This site contains the documentation that is relevant to older WSO2 product versions and offerings.
For the latest WSO2 documentation, visit https://wso2.com/documentation/.
Configuring a SP and IdP Using Service Calls
This topic provides information on adding an identity provider and a service provider using Web service calls.
Adding an identity provider using a service call
This section provides instructions on how to add the identity provider using a service call. You can achieve this by calling the addIdP
method ofIdentityProviderMgtService
admin service (you can find the .wsdl file at https://<host>:<port>/services/IdentityProviderMgtService?wsdl
).
The following is a sample SOAP request for adding an identity provider. This sample request is tested against the travelocity application.
<soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope" xmlns:mgt="http://mgt.idp.carbon.wso2.org" xmlns:xsd="http://model.common.application.identity.carbon.wso2.org/xsd"> <soap:Header/> <soap:Body> <mgt:addIdP> <!--Optional:--> <mgt:identityProvider> <xsd:alias>https://localhost:9443/oauth2/token/</xsd:alias> <xsd:displayName>identityProviderIDP_IS</xsd:displayName> <xsd:enable>true</xsd:enable> <xsd:federationHub>false</xsd:federationHub> <xsd:identityProviderDescription>Sample Description</xsd:identityProviderDescription> <xsd:identityProviderName>identityProviderIDP_IS</xsd:identityProviderName> <xsd:primary>false</xsd:primary> <xsd:claimConfig> <xsd:alwaysSendMappedLocalSubjectId>false</xsd:alwaysSendMappedLocalSubjectId> <xsd:localClaimDialect>true</xsd:localClaimDialect> <xsd:roleClaimURI>http://wso2.org/claims/role</xsd:roleClaimURI> <xsd:userClaimURI/> </xsd:claimConfig> <xsd:defaultAuthenticatorConfig/> <xsd:defaultProvisioningConnectorConfig/> <xsd:federatedAuthenticatorConfigs> <xsd:displayName>samlsso</xsd:displayName> <xsd:enabled>true</xsd:enabled> <xsd:name>SAMLSSOAuthenticator</xsd:name> <xsd:properties> <xsd:confidential>false</xsd:confidential> <xsd:defaultValue/> <xsd:description/> <xsd:displayName/> <xsd:name>IdpEntityId</xsd:name> <xsd:required>false</xsd:required> <xsd:type/> <xsd:value>identiryProviderIDP</xsd:value> </xsd:properties> <xsd:properties> <xsd:confidential>false</xsd:confidential> <xsd:defaultValue/> <xsd:description/> <xsd:displayName/> <xsd:name>IsLogoutEnabled</xsd:name> <xsd:required>false</xsd:required> <xsd:type/> <xsd:value>true</xsd:value> </xsd:properties> <xsd:properties> <xsd:confidential>false</xsd:confidential> <xsd:defaultValue/> <xsd:description/> <xsd:displayName/> <xsd:name>SPEntityId</xsd:name> <xsd:required>false</xsd:required> <xsd:type/> <xsd:value>travelocitySP</xsd:value> </xsd:properties> <xsd:properties> <xsd:confidential>false</xsd:confidential> <xsd:defaultValue/> <xsd:description/> <xsd:displayName/> <xsd:name>SSOUrl</xsd:name> <xsd:required>false</xsd:required> <xsd:type/> <xsd:value>https://localhost:9444/samlsso/</xsd:value> </xsd:properties> <xsd:properties> <xsd:confidential>false</xsd:confidential> <xsd:defaultValue/> <xsd:description/> <xsd:displayName/> <xsd:name>isAssertionSigned</xsd:name> <xsd:required>false</xsd:required> <xsd:type/> <xsd:value>false</xsd:value> </xsd:properties> <xsd:properties> <xsd:confidential>false</xsd:confidential> <xsd:defaultValue/> <xsd:description/> <xsd:displayName/> <xsd:name>commonAuthQueryParams</xsd:name> <xsd:required>false</xsd:required> <xsd:type/> <xsd:value/> </xsd:properties> <xsd:properties> <xsd:confidential>false</xsd:confidential> <xsd:defaultValue/> <xsd:description/> <xsd:displayName/> <xsd:name>IsUserIdInClaims</xsd:name> <xsd:required>false</xsd:required> <xsd:type/> <xsd:value>false</xsd:value> </xsd:properties> <xsd:properties> <xsd:confidential>false</xsd:confidential> <xsd:defaultValue/> <xsd:description/> <xsd:displayName/> <xsd:name>IsLogoutReqSigned</xsd:name> <xsd:required