Page Comparison

This section lists out some sample configurations that can be used when configuring an Identity Provider.

Table of Contents

Anchor
federatedauthconfig
federatedauthconfig
Federated authenticator configuration samples

A federated authenticator is used to authenticate a user through an external system (e.g. Yahoo, MSN, OpenIDConnect). To write your own custom federated authenticator, see Writing a Custom Federated Authenticator.

...

Property Name	Description
OpenIdUrl	OpenID Server URL
RealmId	-
IsUserIdInClaims	OpenID User ID Location
commonAuthQueryParams	Additional Query Parameters

SAML2 Web SSO configuration

Code Block

language	xml

<federatedAuthenticatorConfigs xmlns="http://model.common.application.identity.carbon.wso2.org/xsd">
               <displayName>samlsso</displayName>
               <enabled>true</enabled>
               <name>SAMLSSOAuthenticator</name>
               <properties>
                  <name>IdPEntityId</name>
                  <value>Identity Provider Entity Id</value>
               </properties>
               <properties>
                  <name>SPEntityId</name>
                  <value>Service Provider Entity Id</value>
               </properties>
               <properties>
                  <name>SSOUrl</name>
                  <value>https://localhost:9443/samlsso/</value>
               </properties>
               <properties>
                  <name>ISAuthnReqSigned</name>
                  <value>true</value>
               </properties>
               <properties>
                  <name>IsLogoutEnabled</name>
                  <value>true</value>
               </properties>
               <properties>
                  <name>LogoutReqUrl</name>
                  <value>https://example.com/logout/url</value>
               </properties>
               <properties>
                  <name>IsLogoutReqSigned</name>
                  <value>true</value>
               </properties>
               <properties>
                  <name>IsAuthnRespSigned</name>
                  <value>true</value>
               </properties>
               <properties>
                  <name>IsUserIdInClaims</name>
                  <value>false</value>
               </properties>
               <properties>
                  <name>IsAssertionEncrypted</name>
                  <value>true</value>
               </properties>
               <properties>
                  <name>isAssertionSigned</name>
                  <value>true</value>
               </properties>
               <properties>
                  <name>commonAuthQueryParams</name>
                  <value>paramName1=value1&paramName2=value2</value>
               </properties>
            </federatedAuthenticatorConfigs>

Property Name	Description
IdPEntityId	Identity Provider Entity Id
SPEntityId	Service Provider Entity Id
SSOUrl	SSO URL
ISAuthnReqSigned	Enable Authentication Request Signing
IsLogoutEnabled	Enable Logout
LogoutReqUrl	Logout Url
IsLogoutReqSigned	Enable Logout Request Signing
IsAuthnRespSigned	Enable Authentication Response Signing
IsUserIdInClaims	SAML2 Web SSO User ID Location
IsAssertionEncrypted	Enable Assertion Encryption
isAssertionSigned	Enable Assertion Signing
commonAuthQueryParams	Additional Query Parameters

OAuth2/OpenID Connect configuration

Code Block

language	xml

<federatedAuthenticatorConfigs xmlns="http://model.common.application.identity.carbon.wso2.org/xsd">
               <displayName>openidconnect</displayName>
               <enabled>true</enabled>
               <name>OpenIDConnectAuthenticator</name>
               <properties>
                  <name>ClientId</name>
                  <value>ClientID</value>
               </properties>
               <properties>
                  <name>OAuth2AuthzUrl</name>
                  <value>https://localhost:9443/oauth2/authorize/</value>
               </properties>
               <properties>
                  <name>OAUTH2TokenUrl</name>
                  <value>https://localhost:9443/oauth2/token/</value>
               </properties>
               <properties>
                  <confidential>true</confidential>
                  <name>ClientSecret</name>
                  <value>ClientSecret</value>
               </properties>
               <properties>
                  <name>IsUserIdInClaims</name>
                  <value>false</value>
               </properties>
               <properties>
                  <name>commonAuthQueryParams</name>
                  <value>paramName1=value1&paramName2=value2</value>
               </properties>
            </federatedAuthenticatorConfigs>

Property Name	Description
ClientId	Client Id
OAuth2AuthzUrl	Authorization Endpoint URL
OAUTH2TokenUrl	Token Endpoint URL
ClientSecret	Client Secret
IsUserIdInClaims	OpenID Connect User ID Location
commonAuthQueryParams	Additional Query Parameters

WS-Federation (Passive) configuration

Code Block

language	xml

<federatedAuthenticatorConfigs xmlns="http://model.common.application.identity.carbon.wso2.org/xsd">
               <displayName>passivests</displayName>
               <enabled>true</enabled>
               <name>PassiveSTSAuthenticator</name>
               <properties>
                  <name>RealmId</name>
                  <value>Passive STS Realm</value>
               </properties>
               <properties>
                  <name>PassiveSTSUrl</name>
                  <value>https://localhost:9443/passivests/</value>
               </properties>
               <properties>
                  <name>IsUserIdInClaims</name>
                  <value>false</value>
               </properties>
               <properties>
                  <name>commonAuthQueryParams</name>
                  <value>paramName1=value1</value>
               </properties>
</federatedAuthenticatorConfigs>

