Versions Compared

Old Version 20

changes.mady.by.user Former user

Saved on

compared with

New Version Current

changes.mady.by.user Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: ✉️: Typo - "teant" instead of "tenant"

...

  1. Sign in to the API Manager's management console ( https://localhost:9443/carbon ) using admin/admin credentials and select Add under Identity Providers menu in the Main menu. 

    Note

    If you are using a teant tenant to create the Identity Provider, use the credentials of tenant admin to log into the API Manager's Management Console.

  2. Provide the following values to configure the IdP:
    • Under Basic Information 
      • Identity Provider Name: Enter a unique name for IdP

      • Identity Provider Public Certificate:   The certificate used to sign the SAML assertion.  Export the public certificate of WSO2 IS and import it here. 

        Alternatively, you can create a self-signed certificate and then export it as a .cer file using the following commands: 

        Code Block
        keytool -genkey -alias wookie -keyalg RSA -keystore wookieKeystore.jks -keysize 4096
keytool -v -export -file keystore1.cer -keystore keystore1.jks -alias keystore1
      • Alias: Give the name of the alias if the Identity Provider identifies this token endpoint by an alias. e.g., https://localhost:9443/oauth2/token
      • Under Federated Authenticators -> SAML2 Web SSO Configuration

      • Enable SAML2 Web SSO: true

      • Identity Provider Entity Id: The SAML2 issuer name specified when generating the assertion token, which contains the unique identifier of the IDP. You give this name when configuring the SP.

      • Service Provider Entity Id: Issuer name given when configuring the SP

      • SSO URL: Enter the IDP's SAML2 Web SSO URL value. E.g., https://localhost:9444/samlsso/ if you have offset the default port, which is 9443.

        Note

        If you are in tenant mode, append the tenant domain to the SSO URL as a query parameter as below.

        https://localhost:9443/samlsso?tenantDomain=<tenantDomain>
     Next, let's register a service provider.
  3. Log in to the management console of the Identity Server and select Add under Service Providers menu in the Main menu.
  4. Choose to edit the service provider that you just registered and select SAML2 Web SSO Configuration.
  5. Provide the following values to configure the SP and click Update.


    Let's see how to get a signed SAML2 token (encoded assertion value) when authenticating against a SAML2 IdP. With the authentication request, you pass attributes such as the SAML2 issuer name, token endpoint and the restricted audience. In this guide, we use a command-line client program developed by WSO2 to create the 64-bit, URL-encoded SAML assertion. 

...