Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. Open the <SERVICE_PROVIDER_IS_HOME>/repository/conf/identity/sso-idp-config.xml file and add the following configuration under the  <SSOIdentityProviderConfig>  properties
    <ServiceProviders>  tag. This adds the Travelocity application as a service provider.

    Code Block
    languagexml
    <ServiceProvider>
        <Issuer>travelocity.com</Issuer>
        <AssertionConsumerServiceURLs>
          <AssertionConsumerServiceURL>http://wso2is.local:8080/travelocity.com/home.jsp</AssertionConsumerServiceURL>
        </AssertionConsumerServiceURLs>
        <DefaultAssertionConsumerServiceURL>http://wso2is.local:8080/travelocity.com/home.jsp</DefaultAssertionConsumerServiceURL>
        <EnableSingleLogout>true</EnableSingleLogout>
        <SLOResponseURL></SLOResponseURL>
        <SLORequestURL></SLORequestURL>
        <SAMLDefaultSigningAlgorithmURI>http://www.w3.org/2000/09/xmldsig#rsa-sha1</SAMLDefaultSigningAlgorithmURI>
        <SAMLDefaultDigestAlgorithmURI>http://www.w3.org/2000/09/xmldsig#sha1</SAMLDefaultDigestAlgorithmURI>
        <SignResponse>true</SignResponse>
        <ValidateSignatures>false</ValidateSignatures>
        <EncryptAssertion>true</EncryptAssertion>
        <CertAlias></CertAlias>
        <EnableAttributeProfile>true</EnableAttributeProfile>
        <IncludeAttributeByDefault>true</IncludeAttributeByDefault>
        <ConsumingServiceIndex>2104589</ConsumingServiceIndex>
        <EnableAudienceRestriction>false</EnableAudienceRestriction>
        <AudiencesList>
          <Audience></Audience>
        </AudiencesList>
        <EnableRecipients>false</EnableRecipients>
        <RecipientList>
          <Recipient></Recipient>
        </RecipientList>
        <EnableIdPInitiatedSSO>false</EnableIdPInitiatedSSO>
        <EnableIdPInitSLO>false</EnableIdPInitSLO>
        <ReturnToURLList>
          <ReturnToURL></ReturnToURL>
        </ReturnToURLList>
    </ServiceProvider>
    Tip

    Tip: If the incoming SAML requests from the client (e.g., travelocity.com) are signed and if you want the service provider Identity Server instance to validate the signature included in the authentication and logout requests, do the following:

    1. Import the public certificate of the client to the primary keystore (e.g., wso2carbon.jks)
    2. Add the corresponding certificate alias name to the <CertAlias> property and set the <ValidateSignatures> property to true in the sso-idp-config.xml file.

  2. Create a file named travelocity.com.xml in the <SERVICE_PROVIDER_IS_HOME>/repository/conf/identity/service-providers directory.
  3. Add the following configurations into the travelocity.com.xml file you created. This adds the necessary SAML configurations to thetravelocity service provider.

    Note

    If you added the "SHARED_" prefix to the identity provider name when adding the identity provider, replace the  <IdentityProviderName>  value (found under the  <LocalAndOutBoundAuthenticationConfig>  element) in the travelocity.com.xml  file, with the following value.

    Code Block
    SHARED_identityProviderIDP_IS
    Code Block
    languagexml
    <ServiceProvider>
        <ApplicationID>3</ApplicationID>
        <ApplicationName>travelocity.com</ApplicationName>
        <Description>travelocity Service Provider</Description>
        <IsSaaSApp>true</IsSaaSApp>
        <InboundAuthenticationConfig>
            <InboundAuthenticationRequestConfigs>
                <InboundAuthenticationRequestConfig>
                    <InboundAuthKey>travelocity.com</InboundAuthKey>
                    <InboundAuthType>samlsso</InboundAuthType>
                    <Properties></Properties>
                </InboundAuthenticationRequestConfig>
            </InboundAuthenticationRequestConfigs>
        </InboundAuthenticationConfig>
      
        <LocalAndOutBoundAuthenticationConfig>
        <AuthenticationSteps>
            <AuthenticationStep>
                <StepOrder>1</StepOrder>
                <LocalAuthenticatorConfigs>
                    <LocalAuthenticatorConfig>
                        <Name>BasicAuthenticator</Name>
                        <DisplayName>basicauth</DisplayName>
                        <IsEnabled>true</IsEnabled>
                    </LocalAuthenticatorConfig>
                </LocalAuthenticatorConfigs>
                <FederatedIdentityProviders>
                    <IdentityProvider>
                        <IdentityProviderName>identityProviderIDP_IS</IdentityProviderName>
                        <IsEnabled>true</IsEnabled>
                        <DefaultAuthenticatorConfig>
                            <FederatedAuthenticatorConfigs>
                                <FederatedAuthenticatorConfig>
                                    <Name>SAMLSSOAuthenticator</Name>
                                    <DisplayName>samlsso</DisplayName>
                                    <IsEnabled>true</IsEnabled>
                                </FederatedAuthenticatorConfig>
                            </FederatedAuthenticatorConfigs>
                        </DefaultAuthenticatorConfig>
                    </IdentityProvider>
                </FederatedIdentityProviders>
                <SubjectStep>true</SubjectStep>
                <AttributeStep>true</AttributeStep>
            </AuthenticationStep>
        </AuthenticationSteps>
    	<subjectClaimUri> <!--selected URI --> </subjectClaimUri>
    </LocalAndOutBoundAuthenticationConfig>
        <RequestPathAuthenticatorConfigs></RequestPathAuthenticatorConfigs>
        <InboundProvisioningConfig></InboundProvisioningConfig>
        <OutboundProvisioningConfig></OutboundProvisioningConfig>
        <ClaimConfig>
            <AlwaysSendMappedLocalSubjectId>true</AlwaysSendMappedLocalSubjectId>
            <LocalClaimDialect>true</LocalClaimDialect><ClaimMappings><ClaimMapping><LocalClaim><ClaimUri>http://wso2.org/claims/givenname</ClaimUri></LocalClaim><RemoteClaim><ClaimUri>http://wso2.org/claims/givenName</ClaimUri>ClaimUri></RemoteClaim><RequestClaim>true</RequestClaim></ClaimMapping></ClaimMappings></ClaimConfig>    
        <PermissionAndRoleConfig></PermissionAndRoleConfig>
    </ServiceProvider>
  4. Restart the WSO2 Identity Server to apply the file-based configurations to the system. 

    Note

    Please note that the management console will not show the SP related configuration information if it is loaded through a file (as shown above)

...