Introduction

Nowadays, offering a mobile application for any software solution has become a modern-day necessity. Our goal is to secure the user by considering security aspects of mobile device and based on this device information we can decide to authenticate the user with minimal steps, improving the user experience or step up or even block access if the device is in an unsecured state.Entgra IS React Native Sample application demonstrate how to step up or step down authentication based on device attributes.

Getting Started

You can experience the capabilities of Entgra IS React Native Sample Application by following this small guide which contains main sections listed below.

• Configuring the Entgra IoT Server
• Configuring the WSO2 Identity Server
• Configure Just-in-Time (JIT) user provisioning
  • Configuring the WSO2 Identity Server for JIT Provisioning
  • Configuring the Entgra IoT Server for JIT Provisioning
• Configuring the Sample Application

Configuring the Entgra IoT Server

1. Register the application in Entgra IoT server by using following CURL command. For the Authorization header encode username:password to Base64 format and use the encoded value as 'Authorization: Basic {encodedValue}'. Provide any name for the applicationName and provide the application owner’s username for the username. Copy the values of client_id and client_secret.

   curl --location --request POST '<https://mgt.ciam.entgra.net/api-application-registration/register>' \\
   --header 'Accept: application/json' \\
   --header 'Authorization: Basic d3NvMmFkbWluOndzbzJhZG1pbg==' \\
   --header 'Content-Type: application/json' \\
   --data-raw '{"applicationName":"cdmf_android_4811a7d39b09d709","tags":["android","device_management"],"username":"wso2admin", "password":"wso2admin", "allowedToAllDomains":false,"mappingAnExistingOAuthApp":false}'
   

   Response:

   {"client_secret":"gBb6LATYVyxplGhvB6tcckBOvo8a","client_id":"O6lYcMOwg1wl9OfhCrUDB_QTkKwa"}

2. Login to Entgra IoT management console from https://{mgtURL}/carbon and navigate to the Service Providers tab listed under the Main section. You will see the service provider you created above.

3. Expand the OAuth/OpenID Connect Configuration section inside Inbound Authentication Configuration section and check if the OAuth Client Key is same as the client_id you got from the above response.

4. Click on Edit button and you will be redirected to Application Settings page.

   Make sure Code option in Allowed Grant Types and Default in Token Issuer are ticked. Provide a valid URL format ending with /sdk/secure for Callback Url section.

   

   

Configuring the WSO2 Identity server

1. If you haven’t downloaded WSO2 Identity server yet, please visit https://wso2.com/identity-server/ and download the latest version of the Identity Server.
2. Go to https://github.com/PasinduYeshan/identity-auth-entgra and follow exact steps to add Entgra connector and conditional authentication function to WSO2 Identity Server.
3. Start the WSO2 Identity server. Login to WSO2 IS management console from http://localhost:9443/carbon/ and navigate to Service Providers tab listed under the Identity section.
4. Click Add to add a new service provider.
5. Provide a name for the service provider (ex:- ISEntgra) and click Register. Now you will be redirected to the Edit Service Provider page.
6. Expand the Inbound Authentication Configuration section and click Configure under the OAuth/OpenID Connect Configuration section.