Versions Compared

Old Version 1

changes.mady.by.user Former user

Saved on

compared with

New Version Current

changes.mady.by.user Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

This  This section guides you through the configurations you can include in a service provider application. 

...

Code Block
languagexml
<xsd1:inboundAuthenticationConfig>
    <!--Zero or more repetitions:-->
    <xsd1:inboundAuthenticationRequestConfigs>
        <!--Optional:-->
        <xsd1:inboundAuthKey>issuer.1</xsd1:inboundAuthKey>
        <!--Optional:-->
        <xsd1:inboundAuthType>samlsso</xsd1:inboundAuthType>
        <!--Zero or more repetitions:-->
        <xsd1:properties>
            <!--Optional:-->
            <xsd1:name>attrConsumServiceIndex</xsd1:name>
            <!--Optional:-->
            <xsd1:value>354785936</xsd1:value>
        </xsd1:properties>
    </xsd1:inboundAuthenticationRequestConfigs>
</xsd1:inboundAuthenticationConfig>

Parameter

Type

Description

inboundAuthKey

String

Specify the issuer here, which is the unique identifier of the service provider. This is also the issuer value specified in the SAML Authentication Request issued by the service provider.

inboundAuthType

String

For SAML 2.0 authentication type should be ‘samlsso’



 

 

Property Name

Property Value

attrConsumServiceIndex

This is the consumer service index.  The service provider should send this in the SAML request to get attributes of the authenticated subject.

 

 


Configuring OAuth/OpenID Connect 

To add a Service Provider with OAuth capability, add an OAuth application through the OAuthAdminServiceexposed at https://<IS_HOST>:<IS_PORT>/services/ OAuthAdminService ?wsdl. The following sample request shows how to add the OAuth service. The registerOAuthApplicationData function is used to add the OAuth service to the application.  


Code Block
languagexml
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://org.apache.axis2/xsd" xmlns:xsd1="http://dto.oauth.identity.carbon.wso2.org/xsd">
   <soapenv:Header/>
   <soapenv:Body>
      <xsd:registerOAuthApplicationData>
         <!--Optional:-->
         <xsd:application>
            <!--Optional:-->
            <xsd1:OAuthVersion>Oauth-2.0</xsd1:OAuthVersion>
            <!--Optional:-->
            <xsd1:applicationName>TestApp</xsd1:applicationName>
            <!--Optional:-->
            <xsd1:callbackUrl>http://localhost:8080/oauth2client</xsd1:callbackUrl>
            <!--Optional:-->
            <xsd1:grantTypes>authorization_code implicit password client_credentials refresh_token urn:ietf:params:oauth:grant-type:saml2-bearer iwa:ntlm</xsd1:grantTypes>
         </xsd:application>
      </xsd:registerOAuthApplicationData>
   </soapenv:Body>
</soapenv:Envelope>

 


Once the OAuth application data is added, include the issuer details in the inbound authentication configurations. The  inboundAuthKey and oauthConsumerSecret can be obtained by calling the getOAuthApplicationDataByAppName function given in the  OAuthAdminService as seen in the request below. 

 


Code Block
languagexml
<soapenv:Envelope
    xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
    xmlns:xsd="http://org.apache.axis2/xsd">
    <soapenv:Header/>
    <soapenv:Body>
        <xsd:getOAuthApplicationDataByAppName>
            <!--Optional:-->
            <xsd:appName>TestApp</xsd:appName>
        </xsd:getOAuthApplicationDataByAppName>
    </soapenv:Body>
</soapenv:Envelope>

The response of getOAuthApplicationDataByAppName will contain the oauthConsumerKey and oauthConsumerSecret which is required to configure OAuth for the service provider.


