{"type":"doc","content":[{"type":"paragraph","content":[{"text":"WSO2 Identity Server's passive security token service (Passive STS) is used as the ","type":"text"},{"text":"WS-Federation","type":"text","marks":[{"type":"link","attrs":{"href":"https://wso2docs.atlassian.net/wiki/spaces/IS510/pages/25725479"}}]},{"text":" implementation. ","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Configuring passive STS","type":"text"}]},{"type":"extension","attrs":{"extensionType":"com.atlassian.confluence.migration","extensionKey":"legacy-content","text":"See here for details on adding a service provider. Expand the Inbound Authentication Configuration followed by the WS-Federation (Passive) Configuration section and provide the following values. Passive STS Realm - This uniquely identifies the web app. Provide the same realm name given to the web app you are configuring WS-Federation for. Passive STS WReply URL - Provide the URL of the web app you are configuring WS-Federation for. This endpoint URL handles the token response. Tip If you want to configure an expiration time for the security token, you need to add the following configuration in the /repository/conf/carbon.xml file, under the element: 1800000 Here, the expiration time should be specified in milliseconds. Expand the Claim Configuration section and map the relevant claims. See Configuring Claims for a Service Provider for more information. Click Update to save changes. ","parameters":{"nestedContent":{"type":"doc","content":[{"type":"orderedList","attrs":{"order":1},"content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"See ","type":"text"},{"text":"here","type":"text","marks":[{"type":"link","attrs":{"href":"https://docs.wso2.com/display/IS510/Configuring+a+Service+Provider"}}]},{"text":" for details on adding a service provider. ","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Expand the ","type":"text"},{"text":"Inbound Authentication Configuration ","type":"text","marks":[{"type":"strong"}]},{"text":"followed by the ","type":"text"},{"text":"WS-Federation (Passive) Configuration ","type":"text","marks":[{"type":"strong"}]},{"text":"section and provide the following values. ","type":"text"},{"type":"hardBreak"}]},{"type":"bulletList","content":[{"type":"listItem","content":[{"type":"bulletList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Passive STS Realm","type":"text","marks":[{"type":"strong"}]},{"text":" - ","type":"text"}]},{"type":"bodiedExtension","attrs":{"extensionType":"com.atlassian.confluence.macro.core","extensionKey":"multiexcerpt","parameters":{"macroParams":{"MultiExcerptName":{"value":"PassiveSTSRealm"},"atlassian-macro-output-type":{"value":"INLINE"}},"macroMetadata":{"macroId":{"value":"8baa18b3-5b0b-44c4-93fc-7061eeb9dcfc"},"schemaVersion":{"value":"1"},"placeholder":[{"type":"icon","data":{"url":"https://raw.githubusercontent.com/fuegokit/appfire-design-systems-brand-svg/main/single-color-brand-icons/af-logo-multi-excerpt-24.svg"}}],"title":"MultiExcerpt (legacy)"}}},"content":[{"type":"paragraph","content":[{"text":"This uniquely identifies the web app. Provide the same realm name given to the web app you are configuring WS-Federation for.","type":"text"}]}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Passive STS WReply URL","type":"text","marks":[{"type":"strong"}]},{"text":" - ","type":"text"}]},{"type":"bodiedExtension","attrs":{"extensionType":"com.atlassian.confluence.macro.core","extensionKey":"multiexcerpt","parameters":{"macroParams":{"MultiExcerptName":{"value":"PassiveSTSWReplyURL"},"atlassian-macro-output-type":{"value":"INLINE"}},"macroMetadata":{"macroId":{"value":"a848c7e9-12c6-401d-9a0a-8a62c9c7533f"},"schemaVersion":{"value":"1"},"placeholder":[{"type":"icon","data":{"url":"https://raw.githubusercontent.com/fuegokit/appfire-design-systems-brand-svg/main/single-color-brand-icons/af-logo-multi-excerpt-24.svg"}}],"title":"MultiExcerpt (legacy)"}}},"content":[{"type":"paragraph","content":[{"text":"Provide the URL of the web app you are configuring WS-Federation for. This endpoint URL handles the token response. ","type":"text"}]}]},{"type":"panel","attrs":{"panelType":"success"},"content":[{"type":"paragraph","content":[{"text":"Tip","type":"text","marks":[{"type":"strong"}]}]},{"type":"paragraph","content":[{"text":"If you want to configure an expiration time for the security token, you need to add the following configuration in the ","type":"text"},{"text":"/repository/conf/carbon.xml","type":"text","marks":[{"type":"code"}]},{"text":" file, under the ","type":"text"},{"text":"","type":"text","marks":[{"type":"code"}]},{"text":" element:","type":"text"}]},{"type":"codeBlock","content":[{"text":"1800000","type":"text"}]},{"type":"paragraph","content":[{"text":"Here, the expiration time should be specified in milliseconds.","type":"text"}]}]}]}]},{"type":"paragraph","content":[{"type":"hardBreak"}]}]}]},{"type":"mediaSingle","attrs":{"layout":"align-start","width":577,"widthType":"pixel"},"content":[{"type":"media","attrs":{"width":677,"id":"af496523-a97f-4f17-a0c8-d0bfa648bb32","collection":"contentId-25726725","type":"file","height":547}}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Expand the ","type":"text"},{"text":"Claim Configuration","type":"text","marks":[{"type":"strong"}]},{"text":" section and map the relevant claims. See ","type":"text"},{"text":"Configuring Claims for a Service Provider","type":"text","marks":[{"type":"link","attrs":{"href":"https://wso2docs.atlassian.net/wiki/spaces/IS510/pages/25723037"}}]},{"text":" for more information. ","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Click ","type":"text"},{"text":"Update","type":"text","marks":[{"type":"strong"}]},{"text":" to save changes. ","type":"text"}]}]}]}],"version":1},"reason":"multi-level-list-indentation","cxhtml":"

See here for details on adding a service provider.
Expand the Inbound Authentication Configuration followed by the WS-Federation (Passive) Configuration section and provide the following values.
- - Passive STS Realm -
    PassiveSTSRealmINLINE
    This uniquely identifies the web app. Provide the same realm name given to the web app you are configuring WS-Federation for.
  - Passive STS WReply URL -
    PassiveSTSWReplyURLINLINE
    Provide the URL of the web app you are configuring WS-Federation for. This endpoint URL handles the token response.
    Tip
    If you want to configure an expiration time for the security token, you need to add the following configuration in the <IS_HOME>/repository/conf/carbon.xml file, under the <Server> element:
    1800000]]>
    Here, the expiration time should be specified in milliseconds.
Expand the Claim Configuration section and map the relevant claims. See for more information.
Click Update to save changes.

"}}},{"type":"bodiedExtension","attrs":{"extensionType":"com.atlassian.confluence.macro.core","extensionKey":"panel","parameters":{"macroParams":{"title":{"value":"Related Topics"}},"macroMetadata":{"macroId":{"value":"969e7fca-86c7-4e32-aa65-e8cce5766f76"},"schemaVersion":{"value":"1"},"title":"Panel"}}},"content":[{"type":"bulletList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"To test out WSO2 Identity Server's passive security token service using a sample, see ","type":"text"},{"text":"Testing Identity Server's Passive STS","type":"text","marks":[{"type":"link","attrs":{"href":"https://docs.wso2.com/display/IS510/Testing+Identity+Server%27s+Passive+STS"}}]},{"text":". ","type":"text"}]}]}]}]}],"version":1}

Configuring WS-Federation Single Sign-On

Configuring passive STS