This site contains the documentation that is relevant to older WSO2 product versions and offerings.
For the latest WSO2 documentation, visit https://wso2.com/documentation/.
Configuring Inbound Authentication for a Service Provider
The inbound authenticator component of WSO2 Identity Server identifies and parses all the incoming authentication requests and builds the corresponding response. A given inbound authenticator has two parts:
Request Processor
Response Builder
For each protocol supported by WSO2 Identity Server, there should be an inbound authenticator. WSO2 Identity Server includes inbound authenticators for SAML 2.0, OpenID Connect, OAuth 2.0, Kerberos KDC, WS-Trust STS, and WS-Federation (passive). The responsibility of the SAML 2.0 request processor is to accept a SAML request from a service provider, validate the SAML request, and build a common object model that is understood by the authentication framework and handover the request to it. The responsibility of the SAML response builder is to accept a common object model from the authentication framework and build a SAML response out of it.
Both the request processors and the response builders are protocol-aware, while the authentication framework is not coupled to any protocol. For more information on the inbound authentication flow, see Architecture.
Let's learn how to configure inbound authentication for a service provider.
Before you begin
To register a service provider:
Removed Feature!
OpenID 2.0 has been removed from the base product in WSO2 Identity Server version 5.3.0 onwards as it is now an obsolete specification and has been superseded by OpenID Connect. Alternatively, we recommend that you use OpenID Connect.
You can configure inbound authentication in following ways: