 So the first one would be open source WSO2 identity server as a source with Drupal by Iwantha and Take it away month. Hello everyone. I Welcome everybody for my session open source WSO2 identity services of Drupal 8 So there are a few familiar faces and hi to everyone So this is the first time I am presenting in this display Meetup. So before that I presented a similar topic in last year Drupal South Hobart event. It was about The SSO with Drupal 8 I discussed about how to set up SSO environment using simple seminal and basic Drupal standards So before starting today event today session, I will give Introduction about myself I am Iwantha, Iwantha Lakamya. I'm based in Colombo Sri Lanka So I'm working as associate technical lead at WSO2 So this is my seventh year working as Drupal developer and currently I'm doing some Drupal researchers and Drupal open source implementation with other platforms. So I Decided to link Drupal 8 with WSO2 identity server and create a some SSO environment So it worked fine. So I decided to present it in some it in Some of our Drupal meetups or Drupal conferences and explain and Prove that we can do such implementations and we can easily set up SSO environments So before I start in the session, I will Give a brief introduction about what is WSO2 identity server identity server Basically, WSO2 identity server help organizations to build IAM and CIM Solutions to their customers the IAM means identity and identity management and CIM means customer identity management So this WSO2 identity server providing and they are facilitating to Set it up. This is IAM CIM environment to Your customers. So I will run a small video introduction video then you can get an idea What is WSO2 identity server and what are the capabilities how it works how to connect with that and all the details Let's watch in this Identity and access management typically solve user access to applications based on their roles and attributes With privacy regulations like GDPR and CCPA and the rise of e-commerce platforms Businesses are turning towards enhancing customer experiences. Here's where customer IAM comes in Where IAM meets identity data to give customers better digital experiences leading to business growth Building CIM solutions or working with CIM tools has always been the developer's task Focus on storing identity data managing or federating them Therefore customer IAM solutions need to adhere to open standards Be scalable Be API driven Be extensible Help your enterprise become agile Introducing WSO2 identity server. It's an API driven cloud native IAM provider from customer IAM It provides a highly extensible platform to federate authenticate and manage identities across both enterprise and cloud environments Unlike others WSO2 identity server is fully open source keeping you free from vendor lock-in Its enterprise-grade pedigree offers advanced capabilities for customer IAM Fortune 500 companies also use it for its ability to handle large-scale distributed deployments and rich connector ecosystem And most importantly it helps you save money and time What's best is it's an integral piece of the open source WSO2 integration agile platform Helping you with your most challenging API and integration projects You can easily try the WSO2 identity server today. Just download and install Uh, so I think you enjoyed that video and get some basic idea about what is WSO2 and what they are doing Uh, so this is uh This is some award we got about a few time a few times. So just like two weeks one month ago So you all know that this is for ester for ester Recognize WSO2 as a W as a strong performer in identity and access management sector. This is uh uh very strong award we got uh about About two three weeks ago Uh, so these are the product capabilities, but I am not uh going to discuss about all these product capabilities. Basically, I am Discussing about here only about the SS source So apart from that, uh, based on your comment, you can uh, we are having some productive capabilities, right? Identity every gene. I know especially API security and also restful APIs for integration like things. So uh in moving forward Uh, so when I discuss about uh single sign on an identity federation the 90 percent of WSO2 identity servers customers are based on uh, this SSO single sign on and also WSO2 identity server support for my multiple heterogeneous SSO standard like SAML, OIDC, WS Federation, CS like that. So I am discussing here about uh, SAML 99 later Slides, I will explain how SAML works. What is SAML and etc So apart from that out of the box integrations, uh, the WS variety server have some integrations with SAS vendors like Salesforce, Google Labs, AWS like as a like services Also, uh, moving forward with out of the box integration. So there are there are some integrations Facebook, Google, Yahoo and uh windows live Twitter, LinkedIn like things. Now we are having some integration with Drupal as well So, uh, if you want to download the product So what you want to do is you want to go to WSO2.com and go to double identity and access management Uh, basically in next slide, so I'll explain, uh, so how to download the product and what are the What are the download options we are? What are download options are available? And so These are the download options currently available. So if you are going to WSO2.com website And uh, you can go to identity and access management Then you can see all the download options are Options which are available. So if you are familiar with AWS, then you are you are having AWS cloud formation apart from that, if you are familiar with Kubernetes, Docker and Ansible puppet like things there are some download of download options For those platforms as well. So if you are a Mac user, if you are a Windows user, Ubuntu Whatever we are having This is Installers for that apart from that if you are very tech heavy, then you can download the C Park IE And you can set it up The WSO2 I didn't so in your local machine So if you would like to contribute then a community link is there you can You can access it and you can access it and you can do the contributions So moving forward So I will start this SSO session You know that in digitally driven world the connecting systems are must for an organization So if you are working for an organization or if you hand if you are operating an organization You know that you you have different kind of