Versions Compared

Old Version 11

changes.mady.by.user Former user

Saved on

compared with

New Version Current

changes.mady.by.user Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Tip
titleConfigure ACL URL in a production environment

The default assertion consumer URL that is sent with the SAML request includes the local domain and default port. In a production environment, you may need to change the assertion consumer URL. To do this, follow the steps below:

  1. Open the application-authentication.xml file found in the <IS_HOME>/repository/conf/identity folder.

  2. Add the following property and update the assertion consumer URL as required.

    Code Block
    <AuthenticatorConfig name="SAMLSSOAuthenticator" enabled="true">
	<Parameter name="SAMLSSOAssertionConsumerUrl">https://localhost:9443/commonauth</Parameter>
</AuthenticatorConfig>
Tip
titleConfigure ACL URL in a production environment

The default assertion consumer URL that is sent with the SAML request includes the local domain and default port. In a production environment, you may need to change the assertion consumer URL. To do this, follow the steps given below:

  1. Open the application-authentication.xml file found in the <IS_HOME>/repository/conf/identity folder.

  2. Add the following property and update the assertion consumer URL as required.

    Code Block
    <AuthenticatorConfig name="SAMLSSOAuthenticator" enabled="true">
	<Parameter name="SAMLSSOAssertionConsumerUrl">https://localhost:9443/commonauth</Parameter>
</AuthenticatorConfig>
Info
titleConfiguring hostname verification

In previous releases, SAML Single-Logout (SLO) requests for service providers were initiated without hostname verification which can impose a security risk. From IS 5.2.0 release onwards, certificate validation has been enforced and hostname verification is enabled by default. If you want to disable the hostname verification, configure the following property in the <IS_HOME>/repository/conf/identity/identity.xml file under the Server\SSOService tag. 

Code Block
languagexml
<SLOHostNameVerificationEnabled>false</SLOHostNameVerificationEnabled>
Note

Note: If the certificate is self-signed, import the service provider's public key to the IS client trust store to ensure that the SSL handshake in the SLO request is successful. For more information on how to do this, see Managing Keystores with the UI in the WSO2 Product Administration Guide.

...