>false</xsd:required> <xsd:type/> <xsd:value>false</xsd:value> </xsd:properties> <xsd:properties> <xsd:confidential>false</xsd:confidential> <xsd:defaultValue/> <xsd:description/> <xsd:displayName/> <xsd:name>IsAssertionEncrypted</xsd:name> <xsd:required>false</xsd:required> <xsd:type/> <xsd:value>false</xsd:value> </xsd:properties> <xsd:properties> <xsd:confidential>false</xsd:confidential> <xsd:defaultValue/> <xsd:description/> <xsd:displayName/> <xsd:name>ISAuthnReqSigned</xsd:name> <xsd:required>false</xsd:required> <xsd:type/> <xsd:value>false</xsd:value> </xsd:properties> <xsd:properties> <xsd:confidential>false</xsd:confidential> <xsd:defaultValue/> <xsd:description/> <xsd:displayName/> <xsd:name>IsAuthnRespSigned</xsd:name> <xsd:required>false</xsd:required> <xsd:type/> <xsd:value>false</xsd:value> </xsd:properties> <xsd:properties> <xsd:confidential>false</xsd:confidential> <xsd:defaultValue/> <xsd:description/> <xsd:displayName/> <xsd:name>LogoutReqUrl</xsd:name> <xsd:required>false</xsd:required> <xsd:type/> <xsd:value>false</xsd:value> </xsd:properties> </xsd:federatedAuthenticatorConfigs> <xsd:justInTimeProvisioningConfig> <xsd:provisioningEnabled>false</xsd:provisioningEnabled> <xsd:provisioningUserStore/> <xsd:userStoreClaimUri/> </xsd:justInTimeProvisioningConfig> <permissionAndRoleConfig xmlns="http://model.common.application.identity.carbon.wso2.org/xsd"/> </mgt:identityProvider> </mgt:addIdP> </soap:Body> </soap:Envelope>
Adding a service provider using a service call
The following sections includes sample soap requests and expected responses for the Web service calls to register a service provider. The playground2 application is used as the example for the following configurations.
registerOAuthApplicationData
ofOAuthAdminService
SOAP request<soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope" xmlns:xsd="http://org.apache.axis2/xsd" xmlns:xsd1="http://dto.oauth.identity.carbon.wso2.org/xsd"> <soap:Header/> <soap:Body> <xsd:registerOAuthApplicationData> <!--Optional:--> <xsd:application> <!--Optional:--> <xsd1:OAuthVersion>2.0</xsd1:OAuthVersion> <!--Optional:--> <xsd1:applicationName>playground2</xsd1:applicationName> <!--Optional:--> <xsd1:callbackUrl>http://localhost:8080/playground2/oauth2client</xsd1:callbackUrl> <!--Optional:--> <xsd1:grantTypes>authorization_code implicit</xsd1:grantTypes> </xsd:application> </xsd:registerOAuthApplicationData> </soap:Body> </soap:Envelope>
getOAuthApplicationDataByAppName
ofOAuthAdminService
SOAP request<soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope" xmlns:xsd="http://org.apache.axis2/xsd"> <soap:Header/> <soap:Body> <xsd:getOAuthApplicationDataByAppName> <!--Optional:--> <xsd:appName>playground2</xsd:appName> </xsd:getOAuthApplicationDataByAppName> </soap:Body> </soap:Envelope>
Expected response<soapenv:Envelope xmlns:soapenv="http://www.w3.org/2003/05/soap-envelope"> <soapenv:Body> <ns:getOAuthApplicationDataByAppNameResponse xmlns:ns="http://org.apache.axis2/xsd"> <ns:return xsi:type="ax2331:OAuthConsumerAppDTO" xmlns:ax2331="http://dto.oauth.identity.carbon.wso2.org/xsd" xmlns:ax2334="http://base.identity.carbon.wso2.org/xsd" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:ax2333="http://oauth.identity.carbon.wso2.org/xsd"> <ax2331:OAuthVersion>2.0</ax2331:OAuthVersion> <ax2331:applicationName>playground2</ax2331:applicationName> <ax2331:callbackUrl>http://localhost:8080/playground2/oauth2client</ax2331:callbackUrl> <ax2331:grantTypes xsi:nil="true"/> <ax2331:oauthConsumerKey>TXdYtJ2D8npgBH7e4QgP_5FDN50a</ax2331:oauthConsumerKey> <ax2331:oauthConsumerSecret>UGlYgO0x4CfBAJ5oOaRIW8PSYDca</ax2331:oauthConsumerSecret> <ax2331:username xsi:nil="true"/> </ns:return> </ns:getOAuthApplicationDataByAppNameResponse> </soapenv:Body> </soapenv:Envelope>
You can extract the client ID and secret from this response.
