WSO2 Identity Server-UAEPass Federated Authenticator

This a federated authenticator for WSO2 Identity Server which can be used in UAE Pass IdP. The entire federated authentication process can be denoted as just using 03 steps as follows.

1. Client app talks to IS1 SP
2. IS1 SP talks to IS1 IDP
3. IS1 IDP talks to IS2 SP

Bellow sequence diagram will eloborate how the request flow is going to happen with above created cutom federated authenticator. Any one can test this flow using browser's inspect to attached HAR file here

How to contribute

1. Fork the repo on GitHub.

2. Clone the project to your own machine.

   git clone https://github.com/<YOUR_USERNAME>/wso2-IS-UAEPass-authenticator.git

3. Create a branch using the git checkout command.

   git checkout -b <your-new-branch-name>`

4. Stage your changes and commit with a meaningful commit message.

   git add .
   git commit -m "<initial commit>"

5. Push your work back up to your fork.

   git push origin <add-your-branch-name>

How to run the project

1. Open the project using InteliJ IDE.
2. Browse to the InteliJ terminal.
3. Run the command as follows. Then maven dependecies will automatically installed.

   mvn install

4. Browse into <PROJECT HOME>/target.
5. You may abel to sea the created JAR file as org.wso2.carbon.identity.uae.pass.federated.authenticator-<VERSION>

Explanation of the Code

Refer the UAEPassFederatedAuthenticatorServiceComponent class as well since the authenticator is written as OSGI service to deploy in the WSO2 Identity Server and register it as UAEPass Federated Authenticator.

The UAEPassAuthenticator should be written by extending the AbstractApplicationAuthenticator class and implementing the FederatedApplicationAuthenticator interface.

Methods:

Specifies whether this authenticator can handle the authentication response.

String getFriendlyName()

This is the name which is going to appear as the display name of the custom federated authenticator. It will appear as UAEPass Federated Authenticator Configuration in WSO2 IS, Identity Providers → Local and Outbound Authenticators → Federated Authentication → Custom Federated Authenticators.

String getName()

This name is going to appear as an unique identifier of the component. Once you spin up WSO2 IS, then open inspect elements. Now navigate to the federated authenticator’s custom user input fields. Then you may be able to see how the name and id of those input fields are listed as. Always starting as UAEPassFederatedAuthenticator.

String getClaimDialectURI()

As usually it shows the claim dialect. Also can be configured as a custom user input field.

List Property getConfigurationProperties()

List down all the custom user input fields of the federated authenticator. Those user inputs hold the values as key value pairs. Therefore having a HashMap is a must especially in this case. But within this method it is not going to take those values that the user already input. Just take the constant values which were set.

void initiateAuthenticationRequest(HttpServletRequest request, HttpServletResponse response, AuthenticationContext context)

Redirects the user to the login page in order to authenticate. In this UAE Pass Authenticator plugin, the user is redirected to the login page of the application which is configured in the UAEPass side which acts as the external Identity Provider. Within this method, it's going to fetch out the exact data inserted in above user input fields in UAEPass Federated Authenticator.

Once those user input fields are fetched, using Java builder design pattern the authorization request is going to be created. authzRequest.

Once an authorization request is created, it will be sent to the login screen while embedding a sessionDataKey. Here still no authorization code is created.