Wednesday, November 21, 2012

How to configure WSO2 Governance Registry with Webseal

The main objective of this blog post is to provide the necessary steps to configure WSO2 Governance Registry with the IBM Webseal.

1) Configure the Governance Registry.

i) Download the WSO2 Governance Registry (4.5.0) from here.

ii) Copy the Webseal authentication jars to the GREG_HOME/repository/components/dropins.

Jars location :

(Or you can install "Webseal based authenticator  feature" from the p2-repo, because it is not  shipped with Governance Registry.)

iii) Open the authenticators.xml which is reside the GREG_HOME/repository/conf/security and add the following entry.
<Authenticator disabled="false" name="WebSealUIAuthenticator">
iv) Start the Governance Registry server.

v) Login to the management console using default user name and password (admin and admin).

vi) Go to the Configure → users and roles , and create a new user called “webSealUser”.

vii) Go to the Configure → users and roles and create a new role called “delegated-admin” and assign the “webSealUser” to this role.

Note: This user name and it's password will be used by Webseal to authenticate to Governance Registry server.

vii) Grant “login” permission to the “everyone” role.

2) Configure the IBM WebSeal.

i) Add the above user name and password to the iv.conf file in Webseal.


Note : Those values will be set as the headers in the request that is going from the Webseal to Governance Registry server.

ii) You should add the login redirect page to

Note: This is the URL which is going to be redirected after login to the Webseal.

3) Test without Webseal setup

Here, we are going to create the request manually that is going from Webseal to Governance Registry.
I'm going to use “Modify Header” plugin [1] in  Firefox browser.


We can inject the required headers(iv-user and Authorization) to the request using this plugin.

i) Install that plugin to your browser and open the plugin.

ii) Add the following two headers.

Name : iv-user
Value : name of the user who is going to login to Governance Registry.

Name: Authorization
Value: Basic <Base 64 encoded value of the webSealUser:password>

Eg :

If the user name of the delegated-admin is “webSealUser” and password is “123456” then you should generate the value of the Authorization header using webSealUser:123456 .

You can use some online services[2] to easily generate the value of the Authorization header.

Note: You should click on the “Start” button of the plugin window.

Iii) Restart the browser.

iii) Point your browser to the

iv) Now you should be able to login to the Governance Registry server without see the login page :) .


Tcpmon view.