createApplication
ofIdentityApplicationManagementService
SOAP request<soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope" xmlns:xsd="http://org.apache.axis2/xsd" xmlns:xsd1="http://model.common.application.identity.carbon.wso2.org/xsd"> <soap:Header/> <soap:Body> <xsd:createApplication> <xsd:serviceProvider> <xsd1:applicationName>playground2</xsd1:applicationName> </xsd:serviceProvider> </xsd:createApplication> </soap:Body> </soap:Envelope>
Expected response<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"> <soapenv:Body> <ns:createApplicationResponse xmlns:ns="http://org.apache.axis2/xsd"> <ns:return xsi:nil="true" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"/> </ns:createApplicationResponse> </soapenv:Body> </soapenv:Envelope>
getApplication
ofIdentityApplicationManagementService
SOAP Request<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://org.apache.axis2/xsd"> <soapenv:Header/> <soapenv:Body> <xsd:getApplication> <xsd:applicationName>playground2</xsd:applicationName> </xsd:getApplication> </soapenv:Body> </soapenv:Envelope>
Expected Response<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"> <soapenv:Body> <ns:getApplicationResponse xmlns:ns="http://org.apache.axis2/xsd"> <ns:return xsi:type="ax2167:ServiceProvider" xmlns:ax2169="http://script.model.common.application.identity.carbon.wso2.org/xsd" xmlns:ax2165="http://common.application.identity.carbon.wso2.org/xsd" xmlns:ax2167="http://model.common.application.identity.carbon.wso2.org/xsd" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <ax2167:applicationID>6</ax2167:applicationID> <ax2167:applicationName>playground2</ax2167:applicationName> <ax2167:certificateContent xsi:nil="true"/> <ax2167:claimConfig xsi:type="ax2167:ClaimConfig"> <ax2167:alwaysSendMappedLocalSubjectId>false</ax2167:alwaysSendMappedLocalSubjectId> <ax2167:localClaimDialect>false</ax2167:localClaimDialect> <ax2167:roleClaimURI xsi:nil="true"/> <ax2167:userClaimURI xsi:nil="true"/> </ax2167:claimConfig> <ax2167:description>oauth application</ax2167:description> <ax2167:inboundAuthenticationConfig xsi:type="ax2167:InboundAuthenticationConfig"> <ax2167:inboundAuthenticationRequestConfigs xsi:type="ax2167:InboundAuthenticationRequestConfig"> <ax2167:friendlyName xsi:nil="true"/> <ax2167:inboundAuthKey>3_2hcfZEynN8ev3ygjtmosq8W6Ma</ax2167:inboundAuthKey> <ax2167:inboundAuthType>oauth2</ax2167:inboundAuthType> <ax2167:inboundConfigType>standardAPP</ax2167:inboundConfigType> <ax2167:properties xsi:type="ax2167:Property"> <ax2167:advanced>false</ax2167:advanced> <ax2167:confidential>false</ax2167:confidential> <ax2167:defaultValue xsi:nil="true"/> <ax2167:description xsi:nil="true"/> <ax2167:displayName xsi:nil="true"/> <ax2167:displayOrder>0</ax2167:displayOrder> <ax2167:name>oauthConsumerSecret</ax2167:name> <ax2167:required>false</ax2167:required> <ax2167:type xsi:nil="true"/> <ax2167:value xsi:nil="true"/> </ax2167:properties> </ax2167:inboundAuthenticationRequestConfigs> </ax2167:inboundAuthenticationConfig> <ax2167:inboundProvisioningConfig xsi:type="ax2167:InboundProvisioningConfig"> <ax2167:dumbMode>false</ax2167:dumbMode> <ax2167:provisioningEnabled>false</ax2167:provisioningEnabled> <ax2167:provisioningUserStore>PRIMARY</ax2167:provisioningUserStore> </ax2167:inboundProvisioningConfig> <ax2167:localAndOutBoundAuthenticationConfig xsi:type="ax2167:LocalAndOutboundAuthenticationConfig"> <ax2167:alwaysSendBackAuthenticatedListOfIdPs>false</ax2167:alwaysSendBackAuthenticatedListOfIdPs> <ax2167:authenticationScriptConfig xsi:nil="true"/> <ax2167:authenticationStepForAttributes xsi:nil="true"/> <ax2167:authenticationStepForSubject xsi:nil="true"/> <ax2167:authenticationType>default</ax2167:authenticationType> <ax2167:enableAuthorization>false</ax2167:enableAuthorization> <ax2167:subjectClaimUri>http://wso2.org/claims/fullname</ax2167:subjectClaimUri> <ax2167:useTenantDomainInLocalSubjectIdentifier>false</ax2167:useTenantDomainInLocalSubjectIdentifier> <ax2167:useUserstoreDomainInLocalSubjectIdentifier>false</ax2167:useUserstoreDomainInLocalSubjectIdentifier> </ax2167:localAndOutBoundAuthenticationConfig> <ax2167:outboundProvisioningConfig xsi:type="ax2167:OutboundProvisioningConfig"> <ax2167:provisionByRoleList xsi:nil="true"/> </ax2167:outboundProvisioningConfig> <ax2167:owner xsi:type="ax2167:User"> <ax2167:tenantDomain>carbon.super</ax2167:tenantDomain> <ax2167:userName>admin</ax2167:userName> <ax2167:userStoreDomain>PRIMARY</ax2167:userStoreDomain> </ax2167:owner> <ax2167:permissionAndRoleConfig xsi:type="ax2167:PermissionsAndRoleConfig"/> <ax2167:saasApp>false</ax2167:saasApp> </ns:return> </ns:getApplicationResponse> </soapenv:Body> </soapenv:Envelope>
updateApplication
ofIdentityApplicationManagementService
Tip: You can set the extracted client ID, secret and application ID in the following SOAP request.