 

 

Parameter

Type

Description

inboundAuthKey

String

OAuth Client Key

inboundAuthType

String

For OAuth authentication type should be ‘oauth2

 



Property Name

Property Value

oauthConsumerSecret

OAuth client secret

Code Block
languagexml
<xsd1:inboundAuthenticationConfig>
    <!--Zero or more repetitions:-->
    <xsd1:inboundAuthenticationRequestConfigs>
        <!--Optional:-->
        <xsd1:inboundAuthKey>XhFbH1qEarpg0bqcGG_utaRa2wka</xsd1:inboundAuthKey>
        <!--Optional:-->
        <xsd1:inboundAuthType>oauth</xsd1:inboundAuthType>
        <!--Zero or more repetitions:-->
        <xsd1:properties>
            <!--Optional:-->
            <xsd1:name>oauthConsumerSecret</xsd1:name>
            <!--Optional:-->
            <xsd1:value>D3AARDfI6BRqls7k6eqiZk4J8QYa</xsd1:value>
        </xsd1:properties>
    </xsd1:inboundAuthenticationRequestConfigs>
</xsd1:inboundAuthenticationConfig>

 


Configuring WS-Trust Security Token service

To configure a service provider with the WS-Trust Security Token Service (STS), add a trusted service through the OAuthAdminService exposed at https://<IS_HOST>:<IS_PORT>/services/STSAdminService?wsdl. The following sample request shows how to add the STS service using the addTrustedService function.

Code Block
languagexml
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ser="http://service.sts.security.carbon.wso2.org">
   <soapenv:Header/>
   <soapenv:Body>
      <ser:addTrustedService>
         <!--Optional:-->
         <ser:serviceAddress>https://example.com</ser:serviceAddress>
         <!--Optional:-->
         <ser:certAlias>wso2carbon.cert</ser:certAlias>
      </ser:addTrustedService>
   </soapenv:Body>
</soapenv:Envelope>

Once the trusted service is registered, the service address can be included in the <inboundAuthenticationConfig> element as the <inboundAuthKey>.

Code Block
languagexml
<xsd1:inboundAuthenticationConfig>
    <!--Zero or more repetitions:-->
    <xsd1:inboundAuthenticationRequestConfigs>
        <!--Optional:-->
        <xsd1:inboundAuthKey>https://example.com</xsd1:inboundAuthKey>
        <!--Optional:-->
        <xsd1:inboundAuthType>wstrust</xsd1:inboundAuthType>
    </xsd1:inboundAuthenticationRequestConfigs>
</xsd1:inboundAuthenticationConfig>

 



 

Parameter

Type

Description

inboundAuthKey

String

The endpoint address of the trusted service.

inboundAuthType

String

For WS-Trust Security Token Service, the authentication type should be ‘wstrust’

Properties

Property

No specific properties to define

Configuring WS-Federation (passive)

Code Block
languagexml
<xsd1:inboundAuthenticationConfig>
    <!--Zero or more repetitions:-->
    <xsd1:inboundAuthenticationRequestConfigs>
        <!--Optional:-->
        <xsd1:inboundAuthKey>TestSP</xsd1:inboundAuthKey>
        <!--Optional:-->
        <xsd1:inboundAuthType>passivests</xsd1:inboundAuthType>
    </xsd1:inboundAuthenticationRequestConfigs>
</xsd1:inboundAuthenticationConfig>
 


 
Parameter
Type
Description
inboundAuthKey
String
Passive STS realm identifier
inboundAuthType
String
For WS-Federation (Passive) Configuration, authentication type should be ‘passivests’
Properties
Property
No specific properties to define
 

Configuring OpenID
 Code Block
languagexml
<xsd1:inboundAuthenticationConfig>
    <!--Zero or more repetitions:-->
    <xsd1:inboundAuthenticationRequestConfigs>
        <!--Optional:-->
        <xsd1:inboundAuthKey>TestSP</xsd1:inboundAuthKey>
        <!--Optional:-->
        <xsd1:inboundAuthType>openid</xsd1:inboundAuthType>
    </xsd1:inboundAuthenticationRequestConfigs>
</xsd1:inboundAuthenticationConfig>
Parameter
Type
Description
inboundAuthKey
String
OpenID realm identifier
inboundAuthType
String
For OpenID Configuration, the authentication type should be openid
Properties
Property
No specific properties to define
 
...