...
Warning |
---|
The |
...
SAML2 Web SSO configuration
Code Block | ||
---|---|---|
| ||
<federatedAuthenticatorConfigs |
...
xmlns="http://model.common.application.identity.carbon.wso2.org/xsd"> |
...
<displayName>samlsso</displayName> <enabled>true</enabled> |
...
...
<name>SAMLSSOAuthenticator</name> |
...
|
...
<properties> |
...
|
...
|
...
<name>IdPEntityId</name> |
...
<value>Identity Provider |
...
Entity Id</value> |
...
</properties>
|
...
|
...
<properties> |
...
|
...
|
...
<name>SPEntityId</name> |
...
|
...
<value>Service Provider Entity Id</value> |
...
</ |
...
properties> |
...
|
...
Property Name | Description |
---|---|
OpenIdUrl | OpenID Server URL |
RealmId | - |
IsUserIdInClaims | OpenID User ID Location |
commonAuthQueryParams | Additional Query Parameters |
SAML2 Web SSO configuration
Code Block | ||
---|---|---|
| ||
<federatedAuthenticatorConfigs xmlns="http://model.common.application.identity.carbon.wso2.org/xsd"> <properties> <displayName>samlsso</displayName> <name>SSOUrl</name> <enabled>true</enabled> <value>https://localhost:9443/samlsso/</value> <name>SAMLSSOAuthenticator< </name>properties> <properties> <name>IdPEntityId<<name>ISAuthnReqSigned</name> <value>Identity Provider Entity Id<<value>true</value> </properties> <properties> <name>SPEntityId<<name>IsLogoutEnabled</name> <value>Service Provider Entity Id<<value>true</value> </properties> <properties> <name>SSOUrl<<name>LogoutReqUrl</name> <value>https://localhost:9443/samlsso/<example.com/logout/url</value> </properties> <properties> <name>ISAuthnReqSigned<<name>IsLogoutReqSigned</name> <value>true</value> </properties> <properties> <name>IsLogoutEnabled<<name>IsAuthnRespSigned</name> <value>true</value> </properties> <properties> <name>LogoutReqUrl<<name>IsUserIdInClaims</name> <value>https://example.com/logout/url</<value>false</value> </properties> <properties> <name>IsLogoutReqSigned<<name>IsAssertionEncrypted</name> <value>true</value> </properties> <properties> <name>IsAuthnRespSigned<<name>isAssertionSigned</name> <value>true</value> </properties> <properties> <name>IsUserIdInClaims<<name>commonAuthQueryParams</name> <value>false<<value>paramName1=value1¶mName2=value2</value> </properties> <properties> <name>IsAssertionEncrypted</name> <value>true</value> </properties> <properties> <name>isAssertionSigned</name> </federatedAuthenticatorConfigs> |
Property Name | Description |
---|---|
IdPEntityId | Identity Provider Entity Id |
SPEntityId | Service Provider Entity Id |
SSOUrl | SSO URL |
ISAuthnReqSigned | Enable Authentication Request Signing |
IsLogoutEnabled | Enable Logout |
LogoutReqUrl | Logout Url |
IsLogoutReqSigned | Enable Logout Request Signing |
IsAuthnRespSigned | Enable Authentication Response Signing |
IsUserIdInClaims | SAML2 Web SSO User ID Location |
IsAssertionEncrypted | Enable Assertion Encryption |
isAssertionSigned | Enable Assertion Signing |
commonAuthQueryParams | Additional Query Parameters |
OAuth2/OpenID Connect configuration
Code Block | ||
---|---|---|
| ||
<federatedAuthenticatorConfigs xmlns="http://model.common.application.identity.carbon.wso2.org/xsd"> |
<displayName>openidconnect</displayName> <enabled>true</enabled> |
<name>OpenIDConnectAuthenticator</ |
name> <properties> |
<name>ClientId</name> |
<value>ClientID</value> </properties> |
Property Name | Description |
---|---|
IdPEntityId | Identity Provider Entity Id |
SPEntityId | Service Provider Entity Id |
SSOUrl | SSO URL |
ISAuthnReqSigned | Enable Authentication Request Signing |