systems platforms like HR system payroll systems and the company website Stock management system customer borders. So sometimes you or your employees want to give Access to all these sites and systems. So in that kind of situation employee what needs to do is employee needs to register these each site and system separately, but what we are Recommending recommend it here is creating some SSO environment. So registering to each system and site. It's not easy It's not practical. Sometimes if you are adding more sites and systems then users to register and look into those systems separately and I think you know that it's not practical So in this if you have SSO environment, then your users will have one Single set of user credentials and they can use the single set of user credentials to access all the sites and systems in that SSO environment That's why SSO is very important to set it up in your organizations So in the moving forward, so this is what I told So creating the single sign on environment. It's very beneficial and users can easily Look into systems users can easily register to systems and the organization and infrastructure team can easily manage the users and user roles in this User roles in the organization so What is SSO So SSO is single authentication mechanism that permits users to use one set of user credentials to access multiple systems So as I explained before so in SSO environment Single user can have single set of user credentials one set of user credentials Then user can use that single set of user credentials to access all the sites and system in the same environment So moving forward I will get some Simple example and I will explain what is SSO how SSO is worth. So you know that Uh in in corporate environment in the organization We have some some sites and systems which is interconnected Uh, which is interconnected in the SSO environment. So let's say some Employees some user in the environment want to access some stock management system in the environment then what? uh What user employee needs to do is employee needs to connect to connect to this SSO environment and need to get Authenticated from there then user can easily access the stock management system So after that user needs to let's say user needs to access the HR website Then user doesn't want to log into that uh log into HR system again Then user has already Login to SSO environment user has already connected to the SSO environment then user can easily access the HR system as well likewise user can access all the sites and systems in the environment They say so environment once look once user log into one system So the base the best known example is uh google google having some services like youtube Gmail and google drive google calendar. So there are different kind of services So once you look into one service, then you don't want to access many You don't want to look into other services in the environment. So basically Once you look into uh gmail, then you can easily access uh youtube and you can uh, you can create calendar calendar invites and you can Upload your documents to google drive. So this is a good example for Simple SSO environment. So in this example, you can see there are three entities There are three websites are interconnected in a single sign on environment. So user is there So if you if the user won't be access one of these Uh, one of these websites user need to connect to SSO Environment and user need to get authenticated from there Then user can easily access all the sites and systems in this environment So, uh, you may think why why you need this SSO? So there are some benefits from user perspective and as well as in The organization perspective So if you are talking about user perspective, so the user can have uh, say you can user can use same User credentials to access multiple sites and the systems in the environment Also, as I explained the automatic login It's just like once you look into one system one site. It will automatically Look into other sites and systems in the in the environment So likewise in the slo single logout system Once you look out from one system it will automatically look out from all the Sites and the systems in the same environment. This is very beneficial from the user perspective user doesn't want to keep uh Too many user credentials with the with them So user can easily access one system and user can easily log into one system and access all the systems Likewise user can easily log out from the all the systems in the single sign on environment Organization wise so basically the cost it's very cost effective So, uh, it's basically just like a centralized systems all the users and users also Is stored in this centralized system the security wise the organization want to Secure this centralized system only so infrastructure cost is Very low and likewise the infrastructure team is can easily manage the users and the user roles Let's say some user in the organization has changed the team as a let's say some user has worked for a Sales team and now user is working for a HR team then user then then uh, that user needs to get the Access to HR portal infrastructure team where it can easily provide the easily Easily get the permission to that user via the centralized system. It's very beneficial in the organization wise Also, the operational cost as I explained so cost is very low So user the organization doesn't want to maintain many sites and systems Maintains mean to secure many sites and systems And also in the migration wise and also configurations wise. It's very easy. Let's say you want to Uh migrate uh from one environment to another environment the users and the user all signed the separate and separate entities, so it's you use again In in your case you can easily migrate your system and site because the users and user all signed the Different environment and also let's say you want to connect a new system uh, like let's say Stock management system you want to connect it Single sign on environment then what you want to do is you want you want just do the single sign single Sign-on configurations only then users and user also already configured then easily the users employees in the organization can Use the newly connected system Also the sso standards There are a few is sso standards Which I have connected with the ws o to identity server. So samar 2.0 ws o to federation ws federation and oidc So I am uh