This site contains the documentation that is relevant to older WSO2 product versions and offerings.
For the latest WSO2 documentation, visit https://wso2.com/documentation/.
Service Provider Configurations used with APIs
 This section guides you through the configurations you can include in a service provider application.Â
Configuring SAML2 web SSOÂ
To add a Service Provider with SAML2 Web SSO capability, you have to first add SAML2 Web SSO configuration. This is done through the IdentitySAMLSSOConfigService
exposed at https://<IS_HOST>:<IS_PORT>/services/IdentitySAMLSSOConfigService?wsdl
. The following sample request shows how to add SAML SSO issuer.
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://org.apache.axis2/xsd" xmlns:xsd1="http://dto.saml.sso.identity.carbon.wso2.org/xsd"> <soapenv:Header/> <soapenv:Body> <xsd:addRPServiceProvider> <!--Optional:--> <xsd:spDto> <!--Optional:--> <xsd1:assertionConsumerUrl>http://localhost:8080/travelocity.com/home.jsp</xsd1:assertionConsumerUrl> <!--Optional:--> <xsd1:doSignAssertions>true</xsd1:doSignAssertions> <!--Optional:--> <xsd1:doSignResponse>true</xsd1:doSignResponse> <!--Optional:--> <xsd1:doSingleLogout>true</xsd1:doSingleLogout> <!--Optional:--> <xsd1:issuer>travelocity.com</xsd1:issuer> <!--Optional:--> <xsd1:nameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</xsd1:nameIDFormat> <xsd1:useFullyQualifiedUsername>true</xsd1:useFullyQualifiedUsername> </xsd:spDto> </xsd:addRPServiceProvider> </soapenv:Body> </soapenv:Envelope>
Once the SAML SSO issuer is added, the issuer details should be included in inbound authentication configurations.
<xsd1:inboundAuthenticationConfig> <!--Zero or more repetitions:--> <xsd1:inboundAuthenticationRequestConfigs> <!--Optional:--> <xsd1:inboundAuthKey>issuer.1</xsd1:inboundAuthKey> <!--Optional:--> <xsd1:inboundAuthType>samlsso</xsd1:inboundAuthType> <!--Zero or more repetitions:--> <xsd1:properties> <!--Optional:--> <xsd1:name>attrConsumServiceIndex</xsd1:name> <!--Optional:--> <xsd1:value>354785936</xsd1:value> </xsd1:properties> </xsd1:inboundAuthenticationRequestConfigs> </xsd1:inboundAuthenticationConfig>
Parameter | Type | Description |
---|---|---|
inboundAuthKey | String | Specify the issuer here, which is the unique identifier of the service provider. This is also the issuer value specified in the SAML Authentication Request issued by the service provider. |
inboundAuthType | String | For SAML 2.0 authentication type should be ‘samlsso’ |
Property Name | Property Value |
---|---|
attrConsumServiceIndex | This is the consumer service index. Â The service provider should send this in the SAML request to get attributes of the authenticated subject. Â |
Configuring OAuth/OpenID ConnectÂ
To add a Service Provider with OAuth capability, add an OAuth application through the OAuthAdminService
exposed at https://<IS_HOST>:<IS_PORT>/services/
OAuthAdminService
?wsdl.
The following sample request shows how to add the OAuth service. The registerOAuthApplicationData
function is used to add the OAuth service to the application.Â
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://org.apache.axis2/xsd" xmlns:xsd1="http://dto.oauth.identity.carbon.wso2.org/xsd"> <soapenv:Header/> <soapenv:Body> <xsd:registerOAuthApplicationData> <!--Optional:--> <xsd:application> <!--Optional:--> <xsd1:OAuthVersion>Oauth-2.0</xsd1:OAuthVersion> <!--Optional:--> <xsd1:applicationName>TestApp</xsd1:applicationName> <!--Optional:--> <xsd1:callbackUrl>http://localhost:8080/oauth2client</xsd1:callbackUrl> <!--Optional:--> <xsd1:grantTypes>authorization_code implicit password client_credentials refresh_token urn:ietf:params:oauth:grant-type:saml2-bearer iwa:ntlm</xsd1:grantTypes> </xsd:application> </xsd:registerOAuthApplicationData> </soapenv:Body> </soapenv:Envelope>
Once the OAuth application data is added, include the issuer details in the inbound authentication configurations. The inboundAuthKey
and oauthConsumerSecret
can be obtained by calling the getOAuthApplicationDataByAppName
function given in the OAuthAdminService
as seen in the request below.Â
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://org.apache.axis2/xsd"> <soapenv:Header/> <soapenv:Body> <xsd:getOAuthApplicationDataByAppName> <!--Optional:--> <xsd:appName>TestApp</xsd:appName> </xsd:getOAuthApplicationDataByAppName> </soapenv:Body> </soapenv:Envelope>
The response of
getOAuthApplicationDataByAppName
will contain the oauthConsumerKey
and oauthConsumerSecret
which is required to configure OAuth for the service provider.
