Versions Compared

Old Version 1

changes.mady.by.user Former user

Saved on

compared with

New Version Current

changes.mady.by.user Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migrated to Confluence 5.3

Table of Contents

...

Another scenario for this feature is in the WSO2 Identity Server. The SAML2 Assertion Profile for OAuth2 uses these registered Identity Providers of the tenant to verify the SAML2 assertion.

Adding a trusted identity provider

  1. Log into the product's management console.
  2. On the Configure menu, click Trusted Identity Providers.
  3. Click on  Add New Trusted Identity Provider .
  4. Enter the i dentity provider's name. This should be a unique name of this identity provider across this tenant.
  5. Enter the issuer name of this identity provider. This will be used for validating the issuer name of the SAML token when using the validation APIs.
  6. If this is the primary identity provider for this tenant, select the Primary Identity Provider option.
    The first identity provider registered would be the primary identity provider by default.
  7. Enter the identity provider's URL.
  8. Upload the public certificate of the identity provider. This will be used for validating SAML token signatures when using the validation APIs.
  9. Click Add Role and add an identity provider Role. These will be the roles that are registered for this tenant at the identity provider.
  10. Upload the role mappings file. This file will map the identity provider roles to tenant roles in the Identity Server.
  11. Click  Add Audience and add the m andatory audience restriction elements that need to be present in the SAML token when it is to be used by this tenant for any purpose. 
    This will be used for validating SAML token Audience Restriction when using the validation APIs.
  12. Enter the OAuth2 Token Endpoint URL or any alias used to refer to it uniquely within the tenant. This will be used when validating the audience restriction of the SAML token under the SAML2 Assertion Profile for OAuth2.
  13. Click Register. The newly added Identity provider will appear in the registered identity provider list.
     

Editing a trusted identity provider

  1. Log into the product's management console.
  2. On the Configure menu, click Trusted Trusted Identity Providers . If identity providers have been added previously, the list of currently added identity providers will be provided.

  3. Click Edit.

  4. Edit the trusted identity provider details as required. For more details on each of the respective fields, see Managing Trusted Identity ProvidersAdding a trusted identity provider.

  5. Click Update.

Deleting a trusted identity provider

  1. Log into the product's management console.

  2. On the Configure menu, click Trusted Trusted Identity Providers . If identity providers have been added previously, the list of currently added identity providers will be provided.

  3. Click Delete.

  4. Click Yes, when the confirmation message box appears.