Wednesday, May 29, 2013

Configuring SSO session timeout in WSO2 Identity Server 4.5.0

One of the key features in WSO2 Identity Server  is SAML2 based single sign on (SSO) feature. The default time period for a SSO session is 10 hours in the Identity Server versions so far and this default SSO Session Expire time value can not be changed according to the user needs. But from WSO2 IS 4.5.0 onwards the SSO session timeout can be configured at the server start time.

This configuration lies on <IS_HOME>/repository/conf/identity.xml file under the SSOService element. Add the following entry under that in order to explicitly add the SSO timeout.

<SessionTimeout>120</SessionTimeout>  // Add the expecting timeout value in seconds here.

Save the configuration and restart the server. Now the SSO session will be timed out as the newly configured value and a user may need to re-authenticate once he logs back after this timeout. It is not a must to have this entry in 'identity.xml' and if a timeout is not configured, the SSO session will use the '10 hours (36000s)' default time out value.

After configuring the SSO Session Expire time you can use this article in order to setup Single Sign On with WSO2 Identity Server.

Adding a new function into WSO2 MB FE using JavaToWsdl approach - My notes

In most of the WSO2 products JavaToWsdl approach is used in adding new functionality. In here we first add the necessary new methods into the relevant service class in /platform/components and then generates the service wsdl for that. After that the service wsdl is added into the corresponding wsdl file in the /platform/service-stubs this stub is used in the front end UI components, in order to call the new method.

As an example let's add a new method to obtain the currently logged in user's name from the UI components.

WSO2 Message Broker's source code is mainly written in the /platform/components/andes component. The admin functionalities are coded in 'org.wso2.carbon.andes.admin' sub component under the class.

First add the new method into the java class.

public String getCurrentUser(){

        // ADD METHOD BODY HERE       
        return userName.trim();

Due to authentication requirements in the WSO2 MB, you need to add the following entry into the relevant 'services.xml' file in the 'Resouces' package in the component.

<operation name="getCurrentUser">
     <parameter name="AuthorizationAction" locked="true">/permission/admin/configure</parameter>

Now save the two files. Once we build the 'org.wso2.carbon.andes.admin' component back these changes will be available in the back end. But to use them in front end we need to edit the corresponding service wsdl file in the /platform/service-stubs.

For this goto <MB_HOME/Repository/conf/carbon.xml>  file. Find the <HideAdminServiceWSDLs> entry. This is set 'true' by default, as we don't want to expose admin service details, but now we need to see the service wsdl file to see the new functions we added there. Hence make this into 'false'.

<!-- If this parameter is set, the ?wsdl on an admin service will not give the admin service wsdl.--><HideAdminServiceWSDLs>false</HideAdminServiceWSDLs>

Build 'org.wso2.carbon.andes.admin' component using maven and replace org.wso2.carbon.andes.admin_4.1.2.jar file in the <MB_HOME/Repository/Components/Plugins> directory, with this newly built jar file found in /target folder.
(Note: Remember to rename the jar file according to notation)

Start the MB server back and goto ,

You will see the AndesAdminService wsdl file with the newly added changes. Now let's add these to the service-stub to be used in Front End.

The corresponding service-stub for 'org.wso2.carbon.andes.admin' component is, /platform/service-stubs/org.wso2.carbon.andes.stub/4.1.0

In here you will find the /resources/AndesAdminService.wsdl file. Copy the new changes from the wsdl file that is viewed in the browser, into this wsdl file. Some of the changes would be like,

<wsdl:message name="getCurrentUserRequest"><wsdl:part name="parameters" element="ns:getCurrentUser"/></wsdl:message>
<wsdl:message name="getCurrentUserResponse"><wsdl:part name="parameters" element="ns:getCurrentUserResponse"/></wsdl:message>   and more ....

After adding all the changes build the service-stub back using maven. Replace org.wso2.carbon.andes.stub_4.1.0.jar file in the <MB_HOME/Repository/Components/Plugins> directory, with this newly built jar file found in /target folder.

Now you can call this stub class from andes ui components and use the newly added 'getCurrentUser()' method as given below. The same procedure is to be followed whenever we add new functions into the code base.

AndesAdminServiceStub stub = UIUtils.getAndesAdminServiceStub(config, session, request);
String username = stub.getCurrentUser();

Providing Queue browing, message sending and purging features in WSO2 MB 2.1.0

WSO2 MB is a Message Broker which enables applications to exchange communications asynchronously or publish messages for timely access by many subscribers. For the past versions of WSO2 MB there was no support for sending sample messages from the admin console or viewing the messages in a queue. hence in WSO2 MB 2.1.0 onwards, we have added this functionality into the broker.

Therefore it is now possible to,
  1.  Send sample text messages to a queue in WSO2 MB
  2.  Browse the content in a queue using MB admin console
  3.  Purge a queue via admin console and make it empty in WSO2 MB as of the expectation of many users.

The following are some of the snapshots from the new view of the MB admin console.  The 2.1.0 version is not yet released for public but will be releasing by end of this month.

1. New view of the 'Queue Menu'

2. New Queue Browser in WSO2 MB

3. New Message Sending UI in MB

4. New Queue purging option in MB

More details on the new features can be found in MB 2.1.0 documentation once it is released.