...
- Once a Web application is published from App Manager publisher, synapse handler for SAML SSO is attached to the synapse configurations as follows. API resource will be created under
<PRODUCT_HOME>/repository/deployment/server/synapse-configs/default/api/
directory. Name of the file will be{app created user}–{app name}_v{version}.xml
.<handler class="org.wso2.carbon.appmgt.gateway.handlers.security.saml2.SAML2AuthenticationHandler"/>
The
SAML2AuthenticationHandler
validates incoming requests. If authenticated cookie is not found, request is sent to the IDP. The IDP URL is configured as a synapse sequence as follows.Info If App Manager is running with a port offset of zero and default IDP is used, then these configurations need not to be changed.
Code Block language html/xml <sequence xmlns="http://ws.apache.org/ns/synapse" name="saml2_sequence"> <property name="uri.var.saml2.request" expression="get-property('SAMLRequest')" /> <call> <endpoint xmlns="http://ws.apache.org/ns/synapse" name="HTTPEndpoint"> <http uri-template="https://localhost:9443/samlsso?SAMLRequest={uri.var.saml2.request}" method="POST"> </http> </endpoint> </call> <respond/> </sequence>
Add the Web application as a service provider in service provider configurations in IDP. For more information on configuring a SAML2 service provider in WSO2 Identity Server, go to Adding a Service Provider.
Info When setting up a service provider;
Web application name should be provided as the issuer in the service provider configuration.
Assertion consumer URL should be gateway URL of the Web application.
...
Code Block | ||
---|---|---|
| ||
{"iss":"wso2.org/products/am","exp":1394072102566,"Subject":"admin","http://wso2.org/claims/emailaddress":"appm@wso2.com", "http://wso2.org/claims/mobile":"123123213","http://wso2.org/claims/role":"admin,subscriber,Internal/everyone"} |
...
Sending SAML response to backend
...