This site contains the documentation that is relevant to older WSO2 product versions and offerings.
For the latest WSO2 documentation, visit https://wso2.com/documentation/.
Configuring a SP and IdP Using Service Calls
This topic provides information on adding an identity provider and a service provider using Web service calls.
Adding an identity provider using a service call
This section provides instructions on how to add the identity provider using a service call. You can achieve this by calling the addIdP method ofIdentityProviderMgtService admin service (you can find the .wsdl file at https://<host>:<port>/services/IdentityProviderMgtService?wsdl).
The following is a sample SOAP request for adding an identity provider. This sample request is tested against the travelocity application.
<soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope" xmlns:mgt="http://mgt.idp.carbon.wso2.org" xmlns:xsd="http://model.common.application.identity.carbon.wso2.org/xsd">
<soap:Header/>
<soap:Body>
<mgt:addIdP>
<!--Optional:-->
<mgt:identityProvider>
<xsd:alias>https://localhost:9443/oauth2/token/</xsd:alias>
<xsd:displayName>identityProviderIDP_IS</xsd:displayName>
<xsd:enable>true</xsd:enable>
<xsd:federationHub>false</xsd:federationHub>
<xsd:identityProviderDescription>Sample Description</xsd:identityProviderDescription>
<xsd:identityProviderName>identityProviderIDP_IS</xsd:identityProviderName>
<xsd:primary>false</xsd:primary>
<xsd:claimConfig>
<xsd:alwaysSendMappedLocalSubjectId>false</xsd:alwaysSendMappedLocalSubjectId>
<xsd:localClaimDialect>true</xsd:localClaimDialect>
<xsd:roleClaimURI>http://wso2.org/claims/role</xsd:roleClaimURI>
<xsd:userClaimURI/>
</xsd:claimConfig>
<xsd:defaultAuthenticatorConfig/>
<xsd:defaultProvisioningConnectorConfig/>
<xsd:federatedAuthenticatorConfigs>
<xsd:displayName>samlsso</xsd:displayName>
<xsd:enabled>true</xsd:enabled>
<xsd:name>SAMLSSOAuthenticator</xsd:name>
<xsd:properties>
<xsd:confidential>false</xsd:confidential>
<xsd:defaultValue/>
<xsd:description/>
<xsd:displayName/>
<xsd:name>IdpEntityId</xsd:name>
<xsd:required>false</xsd:required>
<xsd:type/>
<xsd:value>identiryProviderIDP</xsd:value>
</xsd:properties>
<xsd:properties>
<xsd:confidential>false</xsd:confidential>
<xsd:defaultValue/>
<xsd:description/>
<xsd:displayName/>
<xsd:name>IsLogoutEnabled</xsd:name>
<xsd:required>false</xsd:required>
<xsd:type/>
<xsd:value>true</xsd:value>
</xsd:properties>
<xsd:properties>
<xsd:confidential>false</xsd:confidential>
<xsd:defaultValue/>
<xsd:description/>
<xsd:displayName/>
<xsd:name>SPEntityId</xsd:name>
<xsd:required>false</xsd:required>
<xsd:type/>
<xsd:value>travelocitySP</xsd:value>
</xsd:properties>
<xsd:properties>
<xsd:confidential>false</xsd:confidential>
<xsd:defaultValue/>
<xsd:description/>
<xsd:displayName/>
<xsd:name>SSOUrl</xsd:name>
<xsd:required>false</xsd:required>
<xsd:type/>
<xsd:value>https://localhost:9444/samlsso/</xsd:value>
</xsd:properties>
<xsd:properties>
<xsd:confidential>false</xsd:confidential>
<xsd:defaultValue/>
<xsd:description/>
<xsd:displayName/>
<xsd:name>isAssertionSigned</xsd:name>
<xsd:required>false</xsd:required>
<xsd:type/>
<xsd:value>false</xsd:value>
</xsd:properties>
<xsd:properties>
<xsd:confidential>false</xsd:confidential>
<xsd:defaultValue/>
<xsd:description/>
<xsd:displayName/>
<xsd:name>commonAuthQueryParams</xsd:name>
<xsd:required>false</xsd:required>
<xsd:type/>
<xsd:value/>
</xsd:properties>
<xsd:properties>
<xsd:confidential>false</xsd:confidential>
<xsd:defaultValue/>
<xsd:description/>
<xsd:displayName/>
<xsd:name>IsUserIdInClaims</xsd:name>
<xsd:required>false</xsd:required>
<xsd:type/>
<xsd:value>false</xsd:value>
</xsd:properties>
<xsd:properties>
<xsd:confidential>false</xsd:confidential>
<xsd:defaultValue/>
<xsd:description/>
<xsd:displayName/>
<xsd:name>IsLogoutReqSigned</xsd:name>