discussing only here about uh samar 2.0 So some of may you uh familiar about What is samar and how samar works, but I will explain uh, so definition of samar and how it works So samar is a xml based marker planet. It is using for exchange in otaka authentication and authorization Uh information between the identity provider and the service provider. So there are new terms I have mentioned here those are samar and also identity provider also service provider So I I will take a small example And I will explain how samar works and what is identity provider and what is service provider So this is this is the definition of identity provider and also service provider In this example, I will explain The them on more detail So there are three entities are interconnected here The user is there. Let's say the user is the employee of the organization and identity provider and also service provider So identity provider, uh, will maintain Will contains of all the users user roles and the authentication system of the organization and service provider Will consist of all the services of the organization. Let's say now user want to access the Some system in the organization then user want to Wants to send us some samar request to id idp via service provider So once idp get a request from service provider Then idp is checking whether this request is coming This request is getting via non-source or non-service provider If a request is getting via non-source non-service provider, then what idp is doing idp Authenticate that request sometimes idp need to connect it to uh internal database or in a depth then Whatever data source then getting uh, then the then authentication user authentication thing happened after that idp create a samar response and sending sending back that samar response to service provider. So what service provider doing? What service provider is doing service provider consume that samar response and creating relevant Creating relevant user sessions to access the sites and uh systems in the environment So there are seven main steps involved in this samar request and response process So first in the first request uh user need to look into application then user is sending a Samar samar request Uh, basically service provider sending the samar request to idp provider They it has a htp request then idn't provide a getting then Getting that htp request and checking whether that identity That htp request samar request getting from a non-source if it is from a non-source then Authentication process is happening and creating a samar response and idp sending back that id Samar response to service provider. That's what I mentioned in the point five in point six service provider Decode or consume that samar response and create relevant uh sessions group sessions uh and authenticate and allow users to access the resource Allow users to access the sites and the systems in the environment. There are seven steps are involved here So now what I'm going to do is I am going to do some small practical practical session. So before that, I will explain what are the requirements? We need a simple samar php library. You can download this simple samar php library And also you need to have some root to Drupal instances and also simple samar php or Drupal module So you can download this as well so I explain so you can download WSO to identity server from here. So after downloading the WSO to identity server, you can uh start WSO to identity server. So I have already started you can uh You can uh First it in locally and you can go to bin folder first of all you need to go to WSO to identity. I just find I'm zero then you can see the bin folder then there is a WSO to uh SH file SH server file. So what you need to do is You need to restart it. So it will take some Not some just like a small time just like 40 seconds to one minute. So I have already Uh, I already started my server This is my server This is the server. So you can use uh these user credentials Use the name admin and the password and password also admin access this So after that I I have written a article so how to set it up WSO to SSO environment for Drupal 8 using WSO to identity server So I have explained step by step in here easily So what you need to do is you need to follow up This article step by step. It's in my medium Medium.com at Ivanka. Then you can see all the articles which are Which is written by me So let's go step by step. First of all You need to log into WSO to iron server and we have already looked in it. Then you need to go to Service provider step So service provider tab and you need to pay add any new service provider let's say you need to add W Need to add some service provider and you can register Then what you want to do is Uh, you if you want to add some uh The description you can add a description and if you want to make it as a source Application make it as a You you want to make it as a source application. Click on that then go to claim configurations And you need to add a claim url for that, uh Yeah, you need to add a claim claim your claim url india then for that, uh You need to add two claim urls this claim url information is here One is for the mail The other one is for the first name after that You can create a Create simple thermal php service. Uh, you want to create a simple thermal php service provider So for that you need to have Some droopalate identity provider And also droopalates service provider For that I have already set up two droopal instances here So what you need to do is you want to go to Service provider section This is my service provider and you want to Go to vendor section and you want to Go to simple semi Uh, you want to Yeah What's that simple thermal php library in here? So after that, uh, you want to create a sim link for that you can go to Uh Can go to here and you can go to vendor and you can You can see the simple thermal php library in there first for after for creating sim link You can run this command You need to Run this command. You have to go back Those steps and you want to create a sim this command in here after creating Is After running this command, you can see you can see a sim link. You can see a folder in here Simple thermal with the all of the information what we want Then what you want to do is we have some ht access Uh, few rules you want to copy this ht ht access rules then you want to Go to ht access file and you want to waste