...
For each protocol supported by the WSO2 Identity Server, there should be an inbound authenticator. The Identity Server includes inbound authenticators for SAML 2.0, OpenID, OpenID Connect, OAuth 2.0, Kerberos KDC, WS-Trust STS and WS-Federation (passive). In other words, the responsibility of the SAML 2.0 request processor is to accept a SAML request from a service provider, validate the SAML request and then build a common object model understood by the authentication framework and handover the request to it. The responsibility of the SAML response builder is to accept a common object model from the authentication framework and build a SAML response out of it.
...
You can configure the following for inbound authentication.
Configuring SAML2 web single-sign-on
...
- Expand the WS-Trust Security Token Service Configuration and click Configure.
- Specify the required information in the form that appears.
- Endpoint Address - Relying party service endpoint where the token is being delivered to. This is a required field.
- Certificate Alias - Corresponding public certificate for the service endpoint.
- Click Apply. The following information is added to your service provider.
Configuring WS-Federation (Passive)
...
or OpenID
- Expand the WS-Federation (Passive) Configuration and or OpenID Configuration.
- Enter the identifier for the Passive STS Realm and the OpenID Realm. These identifiers need to be specified as identification when the service provider reaches out to the Identity Server. For WS-Federation (Passive), you can also specify the endpoint of the realm in Passive STS WReply URL.