<xsd:required>false</xsd:required>
<xsd:type/>
<xsd:value>false</xsd:value>
</xsd:properties>
<xsd:properties>
<xsd:confidential>false</xsd:confidential>
<xsd:defaultValue/>
<xsd:description/>
<xsd:displayName/>
<xsd:name>IsAssertionEncrypted</xsd:name>
<xsd:required>false</xsd:required>
<xsd:type/>
<xsd:value>false</xsd:value>
</xsd:properties>
<xsd:properties>
<xsd:confidential>false</xsd:confidential>
<xsd:defaultValue/>
<xsd:description/>
<xsd:displayName/>
<xsd:name>ISAuthnReqSigned</xsd:name>
<xsd:required>false</xsd:required>
<xsd:type/>
<xsd:value>false</xsd:value>
</xsd:properties>
<xsd:properties>
<xsd:confidential>false</xsd:confidential>
<xsd:defaultValue/>
<xsd:description/>
<xsd:displayName/>
<xsd:name>IsAuthnRespSigned</xsd:name>
<xsd:required>false</xsd:required>
<xsd:type/>
<xsd:value>false</xsd:value>
</xsd:properties>
<xsd:properties>
<xsd:confidential>false</xsd:confidential>
<xsd:defaultValue/>
<xsd:description/>
<xsd:displayName/>
<xsd:name>LogoutReqUrl</xsd:name>
<xsd:required>false</xsd:required>
<xsd:type/>
<xsd:value>false</xsd:value>
</xsd:properties>
</xsd:federatedAuthenticatorConfigs>
<xsd:justInTimeProvisioningConfig>
<xsd:provisioningEnabled>false</xsd:provisioningEnabled>
<xsd:provisioningUserStore/>
<xsd:userStoreClaimUri/>
</xsd:justInTimeProvisioningConfig>
<permissionAndRoleConfig xmlns="http://model.common.application.identity.carbon.wso2.org/xsd"/>
</mgt:identityProvider>
</mgt:addIdP>
</soap:Body>
</soap:Envelope>Adding a service provider using a service call
The following sections includes sample soap requests and expected responses for the Web service calls to register a service provider. The playground2 application is used as the example for the following configurations.
registerOAuthApplicationDataofOAuthAdminServiceSOAP request
<soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope" xmlns:xsd="http://org.apache.axis2/xsd" xmlns:xsd1="http://dto.oauth.identity.carbon.wso2.org/xsd"> <soap:Header/> <soap:Body> <xsd:registerOAuthApplicationData> <!--Optional:--> <xsd:application> <!--Optional:--> <xsd1:OAuthVersion>2.0</xsd1:OAuthVersion> <!--Optional:--> <xsd1:applicationName>playground2</xsd1:applicationName> <!--Optional:--> <xsd1:callbackUrl>http://localhost:8080/playground2/oauth2client</xsd1:callbackUrl> <!--Optional:--> <xsd1:grantTypes>authorization_code implicit</xsd1:grantTypes> </xsd:application> </xsd:registerOAuthApplicationData> </soap:Body> </soap:Envelope>getOAuthApplicationDataByAppNameofOAuthAdminServiceSOAP request
<soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope" xmlns:xsd="http://org.apache.axis2/xsd"> <soap:Header/> <soap:Body> <xsd:getOAuthApplicationDataByAppName> <!--Optional:--> <xsd:appName>playground2</xsd:appName> </xsd:getOAuthApplicationDataByAppName> </soap:Body> </soap:Envelope>Expected response
<soapenv:Envelope xmlns:soapenv="http://www.w3.org/2003/05/soap-envelope"> <soapenv:Body> <ns:getOAuthApplicationDataByAppNameResponse xmlns:ns="http://org.apache.axis2/xsd"> <ns:return xsi:type="ax2331:OAuthConsumerAppDTO" xmlns:ax2331="http://dto.oauth.identity.carbon.wso2.org/xsd" xmlns:ax2334="http://base.identity.carbon.wso2.org/xsd" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:ax2333="http://oauth.identity.carbon.wso2.org/xsd"> <ax2331:OAuthVersion>2.0</ax2331:OAuthVersion> <ax2331:applicationName>playground2</ax2331:applicationName> <ax2331:callbackUrl>http://localhost:8080/playground2/oauth2client</ax2331:callbackUrl> <ax2331:grantTypes xsi:nil="true"/> <ax2331:oauthConsumerKey>TXdYtJ2D8npgBH7e4QgP_5FDN50a</ax2331:oauthConsumerKey> <ax2331:oauthConsumerSecret>UGlYgO0x4CfBAJ5oOaRIW8PSYDca</ax2331:oauthConsumerSecret> <ax2331:username xsi:nil="true"/> </ns:return> </ns:getOAuthApplicationDataByAppNameResponse> </soapenv:Body> </soapenv:Envelope>You can extract the client ID and secret from this response.
