Versions Compared

Old Version 1

changes.mady.by.user Former user

Saved on

compared with

New Version Current

changes.mady.by.user Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Warning

The <federatedAuthenticatorConfigs> and <defaultAuthenticatorConfig> tags have similar attributes. To configure a federated authenticator as the default authenticator, use the desired configuration found below with the <defaultAuthenticatorConfig> tag instead of the <federatedAuthenticatorConfigs> tag. Note that there can be only one <defaultAuthenticatorConfig> while there can be multiple <federatedAuthenticatorConfigs>.

...

SAML2 Web SSO configuration

Code Block
languagexml
<federatedAuthenticatorConfigs

...

 xmlns="http://model.common.application.identity.carbon.wso2.org/xsd">

...

<displayName>samlsso</displayName>
               <enabled>true</enabled>

...

...

  <name>SAMLSSOAuthenticator</name>

...

...

<properties>

...

...

...

<name>IdPEntityId</name>

...

          <value>Identity Provider

...

Entity Id</value>

...

     </properties>

...

...

  <properties>

...

...

...

  <name>SPEntityId</name>

...

...

   <value>Service Provider Entity Id</value>

...

         </

...

properties>

...

...

Property Name

Description

OpenIdUrl

OpenID Server URL

RealmId

-

IsUserIdInClaims

OpenID User ID Location

commonAuthQueryParams

Additional Query Parameters

 

SAML2 Web SSO configuration

Code Block
languagexml
<federatedAuthenticatorConfigs xmlns="http://model.common.application.identity.carbon.wso2.org/xsd">   <properties>
            <displayName>samlsso</displayName>      <name>SSOUrl</name>
         <enabled>true</enabled>           <value>https://localhost:9443/samlsso/</value>
              <name>SAMLSSOAuthenticator< </name>properties>
               <properties>
                  <name>IdPEntityId<<name>ISAuthnReqSigned</name>
                  <value>Identity Provider Entity Id<<value>true</value>
               </properties>
               <properties>
                  <name>SPEntityId<<name>IsLogoutEnabled</name>
                  <value>Service Provider Entity Id<<value>true</value>
               </properties>
               <properties>
                  <name>SSOUrl<<name>LogoutReqUrl</name>
                  <value>https://localhost:9443/samlsso/<example.com/logout/url</value>
               </properties>
               <properties>
                  <name>ISAuthnReqSigned<<name>IsLogoutReqSigned</name>
                  <value>true</value>
               </properties>
               <properties>
                  <name>IsLogoutEnabled<<name>IsAuthnRespSigned</name>
                  <value>true</value>
               </properties>
               <properties>
                  <name>LogoutReqUrl<<name>IsUserIdInClaims</name>
                  <value>https://example.com/logout/url</<value>false</value>
               </properties>
               <properties>
                  <name>IsLogoutReqSigned<<name>IsAssertionEncrypted</name>
                  <value>true</value>
               </properties>
               <properties>
                  <name>IsAuthnRespSigned<<name>isAssertionSigned</name>
                  <value>true</value>
               </properties>
               <properties>
                  <name>IsUserIdInClaims<<name>commonAuthQueryParams</name>
                  <value>false<<value>paramName1=value1&paramName2=value2</value>
               </properties>
               <properties>
      
           <name>IsAssertionEncrypted</name>                   <value>true</value>
               </properties>
               <properties>
                  <name>isAssertionSigned</name>
 </federatedAuthenticatorConfigs>

Property Name

Description

IdPEntityId

Identity Provider Entity Id

SPEntityId

Service Provider Entity Id

SSOUrl

SSO URL

ISAuthnReqSigned

Enable Authentication Request Signing

IsLogoutEnabled

Enable Logout

LogoutReqUrl

Logout Url

IsLogoutReqSigned

Enable Logout Request Signing

IsAuthnRespSigned

Enable Authentication Response Signing

IsUserIdInClaims

SAML2 Web SSO User ID Location

IsAssertionEncrypted

Enable Assertion Encryption

isAssertionSigned

Enable Assertion Signing

commonAuthQueryParams

Additional Query Parameters


OAuth2/OpenID Connect configuration

Code Block
languagexml
<federatedAuthenticatorConfigs xmlns="http://model.common.application.identity.carbon.wso2.org/xsd">
<value>true</value>
<displayName>openidconnect</displayName>
               <enabled>true</enabled>
<
<name>OpenIDConnectAuthenticator</
properties>
name>
               <properties>
<name>commonAuthQueryParams<
<name>ClientId</name>
<value>paramName1=value1&paramName2=value2<
<value>ClientID</value>
               </properties>
</federatedAuthenticatorConfigs>

