[slideshare id=15708088&w=476&h=400&sc=no]
You can download sample C# project here
Wednesday, December 19, 2012
Invoke secured service(Sign and encrypt) from SoapUI 4.0.0
Here we are using the WSO2ESB 4.0.3 and SoapUI 4.0.0
First of all you have to start the ESB and secure the "echo" service as follows
1. Click on the "List" button under "Web Service" menu and Select the "Unsecured" button to Secure the service in front of "echo" service
2. Now select "yes" from drop down and selected the policy number "5" and click Next
3. Select the "Trusted key store" and "Private key store" click Finish
4. You can see the message "Security applied successfully"
Configuration part in ESB side is finished. What we have to do now is Invoke the secured service through the SoapUI
1. Open the SoapUI and go to "New SoapUI project" and give the service endpoint url with wsdl
ex/ endpoint url - http://localhost:8280/services/echo?wsdl
you can easily take the endpoint url by click on the service
Place the endpoint url with wsdl and create SoapUI project
2. Click on the created project and select "Show Project View"
3. go to "WS-Security Configurations"
4. Select "Keystores / Certificates"
5. Add new keystore - select the "wso2carbon.jks" that you select to secure the service (you can easily find this here ${ESB_HOME}/repository/resources/security)
6. Set Default Alias as "wso2carbon" and Alias Password as "wso2carbon"
7. Select tab "Incoming WS-Security Configuration"
Add new record name as "incoming-security"
Select Signature keystore as "wso2carbon.jks" and set password as "wso2carbon"
8. Select tab "Outgoing WS-Security Configuration"
Add new record name as "outgoing-security"
Set Alias name as "wso2carbon" and password as "wso2carbon"
9. Add new WS Entry "TimeStamp"
Set value as "300000"
9. Add another WS Entry "Signature"
Keystore : wso2carbon.jks
Alias : wso2carbon
Password : wso2carbon
Key Identifier type : Binary Security Token
Signature Algorithm : http://www.w3.org/2000/09/xmldsig#rsa-sha1
Signature Canonicalization : http://www.w3.org/2001/10/xml-exc-c14n#
Digest Algorithm : sha1
Use Single certificate : true
Parts - Add a new sign part for SOAP body. For that use the following values
ID - [keep it as blank]
Name - Body
Namespace - http://www.w3.org/2003/05/soap-envelope
Encode - Content
9. Add another WS Entry "Encryption"
Keystore : wso2carbon.jks
Alias : wso2carbon
Password : wso2carbon
Key Identifier type : Binary Security Token
Symmetric Encoding Algorithm : <Default>
Key Encryption Algorithm : <Default>
Encryption Canonicalization : <Default>
Create Encrypted Key : true
Parts - Add a new Encryption part
ID - [keep it as blank]
Name - Body
Namespace - http://www.w3.org/2003/05/soap-envelope
Encode - Content
10. Save the SoapUI project and select the one of function under soap12Binding and go to request
Select "Aut" and Set the "Outgoing WSS" and "Incoming WSS"
11. Invoke the service with the required parameters
First of all you have to start the ESB and secure the "echo" service as follows
1. Click on the "List" button under "Web Service" menu and Select the "Unsecured" button to Secure the service in front of "echo" service
2. Now select "yes" from drop down and selected the policy number "5" and click Next
3. Select the "Trusted key store" and "Private key store" click Finish
4. You can see the message "Security applied successfully"
Configuration part in ESB side is finished. What we have to do now is Invoke the secured service through the SoapUI
1. Open the SoapUI and go to "New SoapUI project" and give the service endpoint url with wsdl
ex/ endpoint url - http://localhost:8280/services/echo?wsdl
you can easily take the endpoint url by click on the service
Place the endpoint url with wsdl and create SoapUI project
2. Click on the created project and select "Show Project View"
3. go to "WS-Security Configurations"