Property Name	Description
RealmId	Passive STS Realm
PassiveSTSUrl	Passive STS URL
IsUserIdInClaims	Passive STS User ID Location
commonAuthQueryParams	Additional Query Parameters

Facebook configuration

Code Block

language	xml

<federatedAuthenticatorConfigs xmlns="http://model.common.application.identity.carbon.wso2.org/xsd">
               <displayName>facebook</displayName>
               <enabled>true</enabled>
               <name>FacebookAuthenticator</name>
               <properties>
                  <name>ClientId</name>
                  <value>clientID</value>
               </properties>
               <properties>
                  <confidential>true</confidential>
                  <name>ClientSecret</name>
                  <value>secret</value>
               </properties>
</federatedAuthenticatorConfigs>

Property Name	Description
ClientId	Client Id
ClientSecret	Client Secret

Yahoo configuration

Code Block

language	xml

<federatedAuthenticatorConfigs xmlns="http://model.common.application.identity.carbon.wso2.org/xsd">
               <displayName>yahoo</displayName>
               <enabled>true</enabled>
               <name>YahooOpenIDAuthenticator</name>
            </federatedAuthenticatorConfigs>

Google configuration

Code Block

language	xml

<federatedAuthenticatorConfigs
    xmlns="http://model.common.application.identity.carbon.wso2.org/xsd">
    <displayName>google</displayName>
    <enabled>true</enabled>
    <name>GoogleOpenIDAuthenticator</name>
</federatedAuthenticatorConfigs>

Microsoft (Hotmail,MSN,Live) configuration

Code Block

language	xml

<federatedAuthenticatorConfigs xmlns="http://model.common.application.identity.carbon.wso2.org/xsd">
               <displayName>microsoft(hotmail,</displayName>
               <enabled>true</enabled>
               <name>MicrosoftWindowsLive</name>
               <properties>
                  <name>ClientSecret</name>
                  <value>clientsecret</value>
               </properties>
               <properties>
                  <name>windows-live-callback-url</name>
                  <value>https://example.com/callback/url</value>
               </properties>
               <properties>
                  <name>ClientId</name>
                  <value>clientID</value>
               </properties>
</federatedAuthenticatorConfigs>

Property Name	Description
ClientSecret	Client Secret
windows-live-callback-url	Callback Url
ClientId	Client Id

Anchor
outboundprovconfig
outboundprovconfig
Outbound provisioning connector configuration samples

An outbound provisioning connector is used to provision users to external systems (e.g. Google, SalesForce). To write your own custom outbound provisioning connector, see Writing an Outbound Provisioning Connector.

Warning

The <provisioningConnectorConfigs> and <defaultProvisioningConnectorConfig> tags have similar attributes. To configure an outbound provisioning connector as the default provisioning connector, use the desired configuration found below with the <defaultProvisioningConnectorConfig> tag instead of the <provisioningConnectorConfigs> tag. There can be only one <defaultProvisioningConnectorConfig> while there can be multiple <provisioningConnectorConfigs>.

SalesForce provisioning configuration

Code Block

language	xml

<provisioningConnectorConfigs xmlns="http://model.common.application.identity.carbon.wso2.org/xsd">
               <enabled>true</enabled>
               <name>salesforce</name>
               <provisioningProperties>
                  <name>sf-username</name>
                  <value>testuser</value>
               </provisioningProperties>
               <provisioningProperties>
                  <confidential>true</confidential>
                  <name>sf-password</name>
                  <value>testpw</value>
               </provisioningProperties>
               <provisioningProperties>
                  <name>sf-clientid</name>
                  <value>clientID</value>
               </provisioningProperties>
               <provisioningProperties>
                  <confidential>true</confidential>
                  <name>sf-client-secret</name>
                  <value>clientsecret</value>
               </provisioningProperties>
               <provisioningProperties>
                  <name>sf-api-version</name>
                  <value>1.0.0</value>
               </provisioningProperties>
               <provisioningProperties>
                  <name>sf-domain-name</name>
                  <value>example.com</value>
               </provisioningProperties>
</provisioningConnectorConfigs>

Property Name	Description
sf-username	Username
sf-password	Password
sf-clientid	Client ID
sf-client-secret	Client Secret
sf-api-version	API version
sf-domain-name	Domain Name

