Integrating with Whydah

Quick set-up (Using Docker on development machine)

Install docker
Start Whydah, ready for Integration
Add your application to the Whydah componnets (in Whydah 2.0: add it in securitytykenservice.TEST_LOCALHOST.properties)

Client code example

Whydah Integration Tutorials

(Example using Apache HTTP Components Fluent API and jOOX Fluent API)

1. Getting started - SecurityTokenService and parsing of UserToken

SecurityTokenService is created to give the application an ApplicationToken and a UserToken.
The UserToken will contain the roles granted for the given user in the app.
It is where to start when you want to integrate your app.

Prerequisties:
Development environment Win or Linux with Java installed.

Download SecurityTokenService.jar Download
Download propertyfile here to same location
In command prompt, run java -DIAM_MODE=DEV -DIAM_CONFIG=securitytokenservice.DEV.properties -jar SecurityTokenService.jar
Point a browser at http://localhost:9998/tokenservice/
Test the operations in the GUI (test API driver)

NOTE:
In DEV mode, you can create and adjust test-data/users/usertokens by creating files in the same directory with naming convension t_<my_test_username>.token ( See Example)

Some tips on parsing the UserToken to check roles

Xpath examples (Hint: experiment here)

Typical datastructures:
ApplicationCredential, ApplicationToken, UserCredential, UserToken

Integration examples

We have provided a few integration examples for a set of different programming languages.
See links below.

Java web-app example https://github.com/altran/Whydah-TestWebApp
Spring Security example https://github.com/altran/Whydah-TestWebApp/tree/master/ImplementationExamples/spring-security
Django example https://github.com/altran/Whydah-TestWebApp/tree/master/ImplementationExamples/Django
JavaScript example https://github.com/altran/Whydah-TestWebApp/tree/master/ImplementationExamples/Javascript
SharePoint 2013 (.NET) example https://github.com/altran/Whydah-TestWebApp/tree/master/ImplementationExamples/SharePoint

Full Size

2. Expand with a login GUI - Introduce SSOLoginWebApplication

SSOLoginWebApplication is created to present a basic configurable login GUI, reset password GUI and user registration.

Download SSOLoginwebApp.jar Download
Download propertyfile here to same location.
Adjust properties and insert reference to a proper logo for your app/company.
In command prompt, run java -DIAM_MODE=TEST -DIAM_CONFIG=ssologinwebapp.TEST.properties -jar SSOLoginwebApp.jar
Point your browser to see the login GUI: http://localhost:9997/sso/
Configure your application to redirct to http://localhost:9997/sso/ if no valid UserToken is presented.
- PS: Make this a configurable property in your app, since you might want to change it in PROD-environment

Gliffy Macro Error

Cannot find a diagram with these parameters:
name: AuthSequenceStandAlone-WithLoginWebApp
version: 1

3. Store users and roles - Introduce UserIdentityBackend

UserIdentityBackend is created to store user identities, store user roles and integrate with 3rd party IDP's.
It may run locally in DEV mode with embedded LDAP for user storage and HSSQL db for role storage.
It should be set up to provide default roles to users from different 3rd party identities.

Download UserIdentityBackend.jar Download
Download propertyfile here to same location.
Adjust properties if needed.
1. If you want to import test users, create a folder called testdata, download these files and adjust them if needed. Set import.enabled=true

In command prompt, run java -DIAM_MODE=DEV -DIAM_CONFIG=useridentitybackend.DEV.properties -jar UserIdentityBacnend.jar
If you have SecurityTokenService running from point 1. above, you need to change it's mode from DEV to TEST for it to talk with UIB:
1. Stop it by pressing CTRL+C in the command line window
2. Copy securitytokenservice.DEV.properties to securitytokenservice.TEST.properties (Or download securitytokenservice.TEST.properties)
3. Adjust TEST properties to point at the newly installed UIB om http://localhost:9995/uib/
4. Start by running java -DIAM_MODE=TEST -DIAM_CONFIG=securitytokenservice.TEST.properties -jar SecurityTokenService.jar

Full Size

4. User administration for administrators - Introduce UserAdminWebApp

You might want to have a look at the registered users and change them.
For that you might want to run UserAdminWebApp - UAWA.
Whydah 2.1+ introduces administration of collaborating applications

5. User administration self service - Introduce UserAdminService

You might want to include some simple self service features in your application, like adding roles to certain users or self registration.
UserAdminService is created to allow for exactly that.
It is however still in an early release.

Whydah development Express-route for linux and osx/mac

Pre-requisites: JDK 8, maven 3 and wget installed

run bootstrapAndRunWhydah.sh (wget https://raw.githubusercontent.com/Cantara/Whydah/master/dev-quickstart/bootstrapAndRunWhydah.sh) which will do the following
1. clone all main Whydah repositories
2. build all modules on local machine
3. start all built modules in a TEST_LOCALHOST configuration
verify that it is working before starting to code (http://localhost:9997/sso/welcome u:useradmin pw:useradmin567)