Versions Compared

Old Version 1

changes.mady.by.user Former user

Saved on

compared with

New Version 2

changes.mady.by.user Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. Configure the sp.xml file. When doing this, keep the following in mind:

    Panel
    • The given sp.xml sample file uses https://localhost:9443/acs as the redirection URL. Configure it according to your environment: https://<carbonserverhot:port>/acs.
    • The EntityID element of the sp.xml should match the corresponding value of ServiceProviderID in the authenticators.xml file
    • The same values are used in single logout related parameters. However this is not tested the single-logout feature with OpenSSO at the time of writing.

    The following is the configurations used in the sp.xml file:

    Code Block
    <EntityDescriptor entityID="https://localhost:9443/acs" xmlns="urn:oasis:names:tc:SAML:2.0:metadata">
	<SPSSODescriptor AuthnRequestsSigned="false" WantAssertionsSigned="false"  protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
    	<SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
                         	Location="https://localhost:9443/acs/fedletSloRedirect"
                         	ResponseLocation="https://localhost:9443/acs/fedletSloRedirect"/>
    	<SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
                         	Location="https://localhost:9443/acs/fedletSloPOST"
                         	ResponseLocation="https://localhost:9443/acs/fedletSloPOST"/>
    	<SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"
                         	Location="https://localhost:9443/acs/fedletSloSoap"/>
    	<NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat>
    	<AssertionConsumerService isDefault="true" index="0" Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
                              	Location="https://localhost:9443/acs"/>
    	<AssertionConsumerService index="1" Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact"
                              	Location="https://localhost:9443/acs"/>
	</SPSSODescriptor>
	<RoleDescriptor xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                	xmlns:query="urn:oasis:names:tc:SAML:metadata:ext:query"
                	xsi:type="query:AttributeQueryDescriptorType"
                	protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"></RoleDescriptor>
	<XACMLAuthzDecisionQueryDescriptor WantAssertionsSigned="false"
                    protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"></XACMLAuthzDecisionQueryDescriptor>
</EntityDescriptor>
  2. Go to Common Tasks > Register Remote Service Provider and upload the file.
    1. Select sp.xml as the file to upload.
    2. Select a Circle of Trust configuration in the remote service provider.
  3. Go to Federation > Entity Providers in the OpenSSO management console and select the newly registered service provider.
  4. Select the response signing attribute.
     
  5. Under the NameID Format list, make sure you specify the ‘transient’ and ‘unspecified’ Name ID Formats.
     

 

Setting up the WSO2 Product

...

Try accessing the Carbon management console (e.g., https://localhost:9443/carbon). This redirects you to the IDP (OpenSSO login page). Enter the your username and the password in the OpenSSO login page. Once you are properly authenticated, you are redirected back to the WSO2 Carbon product login page as a logged in user.

...