Property Name

Description

IdPEntityId

Identity Provider Entity Id

SPEntityId

Service Provider Entity Id

SSOUrl

SSO URL

ISAuthnReqSigned

Enable Authentication Request Signing

IsLogoutEnabled

Enable Logout

LogoutReqUrl

Logout Url

IsLogoutReqSigned

Enable Logout Request Signing

IsAuthnRespSigned

Enable Authentication Response Signing

IsUserIdInClaims

SAML2 Web SSO User ID Location

IsAssertionEncrypted

Enable Assertion Encryption

isAssertionSigned

Enable Assertion Signing

commonAuthQueryParams

Additional Query Parameters

 

OAuth2/OpenID Connect configuration

Code Block
languagexml
<federatedAuthenticatorConfigs xmlns="http://model.common.application.identity.carbon.wso2.org/xsd">   <properties>
                  <name>OAuth2AuthzUrl</name>
                  <value>https://localhost:9443/oauth2/authorize/</value>
               </properties>
               <displayName>openidconnect</displayName><properties>
                  <enabled>true</enabled><name>OAUTH2TokenUrl</name>
                  <name>OpenIDConnectAuthenticator</name><value>https://localhost:9443/oauth2/token/</value>
               <properties></properties>
               <properties>
  <name>ClientId</name>                <confidential>true</confidential>
  <value>ClientID</value>                <<name>ClientSecret</properties>name>
               <properties>   <value>ClientSecret</value>
               <name>OAuth2AuthzUrl<</name>properties>
               <properties>
  <value>https://localhost:9443/oauth2/authorize/</value>                <<name>IsUserIdInClaims</properties>name>
               <properties>   <value>false</value>
               <name>OAUTH2TokenUrl</name>
                  <value>https://localhost:9443/oauth2/token/</value>
               </</properties>
               <properties>
                  <confidential>true<<name>commonAuthQueryParams</confidential>name>
                  <name>ClientSecret</name><value>paramName1=value1&paramName2=value2</value>
                  <value>ClientSecret</value></properties>
               </properties>
          </federatedAuthenticatorConfigs>



Property Name

Description

ClientId

Client Id

OAuth2AuthzUrl

Authorization Endpoint URL

OAUTH2TokenUrl

Token Endpoint URL

ClientSecret

Client Secret

IsUserIdInClaims

OpenID Connect User ID Location

commonAuthQueryParams

Additional Query Parameters


WS-Federation (Passive) configuration

Code Block
languagexml
<federatedAuthenticatorConfigs xmlns="http://model.common.application.identity.carbon.wso2.org/xsd">
            <properties>   <displayName>passivests</displayName>
               <name>IsUserIdInClaims<<enabled>true</name>enabled>
               <name>PassiveSTSAuthenticator</name>
    <value>false</value>           <properties>
    </properties>              <name>RealmId</name>
 <properties>                 <value>Passive STS <name>commonAuthQueryParams</name>Realm</value>
               </properties>
     <value>paramName1=value1&paramName2=value2</value>          <properties>
     </properties>             </federatedAuthenticatorConfigs>

 

 

Property Name

Description

ClientId

Client Id

OAuth2AuthzUrl

Authorization Endpoint URL

OAUTH2TokenUrl

Token Endpoint URL

ClientSecret

Client Secret

IsUserIdInClaims

OpenID Connect User ID Location

commonAuthQueryParams

Additional Query Parameters

 

WS-Federation (Passive) configuration

Code Block
languagexml
<federatedAuthenticatorConfigs xmlns="http://model.common.application.identity.carbon.wso2.org/xsd"><name>PassiveSTSUrl</name>
                  <value>https://localhost:9443/passivests/</value>
         <displayName>passivests</displayName>      </properties>
         <enabled>true</enabled>      <properties>
         <name>PassiveSTSAuthenticator</name>         <name>IsUserIdInClaims</name>
      <properties>            <value>false</value>
      <name>RealmId</name>         </properties>
         <value>Passive STS Realm</value>    <properties>
           </properties>       <name>commonAuthQueryParams</name>
        <properties>          <value>paramName1=value1</value>
        <name>PassiveSTSUrl</name>       </properties>
</federatedAuthenticatorConfigs>

