/
Configuring Federated Authenticators for an Identity Provider

This site contains the documentation that is relevant to older WSO2 product versions and offerings.
For the latest WSO2 documentation, visit https://wso2.com/documentation/.

Configuring Federated Authenticators for an Identity Provider

Jan 05, 2015

You can configure the following federated authenticators by expanding the required forms.

In addition to this, you can create custom authenticators for more specific requirements.

Configuring OpenID

  1. Expand the OpenID Configuration section.

  2. Fill in the following fields where relevant.

Configuring SAML2 Web SSO

In a single sign on system there are two roles; Service Providers and Identity Providers. The important characteristic of a single sign on system is the pre-defined trust relationship between the service providers and the identity providers. Service providers trust the assertions issued by the identity providers and the identity providers issue assertions based on the results of authentication and authorization of principles which access services on the service provider's side.

SAML 2.0 web browser-based single-sign-on profile is defined under the SAML 2.0 Profiles specification. SAML 2.0 provides five main specifications:

  • Core

  • Binding

  • Profile

  • Metadata

  • Conformance

In a web browser-based SSO system, the flow can be started by the user either by attempting to access a service at the service provider, or by directly accessing the identity provider itself.

  1. Expand the SAML2 Web SSO Configuration form.

  2. Fill in the following fields where relevant.

Configuring OAuth2/OpenID Connect

  1. Expand the OAuth2/OpenID Connect Configuration form.

  2. Fill in the following fields where relevant.

Configuring WS-Federation (Passive)

WS-Federation (Web Services Federation) describes the management and brokering of trust relationships and security token exchange across Web services and organizational boundaries. WS-Federation is a part of the larger WS-Security framework. For example, WS-Federation builds on the Security Token Service (STS) by providing mechanisms that facilitate interactions. In the WS-Federation Model an Identity Provider is a Security Token Service (STS). Service Providers depend on an Identity Provider or Security Token Service to do the user authentication. OAuth is an important protocol for IdP services as most major Web services are also identity providers, mainly through the use of OAuth. These Web services include Google, Facebook, Yahoo, AOL, Microsoft, PayPal, MySpace, and Flickr among many more. Furthermore, all major email providers offer OAuth IdP services.

In most instances it is necessary to secure the Security Token Service. According the Trust Brokering model defined in the WS-Trust specification, the subject (user) should authenticate himself to the STS before obtaining a token. STS may use this authentication information when constructing the security token. For example, STS may populate the required claims based on the user name provided by the subject.

  1. Expand the WS-Federation (Passive) Configuration form.

  2. Fill in the following fields where relevant.

Configuring Facebook

  1. Expand the Facebook Configuration form.

  2. Fill in the following fields where relevant.

Configuring Yahoo

  1. Expand the Yahoo Configuration form.

  2. Fill in the following fields where relevant.

Configuring Google

  1. Expand the Google Configuration form.

  2. Fill in the following fields where relevant.

Configuring Microsoft Windows Live

  1. Expand the Microsoft (Hotmail, Msn, Live) Configuration form.

  2. Fill in the following fields where relevant.

App ID and App Secret are the values from the Facebook app which are used as the values for the Client Id and Client Secret respectively.