Google provisioning configuration

Code Block

language	xml

<provisioningConnectorConfigs xmlns="http://model.common.application.identity.carbon.wso2.org/xsd">
               <enabled>true</enabled>
               <name>googleapps</name>
               <provisioningProperties>
                  <name>google_prov_application_name</name>
                  <value>TestApp</value>
               </provisioningProperties>
               <provisioningProperties>
                  <name>google_prov_admin_email</name>
                  <value>test@mygoogledomain.com</value>
               </provisioningProperties>
               <provisioningProperties>
                  <name>google_prov_service_acc_email</name>
                  <value>test@developer.gserviceaccount.com</value>
               </provisioningProperties>
               <provisioningProperties>
                  <name>google_prov_familyname_claim_dropdown</name>
                  <value>ClaimB</value>
               </provisioningProperties>
               <provisioningProperties>
                  <name>google_prov_givenname_claim_dropdown</name>
                  <value>ClaimB</value>
               </provisioningProperties>
               <provisioningProperties>
                  <name>google_prov_email_claim_dropdown</name>
                  <value>ClaimA</value>
               </provisioningProperties>
               <provisioningProperties>
                  <name>google_prov_domain_name</name>
                  <value>mygoogledomain.com</value>
               </provisioningProperties>
            </provisioningConnectorConfigs>

Property Name	Description
google_prov_application_name	Application Name
google_prov_admin_email	Administrator's Email
google_prov_service_acc_email	Service Account Email
google_prov_familyname_claim_dropdown	Family Name
google_prov_givenname_claim_dropdown	Given Name
google_prov_email_claim_dropdown	Primary Email
google_prov_domain_name	Google Domain

SCIM provisioning configuration

Code Block

language	xml

   <provisioningConnectorConfigs xmlns="http://model.common.application.identity.carbon.wso2.org/xsd">
               <enabled>true</enabled>
               <name>scim</name>
               <provisioningProperties>
                  <name>scim-username</name>
                  <value>testuser</value>
               </provisioningProperties>
               <provisioningProperties>
                  <confidential>true</confidential>
                  <name>scim-password</name>
                  <value>testpw</value>
               </provisioningProperties>
               <provisioningProperties>
                  <name>scim-user-ep</name>
                  <value>example.com</value>
               </provisioningProperties>
               <provisioningProperties>
                  <name>scim-group-ep</name>
                  <value>example.com</value>
               </provisioningProperties>
               <provisioningProperties>
                  <name>scim-user-store-domain</name>
                  <value>example.com</value>
               </provisioningProperties>
   </provisioningConnectorConfigs>

Property Name	Description
scim-username	Username
scim-password	Password
scim-user-ep	User Endpoint
scim-group-ep	Group Endpoint
scim-user-store-domain	User Store Domain

SPML provisioning configuration

Code Block

language	xml

<provisioningConnectorConfigs xmlns="http://model.common.application.identity.carbon.wso2.org/xsd">
               <enabled>true</enabled>
               <name>spml</name>
               <provisioningProperties>
                  <name>spml-username</name>
                  <value>testuser</value>
               </provisioningProperties>
               <provisioningProperties>
                  <confidential>true</confidential>
                  <name>spml-password</name>
                  <value>testpw</value>
               </provisioningProperties>
               <provisioningProperties>
                  <name>spml-ep</name>
                  <value>example.com</value>
               </provisioningProperties>
               <provisioningProperties>
                  <name>spml-oc</name>
                  <value>spml2person</value>
               </provisioningProperties>
</provisioningConnectorConfigs>

Property Name	Description
spml-username	Username
spml-password	Password
spml-ep	SPML Endpoint
spml-oc	SPML ObjectClass

Versions Compared

Old Version 6

New Version Current

Key

Anchor
federatedauthconfig
federatedauthconfig
Federated authenticator configuration samples

SAML2 Web SSO configuration

OAuth2/OpenID Connect configuration

WS-Federation (Passive) configuration

Facebook configuration

Yahoo configuration

Google configuration

Microsoft (Hotmail,MSN,Live) configuration

Anchor
outboundprovconfig
outboundprovconfig
Outbound provisioning connector configuration samples

SalesForce provisioning configuration

Google provisioning configuration

SCIM provisioning configuration

SPML provisioning configuration

Page Comparison

Versions Compared

Old Version 6

New Version Current

Key

AnchorfederatedauthconfigfederatedauthconfigFederated authenticator configuration samples

SAML2 Web SSO configuration

OAuth2/OpenID Connect configuration

WS-Federation (Passive) configuration

Facebook configuration

Yahoo configuration

Google configuration

Microsoft (Hotmail,MSN,Live) configuration

AnchoroutboundprovconfigoutboundprovconfigOutbound provisioning connector configuration samples

SalesForce provisioning configuration

Google provisioning configuration

SCIM provisioning configuration

SPML provisioning configuration

Anchor
federatedauthconfig
federatedauthconfig
Federated authenticator configuration samples

Anchor
outboundprovconfig
outboundprovconfig
Outbound provisioning connector configuration samples