Property Name

Description

RealmId

Passive STS Realm

PassiveSTSUrl

Passive STS URL

IsUserIdInClaims

Passive STS User ID Location

commonAuthQueryParams

Additional Query Parameters


Facebook configuration


Code Block
languagexml
<federatedAuthenticatorConfigs xmlns="http://model.common.application.identity.carbon.wso2.org/xsd">
<value>https://localhost:9443/passivests/</value>
      <displayName>facebook</displayName>
               <enabled>true</enabled>
<
<name>FacebookAuthenticator</
properties>
name>
               <properties>
<name>IsUserIdInClaims<
<name>ClientId</name>
<value>false<
<value>clientID</value>
               </properties>
               <properties>
<name>commonAuthQueryParams<
<confidential>true</confidential>
                  <name>ClientSecret</name>
<value>paramName1=value1<
<value>secret</value>
               </properties>
</federatedAuthenticatorConfigs>

Property Name

Description

RealmId

Passive STS Realm

PassiveSTSUrl

Passive STS URL

IsUserIdInClaims

Passive STS User ID Location

commonAuthQueryParams

Additional Query Parameters

 

Facebook configuration

Code Block
languagexml
<federatedAuthenticatorConfigs xmlns="http://model.common.application.identity.carbon.wso2.org/xsd">

               <properties>
<displayName>facebook</displayName>
        <name>UserInfoFields</name>
<enabled>true</enabled>
<name>FacebookAuthenticator</name>
<value>id,first_name,middle_name,gender,email</value>
<properties>
</properties>
               <properties>
<name>ClientId</name>
                <name>Scope</name>
<value>clientID</value>
<
<value>email</
properties>
value>
<properties>
</properties>
               <properties>
<confidential>true</confidential>
<name>ClientSecret<
<name>callBackUrl</name>
<value>secret<
<value>https://localhost:9443/commonauth</value>
               </properties>
<
/federatedAuthenticatorConfigs>

Property Name

Description

ClientId

Client Id

ClientSecret

Client Secret

 

/federatedAuthenticatorConfigs>

Property Name

Description

ClientId

This refers to the Client Id you received from the Facebook app you created.

ClientSecret

This refers to the Client Secret you received from the Facebook app you created.

UserInfoFields

These are the claims related to the user account on Facebook. WSO2 Identity Server requests these fields from Facebook when a user is authenticated with Facebook through the IS. See public_profile permission for more information about these fields.

Scope

Defines the permission to access particular information from a Facebook profile. See the Permissions Reference for a list of the different permission groups in Facebook APIs.  

callBackUrl

Callback URL of the Identity Server.


Yahoo configuration

Code Block
languagexml
<federatedAuthenticatorConfigs xmlns="http://model.common.application.identity.carbon.wso2.org/xsd">
               <displayName>yahoo</displayName>
               <enabled>true</enabled>
               <name>YahooOpenIDAuthenticator</name>
            </federatedAuthenticatorConfigs>
 

Google configuration
 Code Block
languagexml
<federatedAuthenticatorConfigs
    xmlns="http://model.common.application.identity.carbon.wso2.org/xsd">
    <displayName>google</displayName>
    <enabled>true</enabled>
    <name>GoogleOpenIDAuthenticator</name>
</federatedAuthenticatorConfigs>
 

Microsoft (Hotmail,MSN,Live) configuration
 Code Block
languagexml
<federatedAuthenticatorConfigs xmlns="http://model.common.application.identity.carbon.wso2.org/xsd">
               <displayName>microsoft(hotmail,</displayName>
               <enabled>true</enabled>
               <name>MicrosoftWindowsLive</name>
               <properties>
                  <name>ClientSecret</name>
                  <value>clientsecret</value>
               </properties>
               <properties>
                  <name>windows-live-callback-url</name>
                  <value>https://example.com/callback/url</value>
               </properties>
               <properties>
                  <name>ClientId</name>
                  <value>clientID</value>
               </properties>
</federatedAuthenticatorConfigs>
Property Name
Description
ClientSecret
Client Secret
windows-live-callback-url
Callback Url
ClientId
Client Id
 

 Anchor
outboundprovconfig
outboundprovconfig
Outbound provisioning connector configuration samples
An outbound provisioning connector is used to provision users to external systems (e.g. Google, SalesForce).  To write your own custom outbound provisioning connector, see Writing an Outbound Provisioning Connector
 Warning
The <provisioningConnectorConfigs> and <defaultProvisioningConnectorConfig> tags have similar attributes. To configure an outbound provisioning connector as the default provisioning connector, use the desired configuration found below with the <defaultProvisioningConnectorConfig> tag instead of the <provisioningConnectorConfigs> tag. There can be only one <defaultProvisioningConnectorConfig> while there can be multiple <provisioningConnectorConfigs>.
SalesForce provisioning configuration
 Code Block
languagexml
<provisioningConnectorConfigs xmlns="http://model.common.application.identity.carbon.wso2.org/xsd">
               <enabled>true</enabled>
               <name>salesforce</name>
               <provisioningProperties>
                  <name>sf-username</name>
                  <value>testuser</value>
               </provisioningProperties>
               <provisioningProperties>
                  <confidential>true</confidential>
                  <name>sf-password</name>
                  <value>testpw</value>
               </provisioningProperties>
               <provisioningProperties>
                  <name>sf-clientid</name>
                  <value>clientID</value>
               </provisioningProperties>
               <provisioningProperties>
                  <confidential>true</confidential>
                  <name>sf-client-secret</name>
                  <value>clientsecret</value>
               </provisioningProperties>
               <provisioningProperties>
                  <name>sf-api-version</name>
                  <value>1.0.0</value>
               </provisioningProperties>
               <provisioningProperties>
                  <name>sf-domain-name</name>
                  <value>example.com</value>
               </provisioningProperties>
</provisioningConnectorConfigs>
Property Name
Description
sf-username
Username
sf-password
Password
sf-clientid
Client ID
sf-client-secret
Client Secret
sf-api-version
API version
sf-domain-name
Domain Name
 

