WSO2 Enterprise Store 1.0.0: is it possible to implement Google OAuth as authentication system for Enterprise Store?

Question

I am trying to find if it is possible to implement Google Authentication as the authentication system of Enterprise Store. So that means that users of our custom Enterprise Store (version 1.0.0) can access to Store and Publisher applications with their Google account.

As far as I know for now and after doing research, it seems not possible to do it.

Am I wrong ? If yes, can someone provide a hint or procedure to implement this solution ?

Answer 1

It should be possible. You may configure your service provider.

Please follow [1]. You may discard API Manager store side configuration instead configure same thing from Enterprise Store 1.0.0.

[1] http://wso2.com/library/articles/2016/02/article-how-to-setup-a-wso2-api-manager-store-login-with-google/

Answer 2

Google authentication relies on OAuth & OpenID, as described in https://developers.google.com/identity/protocols/OpenIDConnect

In the documentation of Enterprise Store 1.0.0, I've found that "identity.xml" file can be configured with OAuth & OpenID, as described in https://docs.wso2.com/display/ES100/Configuring+identity.xml

So I guess it is possible to implement Google OAuth as authentication system for Enterprise Store. :)

Answer 3

Now my concern is that I cannot configure uniquely Enterprise Store with Google Authentication system.

This cannot be done in ES 1.0.0 but can be achieved with ES 2.0.0 with some customization

I don't want to install Identity Server or another tool to make it work. I just want Enterprise Store to make it work by itself. Is it possible ?

You will not need an external Identity Server

Can I find a procedure which clearly fits with Enterprise Store ? Please refer to my answer below

I have broken down the response based on the two product versions (1.0.0 and 2.0.0):

ES 1.0.0

1. The ES 1.0.0 uses a customized login page (located in the sso application) thus the IS components will not have not have rendering control over the page.This means that it will not be able to render the "Login with Google" button.Thus, you will need to customize this login page
2. This version of the product uses 4.2.0 Identity components which I strongly suspect does not support Google Authenticator (I will need to double check). As a result, you will need to go with Approach #2 provided below.In ES 1.0.0 we did not have a concept of plugging in authentication methods thus you will need to edit core code.

ES 2.0.0

1. The rendering of the login page is once again handled on the ES side thus the sso application will need to be customized to show the login with Google button.This is similar to ES 1.0.0 but with the main difference been having clear extension points for the sso app.
2. Although ES 2.0.0 no longer supports the Identity component UIs for managing SP and IDPs this can be achieved by configurations files An additional note is that ES 2.0.0 supports plug-gable authentication methods (the link mentions ES 2.1.0 but the approach is equally applicable to 2.0.0)

Available options

1. I would highly recommend that you switch to ES 2.0.0 (or possibly waiting for 2.1.0 which can be download from here.
2. Approach #1 : Registering an Identity Provider and Service Providers via configuration files using as a reference point
3. Approach #2 : Writing a custom login page as an extension with support for Google authentication using the steps outlined here

Note: I will need a bit of time to verify both of the above approaches.

Note SO has restricted a number of links I can post you will need to prepend https to all of the links given below.

EDIT I started playing around with approach#2, you can view the progress from here.

EDIT I was able to investigate the 1st approach a bit further today and unfortunately it looks like this is not possible with ES 2.0.0/2.1.0 without installing additional IS components.

Thanks, Sameera