IsLogoutEnabled | Enable Logout |
LogoutReqUrl | Logout Url |
IsLogoutReqSigned | Enable Logout Request Signing |
IsAuthnRespSigned | Enable Authentication Response Signing |
IsUserIdInClaims | SAML2 Web SSO User ID Location |
IsAssertionEncrypted | Enable Assertion Encryption |
isAssertionSigned | Enable Assertion Signing |
commonAuthQueryParams | Additional Query Parameters |
OAuth2/OpenID Connect configuration
Code Block | ||
---|---|---|
| ||
<federatedAuthenticatorConfigs xmlns="http://model.common.application.identity.carbon.wso2.org/xsd"> <properties> <name>OAuth2AuthzUrl</name> <value>https://localhost:9443/oauth2/authorize/</value> </properties> <displayName>openidconnect</displayName><properties> <enabled>true</enabled><name>OAUTH2TokenUrl</name> <name>OpenIDConnectAuthenticator</name><value>https://localhost:9443/oauth2/token/</value> <properties></properties> <properties> <name>ClientId</name> <confidential>true</confidential> <value>ClientID</value> <<name>ClientSecret</properties>name> <properties> <value>ClientSecret</value> <name>OAuth2AuthzUrl<</name>properties> <properties> <value>https://localhost:9443/oauth2/authorize/</value> <<name>IsUserIdInClaims</properties>name> <properties> <value>false</value> <name>OAUTH2TokenUrl</name> <value>https://localhost:9443/oauth2/token/</value> </</properties> <properties> <confidential>true<<name>commonAuthQueryParams</confidential>name> <name>ClientSecret</name><value>paramName1=value1¶mName2=value2</value> <value>ClientSecret</value></properties> </properties> </federatedAuthenticatorConfigs> |
Property Name | Description |
---|---|
ClientId | Client Id |
OAuth2AuthzUrl | Authorization Endpoint URL |
OAUTH2TokenUrl | Token Endpoint URL |
ClientSecret | Client Secret |
IsUserIdInClaims | OpenID Connect User ID Location |
commonAuthQueryParams | Additional Query Parameters |
WS-Federation (Passive) configuration
Code Block | ||
---|---|---|
| ||
<federatedAuthenticatorConfigs xmlns="http://model.common.application.identity.carbon.wso2.org/xsd"> <properties> <displayName>passivests</displayName> <name>IsUserIdInClaims<<enabled>true</name>enabled> <name>PassiveSTSAuthenticator</name> <value>false</value> <properties> </properties> <name>RealmId</name> <properties> <value>Passive STS <name>commonAuthQueryParams</name>Realm</value> </properties> <value>paramName1=value1¶mName2=value2</value> <properties> </properties> </federatedAuthenticatorConfigs> |
Property Name | Description |
---|---|
ClientId | Client Id |
OAuth2AuthzUrl | Authorization Endpoint URL |
OAUTH2TokenUrl | Token Endpoint URL |
ClientSecret | Client Secret |
IsUserIdInClaims | OpenID Connect User ID Location |
commonAuthQueryParams | Additional Query Parameters |
WS-Federation (Passive) configuration
Code Block | ||
---|---|---|
| ||
<federatedAuthenticatorConfigs xmlns="http://model.common.application.identity.carbon.wso2.org/xsd"><name>PassiveSTSUrl</name> <value>https://localhost:9443/passivests/</value> <displayName>passivests</displayName> </properties> <enabled>true</enabled> <properties> <name>PassiveSTSAuthenticator</name> <name>IsUserIdInClaims</name> <properties> <value>false</value> <name>RealmId</name> </properties> <value>Passive STS Realm</value> <properties> </properties> <name>commonAuthQueryParams</name> <properties> <value>paramName1=value1</value> <name>PassiveSTSUrl</name> </properties> </federatedAuthenticatorConfigs> |
Property Name | Description |
---|---|
RealmId | Passive STS Realm |
PassiveSTSUrl | Passive STS URL |
