Versions Compared

Old Version 2

changes.mady.by.user Former user

Saved on

compared with

New Version Current

changes.mady.by.user Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Custom pages for logging into the server are available for SAML2 SSO, OAuth and OpenID Connect. This section guides you through this customization. 

...

  1. Download WSO2 Identity Server and extract it.
  2.  Run the server by executing wso2is-5.0.0/bin/wso2server.sh if on a Unix-based systems, or /bin/wso2server.bat if on Windows.
  3.  On the management console, click Add under Service Providers in the Main menu. 
  4. Enter travelocity.com as the Service Provider Name in the form that appears and click Register.
  5. In the page that appears next, expand the Inbound Authentication Configuration section and the SAML2 Web SSO Configuration section. 
  6. Click Configure. The Register New Service Provider page appears.

  7. Configure the following details for travelocity.com and repeat steps 1 to 6 and configure details for avis.com.

    Panel
    titletravelocity.com
    • Issuer: travelocity.com 
    • Assertion Consumer URL: http://wso2is.local:8080/travelocity.com/home.jsp
    • Select Enable Response Signing
    • Select Enable Single Logout
    Panel
    titleavis.com
    • Issuer: avis.com 
    • Assertion Consumer URL: http://wso2is.local:8080/avis.com/home.jsp
    • Select Enable Response Signing
    • Select Enable Single Logout
  8. When attempting to "login with SAML from WSO2 Identity Server" in Travelocity.com and Avis.com, you can see the following default page located at <IS_HOME>/repository/deployment/server/webapps/authenticationendpoint/login.jsp.

...

When a request comes to the default login page, you can see several parameters being passed in the address bar. For this customization, the focus is on the following two parameters: 

  • sessionDataKey: This is an identifier used by the Identity Server to maintain state information related to this particular request by the service provider.

    Note

    Note: The 'sessionDataKey' query parameter is used to coordinate the request state across components participating in the request flow. It does not correlate with the user session. Furthermore, the request state maintained against the 'sessionDataKey' parameter value is cleared by each participating component at the end of request flow. This means that even if an external party grabs the 'sessionDataKey' they will not be able to get into the authentication sequence, as the user session is not associated with that key.

  • relyingParty: This is the value we gave for the "Issuer" field when we registered the SAML2 SSO service provider (e.g., travelocity.com). This value is used to display different login pages to different service providers.

...