Changing the Authentication Method
WSO2 Governance Registry (G-Reg) supports the following authentication methods:
- Basic authentication
- SAML based Single Sign On (SSO)
The configurations of these methods are defined in the authentication
block in the following files for the Publisher and Store as follows:
"authentication": { "activeMethod": "basic", "methods": { "sso": { "attributes": { "issuer": "publisher", "identityProviderURL": "%https.host%/samlsso", "responseSigningEnabled": true, "acs": "https://localhost:9443/publisher/acs", "identityAlias": "wso2carbon", "defaultNameIDPolicy": "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", "useTenantKey": false, "isPassive":false, "validateAssertionValidityPeriod": true, "validateAudienceRestriction": true, "assertionSigningEnabled": true } }, "basic": { "attributes": { "loginURL": "%https.host%/%context%/pages/basic-auth-login" } } } },
- For WSO2 G-Reg Publisher:
<PRODUCT_HOME>/repository/deployment/server/jaggeryapps/publisher/config/publisher.json
- For WSO2 G-Reg Store:
<PRODUCT_HOME>/repository/deployment/server/jaggeryapps/publisher/config/store.json
Change the value of the activeMethod
property in the above files to set the authentication method as follows:
- To activate basic authentication:
"activeMethod": "basic"
- To activate single sign-on:
"activeMethod": "sso"
If you want to activate SAML SSO authentication method, change the service provider configurations also to reflect any port and host changes of your server accordingly in the <PRODUCT_HOME>>repository/conf/identity/sso-idp-config.xml
file. This file is used to register service providers with the embedded WSO2 Identity Server components, which provide SAML SSO authentication support. Change the service provider configurations accordingly to reflect any port and host changes of your server. If you are using an external IDP, you need not do this.