IsUserIdInClaims | Passive STS User ID Location |
commonAuthQueryParams | Additional Query Parameters |
Facebook configuration
Code Block | ||
---|---|---|
| ||
<federatedAuthenticatorConfigs xmlns="http://model.common.application.identity.carbon.wso2.org/xsd"> |
<displayName>facebook</displayName> <enabled>true</enabled> |
<name>FacebookAuthenticator</ |
name> <properties> |
<name>ClientId</name> |
<value>clientID</value> </properties> <properties> |
<confidential>true</confidential> <name>ClientSecret</name> |
<value>secret</value> </properties> |
Property Name | Description |
---|---|
RealmId | Passive STS Realm |
PassiveSTSUrl | Passive STS URL |
IsUserIdInClaims | Passive STS User ID Location |
commonAuthQueryParams | Additional Query Parameters |
Facebook configuration
language | xml |
---|
<properties> |
<name>UserInfoFields</name> |
|
<value>id,first_name,middle_name,gender,email</value> |
</properties> <properties> |
<name>Scope</name> |
|
<value>email</ |
value> |
</properties> <properties> |
|
<name>callBackUrl</name> |
<value>https://localhost:9443/commonauth</value> </properties> < |
Property Name | Description |
---|---|
ClientId | Client Id |
ClientSecret | Client Secret |
/federatedAuthenticatorConfigs> |
Property Name | Description |
---|---|
ClientId | This refers to the Client Id you received from the Facebook app you created. |
ClientSecret | This refers to the Client Secret you received from the Facebook app you created. |
UserInfoFields | These are the claims related to the user account on Facebook. WSO2 Identity Server requests these fields from Facebook when a user is authenticated with Facebook through the IS. See public_profile permission for more information about these fields. |
Scope | Defines the permission to access particular information from a Facebook profile. See the Permissions Reference for a list of the different permission groups in Facebook APIs. |
callBackUrl | Callback URL of the Identity Server. |
Yahoo configuration
Code Block | ||
---|---|---|
| ||
<federatedAuthenticatorConfigs xmlns="http://model.common.application.identity.carbon.wso2.org/xsd"> <displayName>yahoo</displayName> <enabled>true</enabled> <name>YahooOpenIDAuthenticator</name> </federatedAuthenticatorConfigs> |
Google configuration
Code Block | ||
---|---|---|
| ||
<federatedAuthenticatorConfigs xmlns="http://model.common.application.identity.carbon.wso2.org/xsd"> <displayName>google</displayName> <enabled>true</enabled> <name>GoogleOpenIDAuthenticator</name> </federatedAuthenticatorConfigs> |
Microsoft (Hotmail,MSN,Live) configuration
Code Block | ||
---|---|---|
| ||
<federatedAuthenticatorConfigs xmlns="http://model.common.application.identity.carbon.wso2.org/xsd"> <displayName>microsoft(hotmail,</displayName> <enabled>true</enabled> <name>MicrosoftWindowsLive</name> <properties> <name>ClientSecret</name> <value>clientsecret</value> </properties> <properties> <name>windows-live-callback-url</name> <value>https://example.com/callback/url</value> </properties> <properties> <name>ClientId</name> <value>clientID</value> </properties> </federatedAuthenticatorConfigs> |
Property Name | Description |
---|---|
ClientSecret | Client Secret |
windows-live-callback-url | Callback Url |
ClientId | Client Id |
Anchor | ||||
---|---|---|---|---|
|
An outbound provisioning connector is used to provision users to external systems (e.g. Google, SalesForce). To write your own custom outbound provisioning connector, see Writing an Outbound Provisioning Connector.
