This site contains the documentation that is relevant to older WSO2 product versions and offerings.
For the latest WSO2 documentation, visit https://wso2.com/documentation/.

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

This section lists out some sample configurations that can be used when configuring an Identity Provider. 

Federated authenticator configuration samples

A federated authenticator is used to authenticate a user through an external system (e.g. Yahoo, MSN, OpenIDConnect). To write your own custom federated authenticator, see Writing a Custom Federated Authenticator

The <federatedAuthenticatorConfigs> and <defaultAuthenticatorConfig> tags have similar attributes. To configure a federated authenticator as the default authenticator, use the desired configuration found below with the <defaultAuthenticatorConfig> tag instead of the <federatedAuthenticatorConfigs> tag. Note that there can be only one <defaultAuthenticatorConfig> while there can be multiple <federatedAuthenticatorConfigs>.

OpenID Configuration

<federatedAuthenticatorConfigs
    xmlns="http://model.common.application.identity.carbon.wso2.org/xsd">
    <displayName>openid</displayName>
    <enabled>true</enabled>
    <name>OpenIDAuthenticator</name>
    <properties>
        <name>OpenIdUrl</name>
        <value>https://localhost:9443/openid/</value>
    </properties>
    <properties>
        <name>RealmId</name>
        <value
            xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:nil="1">
        </value>
    </properties>
    <properties>
        <name>IsUserIdInClaims</name>
        <value>false</value>
    </properties>
    <properties>
        <name>commonAuthQueryParams</name>
        <value>
            <value>paramName1=value1&paramName2=value2</value>
        </value>
    </properties>
</federatedAuthenticatorConfigs>

Property Name

Description

OpenIdUrl

OpenID Server URL

RealmId

-

IsUserIdInClaims

OpenID User ID Location

commonAuthQueryParams

Additional Query Parameters

 

SAML2 Web SSO configuration

<federatedAuthenticatorConfigs xmlns="http://model.common.application.identity.carbon.wso2.org/xsd">
               <displayName>samlsso</displayName>
               <enabled>true</enabled>
               <name>SAMLSSOAuthenticator</name>
               <properties>
                  <name>IdPEntityId</name>
                  <value>Identity Provider Entity Id</value>
               </properties>
               <properties>
                  <name>SPEntityId</name>
                  <value>Service Provider Entity Id</value>
               </properties>
               <properties>
                  <name>SSOUrl</name>
                  <value>https://localhost:9443/samlsso/</value>
               </properties>
               <properties>
                  <name>ISAuthnReqSigned</name>
                  <value>true</value>
               </properties>
               <properties>
                  <name>IsLogoutEnabled</name>
                  <value>true</value>
               </properties>
               <properties>
                  <name>LogoutReqUrl</name>
                  <value>https://example.com/logout/url</value>
               </properties>
               <properties>
                  <name>IsLogoutReqSigned</name>
                  <value>true</value>
               </properties>
               <properties>
                  <name>IsAuthnRespSigned</name>
                  <value>true</value>
               </properties>
               <properties>
                  <name>IsUserIdInClaims</name>
                  <value>false</value>
               </properties>
               <properties>
                  <name>IsAssertionEncrypted</name>
                  <value>true</value>
               </properties>
               <properties>
                  <name>isAssertionSigned</name>
                  <value>true</value>
               </properties>
               <properties>
                  <name>commonAuthQueryParams</name>
                  <value>paramName1=value1&paramName2=value2</value>
               </properties>
            </federatedAuthenticatorConfigs>

Property Name

Description

IdPEntityId

Identity Provider Entity Id

SPEntityId

Service Provider Entity Id

SSOUrl

SSO URL

ISAuthnReqSigned

Enable Authentication Request Signing

IsLogoutEnabled

Enable Logout

LogoutReqUrl

Logout Url

IsLogoutReqSigned

Enable Logout Request Signing

IsAuthnRespSigned

Enable Authentication Response Signing

IsUserIdInClaims

SAML2 Web SSO User ID Location

IsAssertionEncrypted

Enable Assertion Encryption

isAssertionSigned

Enable Assertion Signing

commonAuthQueryParams

Additional Query Parameters

 

