We use the Identity Provider URL (identityProviderUrl
) to configure the IdP to which the SAML SSO messages are sent. By default, wso2carbon
is the identity provider (IdP) URL. However, if needed you can configure an external identity provider URL for this purpose. This configuration change can be done in ssoConfiguration in the store.json file, which is in the <PRODUCT_HOME>/repository/deployment/server/jaggeryapps/store/
directory. It is suggested although not enforced that SSO configuration details be present in a configuration file at the root of the application.
"ssoConfiguration": { "enabled": true, "issuer": "store", "identityProviderURL": "%https.host%/sso/samlsso.jag", "keyStorePassword": "wso2carbon", "identityAlias": "wso2carbon", "responseSigningEnabled": "true", "keyStoreName": "/repository/resources/security/wso2carbon.jks" }
The description of the configuration properties are as follows:
Property | Description |
---|---|
enabled | SSO is enabled only when this property is set to true. |
issuer | The name of the SAML SSO service provider. This value can change depending on the |
identityProviderURL | This is the redirecting SSO URL in your running WSO2 Identity Server (IS) instance. In the case of the Store in UES 1.0.0, it is the SSO app. |
keyStorePassword | Password of the default keystore. |
identityAlias | Alias of the default identity provider. |
responseSigningEnabled | When this property is enabled, all SAML assertions,requests and responses need to be digitally signed. source: SAML & XML-Signature Syntax and Processing doc OASIS Group |
keyStoreName | The location for the default keystore, ( wso2carbon.jks) used by WSO2 IS (running identity provider). |