Versions Compared

Old Version 5

changes.mady.by.user Former user

Saved on

compared with

New Version 6

changes.mady.by.user Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

This section lists out some sample configurations that can be used when configuring an Identity Provider. 

Table of Contents

Federated authenticator configuration samples

A federated authenticator is used to authenticate a user through an external system (e.g. Yahoo, MSN, OpenIDConnect). To write your own custom federated authenticator, see Writing a Custom Federated Authenticator

Warning

The <federatedAuthenticatorConfigs> and <defaultAuthenticatorConfig> tags have similar attributes. To configure a federated authenticator as the default authenticator, use the desired configuration found below with the <defaultAuthenticatorConfig> tag instead of the <federatedAuthenticatorConfigs> tag. Note that there can be only one <defaultAuthenticatorConfig> while there can be multiple <federatedAuthenticatorConfigs>.

OpenID Configuration

Code Block
languagexml
<federatedAuthenticatorConfigs
    xmlns="http://model.common.application.identity.carbon.wso2.org/xsd">
    <displayName>openid</displayName>
    <enabled>true</enabled>
    <name>OpenIDAuthenticator</name>
    <properties>
        <name>OpenIdUrl</name>
        <value>https://localhost:9443/openid/</value>
    </properties>
    <properties>
        <name>RealmId</name>
        <value
            xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:nil="1">
        </value>
    </properties>
    <properties>
        <name>IsUserIdInClaims</name>
        <value>false</value>
    </properties>
    <properties>
        <name>commonAuthQueryParams</name>
        <value>
            <value>paramName1=value1&paramName2=value2</value>
        </value>
    </properties>
</federatedAuthenticatorConfigs>

Property Name

Description

OpenIdUrl

OpenID Server URL

RealmId

-

IsUserIdInClaims

OpenID User ID Location

commonAuthQueryParams

Additional Query Parameters

 

SAML2 Web SSO configuration

Code Block
languagexml
<federatedAuthenticatorConfigs xmlns="http://model.common.application.identity.carbon.wso2.org/xsd">
               <displayName>samlsso</displayName>
               <enabled>true</enabled>
               <name>SAMLSSOAuthenticator</name>
               <properties>
                  <name>IdPEntityId</name>
                  <value>Identity Provider Entity Id</value>
               </properties>
               <properties>
                  <name>SPEntityId</name>
                  <value>Service Provider Entity Id</value>
               </properties>
               <properties>
                  <name>SSOUrl</name>
                  <value>https://localhost:9443/samlsso/</value>
               </properties>
               <properties>
                  <name>ISAuthnReqSigned</name>
                  <value>true</value>
               </properties>
               <properties>
                  <name>IsLogoutEnabled</name>
                  <value>true</value>
               </properties>
               <properties>
                  <name>LogoutReqUrl</name>
                  <value>https://example.com/logout/url</value>
               </properties>
               <properties>
                  <name>IsLogoutReqSigned</name>
                  <value>true</value>
               </properties>
               <properties>
                  <name>IsAuthnRespSigned</name>
                  <value>true</value>
               </properties>
               <properties>
                  <name>IsUserIdInClaims</name>
                  <value>false</value>
               </properties>
               <properties>
                  <name>IsAssertionEncrypted</name>
                  <value>true</value>
               </properties>
               <properties>
                  <name>isAssertionSigned</name>
                  <value>true</value>
               </properties>
               <properties>
                  <name>commonAuthQueryParams</name>
                  <value>paramName1=value1&paramName2=value2</value>
               </properties>
            </federatedAuthenticatorConfigs>

Property Name

Description

IdPEntityId

Identity Provider Entity Id

SPEntityId

Service Provider Entity Id

SSOUrl

SSO URL

ISAuthnReqSigned

Enable Authentication Request Signing

IsLogoutEnabled

Enable Logout

LogoutReqUrl

Logout Url

IsLogoutReqSigned

Enable Logout Request Signing

IsAuthnRespSigned

Enable Authentication Response Signing

IsUserIdInClaims

SAML2 Web SSO User ID Location

IsAssertionEncrypted

Enable Assertion Encryption

isAssertionSigned

Enable Assertion Signing

commonAuthQueryParams

Additional Query Parameters

 

OAuth2/OpenID Connect configuration

Code Block
languagexml
<federatedAuthenticatorConfigs xmlns="http://model.common.application.identity.carbon.wso2.org/xsd">
               <displayName>openidconnect</displayName>
               <enabled>true</enabled>
               <name>OpenIDConnectAuthenticator</name>
               <properties>
                  <name>ClientId</name>
                  <value>ClientID</value>
               </properties>
               <properties>
                  <name>OAuth2AuthzUrl</name>
                  <value>https://localhost:9443/oauth2/authorize/</value>
               </properties>
               <properties>
                  <name>OAUTH2TokenUrl</name>
                  <value>https://localhost:9443/oauth2/token/</value>
               </properties>
               <properties>
                  <confidential>true</confidential>
                  <name>ClientSecret</name>
                  <value>ClientSecret</value>
               </properties>
               <properties>
                  <name>IsUserIdInClaims</name>
                  <value>false</value>
               </properties>
               <properties>
                  <name>commonAuthQueryParams</name>
                  <value>paramName1=value1&paramName2=value2</value>
               </properties>
            </federatedAuthenticatorConfigs>