4. Select "Keystores / Certificates"
5. Add new keystore - select the "wso2carbon.jks" that you select to secure the service (you can easily find this here ${ESB_HOME}/repository/resources/security)
6. Set Default Alias as "wso2carbon" and Alias Password as "wso2carbon"
7. Select tab "Incoming WS-Security Configuration"
Add new record name as "incoming-security"
Select Signature keystore as "wso2carbon.jks" and set password as "wso2carbon"
8. Select tab "Outgoing WS-Security Configuration"
Add new record name as "outgoing-security"
Set Alias name as "wso2carbon" and password as "wso2carbon"
9. Add new WS Entry "TimeStamp"
Set value as "300000"
9. Add another WS Entry "Signature"
Keystore : wso2carbon.jks
Alias : wso2carbon
Password : wso2carbon
Key Identifier type : Binary Security Token
Signature Algorithm : http://www.w3.org/2000/09/xmldsig#rsa-sha1
Signature Canonicalization : http://www.w3.org/2001/10/xml-exc-c14n#
Digest Algorithm : sha1
Use Single certificate : true
Parts - Add a new sign part for SOAP body. For that use the following values
ID - [keep it as blank]
Name - Body
Namespace - http://www.w3.org/2003/05/soap-envelope
Encode - Content
9. Add another WS Entry "Encryption"
Keystore : wso2carbon.jks
Alias : wso2carbon
Password : wso2carbon
Key Identifier type : Binary Security Token
Symmetric Encoding Algorithm : <Default>
Key Encryption Algorithm : <Default>
Encryption Canonicalization : <Default>
Create Encrypted Key : true
Parts - Add a new Encryption part
ID - [keep it as blank]
Name - Body
Namespace - http://www.w3.org/2003/05/soap-envelope
Encode - Content
10. Save the SoapUI project and select the one of function under soap12Binding and go to request
Select "Aut" and Set the "Outgoing WSS" and "Incoming WSS"
11. Invoke the service with the required parameters
Tuesday, December 18, 2012
How to do the Unit Testing in JAVA - Useful for Beginners
[slideshare id=15711782&w=476&h=400&sc=no]
Thursday, December 13, 2012
How to Invoke the "echo service" secured with Kerberos in WSO2 ESB
This is most useful sample to verify the echo service secured with "kerberos"
First you have to download the WSO2-ESB 4.5.0 and WSO2-IS 4.0.0
In this example IS(Identity Server) act as KDC(key distribution center) so first of all we have to configure the IS
Open the bellow mentioned files and do the required changes
1. $IS_HOME/repository/conf/embedded-ldap.xml
Download Sample embedded-ldap.xml here
under <KDCServer> and make the property "enable" = true as follows
<Property name="enabled">true</Property>
add this property under <KDCServer>
<Property name="preAuthenticationTimeStampEnabled">false</Property>
2. $IS_HOME/repository/conf/user-mgt.xml
Download Sample user-mgt.xml here
under <ApacheDSUserStoreManager>
<Property name="kdcEnabled">true</Property>
3. $IS_HOME/repository/conf/security/krb5.conf
Download Sample krb5.conf here
[libdefaults]
default_realm = WSO2.ORG
default_tkt_enctypes = des-cbc-md5 des-cbc-crc des3-cbc-sha1
default_tgs_enctypes = des-cbc-md5 des-cbc-crc des3-cbc-sha1
permitted_enctypes = des-cbc-md5 des-cbc-crc des3-cbc-sha1
allow_weak_crypto = true
[realms]
WSO2.ORG = {
kdc = 127.0.0.1:8000
}
[domain_realm]
.wso2.org = WSO2.ORG
wso2.org = WSO2.ORG
[login]
krb4_convert = true
krb4_get_tickets = false
4. $IS_HOME/repository/conf/security/jaas.conf
Download Sample jaas.conf here
Server {
com.sun.security.auth.module.Krb5LoginModule required
useKeyTab=false
storeKey=true
useTicketCache=false
isInitiator=false
principal="esb/localhost@WSO2.ORG";
};
Client {
com.sun.security.auth.module.Krb5LoginModule required
useTicketCache=false;
};
Now IS is configured successfully
Go to $IS_HOME/bin and run the wso2serever.sh
If IS configured properly, when your stating the IS you can see this log in command line
"[2012-12-13 14:40:32,426] INFO {org.apache.directory.server.kerberos.kdc.KdcServer} - Kerberos service started."