Google provisioning configuration
 Code Block
languagexml
<provisioningConnectorConfigs xmlns="http://model.common.application.identity.carbon.wso2.org/xsd">
               <enabled>true</enabled>
               <name>googleapps</name>
               <provisioningProperties>
                  <name>google_prov_application_name</name>
                  <value>TestApp</value>
               </provisioningProperties>
               <provisioningProperties>
                  <name>google_prov_admin_email</name>
                  <value>test@mygoogledomain.com</value>
               </provisioningProperties>
               <provisioningProperties>
                  <name>google_prov_service_acc_email</name>
                  <value>test@developer.gserviceaccount.com</value>
               </provisioningProperties>
               <provisioningProperties>
                  <name>google_prov_familyname_claim_dropdown</name>
                  <value>ClaimB</value>
               </provisioningProperties>
               <provisioningProperties>
                  <name>google_prov_givenname_claim_dropdown</name>
                  <value>ClaimB</value>
               </provisioningProperties>
               <provisioningProperties>
                  <name>google_prov_email_claim_dropdown</name>
                  <value>ClaimA</value>
               </provisioningProperties>
               <provisioningProperties>
                  <name>google_prov_domain_name</name>
                  <value>mygoogledomain.com</value>
               </provisioningProperties>
            </provisioningConnectorConfigs>
Property Name
Description
google_prov_application_name
Application Name
google_prov_admin_email
Administrator's Email
google_prov_service_acc_email
Service Account Email
google_prov_familyname_claim_dropdown
Family Name
google_prov_givenname_claim_dropdown
Given Name
google_prov_email_claim_dropdown
Primary Email
google_prov_domain_name
Google Domain
 

SCIM provisioning configuration
 Code Block
languagexml
   <provisioningConnectorConfigs xmlns="http://model.common.application.identity.carbon.wso2.org/xsd">
               <enabled>true</enabled>
               <name>scim</name>
               <provisioningProperties>
                  <name>scim-username</name>
                  <value>testuser</value>
               </provisioningProperties>
               <provisioningProperties>
                  <confidential>true</confidential>
                  <name>scim-password</name>
                  <value>testpw</value>
               </provisioningProperties>
               <provisioningProperties>
                  <name>scim-user-ep</name>
                  <value>example.com</value>
               </provisioningProperties>
               <provisioningProperties>
                  <name>scim-group-ep</name>
                  <value>example.com</value>
               </provisioningProperties>
               <provisioningProperties>
                  <name>scim-user-store-domain</name>
                  <value>example.com</value>
               </provisioningProperties>
   </provisioningConnectorConfigs>
 


 
Property Name
Description
scim-username
Username
scim-password
Password
scim-user-ep
User Endpoint
scim-group-ep
Group Endpoint
scim-user-store-domain
User Store Domain
 

SPML provisioning configuration
 Code Block
languagexml
<provisioningConnectorConfigs xmlns="http://model.common.application.identity.carbon.wso2.org/xsd">
               <enabled>true</enabled>
               <name>spml</name>
               <provisioningProperties>
                  <name>spml-username</name>
                  <value>testuser</value>
               </provisioningProperties>
               <provisioningProperties>
                  <confidential>true</confidential>
                  <name>spml-password</name>
                  <value>testpw</value>
               </provisioningProperties>
               <provisioningProperties>
                  <name>spml-ep</name>
                  <value>example.com</value>
               </provisioningProperties>
               <provisioningProperties>
                  <name>spml-oc</name>
                  <value>spml2person</value>
               </provisioningProperties>
</provisioningConnectorConfigs>
Property Name
Description
spml-username
Username
spml-password
Password
spml-ep
SPML Endpoint
spml-oc
SPML ObjectClass