Warning |
---|
The |
SalesForce provisioning configuration
Code Block | ||
---|---|---|
| ||
<provisioningConnectorConfigs xmlns="http://model.common.application.identity.carbon.wso2.org/xsd"> <enabled>true</enabled> <name>salesforce</name> <provisioningProperties> <name>sf-username</name> <value>testuser</value> </provisioningProperties> <provisioningProperties> <confidential>true</confidential> <name>sf-password</name> <value>testpw</value> </provisioningProperties> <provisioningProperties> <name>sf-clientid</name> <value>clientID</value> </provisioningProperties> <provisioningProperties> <confidential>true</confidential> <name>sf-client-secret</name> <value>clientsecret</value> </provisioningProperties> <provisioningProperties> <name>sf-api-version</name> <value>1.0.0</value> </provisioningProperties> <provisioningProperties> <name>sf-domain-name</name> <value>example.com</value> </provisioningProperties> </provisioningConnectorConfigs> |
Property Name | Description |
---|---|
sf-username | Username |
sf-password | Password |
sf-clientid | Client ID |
sf-client-secret | Client Secret |
sf-api-version | API version |
sf-domain-name | Domain Name |
Google provisioning configuration
Code Block | ||
---|---|---|
| ||
<provisioningConnectorConfigs xmlns="http://model.common.application.identity.carbon.wso2.org/xsd"> <enabled>true</enabled> <name>googleapps</name> <provisioningProperties> <name>google_prov_application_name</name> <value>TestApp</value> </provisioningProperties> <provisioningProperties> <name>google_prov_admin_email</name> <value>test@mygoogledomain.com</value> </provisioningProperties> <provisioningProperties> <name>google_prov_service_acc_email</name> <value>test@developer.gserviceaccount.com</value> </provisioningProperties> <provisioningProperties> <name>google_prov_familyname_claim_dropdown</name> <value>ClaimB</value> </provisioningProperties> <provisioningProperties> <name>google_prov_givenname_claim_dropdown</name> <value>ClaimB</value> </provisioningProperties> <provisioningProperties> <name>google_prov_email_claim_dropdown</name> <value>ClaimA</value> </provisioningProperties> <provisioningProperties> <name>google_prov_domain_name</name> <value>mygoogledomain.com</value> </provisioningProperties> </provisioningConnectorConfigs> |
Property Name | Description |
---|---|
google_prov_application_name | Application Name |
google_prov_admin_email | Administrator's Email |
google_prov_service_acc_email | Service Account Email |
google_prov_familyname_claim_dropdown | Family Name |
google_prov_givenname_claim_dropdown | Given Name |
google_prov_email_claim_dropdown | Primary Email |
google_prov_domain_name | Google Domain |
SCIM provisioning configuration
Code Block | ||
---|---|---|
| ||
<provisioningConnectorConfigs xmlns="http://model.common.application.identity.carbon.wso2.org/xsd"> <enabled>true</enabled> <name>scim</name> <provisioningProperties> <name>scim-username</name> <value>testuser</value> </provisioningProperties> <provisioningProperties> <confidential>true</confidential> <name>scim-password</name> <value>testpw</value> </provisioningProperties> <provisioningProperties> <name>scim-user-ep</name> <value>example.com</value> </provisioningProperties> <provisioningProperties> <name>scim-group-ep</name> <value>example.com</value> </provisioningProperties> <provisioningProperties> <name>scim-user-store-domain</name> <value>example.com</value> </provisioningProperties> </provisioningConnectorConfigs> |
Property Name | Description |
---|---|
scim-username | Username |
scim-password | Password |
scim-user-ep | User Endpoint |
scim-group-ep | Group Endpoint |
scim-user-store-domain | User Store Domain |
SPML provisioning configuration
Code Block | ||
---|---|---|
| ||
<provisioningConnectorConfigs xmlns="http://model.common.application.identity.carbon.wso2.org/xsd"> <enabled>true</enabled> <name>spml</name> <provisioningProperties> <name>spml-username</name> <value>testuser</value> </provisioningProperties> <provisioningProperties> <confidential>true</confidential> <name>spml-password</name> <value>testpw</value> </provisioningProperties> <provisioningProperties> <name>spml-ep</name> <value>example.com</value> </provisioningProperties> <provisioningProperties> <name>spml-oc</name> <value>spml2person</value> </provisioningProperties> </provisioningConnectorConfigs> |
Property Name | Description |
---|---|
spml-username | Username |
spml-password | Password |
spml-ep | SPML Endpoint |
spml-oc | SPML ObjectClass |