This topic documents instructions on how to test the OpenID Connect session management feature with the WSO2 Playground sample application as the Relying Party (RP) with WSO2 Identity Server as the OpenID Connect Provider (OP). See Configuring OpenID Connect Single Logout for more information.
Info |
---|
Relying Party (RP) and OpenID Provider (OP) definitions in this context is as follows, Relying Parties (RPs) - OAuth 2.0 Clients using OpenID Connect OpenID Providers (OPs) - OAuth 2.0 Authentication Servers implementing OpenID Connect |
...
- Start the IS server and log into the management console.
- Add a new service provider named "playground2" and click Register.
- Expand the Inbound Authentication Configuration section and then the OAuth/OpenID Connect Configuration and click Configure.
For more information, see Configuring OAuth2-OpenID Connect. Expand the Local & Outbound Authentication Configuration section and select Use tenant domain in local subject identifier to sign the ID token with the user's tenant domain.
Note Alternatively, to sign the ID token with the service provider's tenant domain, open the
identity.xml
file found in the<IS_HOME>/conf/repository/identity
folder and set the following property to true.Code Block <!-- Sign the ID Token with Service Provider Tenant Private Key--> <SignJWTWithSPKey>true</SignJWTWithSPKey>
Enter
http://wso2is.local:8080/playground2/oauth2client
as the callback URL and click Add.Note At this point, you will see the client key and client secret.
Note these values as you will need them later in this process.
- Repeat steps 1- 4 and register a service provider named as "playground3".
...