createApplicationofIdentityApplicationManagementServiceSOAP request
<soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope" xmlns:xsd="http://org.apache.axis2/xsd" xmlns:xsd1="http://model.common.application.identity.carbon.wso2.org/xsd"> <soap:Header/> <soap:Body> <xsd:createApplication> <xsd:serviceProvider> <xsd1:applicationName>playground2</xsd1:applicationName> </xsd:serviceProvider> </xsd:createApplication> </soap:Body> </soap:Envelope>Expected response
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"> <soapenv:Body> <ns:createApplicationResponse xmlns:ns="http://org.apache.axis2/xsd"> <ns:return xsi:nil="true" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"/> </ns:createApplicationResponse> </soapenv:Body> </soapenv:Envelope>getApplicationofIdentityApplicationManagementServiceSOAP Request
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://org.apache.axis2/xsd"> <soapenv:Header/> <soapenv:Body> <xsd:getApplication> <xsd:applicationName>playground2</xsd:applicationName> </xsd:getApplication> </soapenv:Body> </soapenv:Envelope>Expected Response
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"> <soapenv:Body> <ns:getApplicationResponse xmlns:ns="http://org.apache.axis2/xsd"> <ns:return xsi:type="ax2167:ServiceProvider" xmlns:ax2169="http://script.model.common.application.identity.carbon.wso2.org/xsd" xmlns:ax2165="http://common.application.identity.carbon.wso2.org/xsd" xmlns:ax2167="http://model.common.application.identity.carbon.wso2.org/xsd" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <ax2167:applicationID>6</ax2167:applicationID> <ax2167:applicationName>playground2</ax2167:applicationName> <ax2167:certificateContent xsi:nil="true"/> <ax2167:claimConfig xsi:type="ax2167:ClaimConfig"> <ax2167:alwaysSendMappedLocalSubjectId>false</ax2167:alwaysSendMappedLocalSubjectId> <ax2167:localClaimDialect>false</ax2167:localClaimDialect> <ax2167:roleClaimURI xsi:nil="true"/> <ax2167:userClaimURI xsi:nil="true"/> </ax2167:claimConfig> <ax2167:description>oauth application</ax2167:description> <ax2167:inboundAuthenticationConfig xsi:type="ax2167:InboundAuthenticationConfig"> <ax2167:inboundAuthenticationRequestConfigs xsi:type="ax2167:InboundAuthenticationRequestConfig"> <ax2167:friendlyName xsi:nil="true"/> <ax2167:inboundAuthKey>3_2hcfZEynN8ev3ygjtmosq8W6Ma</ax2167:inboundAuthKey> <ax2167:inboundAuthType>oauth2</ax2167:inboundAuthType> <ax2167:inboundConfigType>standardAPP</ax2167:inboundConfigType> <ax2167:properties xsi:type="ax2167:Property"> <ax2167:advanced>false</ax2167:advanced> <ax2167:confidential>false</ax2167:confidential> <ax2167:defaultValue xsi:nil="true"/> <ax2167:description xsi:nil="true"/> <ax2167:displayName xsi:nil="true"/> <ax2167:displayOrder>0</ax2167:displayOrder> <ax2167:name>oauthConsumerSecret</ax2167:name> <ax2167:required>false</ax2167:required> <ax2167:type xsi:nil="true"/> <ax2167:value xsi:nil="true"/> </ax2167:properties> </ax2167:inboundAuthenticationRequestConfigs> </ax2167:inboundAuthenticationConfig> <ax2167:inboundProvisioningConfig xsi:type="ax2167:InboundProvisioningConfig"> <ax2167:dumbMode>false</ax2167:dumbMode> <ax2167:provisioningEnabled>false</ax2167:provisioningEnabled> <ax2167:provisioningUserStore>PRIMARY</ax2167:provisioningUserStore> </ax2167:inboundProvisioningConfig> <ax2167:localAndOutBoundAuthenticationConfig xsi:type="ax2167:LocalAndOutboundAuthenticationConfig"> <ax2167:alwaysSendBackAuthenticatedListOfIdPs>false</ax2167:alwaysSendBackAuthenticatedListOfIdPs> <ax2167:authenticationScriptConfig xsi:nil="true"/> <ax2167:authenticationStepForAttributes xsi:nil="true"/> <ax2167:authenticationStepForSubject