Custom PasswordCallback OSGI Bundle For WSO2 Identity Server
The WSO2 identity server has already implemented a password-callback OSGI bundle. It supports obtaining a SMAL assertion (token) by providing username and password of the user. But sometimes, some applications need a different method to obtain SMAL token. As an example, a application needs to obtaining SMAL token by providing user id and password, or email and password. In such cases we cannot use the normal method. Therefore we need to write a custom OSGI bundle to achieve our requirements.
This is a custom OSGI bundle example for obtaining SMAL assertion by user email and password.
You can clone or download source code from github.
In this case I’m not going to explain OSGI bundle behavior.
Let’s start to implement and deploy a custom OSGI bundle step by step..
Step 1
First we need to enable a component as a service component using the @Component annotation.
This component will activate all required services.
Step 2
Then we need to implement a method inside the service component class binding required services using @Reference annotation. According to this example we need “RealmService” from “org.wso2.carbon.user.core.service”.
If we need other services like this we can add them also using this way.
Step 3
Now we can implement our custom methods/variables in another class(Callback Handler Class). And also that class needs to implement the CallbackHandler class. Here we can call services, which are bounded by the service component.
Note: we no need to create or initialize objects of this callback handler class inside the service class.
Now .. almost everything is done in our implementation part.
Part 3
Now we need to configure the wso2 is-server by defining new rules to disable the default Password Callback Handler and to enable the new handler class. In this example, we are implementing a custom password callback component for wso2 identity security token service (STS). Therefore we need to configure the STS policies in wso2 server.
Let’s do it…
Start the wso2-is- server and then login to the management console by providing admin credentials.
Then brows to Home> Registry> Browse
Then enter “/_system/config/repository/axis2/service-groups/org.wso2.carbon.sts-5.5.1/services/wso2carbon-sts/policies” and press “go” to find the UTOverTransport file.
UTOverTransport file is the configuration file of wso2 identity STS.
Now you can download this file to modify it(Action>download). Then you can open this file using a text editor and need to add the below line under the “rampart:RampartConfig” tag.
<rampart:passwordCallbackClass>org.wso2.carbon.custom.user.passwordCallback.PasswordCallbackHandler</rampart:passwordCallbackClass>
Here “org.wso2.carbon.custom.user.passwordCallback.PasswordCallbackHandler” is the full package path to my custom PasswordCallbackHandler class.
Note: please change it according to your class package path
Finally, upload the modified file to the server by clicking “Add Resource”. (before upload new file, please delete the previous one from the server)
Step 4
Now we are on the final stage..
We need to add the new bundle to the server. For that need to build the project and generate the jar file.
Then copy the jar file into the dropins folder. (<SERVER_HOME>/repository/components/dropins).
Finally restart the server, It will activate the new PasswordCallback.
And also, if you need to check weather it works or not, please build and run this (https://github.com/wso2/samples-is/tree/master/sts) project and send email as the username.