Terminate Active User Sessions on User Role Change Events through the WSO2 Identity Sever

Session Termination through WSO2 Identity Server

The WSO2 Identity Server serves many purposes as you have seen in its docs. Yet, there are edge cases that require customization. This blog guides you how on how you can terminate active user sessions on user role change events. As a solution for the scenario above, I have written a small extension that captures role change events and terminates the user/s active session/s.

Flow Design

First, let’s take a quick peek at the design of this extension based on the diagram below. It shows a high-level flow design of the extension while the descriptions shed light on each step.

Extension Flow Design Diagram

You can find the source code for the above at GitHub, and if you want to know about backchannel log out, please refer to this Medium article. The diagram is quite self-explanatory hence, I’ll move onto the sophisticated part which is to configure the extension and execute a sample scenario.

Configuring the Extension

Start Configuring
  • Download the Identity Server from the official site. Hereafter the location of the Identity Server will be referred to as <IS_HOME>.

Setting Up the Extension

  • Clone the project by executing the command git clone https://github.com/deshankoswatte/identity-event-handler-session-termination.git.
  • Open and build the project by executing the command mvn clean install.
  • After successfully building the project, copy the artifacts, com.wso2.session.termination.handler-1.0.0.jar and com.wso2.common-1.0.0-SNAPSHOT.jar and paste them inside the <IS HOME>/repository/components/dropins folder.

Setting Up the Identity Server

  • Open the deployment.toml file located at <IS_HOME>/repository/conf/ and append the following lines to register the event handler, and its subscriptions.
Event Handler Properties
  • Start the WSO2 Identity Server by executing the command sh wso2server.sh in the <IS-HOME>/bin folder.
  • Navigate to the Management Console by accessing the link https://localhost:9443/carbon/admin/login.jsp and log in by providing the admin credentials.
  • Create a few roles and role-assigned users by following the guide in the official documentation.
  • Create the service providers for pickup-dispatch and pickup-manager with the help of the Medium article.

Try out the Scenario

Try Out
  1. Login to the pickup-dispatch and pickup-manager with a role specified user using Single Sign-On.
  2. Go to the Management Console and remove the role from that specific user.
  3. You can see that the pickup-dispatch and pickup-manager application will get logged out using backchannel log out.

Further Notes

This extension can also be used with other events by accompanying minor changes to source code.

Thank you Guys! I’ll see you in another blog.

Done and Dusted

--

--

--

Undergraduate at University of Westminster, Former Trainee Software Engineer @wso2

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Configure WebServer on AWS Cloud using automation tool called ANSIBLE …

100 days of DevOps — Day 5

Evolution and Agility: Clean Inside, Lean Outside

Kubernetes Ingress in Practice

Simple Container Deploys on Google Cloud Platform

.NET Load Testing With NBomber

ORICO External Hard Drive 940MB/s Mini Portable USB SSD 1TB 128GB 256GB 512GB Type- C Solid State…

ORICO External Hard Drive 940MB/s Mini Portable USB SSD 1TB 128GB 256GB 512GB Type- C Solid State Drive

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Dehami Koswatte

Dehami Koswatte

Undergraduate at University of Westminster, Former Trainee Software Engineer @wso2

More from Medium

Singpass Login API Integration-part 2

Design Model Engineering Home Assignment

Translating Cloud Computing Principles to Service Delivery

Reactive embedded systems? (Part 1)