OAuth2/OpenID Connect configuration

<federatedAuthenticatorConfigs xmlns="http://model.common.application.identity.carbon.wso2.org/xsd">
               <displayName>openidconnect</displayName>
               <enabled>true</enabled>
               <name>OpenIDConnectAuthenticator</name>
               <properties>
                  <name>ClientId</name>
                  <value>ClientID</value>
               </properties>
               <properties>
                  <name>OAuth2AuthzUrl</name>
                  <value>https://localhost:9443/oauth2/authorize/</value>
               </properties>
               <properties>
                  <name>OAUTH2TokenUrl</name>
                  <value>https://localhost:9443/oauth2/token/</value>
               </properties>
               <properties>
                  <confidential>true</confidential>
                  <name>ClientSecret</name>
                  <value>ClientSecret</value>
               </properties>
               <properties>
                  <name>IsUserIdInClaims</name>
                  <value>false</value>
               </properties>
               <properties>
                  <name>commonAuthQueryParams</name>
                  <value>paramName1=value1&paramName2=value2</value>
               </properties>
            </federatedAuthenticatorConfigs>

 

Property Name

Description

ClientId

Client Id

OAuth2AuthzUrl

Authorization Endpoint URL

OAUTH2TokenUrl

Token Endpoint URL

ClientSecret

Client Secret

IsUserIdInClaims

OpenID Connect User ID Location

commonAuthQueryParams

Additional Query Parameters

 

WS-Federation (Passive) configuration

<federatedAuthenticatorConfigs xmlns="http://model.common.application.identity.carbon.wso2.org/xsd">
               <displayName>passivests</displayName>
               <enabled>true</enabled>
               <name>PassiveSTSAuthenticator</name>
               <properties>
                  <name>RealmId</name>
                  <value>Passive STS Realm</value>
               </properties>
               <properties>
                  <name>PassiveSTSUrl</name>
                  <value>https://localhost:9443/passivests/</value>
               </properties>
               <properties>
                  <name>IsUserIdInClaims</name>
                  <value>false</value>
               </properties>
               <properties>
                  <name>commonAuthQueryParams</name>
                  <value>paramName1=value1</value>
               </properties>
</federatedAuthenticatorConfigs>

 

Property Name

Description

RealmId

Passive STS Realm

PassiveSTSUrl

Passive STS URL

IsUserIdInClaims

Passive STS User ID Location

commonAuthQueryParams

Additional Query Parameters

 

Facebook configuration

<federatedAuthenticatorConfigs xmlns="http://model.common.application.identity.carbon.wso2.org/xsd">
               <displayName>facebook</displayName>
               <enabled>true</enabled>
               <name>FacebookAuthenticator</name>
               <properties>
                  <name>ClientId</name>
                  <value>clientID</value>
               </properties>
               <properties>
                  <confidential>true</confidential>
                  <name>ClientSecret</name>
                  <value>secret</value>
               </properties>
</federatedAuthenticatorConfigs>

Property Name

Description

ClientId

Client Id

ClientSecret

Client Secret

 

Yahoo configuration

<federatedAuthenticatorConfigs xmlns="http://model.common.application.identity.carbon.wso2.org/xsd">
               <displayName>yahoo</displayName>
               <enabled>true</enabled>
               <name>YahooOpenIDAuthenticator</name>
            </federatedAuthenticatorConfigs>

 

Google configuration

<federatedAuthenticatorConfigs
    xmlns="http://model.common.application.identity.carbon.wso2.org/xsd">
    <displayName>google</displayName>
    <enabled>true</enabled>
    <name>GoogleOpenIDAuthenticator</name>
</federatedAuthenticatorConfigs>

 

Microsoft (Hotmail,MSN,Live) configuration

<federatedAuthenticatorConfigs xmlns="http://model.common.application.identity.carbon.wso2.org/xsd">
               <displayName>microsoft(hotmail,</displayName>
               <enabled>true</enabled>
               <name>MicrosoftWindowsLive</name>
               <properties>
                  <name>ClientSecret</name>
                  <value>clientsecret</value>
               </properties>
               <properties>
                  <name>windows-live-callback-url</name>
                  <value>https://example.com/callback/url</value>
               </properties>
               <properties>
                  <name>ClientId</name>
                  <value>clientID</value>
               </properties>
</federatedAuthenticatorConfigs>

Property Name

Description

ClientSecret

Client Secret

windows-live-callback-url

Callback Url

ClientId

Client Id

  • No labels