The responsibility of the inbound authenticators authenticator component is to identify and parse all the incoming authentication requests and then build the corresponding response. A given inbound authenticator has two parts.:
- Request Processor
- Response Builder
For each protocol supported by the WSO2 Identity Server, there should be an inbound authenticator. The Identity Server includes inbound authenticators for SAML 2.0, OpenID , OpenID Connect, OAuth 2.0, Kerberos KDC, WS-Trust STS and WS-Federation (passive). The responsibility of the SAML 2.0 request processor is to accept a SAML request from a service provider, validate the SAML request and then build a common object model understood by the authentication framework and handover the request to it. The responsibility of the SAML response builder is to accept a common object model from the authentication framework and build a SAML response out of it.
...
| Warning |
|---|
|
OpenID 2.0 has been removed from the base product in WSO2 Identity Server version 5.3.0 onwards as it is now an obsolete specification and has been superseded by OpenID Connect. Alternatively, we recommend that you use OpenID Connectinstead. |
| Expand |
|---|
| title | SAML2 Web SSO Configuration |
|---|
|
| Include Page |
|---|
| Configuring SAML2 Web Single-Sign-On |
|---|
| Configuring SAML2 Web Single-Sign-On |
|---|
|
|
...
| Expand |
|---|
| title | WS-Trust Security Token Service Configuration |
|---|
|
| Include Page |
|---|
| Configuring WS-Trust STSSecurity Token Service |
|---|
| Configuring WS-Trust STSSecurity Token Service |
|---|
|
|
| Panel |
|---|
|
See Single Sign-On for details on configuring single sign-on for service provider using inbound authentication. See the following topics for samples of configuring single sign-on: |