An Identity Provider (IdP) is responsible for issuing identification information for users looking to interact with a system. We can add and configure such identity providers and link them with the Identity Server through the Identity Provider Management Service API.
...
The service contract of this admin service can be found at https://<IS_HOST>:<IS_PORT>/services/IdentityProviderMgtService?wsdl. Replace the tag <IS_HOST>:<IS_PORT> with the relevant host and port number, for example: https://localhost:9443/services/IdentityProviderMgtService?wsdl.
| Note |
|---|
Note: Prior to calling any of these admin services, you need to make them discoverable. See Calling Admin Services for information on how to do this. |
...
Permission Level: /permission/admin/manage
Request :
| Code Block | ||
|---|---|---|
| ||
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:mgt="http://mgt.idp.carbon.wso2.org" xmlns:xsd="http://model.common.application.identity.carbon.wso2.org/xsd"> <soapenv:Header/> <soapenv:Body> <mgt:addIdP> <!--Optional:--> <mgt:identityProvider> <xsd:alias>https://localhost:9443/oauth2/token/</xsd:alias><!--Optional:--> <xsd:certificate>BASE64 encoded String goes here<alias>?</xsd:certificate>alias> <xsd:displayName>Sample IdP</xsd:displayName><!--Optional:--> <xsd:enable>true<certificate>?</xsd:enable>certificate> <xsd:federationHub>false</xsd:federationHub><!--Optional:--> <xsd:homeRealmId>-</xsd:homeRealmId>claimConfig> <xsd:identityProviderDescription>Sample Description<... </xsd:identityProviderDescription>claimConfig> <xsd:identityProviderName>TestIdP</xsd:identityProviderName><!--Optional:--> <xsd:primary>true</xsd:primary>defaultAuthenticatorConfig> ... <xsd:provisioningRole>-</xsd:provisioningRole>defaultAuthenticatorConfig> </mgt:identityProvider>!--Optional:--> </mgt:addIdP><xsd:defaultProvisioningConnectorConfig> ... </soapenv:Body> </soapenv:Envelope>xsd:defaultProvisioningConnectorConfig> <!--Optional:--> <xsd:displayName>?</xsd:displayName> <!--Optional:--> <xsd:enable>?</xsd:enable> <!--Zero or more repetitions:--> <xsd:federatedAuthenticatorConfigs> ... </xsd:federatedAuthenticatorConfigs> <!--Optional:--> <xsd:federationHub>?</xsd:federationHub> <!--Optional:--> <xsd:homeRealmId>?</xsd:homeRealmId> <!--Optional:--> <xsd:identityProviderDescription>?</xsd:identityProviderDescription> <!--Optional:--> <xsd:identityProviderName>?</xsd:identityProviderName> <!--Zero or more repetitions:--> <xsd:idpProperties> ... </xsd:idpProperties> <!--Optional:--> <xsd:justInTimeProvisioningConfig> ... </xsd:justInTimeProvisioningConfig> <!--Optional:--> <xsd:permissionAndRoleConfig> ... </xsd:permissionAndRoleConfig> <!--Optional:--> <xsd:primary>?</xsd:primary> <!--Zero or more repetitions:--> <xsd:provisioningConnectorConfigs> ... </xsd:provisioningConnectorConfigs> <!--Optional:--> <xsd:provisioningRole>?</xsd:provisioningRole> </mgt:identityProvider> </mgt:addIdP> </soapenv:Body> </soapenv:Envelope> |
| Expand | |||||
|---|---|---|---|---|---|
| |||||
|
Response:
| Code Block | ||
|---|---|---|
| ||
None<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"> <soapenv:Body> <ns:addIdPResponse xmlns:ns="http://mgt.idp.carbon.wso2.org"> <ns:return xsi:nil="true" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"/> </ns:addIdPResponse> </soapenv:Body> </soapenv:Envelope> |
In addition to the basic details for the IdP, it is also possible to include claims configuration, role configuration, federated authenticators, just-in-time provisioning information, and outbound provisioning connectors details to the addIdp request body. Properties related to those configurations are listed below. However, even without these details, an IdP can be added and updated later on.
...