Parameter | Type | Description |
---|---|---|
inboundAuthKey | String | OAuth Client Key |
inboundAuthType | String | For OAuth authentication type should be ‘oauth2 |
Property Name | Property Value |
---|---|
oauthConsumerSecret | OAuth client secret |
<xsd1:inboundAuthenticationConfig> <!--Zero or more repetitions:--> <xsd1:inboundAuthenticationRequestConfigs> <!--Optional:--> <xsd1:inboundAuthKey>XhFbH1qEarpg0bqcGG_utaRa2wka</xsd1:inboundAuthKey> <!--Optional:--> <xsd1:inboundAuthType>oauth</xsd1:inboundAuthType> <!--Zero or more repetitions:--> <xsd1:properties> <!--Optional:--> <xsd1:name>oauthConsumerSecret</xsd1:name> <!--Optional:--> <xsd1:value>D3AARDfI6BRqls7k6eqiZk4J8QYa</xsd1:value> </xsd1:properties> </xsd1:inboundAuthenticationRequestConfigs> </xsd1:inboundAuthenticationConfig>
Configuring WS-Trust Security Token service
To configure a service provider with the WS-Trust Security Token Service (STS), add a trusted service through the OAuthAdminService
exposed at https://<IS_HOST>:<IS_PORT>/services/STSAdminService?wsdl.
The following sample request shows how to add the STS service using the addTrustedService
function.
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ser="http://service.sts.security.carbon.wso2.org"> <soapenv:Header/> <soapenv:Body> <ser:addTrustedService> <!--Optional:--> <ser:serviceAddress>https://example.com</ser:serviceAddress> <!--Optional:--> <ser:certAlias>wso2carbon.cert</ser:certAlias> </ser:addTrustedService> </soapenv:Body> </soapenv:Envelope>
Once the trusted service is registered, the service address can be included in the <inboundAuthenticationConfig>
element as the <inboundAuthKey>
.
<xsd1:inboundAuthenticationConfig> <!--Zero or more repetitions:--> <xsd1:inboundAuthenticationRequestConfigs> <!--Optional:--> <xsd1:inboundAuthKey>https://example.com</xsd1:inboundAuthKey> <!--Optional:--> <xsd1:inboundAuthType>wstrust</xsd1:inboundAuthType> </xsd1:inboundAuthenticationRequestConfigs> </xsd1:inboundAuthenticationConfig>
Parameter | Type | Description |
---|---|---|
inboundAuthKey | String | The endpoint address of the trusted service. |
inboundAuthType | String | For WS-Trust Security Token Service, the authentication type should be ‘wstrust’ |
Properties | Property | No specific properties to define |
Configuring WS-Federation (passive)
<xsd1:inboundAuthenticationConfig> <!--Zero or more repetitions:--> <xsd1:inboundAuthenticationRequestConfigs> <!--Optional:--> <xsd1:inboundAuthKey>TestSP</xsd1:inboundAuthKey> <!--Optional:--> <xsd1:inboundAuthType>passivests</xsd1:inboundAuthType> </xsd1:inboundAuthenticationRequestConfigs> </xsd1:inboundAuthenticationConfig>
Parameter | Type | Description |
---|---|---|
inboundAuthKey | String | Passive STS realm identifier |
inboundAuthType | String | For WS-Federation (Passive) Configuration, authentication type should be ‘passivests’ |
Properties | Property | No specific properties to define |
Configuring OpenID
<xsd1:inboundAuthenticationConfig> <!--Zero or more repetitions:--> <xsd1:inboundAuthenticationRequestConfigs> <!--Optional:--> <xsd1:inboundAuthKey>TestSP</xsd1:inboundAuthKey> <!--Optional:--> <xsd1:inboundAuthType>openid</xsd1:inboundAuthType> </xsd1:inboundAuthenticationRequestConfigs> </xsd1:inboundAuthenticationConfig>
Parameter | Type | Description |
---|---|---|
inboundAuthKey | String | OpenID realm identifier |
inboundAuthType | String | For OpenID Configuration, the authentication type should be openid |
Properties | Property | No specific properties to define |