Skip to main content
Version: 3.13

Use Identity Provider Initiated Logon

This guide explains how to set up Identity Provider Initiated Logon using UAA as Authorization Server and a sample Node.js web application as a Web Portal.

The web portal acts as an identity provider, allowing users to access the management UI with a single click using an OAuth 2.0 token previously obtained from the authorization server.

      | Idp (e.g.UAA) |
            /\
             | 2. get token
             |
     | Web app Portal |  ---------> | RabbitMQ | <---+
           /\                  |         |           | 4. 302 direct to overview page
            |                  |         |           |    with cookie
            |                  |         +-----------+
            |                  |
    1. user requests             3. POST https://rabbitmq:15671/login  
          access                    with access_token 
       to management ui

Prerequisites to follow this guide

  • Docker
  • A local clone of a GitHub repository that contains all the configuration files and scripts used on this example.
info

The commands used to start UAA, RabbitMQ and the web portal automatically generate their x.509 certificates required for https.

Deploy UAA

Run the following commands to start UAA:

make start-uaa

To check if UAA is running, run docker ps | grep uaa

Deploy RabbitMQ

Run the following commands to start RabbitMQ:

export MODE=portal
OAUTH_PROVIDER=uaa make start-rabbitmq
tip

Ensure RabbitMQ is deployed with the version you expect by searching for Running RabbitMQ (<image>:<image_tag>) with in docker logs rabbitmq.

info

To start one specific version of RabbitMQ run the following command instead:

MODE=portal OAUTH_PROVIDER=uaa IMAGE=rabbitmq IMAGE_TAG=<YourVersion> make start-rabbitmq

Deploy Portal

Run the following commands to start Portal:

make start-portal

Verify Management UI flows

  1. Go to the portal https://localhost:3000.
  2. Click on the button https://localhost:15671 for rabbit_idp_user.
  3. It redirects to RabbitMQ management UI fully authenticated.
info

rabbit_idp_user is the OAuth Client the portal uses to obtain an access token to test this flow. This OAuth Client is declared in UAA.

warning

When you visit https://localhost:3000 you will get a browser warning due to net::ERR_CERT_AUTHORITY_INVALID. This is because the portal is using a self-signed certificate. You accept it by clicking on Proceed to localhost (unsafe).