This site contains the documentation that is relevant to older WSO2 product versions and offerings.
For the latest WSO2 documentation, visit https://wso2.com/documentation/.
Configuring a Service Provider
This topic provides instructions on how to add a new service provider. You must provide configuration details to add this service provider in the WSO2 Identity Server so that the authentication and/or provisioning happens as expected.
The responsibility of the service provider configuration is to represent external service providers. These external service providers can be a web application, a mobile application, a liferay portal, Salesforce (Salesforce can be both a service provider and an identity provider), Google Apps (Google Apps can be both a service provider and an identity provider) and many more. In the service provider configuration you define how the service provider talks to the Identity Server - this is via inbound authenticators. When you register a service provider, you need to associate one or more inbound authenticators with it.
The service provider configuration also defines how to authenticate users. This can be via a local authenticator, request-path authenticator or federated authenticator. Based on this configuration, the Identity Server knows when it receives an authentication request (via an inbound authenticator) how to authenticate the user based on the service provider who initiates it.
Each service provider configuration can also maintain a claim mapping. This is to map the service provider's own set of claims to the Identity Server's claims. When the authentication framework hands over a set of claims (which it gets from the local user store or from an external identity provider) to the response builder of the inbound authenticator, the framework will talk to the service provider configuration component, find the claim mapping and do the claim conversion. Now the response builder will receive the claims in a manner understood by the corresponding service provider.
This topic contains the following sections.
Adding a service provider
Note: This section only describes how to add a service provider using the Management Console. Instead of adding a service provider via management console, it is also possible to add a service provider using a configuration file as described here.
Sign in. Enter your username and password to log on to the Management Console.
Navigate to the Main menu to access the Identity menu. Click Add under Service Providers.
Fill in the Service Provider Name and provide a brief Description of the service provider. Only Service Provider Name is a required field.
Click Register to add the new service provider.
The Service Providers screen appears. Here you have the option of selecting if the service provider is a SaaS Application or not. The SaaS Application configuration defines which users you want to be able to log into your web application.
In the resulting screen, click the arrow buttons to expand the forms available to update.
Click the Update button to update the details of the service provider.
Configuring a resident service provider
WSO2 Identity Server can mediate authentication requests between service providers and identity providers. At the same time, the Identity Server itself can act as a service provider and an identity provider. When it acts as a service provider it is known as the resident service provider.
The Identity Server mainly acts as a resident service provider while adding users to the system. You can enable provisioning configurations for the resident service provider. For example, if you try to add users to the system via the SCIM API and authenticate these users using HTTP basic authentication, the system will read the provisioning configurations from the resident service provider.
At the same time, if you want to configure outbound provisioning for any user management operation done via the management console, SOAP API or the SCIM API, you must configure outbound provisioning identity providers against the resident service provider. So, based on the outbound configuration, users added from the management console will also be provisioned to external systems like Salesforce and Google Apps.
Follow the instructions below to configure a resident service provider in the WSO2 Identity Server.
Sign in. Enter your username and password to log on to the Management Console.
In the Main menu under the Identity section, click List under Service Providers. The list of service providers you added appears.
Click the Resident Service Provider link.
The Resident Service Provider page appears.
Select the user store domain to provision users and groups for inbound authentication for SCIM or SOAP requests.
For outbound provisioning configurations, select the identity provider from the dropdown list available and click the plus button to add this identity provider for provisioning. For an identity provider to appear on this list you have to add the identity provider in the Identity Server.
Click Update.
Managing service providers
This topic provides instructions on how to manage service providers once they are created.
Viewing service providers
Follow the instructions below to view the list of service providers added in the WSO2 Identity Server.
Sign in. Enter your username and password to log on to the Management Console.
In the Main menu under the Identity section, click List under Service Providers. The list of service providers you added appears.
Editing service providers
Follow the instructions below to edit a service provider's details.
Sign in. Enter your username and password to log on to the Management Console.
In the Main menu under the Identity section, click List under Service Providers. The list of service providers you added appears.
Locate the service provider you want to edit and click on the corresponding Edit link.
You are directed to the edit screen. See here for details on the editable form.
Deleting service providers
Follow the instructions below to delete a service provider.
Sign in. Enter your username and password to log on to the Management Console.
In the Main menu under the Identity section, click List under Service Providers. The list of service providers you added appears.
Locate the service provider you want to delete and click on the corresponding Delete link.
Confirm your request in the WSO2 Carbon window. Click the Yes button.