 

 

Property Name

Description

ClientId

Client Id

OAuth2AuthzUrl

Authorization Endpoint URL

OAUTH2TokenUrl

Token Endpoint URL

ClientSecret

Client Secret

IsUserIdInClaims

OpenID Connect User ID Location

commonAuthQueryParams

Additional Query Parameters

 

WS-Federation (Passive) configuration

Code Block
languagexml
<federatedAuthenticatorConfigs xmlns="http://model.common.application.identity.carbon.wso2.org/xsd">
               <displayName>passivests</displayName>
               <enabled>true</enabled>
               <name>PassiveSTSAuthenticator</name>
               <properties>
                  <name>RealmId</name>
                  <value>Passive STS Realm</value>
               </properties>
               <properties>
                  <name>PassiveSTSUrl</name>
                  <value>https://localhost:9443/passivests/</value>
               </properties>
               <properties>
                  <name>IsUserIdInClaims</name>
                  <value>false</value>
               </properties>
               <properties>
                  <name>commonAuthQueryParams</name>
                  <value>paramName1=value1</value>
               </properties>
</federatedAuthenticatorConfigs>

Property Name

Description

RealmId

Passive STS Realm

PassiveSTSUrl

Passive STS URL

IsUserIdInClaims

Passive STS User ID Location

commonAuthQueryParams

Additional Query Parameters

 

Facebook configuration

Code Block
languagexml
<federatedAuthenticatorConfigs xmlns="http://model.common.application.identity.carbon.wso2.org/xsd">
               <displayName>facebook</displayName>
               <enabled>true</enabled>
               <name>FacebookAuthenticator</name>
               <properties>
                  <name>ClientId</name>
                  <value>clientID</value>
               </properties>
               <properties>
                  <confidential>true</confidential>
                  <name>ClientSecret</name>
                  <value>secret</value>
               </properties>
</federatedAuthenticatorConfigs>

Property Name

Description

ClientId

Client Id

ClientSecret

Client Secret

 

Yahoo configuration

Code Block
languagexml
<federatedAuthenticatorConfigs xmlns="http://model.common.application.identity.carbon.wso2.org/xsd">
               <displayName>yahoo</displayName>
               <enabled>true</enabled>
               <name>YahooOpenIDAuthenticator</name>
            </federatedAuthenticatorConfigs>

 

Google configuration

Code Block
languagexml
<federatedAuthenticatorConfigs
    xmlns="http://model.common.application.identity.carbon.wso2.org/xsd">
    <displayName>google</displayName>
    <enabled>true</enabled>
    <name>GoogleOpenIDAuthenticator</name>
</federatedAuthenticatorConfigs>

 

Microsoft (Hotmail,MSN,Live) configuration

Code Block
languagexml
<federatedAuthenticatorConfigs xmlns="http://model.common.application.identity.carbon.wso2.org/xsd">
               <displayName>microsoft(hotmail,</displayName>
               <enabled>true</enabled>
               <name>MicrosoftWindowsLive</name>
               <properties>
                  <name>ClientSecret</name>
                  <value>clientsecret</value>
               </properties>
               <properties>
                  <name>windows-live-callback-url</name>
                  <value>https://example.com/callback/url</value>
               </properties>
               <properties>
                  <name>ClientId</name>
                  <value>clientID</value>
               </properties>
</federatedAuthenticatorConfigs>

Property Name

Description

ClientSecret

Client Secret

windows-live-callback-url

Callback Url

ClientId

Client Id

 

Outbound provisioning connector configuration samples

An outbound provisioning connector is used to provision users to external systems (e.g. Google, SalesForce).  To write your own custom outbound provisioning connector, see Writing an Outbound Provisioning Connector

Warning

The <provisioningConnectorConfigs> and <defaultProvisioningConnectorConfig> tags have similar attributes. To configure an outbound provisioning connector as the default provisioning connector, use the desired configuration found below with the <defaultProvisioningConnectorConfig> tag instead of the <provisioningConnectorConfigs> tag. There can be only one <defaultProvisioningConnectorConfig> while there can be multiple <provisioningConnectorConfigs>.