xsi:nil="true"/> <ax2167:authenticationType>default</ax2167:authenticationType> <ax2167:enableAuthorization>false</ax2167:enableAuthorization> <ax2167:subjectClaimUri>http://wso2.org/claims/fullname</ax2167:subjectClaimUri> <ax2167:useTenantDomainInLocalSubjectIdentifier>false</ax2167:useTenantDomainInLocalSubjectIdentifier> <ax2167:useUserstoreDomainInLocalSubjectIdentifier>false</ax2167:useUserstoreDomainInLocalSubjectIdentifier> </ax2167:localAndOutBoundAuthenticationConfig> <ax2167:outboundProvisioningConfig xsi:type="ax2167:OutboundProvisioningConfig"> <ax2167:provisionByRoleList xsi:nil="true"/> </ax2167:outboundProvisioningConfig> <ax2167:owner xsi:type="ax2167:User"> <ax2167:tenantDomain>carbon.super</ax2167:tenantDomain> <ax2167:userName>admin</ax2167:userName> <ax2167:userStoreDomain>PRIMARY</ax2167:userStoreDomain> </ax2167:owner> <ax2167:permissionAndRoleConfig xsi:type="ax2167:PermissionsAndRoleConfig"/> <ax2167:saasApp>false</ax2167:saasApp> </ns:return> </ns:getApplicationResponse> </soapenv:Body> </soapenv:Envelope>updateApplicationofIdentityApplicationManagementServiceSOAP request
<soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope" xmlns:xsd="http://org.apache.axis2/xsd" xmlns:xsd1="http://model.common.application.identity.carbon.wso2.org/xsd"> <soap:Header/> <soap:Body> <xsd:updateApplication> <!--Optional:--> <xsd:serviceProvider> <!--Optional:--> <xsd1:applicationID>16</xsd1:applicationID> <xsd1:applicationName>playground2</xsd1:applicationName> <xsd1:claimConfig> <xsd1:alwaysSendMappedLocalSubjectId>false</xsd1:alwaysSendMappedLocalSubjectId> </xsd1:claimConfig> <xsd1:description>oauth application</xsd1:description> <xsd1:inboundAuthenticationConfig> <xsd1:inboundAuthenticationRequestConfigs> <xsd1:inboundAuthKey>TXdYtJ2D8npgBH7e4QgP_5FDN50a</xsd1:inboundAuthKey> <xsd1:inboundAuthType>oauth2</xsd1:inboundAuthType> <xsd1:properties> <xsd1:confidential>false</xsd1:confidential> <xsd1:defaultValue xsd:nil="true"/> <xsd1:description xsd:nil="true"/> <xsd1:displayName xsd:nil="true"/> <xsd1:name>oauthConsumerSecret</xsd1:name> <xsd1:required>false</xsd1:required> <xsd1:type xsd:nil="true"/> <xsd1:value>UGlYgO0x4CfBAJ5oOaRIW8PSYDca</xsd1:value> </xsd1:properties> </xsd1:inboundAuthenticationRequestConfigs> </xsd1:inboundAuthenticationConfig> <xsd1:inboundProvisioningConfig> <xsd1:provisioningEnabled>false</xsd1:provisioningEnabled> <xsd1:provisioningUserStore>PRIMARY</xsd1:provisioningUserStore> </xsd1:inboundProvisioningConfig> <xsd1:localAndOutBoundAuthenticationConfig> <xsd1:alwaysSendBackAuthenticatedListOfIdPs>false</xsd1:alwaysSendBackAuthenticatedListOfIdPs> <xsd1:authenticationStepForAttributes xsd:nil="true"/> <xsd1:authenticationStepForSubject xsd:nil="true"/> <xsd1:authenticationType>default</xsd1:authenticationType> <xsd1:subjectClaimUri xsd:nil="true">http://wso2.org/claims/fullname</xsd1:subjectClaimUri> </xsd1:localAndOutBoundAuthenticationConfig> <xsd1:outboundProvisioningConfig> <xsd1:provisionByRoleList xsd:nil="true"/> </xsd1:outboundProvisioningConfig> <xsd1:permissionAndRoleConfig/> <xsd1:saasApp>false</xsd1:saasApp> </xsd:serviceProvider> </xsd:updateApplication> </soap:Body> </soap:Envelope>
Invoking the above four Web service calls in a sequential manner will create the service provider in the management console user interface.
Related Topics
The following links provide additional information that may be relevant when attempting the instructions in this topic.
See Configuring SAML SSO for information on using the travelocity.com application for single sign-on. This provides insight on some parameters used.
See Configuring a Service Provider for information on creating a service provider using the WSO2 Identity Server management console.
See Configuring an Identity Provider for information on creating an identity provider using the WSO2 Identity Server management console.
See Configuring a SP and IdP Using Configuration Files for information on creating a service provider or identity provider using the Identity Server configuration files.