Now you have to create the Server principle that we mention in "jass.conf"
Login to IS buy using username - "admin" password -"admin" and go to configure->Service Principle and create It
Register the Server Principle
Service Name : esb/localhost
Description : Test
Password : dinuka
Re Password : dinuka
Next we have to create Client Principle that means "User"
Username : dinuka
Password : dinuka
User Role : admin
Lets move to configure the ESB
First go to $ESB_HOME/repository/conf/security/
and place the same krb5.conf and jaas.conf files in $IS_HOME/repository/conf/security/
Open $IS_HOME/repository/conf/carbon.xml and change the offset 0 to 1 and start the ESB
Download sample carbon.xml here
Go to ESB and secure the "echo" service with kerboros
Service Principle Name : esb/localhost
Service Principle Password : dinuka
We are done with the configuration now we have to invoke the echo service so you can download the Java Client from here
You have to set the project dependencies for above client so point the all jars in $ESB_HOME/repository/components/plugins
If you change username and password at the configuration time you have to make those changes on the above client also Go to policy.xml in the above client and change the following details according to your setting
<rampart:property name="client.principal.name">dinuka</rampart:property>
<!-- Authenticating user password -->
<rampart:property name="client.principal.password">dinuka</rampart:property>
<!-- To which service client needs to talk to -->
<rampart:property name="service.principal.name">esb/localhost@WSO2.ORG</rampart:property>
Finally change the ECHO_SERVICE_EPR relevant to the your ESB and run the KerberosClient.java
Results should be
Calling Echo service with parameter - Hello World
Response : <ns:echoStringResponse xmlns:ns="http://echo.services.core.carbon.wso2.org"><return>Hello World</return></ns:echoStringResponse>
First you have to download the WSO2-ESB 4.5.0 and WSO2-IS 4.0.0
In this example IS(Identity Server) act as KDC(key distribution center) so first of all we have to configure the IS
Open the bellow mentioned files and do the required changes
1. $IS_HOME/repository/conf/embedded-ldap.xml
Download Sample embedded-ldap.xml here
under <KDCServer> and make the property "enable" = true as follows
<Property name="enabled">true</Property>
add this property under <KDCServer>
<Property name="preAuthenticationTimeStampEnabled">false</Property>
2. $IS_HOME/repository/conf/user-mgt.xml
Download Sample user-mgt.xml here
under <ApacheDSUserStoreManager>
<Property name="kdcEnabled">true</Property>
3. $IS_HOME/repository/conf/security/krb5.conf
Download Sample krb5.conf here
[libdefaults]
default_realm = WSO2.ORG
default_tkt_enctypes = des-cbc-md5 des-cbc-crc des3-cbc-sha1
default_tgs_enctypes = des-cbc-md5 des-cbc-crc des3-cbc-sha1
permitted_enctypes = des-cbc-md5 des-cbc-crc des3-cbc-sha1
allow_weak_crypto = true
[realms]
WSO2.ORG = {
kdc = 127.0.0.1:8000
}
[domain_realm]
.wso2.org = WSO2.ORG
wso2.org = WSO2.ORG
[login]
krb4_convert = true
krb4_get_tickets = false
4. $IS_HOME/repository/conf/security/jaas.conf
Download Sample jaas.conf here
Server {
com.sun.security.auth.module.Krb5LoginModule required
useKeyTab=false
storeKey=true
useTicketCache=false
isInitiator=false
principal="esb/localhost@WSO2.ORG";
};
Client {
com.sun.security.auth.module.Krb5LoginModule required
useTicketCache=false;
};
Now IS is configured successfully
Go to $IS_HOME/bin and run the wso2serever.sh
If IS configured properly, when your stating the IS you can see this log in command line
"[2012-12-13 14:40:32,426] INFO {org.apache.directory.server.kerberos.kdc.KdcServer} - Kerberos service started."
Now you have to create the Server principle that we mention in "jass.conf"
Login to IS buy using username - "admin" password -"admin" and go to configure->Service Principle and create It
Register the Server Principle
Service Name : esb/localhost
Description : Test
Password : dinuka
Re Password : dinuka
Next we have to create Client Principle that means "User"
Username : dinuka
Password : dinuka
User Role : admin
Lets move to configure the ESB
First go to $ESB_HOME/repository/conf/security/
and place the same krb5.conf and jaas.conf files in $IS_HOME/repository/conf/security/
Open $IS_HOME/repository/conf/carbon.xml and change the offset 0 to 1 and start the ESB
Download sample carbon.xml here
Go to ESB and secure the "echo" service with kerboros
Service Principle Name : esb/localhost
Service Principle Password : dinuka
We are done with the configuration now we have to invoke the echo service so you can download the Java Client from here
You have to set the project dependencies for above client so point the all jars in $ESB_HOME/repository/components/plugins
If you change username and password at the configuration time you have to make those changes on the above client also Go to policy.xml in the above client and change the following details according to your setting
<rampart:property name="client.principal.name">dinuka</rampart:property>
<!-- Authenticating user password -->
<rampart:property name="client.principal.password">dinuka</rampart:property>
<!-- To which service client needs to talk to -->
<rampart:property name="service.principal.name">esb/localhost@WSO2.ORG</rampart:property>
Finally change the ECHO_SERVICE_EPR relevant to the your ESB and run the KerberosClient.java
Results should be
Calling Echo service with parameter - Hello World
Response : <ns:echoStringResponse xmlns:ns="http://echo.services.core.carbon.wso2.org"><return>Hello World</return></ns:echoStringResponse>
Wednesday, November 21, 2012
STS (Security Token Service) Load testing with WSO2IS 4.0.0
First of all we have to secure the "Security token service (STS)"
You can easily do it as follows
1. Go to IS->STS->Apply Security Policy
2. Then Download the STS Jmeter test here and open it from Jmeter
In the above script you have to change the following details
1. Server IP and port
2. In the request header you can see the "Time Stamp" you have to change it to valid date and time
You can easily do it as follows
1. Go to IS->STS->Apply Security Policy
2. Then Download the STS Jmeter test here and open it from Jmeter
In the above script you have to change the following details
1. Server IP and port
2. In the request header you can see the "Time Stamp" you have to change it to valid date and time
Friday, November 16, 2012
WSO2IS with JConsole
What I'm going to explain is how to monitor the Memory and CPU usage etc.. with JConsole
This is very useful stuff when you are going to do the testing on remote server
First you have to add this parameter in to the wso2server.sh in $IS_HOME/bin
-Djava.rmi.server.hostname="192.168.4.26" (your server host name)
Then start the IS. You can see "JMX Service URL" in the console.