your ht access in uh rules here Then you want to Change you want to some configuration changes in the idp site So what you want to do is You want to go to config and configure php vendor simple thermal php config In config.php So there are a few steps few things to uh change Especially the store type you want to change because uh, I am connecting this uh This sso environment with the database if you want to connect it Connected to a LDAP you can do the LDAP configurations here And if you want to connect it to some mongo db or any other data source you can Do that configuration in here. So a store type is sql and I can I am Setting up host as local host and also my db name also username and password of my local database so after that If you want to change the oath admin password, so you can change the oath admin password also So oath admin password, so I have changed it as well So after setting up everything so you want to uh, give some path to uh, especially uh, simple Not a simple. Uh, you want to give the path to idp provider for that at this Uh line to end of the configuration file so Now you have set up Uh the id idp, uh, sorry the service service provider And after that you know to go to oath resources php file Config oath resources php file And you want to add this You want to comment this And you want to add new configuration information This is mainly for This is mainly for connecting your Uh local host With the wso to identity server After setting up this You want to exchange as the meta information between your local local instance and Your Your wso to identity server Uh Yeah, so you want to share Uh your idp information Your local idp information with the wso to id server and also wso to id server Uh Meta informations with the local instance for that I have already provided this information in here what you want to do is Copy idp meta data to meta meta data summer 20 idp remote php files of the service provider So what you want to go to is Go to meta data section then meta summer 20 idp remote php And copy File in there. This is the meta data of Your wso to identity server and also you want to get Uh Your local droopal instance meta data To wso to id to the identity provider for that what you want to do is Access Your local file And simple summer and configure it's there so Yeah, this is a file So what do you want to quit this you want to take? Uh this code and you want to Add it to your identity provider Then after setting up both after exchanging this meta information Now what you want to do is you want to You you want to set up simple summer php or whatever for that what you want to do is go to update country php simple summer oath section on your local And you want to do some configurations to your local simple summer php oath module for that I have Explained what we need to change basically uh You want to add the default Source name it has a default sp and also So I you you may see that in some sso environment sometimes you want to click Some external external button to redirect to It says so environment for that there is there should be a name for that Button so I have used the name of the button as federated login so you can You can use whatever you want and after that You want to change the user infant syncing Uh user infant syncing section So you want to use the mail And also if name because we have used mail and if name here as claim url's mail and if name as claim url's And uh synchronize Uh user name on every login you want to make it as tick tick, but it's not mandatory and uh Yeah, then you need to save it and the local authentication uh, so sometimes uh in this sometimes we are We are not using the super admin uh for the sso login for in that kind of situation you can uh, you cannot allow super admin so you can Add the super admin or the users you want to distill out from the sso you Uh sso environment so I have at the super admin if you have more use ideas you can add more use ideas By comma separating in here So after everything so now Now you have set up sso environment and you can see You can see a screen just similar to this when you go to Lockout and once you click on this you can see a federated login Once you click on the federated login you will automatically redirect to WSO to identity server and you you will be get authenticated from there So basically I think uh I got just like 30 minutes time. I I know that I can uh explain every step in this uh document and it's very long And there is some difficult configurations. That's why uh, I Uh, that's why I uh written this article then you can easily use this article later and uh, you can Set up you can you can set up your sso environment and also there is some youtube YouTube video you can go for that youtube video as well So going forward these are the resources which you need for setting up wso to sso environment Uh, basically, you know, you want to uh, you want to download uh, simple symbol php library And also simple symbol php auth Uh, Drupal module and you can download the identity server using this identity and access management uh, the The page by accessing that page and the finally the my medium article I have explained each And every uh each and every step in there, uh, I think you can take just like two three hours and you can Set up your sso environment in very peacefully so finally, uh My medium block medium dot com at event if you want to get uh, some Drupal update or su update or whatever you can sub you can uh, subscribe to my medium Medium block and also if you want to uh, if you have any questions, uh, you can uh, send me a LinkedIn via LinkedIn or you can Make me via twitter So if you have any question which related to wso to iRinser, what you want to do is you want to connect with wso to This is uh, wso this way open source Uh, this wso iRinser is a open source product. So you can download and uh, you can use it if you have any questions You can connect. Uh, you can fill out contact us for oils Uh, please send me an email event at wso dot com. I'll help you on how to set up sso environment So thanks for connecting with me. So this is uh, this is uh I think hope you are happy with this. Sorry. I think some instruction happened in between my My setup, uh, so I can get that because of that reason. I'll show you what's it. Uh, that's the output. How output it works Uh, so if you have any questions, let's just uh connect. Just ask them now