...
The next step is to configure the service provider based on the WSO2 Identity Server version that you are working on.
- Configuring a service provider with For above IS 5.3.0
- Configuring a service provider with For IS 5.1.0 or IS 5.2.0
Configuring a service provider
...
for above IS 5.3.0
- Return to the management console.
- In the Service Providers section under the Main tab, click Add.
- As you are using travelocity as the sample, enter travelocity.com in the Service Provider Name text box and click Register.
- In the Inbound Authentication Configuration section, click SAML2 Web SSO Configuration, and then click Configure.
- Add the service provider details as follows:
- Select Mode: Manual Configuration
For more information on the SAML2 Web Single-Sign-On Configuration methods, see Configuring SAML2 Web Single-Sign-On in the WSO2 IS 5.3.0 guide. - Issuer: travelocity.com
- Assertion Consumer URL: Enter http://localhost:8080/travelocity.com/home.jsp and click Add.
- Select the following check-boxes:
- Enable Response Signing.
- Enable Single Logout.
- Enable Attribute Profile.
- Include Attributes in the Response Always.
- Select Mode: Manual Configuration
- Click Register to save the changes. Now you will be sent back to the Service Providers page.
- Go to the Local and Outbound Authentication Configuration section.
- Configure the Local and Outbound Authentication for Amazon.
For more information, see Configuring Local and Outbound Authentication for a Service Provider in the WSO2 IS 5.3.0 guide.- Click on the Federated Authentication radio button.
- Select the identity provider you created from the drop-down list under Federated Authentication.
- Select the following options:
Use tenant domain in local subject identifier.
Use user store domain in local subject identifier.
- Click Update to save the changes.
Configuring a service provider
...
for IS 5.1.0 or IS 5.2.0
- Return to the management console.
- In the Service Providers section under the Main tab, click Add.
- Since you are using travelocity as the sample, enter travelocity.com in the Service Provider Name text box and click Register.
- In the Inbound Authentication Configuration section, click Configure under the SAML2 Web SSO Configuration section.
- Now set the configuration as follows:
- Issuer: travelocity.com
- Assertion Consumer URL: http://localhost:8080/travelocity.com/home.jsp
- Select the following check-boxes:
- Enable Response Signing.
- Enable Single Logout.
- Enable Attribute Profile.
- Include Attributes in the Response Always.
- Click Update to save the changes. Now you will be sent back to the Service Providers page.
- Go to the Local and Outbound Authentication Configuration section.
- Select the identity provider you created from the drop-down list under Federated Authentication.
- Ensure that the Federated Authentication radio button is selected and click Update to save the changes.
...
Add a new claim mapping for various user attributes related to Amazon based on the WSO2 Identity Server version that you are working on.
- Configuring claims with For above IS 5.3.0
- Configuring claims with For IS 5.1.0 or IS 5.2.0
Configuring claims
...
for above IS 5.3.0
For more information, see Adding Claim Mapping in WSO2 IS guide.
- Sign in to the Management Console by entering your username and password.
- In the Main menu, click Add under Claims.
- Click Add Claim Dialect to create the Amazon authenticator specific claim dialect.
- Specify the Dialect URI as http://wso2.org/amazon/claims and click Add to create the claim dialect.
- Map a new external claim to an existing local claim dialect.
You need to map at least one claim under this new dialect. Therefore, let's map the claim for the Amazon user ID.
- In the Main menu, click Add under Claims.
- Click Add External Claim to add a new claim to the Amazon claim dialect.
- Select the Dialect URI as - http://wso2.org/amazon/claims
- Enter the External Claim URI based on the following claim mapping information.
Select the Mapped Local Claim based on the following claim mapping information.
Claim mapping for IDDialect URI http://wso2.org/amazon/claims External Claim URI http://wso2.org/amazon/claims/user_id
Mapped Local Claim http://wso2.org/claims/username Click Add to add the new external claim.
Similarly, you can create claims for all the public information of the Amazon user by repeating step 5 with the following claim mapping information.
Claim mapping for email
Dialect URI http://wso2.org/amazon/claims External Claim URI http://wso2.org/amazon/claims/email
Mapped Local Claim http://wso2.org/claims/emailaddress Claim mapping for name
Dialect URI http://wso2.org/amazon/claims
External Claim URI http://wso2.org/amazon/claims/name
Mapped Local Claim
http://wso2.org/claims/givenname
Click Update.
Configuring claims
...
for IS 5.1.0 or IS 5.2.0
- Sign into the Management Console by entering your username and password.
- In the Main menu, click Add under Claims.
Click Add New Claim Dialect to create the Amazon authenticator specific claim dialect.
- Use the Dialect Uri as -
http://wso2.org/amazon/claims Enter the values for mandatory fields. It will create the claim for the given user field under the Amazon claim dialect.
Display Name User ID Description Claim to user ID Mapped Attribute uid
Claim URL http://wso2.org/amazon/claims/user_id Supported by Default selected
- Use the Dialect Uri as -
- Click Add New Claim.
- Select the Dialect from the dropdown provided and enter the required information.
Add the following claims under the dialect http://wso2.org/amazon/claims.
Display Name Email Address Description Claim to Email Address Mapped Attribute mail Claim URL http://wso2.org/amazon/claims/email Supported by Default selected Display Name Name Description Claim to Name Mapped Attribute givenName
Claim URL http://wso2.org/amazon/claims/name Supported by Default selected
...