SOAP request<soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope" xmlns:xsd="http://org.apache.axis2/xsd" xmlns:xsd1="http://model.common.application.identity.carbon.wso2.org/xsd"> <soap:Header/> <soap:Body> <xsd:updateApplication> <!--Optional:--> <xsd:serviceProvider> <!--Optional:--> <xsd1:applicationID>16</xsd1:applicationID> <xsd1:applicationName>playground2</xsd1:applicationName> <xsd1:claimConfig> <xsd1:alwaysSendMappedLocalSubjectId>false</xsd1:alwaysSendMappedLocalSubjectId> </xsd1:claimConfig> <xsd1:description>oauth application</xsd1:description> <xsd1:inboundAuthenticationConfig> <xsd1:inboundAuthenticationRequestConfigs> <xsd1:inboundAuthKey>TXdYtJ2D8npgBH7e4QgP_5FDN50a</xsd1:inboundAuthKey> <xsd1:inboundAuthType>oauth2</xsd1:inboundAuthType> <xsd1:properties> <xsd1:confidential>false</xsd1:confidential> <xsd1:defaultValue xsd:nil="true"/> <xsd1:description xsd:nil="true"/> <xsd1:displayName xsd:nil="true"/> <xsd1:name>oauthConsumerSecret</xsd1:name> <xsd1:required>false</xsd1:required> <xsd1:type xsd:nil="true"/> <xsd1:value>UGlYgO0x4CfBAJ5oOaRIW8PSYDca</xsd1:value> </xsd1:properties> </xsd1:inboundAuthenticationRequestConfigs> </xsd1:inboundAuthenticationConfig> <xsd1:inboundProvisioningConfig> <xsd1:provisioningEnabled>false</xsd1:provisioningEnabled> <xsd1:provisioningUserStore>PRIMARY</xsd1:provisioningUserStore> </xsd1:inboundProvisioningConfig> <xsd1:localAndOutBoundAuthenticationConfig> <xsd1:alwaysSendBackAuthenticatedListOfIdPs>false</xsd1:alwaysSendBackAuthenticatedListOfIdPs> <xsd1:authenticationStepForAttributes xsd:nil="true"/> <xsd1:authenticationStepForSubject xsd:nil="true"/> <xsd1:authenticationType>default</xsd1:authenticationType> <xsd1:subjectClaimUri xsd:nil="true">http://wso2.org/claims/fullname</xsd1:subjectClaimUri> </xsd1:localAndOutBoundAuthenticationConfig> <xsd1:outboundProvisioningConfig> <xsd1:provisionByRoleList xsd:nil="true"/> </xsd1:outboundProvisioningConfig> <xsd1:permissionAndRoleConfig/> <xsd1:saasApp>false</xsd1:saasApp> </xsd:serviceProvider> </xsd:updateApplication> </soap:Body> </soap:Envelope>
Invoking the above four Web service calls in a sequential manner will create the service provider in the management console user interface.
The following links provide additional information that may be relevant when attempting the instructions in this topic.
- See Configuring SAML SSO for information on using the travelocity.com application for single sign-on. This provides insight on some parameters used.
- See Configuring a Service Provider for information on creating a service provider using the WSO2 Identity Server management console.
- See Configuring an Identity Provider for information on creating an identity provider using the WSO2 Identity Server management console.
- See Configuring a SP and IdP Using Configuration Files for information on creating a service provider or identity provider using the Identity Server configuration files.