...
Step 1 - Configuring the Carbon Console for SSO
| Info |
|---|
This step is done in order to have SSO between the API Manager's and Identitiy Server's management consoles. |
Open the <API-M_HOME>/repository/conf/security/authenticators.xml file and give the configurations as shown below.
- Set
disabledattributes in the<Authenticator>element tofalse. ServiceProviderID: The issuer name of the service provider.IdentityProviderSSOServiceURL: The URL of the IDP. In this example, it is the URL of the Identity Server.Info A Service Provider (SP) is an entity that provides web services. A service provider relies on a trusted Identity Provider (IdP) for authentication and authorization. In this case, the Identity Server acts as the IdP and does the task of authenticating and authorizing the user of the service provider. For instructions on how you can configure WSO2 API Manager with IdPs, see the Related Links section at the bottom of this page.
| Code Block |
|---|
<Authenticator name="SAML2SSOAuthenticator" disabled="false">
<Priority>10</Priority>
<Config>
<Parameter name="LoginPage">/carbon/admin/login.jsp</Parameter>
<Parameter name="ServiceProviderID">carbonserver</Parameter>
<Parameter name="IdentityProviderSSOServiceURL">https://localhost:9444/samlsso</Parameter>
<Parameter name="NameIDPolicyFormat">urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</Parameter>
</Config> |
...
Make sure the <priority> element of the SAML2SSOAuthenticator is less than that of the BasicAuthenticator handler. See /wiki/spaces/AM2xx/pages/21364768here for more information.
| Info |
|---|
If there are many WSO2 products in your environment, you can configure SSO for the management consoles to gain one-time acces to all of them without repeated authentication. You can do this by changing the |
...
| Localtabgroup | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|
|