Now you have to go to another command line and type "jconsole"
Then give the above JMX Service URL with correct IP
service:jmx:rmi://192.168.4.26:11111/jndi/rmi://192.168.4.26:9999/jmxrmi
username - admin
password - admin
Now you connected with the given server you can monitor Memory, CPU usage etc..
This is very useful stuff when you are going to do the testing on remote server
First you have to add this parameter in to the wso2server.sh in $IS_HOME/bin
-Djava.rmi.server.hostname="192.168.4.26" (your server host name)
Then start the IS. You can see "JMX Service URL" in the console.
Now you have to go to another command line and type "jconsole"
Then give the above JMX Service URL with correct IP
service:jmx:rmi://192.168.4.26:11111/jndi/rmi://192.168.4.26:9999/jmxrmi
username - admin
password - admin
Now you connected with the given server you can monitor Memory, CPU usage etc..
SAML2 SSO Load testing with WSO2IS 4.0.0
Here I'm Going to explain how to do the SAML2 SSO load test with WSO2 Identity Server 4.0.0 - Jmeter Script act as a Service Provider
Download Jmeter script here
First you have to start the IS and register the Service Provider as follows
issuer - “saml2.demo”
Assertion Consumer Url - http://localhost:8080/saml2.demo/consumer
Actually here you don't need to host the application "saml2.demo"
Then open the jmeter script and change the parameters according to your environment
Here you have to only do the changes on following parameters under "identity-saml2-sso-test-plan"
Idp_host - Hosted Identity server IP ex/ 192.168.4.26
Idp_port - Hosted Identity server port ex/ 9443
Username - admin
Password - admin
Run the jmeter and see the results under "Summary Report" or "Results Tree". When your doing the load testing bettor to disable the Results tree because that would be effect to the load testing counts
Download Jmeter script here
First you have to start the IS and register the Service Provider as follows
issuer - “saml2.demo”
Assertion Consumer Url - http://localhost:8080/saml2.demo/consumer
Actually here you don't need to host the application "saml2.demo"
Then open the jmeter script and change the parameters according to your environment
Here you have to only do the changes on following parameters under "identity-saml2-sso-test-plan"
Idp_host - Hosted Identity server IP ex/ 192.168.4.26
Idp_port - Hosted Identity server port ex/ 9443
Username - admin
Password - admin
Run the jmeter and see the results under "Summary Report" or "Results Tree". When your doing the load testing bettor to disable the Results tree because that would be effect to the load testing counts
Thursday, November 15, 2012
OAuth 2.0 Load testing with Wso2IS 4.0.0
This is simple Jmeter sample to do the load testing on Oauth 2.0 with wso2 identity server
Download jmeter script here.
First you have to register any application on IS as follows (no need to host the application)
Take the client_ID and Client_Secret then encode to Base64 format. You can easily do it by using the following url - http://www.base64encode.org/
ex:/ Client_ID:Client_Secret
Thread Group - oauth_get_access_token_thread_group
Here we are request the access token buy using the generated base64 encoded value
We are sending 10 oauth request to take the "access token" so first you have to register the 10 applications in IS as follows
Generate the base64 encoded value for each application and place those in jmeter script under "authorization"
What the jmere is doing -
1. Sending the request with base64 encoded value and take the "access token"
2. Save those access token in variable
3. Send validation request with those saved access tokens
In the Jmeter script you have to configure following stuff as well under "wso2_oauth_load_test" Test plan
Download jmeter script here.
First you have to register any application on IS as follows (no need to host the application)
Take the client_ID and Client_Secret then encode to Base64 format. You can easily do it by using the following url - http://www.base64encode.org/
ex:/ Client_ID:Client_Secret
Thread Group - oauth_get_access_token_thread_group
Here we are request the access token buy using the generated base64 encoded value
We are sending 10 oauth request to take the "access token" so first you have to register the 10 applications in IS as follows
Generate the base64 encoded value for each application and place those in jmeter script under "authorization"
What the jmere is doing -
1. Sending the request with base64 encoded value and take the "access token"
2. Save those access token in variable
3. Send validation request with those saved access tokens
In the Jmeter script you have to configure following stuff as well under "wso2_oauth_load_test" Test plan
Subscribe to:
Posts (Atom)