Versions Compared

Old Version 1

changes.mady.by.user Former user

Saved on

compared with

New Version 2

changes.mady.by.user Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Single sign-on (SSO) allows users, who are authenticated against one application, gain access to multiple other related applications as well without having to repeatedly authenticate themselves. It also allows the web applications gain access to a set of back-end services with the logged-in user's access rights, and the back-end services can authorize the user based on different claims like user role.

WSO2 API Manager includes Single Sign-On with SAML 2.0 feature, which is implemented according to the SAML 2.0 web browser-based SSO support that is facilitated by WSO2 Identity Server (IS) version 4.1.0 onwards. WSO2 Identity Server acts as an identity service provider of systems enabled with single sign-on, while the web applications such as API Manager apps act as SSO service providers. Using this feature, you can configure SSO across the two API Manager web applications, which are API Publisher and API Store as well as other Web applications in your organization. After configuring, users will be able to access API Store or API Publisher in a single authentication attempt.

...

Configuring WSO2 Identity Server as a SAML 2.0 SSO Identity Provider

1. Download and set up WSO2 Identity Server. Instructions can be found in the Installation Guide of IS documentation (http://docs.wso2.org/wiki/display/IS410/Installation+Guide).

2. Start the IS server and log in to its Management Console UI.

3. Select the SAML SSO menu under the Main menu in the left pane.

Image Modified

4. The SAML SSO window opens. Add the following configurations under section Register New Service Provider to register the API Manager applications as SSO service providers. Use the exact same values, which were used to configure the API Manager web applications.

To register API Publisher as an SSO service provider:

    • Issuer : API_PUBLISHER
    • Assertion Consumer URL : https://localhost:9443/publisher/jagg/jaggery_acs.jag. Change the IP and port accordingly. This is the url for the acs page in your running publisher app.

    • Select the options Use fully qualified username in the SAML Response, Enable Response Signing, Enable Assertion Signing and Enable Single Logout.

    • Click Register once done.

...

    • Issuer : API_STORE
    • Assertion Consumer URL : https://localhost:9443/store/jagg/jaggery_acs.jag. Change the IP and port accordingly. This is the url for the acs page in your running store app.

    • Select the options Use fully qualified username in the SAML Response, Enable Response Signing, Enable Assertion Signing and Enable Single Logout.

    • Click Register once done.

...