker into your setup environment.
  2. Clone this Git repository. If you need to download only this demo scenario follow this blog.
  3. Depending on the demo verison you choose to run, download the desired wso2am-x.x.x.zip and wso2is-km-x.x.x.zip WUM updated zip files.
  4. Copy the wso2am-x.x.x.zip file into presales-demos/apim-is-as-keymanager-sso/vX.X.X/apim-sso-setup/ location.
  5. Copy the wso2is-km-x.x.x.zip file into presales-demos/apim-is-as-keymanager-sso/vX.X.X/apim-sso-setup location.
  6. Go to presales-demos/apim-is-as-keymanager-sso/vX.X.X/ location and run the following commands.
    ## Below command will build and run the full setup.
    docker-compose build
    docker-compose up
    Optional
    If you need to start the services as background processes execute the following command.
    docker-compose up -d
    If you need to build the images individually you can execute the commands in-order as following.
    docker-compose build mysql-service
    docker-compose build apim-sso-service
    To run the services individually you can execute the commands in-order as following.
    docker-compose up mysql-service
    docker-compose up apim-sso-service
  7. To stop the services execute the following command.
    docker-compose down

Setup

Port offset IS Keymanager = 100 (9543) API Manager = 101 (9544)

Setup Diagram

Troubleshoot

When loading the APIM-store page (https://localhost:9543/store) for the first time, if you ran into below error add Assertion Consumer URL into SSO configurations.

```bash
TID: [-1234] [] [2018-01-23 09:42:35,713]  WARN {org.wso2.carbon.identity.sso.saml.servlet.SAMLSSOProviderServlet} -  ALERT: Invalid Assertion Consumer URL value 'https://172.19.0.3:9543/store/jagg/jaggery_acs.jag' in the AuthnRequest message from  the issuer : API_STORE in tenant domain : carbon.super. Possibly an attempt for a spoofing attack 
```

The above error happens because docker reallocate a new IP when the host machine restarts. Follow the below steps to update the configurations.

Adding the Assertion Consumer URL to SSO configs