SalesForce provisioning configuration

Code Block
languagexml
<provisioningConnectorConfigs xmlns="http://model.common.application.identity.carbon.wso2.org/xsd">
               <enabled>true</enabled>
               <name>salesforce</name>
               <provisioningProperties>
                  <name>sf-username</name>
                  <value>testuser</value>
               </provisioningProperties>
               <provisioningProperties>
                  <confidential>true</confidential>
                  <name>sf-password</name>
                  <value>testpw</value>
               </provisioningProperties>
               <provisioningProperties>
                  <name>sf-clientid</name>
                  <value>clientID</value>
               </provisioningProperties>
               <provisioningProperties>
                  <confidential>true</confidential>
                  <name>sf-client-secret</name>
                  <value>clientsecret</value>
               </provisioningProperties>
               <provisioningProperties>
                  <name>sf-api-version</name>
                  <value>1.0.0</value>
               </provisioningProperties>
               <provisioningProperties>
                  <name>sf-domain-name</name>
                  <value>example.com</value>
               </provisioningProperties>
</provisioningConnectorConfigs>

Property Name

Description

sf-username

Username

sf-password

Password

sf-clientid

Client ID

sf-client-secret

Client Secret

sf-api-version

API version

sf-domain-name

Domain Name

 

Google provisioning configuration

Code Block
languagexml
<provisioningConnectorConfigs xmlns="http://model.common.application.identity.carbon.wso2.org/xsd">
               <enabled>true</enabled>
               <name>googleapps</name>
               <provisioningProperties>
                  <name>google_prov_application_name</name>
                  <value>TestApp</value>
               </provisioningProperties>
               <provisioningProperties>
                  <name>google_prov_admin_email</name>
                  <value>test@mygoogledomain.com</value>
               </provisioningProperties>
               <provisioningProperties>
                  <name>google_prov_service_acc_email</name>
                  <value>test@developer.gserviceaccount.com</value>
               </provisioningProperties>
               <provisioningProperties>
                  <name>google_prov_familyname_claim_dropdown</name>
                  <value>ClaimB</value>
               </provisioningProperties>
               <provisioningProperties>
                  <name>google_prov_givenname_claim_dropdown</name>
                  <value>ClaimB</value>
               </provisioningProperties>
               <provisioningProperties>
                  <name>google_prov_email_claim_dropdown</name>
                  <value>ClaimA</value>
               </provisioningProperties>
               <provisioningProperties>
                  <name>google_prov_domain_name</name>
                  <value>mygoogledomain.com</value>
               </provisioningProperties>
            </provisioningConnectorConfigs>

Property Name

Description

google_prov_application_name

Application Name

google_prov_admin_email

Administrator's Email

google_prov_service_acc_email

Service Account Email

google_prov_familyname_claim_dropdown

Family Name

google_prov_givenname_claim_dropdown

Given Name

google_prov_email_claim_dropdown

Primary Email

google_prov_domain_name

Google Domain

 

SCIM provisioning configuration

Code Block
languagexml
   <provisioningConnectorConfigs xmlns="http://model.common.application.identity.carbon.wso2.org/xsd">
               <enabled>true</enabled>
               <name>scim</name>
               <provisioningProperties>
                  <name>scim-username</name>
                  <value>testuser</value>
               </provisioningProperties>
               <provisioningProperties>
                  <confidential>true</confidential>
                  <name>scim-password</name>
                  <value>testpw</value>
               </provisioningProperties>
               <provisioningProperties>
                  <name>scim-user-ep</name>
                  <value>example.com</value>
               </provisioningProperties>
               <provisioningProperties>
                  <name>scim-group-ep</name>
                  <value>example.com</value>
               </provisioningProperties>
               <provisioningProperties>
                  <name>scim-user-store-domain</name>
                  <value>example.com</value>
               </provisioningProperties>
   </provisioningConnectorConfigs>

 

 

Property Name

Description

scim-username

Username

scim-password

Password

scim-user-ep

User Endpoint

scim-group-ep

Group Endpoint

scim-user-store-domain

User Store Domain

 

SPML provisioning configuration

Code Block
languagexml
<provisioningConnectorConfigs xmlns="http://model.common.application.identity.carbon.wso2.org/xsd">
               <enabled>true</enabled>
               <name>spml</name>
               <provisioningProperties>
                  <name>spml-username</name>
                  <value>testuser</value>
               </provisioningProperties>
               <provisioningProperties>
                  <confidential>true</confidential>
                  <name>spml-password</name>
                  <value>testpw</value>
               </provisioningProperties>
               <provisioningProperties>
                  <name>spml-ep</name>
                  <value>example.com</value>
               </provisioningProperties>
               <provisioningProperties>
                  <name>spml-oc</name>
                  <value>spml2person</value>
               </provisioningProperties>
</provisioningConnectorConfigs>

Property Name

Description

spml-username

Username

spml-password

Password

spml-ep

SPML Endpoint

spml-oc

SPML ObjectClass