This site contains the documentation that is relevant to older WSO2 product versions and offerings.
For the latest WSO2 documentation, visit https://wso2.com/documentation/.
Identity Provider Configurations used with APIs
- Former user (Deleted)
- Former user (Deleted)
- Former user (Deleted)
This section lists out some sample configurations that can be used when configuring an Identity Provider.Â
Federated authenticator configuration samples
A federated authenticator is used to authenticate a user through an external system (e.g. Yahoo, MSN, OpenIDConnect). To write your own custom federated authenticator, see Writing a Custom Local Authenticator.Â
The <federatedAuthenticatorConfigs> and <defaultAuthenticatorConfig> tags have similar attributes. To configure a federated authenticator as the default authenticator, use the desired configuration found below with the <defaultAuthenticatorConfig> tag instead of the <federatedAuthenticatorConfigs> tag. Note that there can be only one <defaultAuthenticatorConfig> while there can be multiple <federatedAuthenticatorConfigs>.
OpenID Configuration
Note: OpenID 2.0 has been removed from the base product in this release (WSO2 Identity Server 5.3.0) as it is now an obsolete specification and has been superseded by OpenID Connect. Alternatively, we recommend using OpenIDConnectinstead.
<federatedAuthenticatorConfigs
xmlns="http://model.common.application.identity.carbon.wso2.org/xsd">
<displayName>openid</displayName>
<enabled>true</enabled>
<name>OpenIDAuthenticator</name>
<properties>
<name>OpenIdUrl</name>
<value>https://localhost:9443/openid/</value>
</properties>
<properties>
<name>RealmId</name>
<value
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:nil="1">
</value>
</properties>
<properties>
<name>IsUserIdInClaims</name>
<value>false</value>
</properties>
<properties>
<name>commonAuthQueryParams</name>
<value>
<value>paramName1=value1¶mName2=value2</value>
</value>
</properties>
</federatedAuthenticatorConfigs>
Property Name | Description |
|---|---|
OpenIdUrl | OpenID Server URL |
| RealmId | The Open ID Realm |
IsUserIdInClaims | OpenID User ID Location |
commonAuthQueryParams | Additional Query Parameters |
SAML2 Web SSO configuration
<federatedAuthenticatorConfigs xmlns="http://model.common.application.identity.carbon.wso2.org/xsd">
<displayName>samlsso</displayName>
<enabled>true</enabled>
<name>SAMLSSOAuthenticator</name>
<properties>
<name>IdPEntityId</name>
<value>Identity Provider Entity Id</value>
</properties>
<properties>
<name>SPEntityId</name>
<value>Service Provider Entity Id</value>
</properties>
<properties>
<name>SSOUrl</name>
<value>https://localhost:9443/samlsso/</value>
</properties>
<properties>
<name>ISAuthnReqSigned</name>
<value>true</value>
</properties>
<properties>
<name>IsLogoutEnabled</name>
<value>true</value>
</properties>
<properties>
<name>LogoutReqUrl</name>
<value>https://example.com/logout/url</value>
</properties>
<properties>
<name>IsLogoutReqSigned</name>
<value>true</value>
</properties>
<properties>
<name>IsAuthnRespSigned</name>
<value>true</value>
</properties>
<properties>
<name>IsUserIdInClaims</name>
<value>false</value>
</properties>
<properties>
<name>IsAssertionEncrypted</name>
<value>true</value>
</properties>
<properties>
<name>isAssertionSigned</name>
<value>true</value>
</properties>
<properties>
<name>commonAuthQueryParams</name>
<value>paramName1=value1¶mName2=value2</value>
</properties>
</federatedAuthenticatorConfigs>
Property Name | Description |
|---|---|
IdPEntityId | Identity Provider Entity Id |
SPEntityId | Service Provider Entity Id |
SSOUrl | SSO URL |
ISAuthnReqSigned | Enable Authentication Request Signing |
IsLogoutEnabled | Enable Logout |
LogoutReqUrl | Logout Url |
IsLogoutReqSigned | Enable Logout Request Signing |
IsAuthnRespSigned | Enable Authentication Response Signing |
IsUserIdInClaims | SAML2 Web SSO User ID Location |
IsAssertionEncrypted | Enable Assertion Encryption |
isAssertionSigned | Enable Assertion Signing |
commonAuthQueryParams | Additional Query Parameters |
OAuth2/OpenID Connect configuration
<federatedAuthenticatorConfigs xmlns="http://model.common.application.identity.carbon.wso2.org/xsd">
<displayName>openidconnect</displayName>
<enabled>true</enabled>
<name>OpenIDConnectAuthenticator</name>
<properties>
<name>ClientId</name>
<value>ClientID</value>
</properties>
<properties>
<name>OAuth2AuthzUrl</name>
<value>https://localhost:9443/oauth2/authorize/</value>
</properties>
<properties>
<name>OAUTH2TokenUrl</name>
<value>https://localhost:9443/oauth2/token/</value>
</properties>
<properties>
<confidential>true</confidential>
<name>ClientSecret</name>
<value>ClientSecret</value>
</properties>
<properties>
<name>IsUserIdInClaims</name>
<value>false</value>
</properties>
<properties>
<name>commonAuthQueryParams</name>
<value>paramName1=value1¶mName2=value2</value>
</properties>
</federatedAuthenticatorConfigs>
Property Name | Description |
|---|---|
ClientId | Client Id |
OAuth2AuthzUrl | Authorization Endpoint URL |
OAUTH2TokenUrl | Token Endpoint URL |
ClientSecret | Client Secret |
IsUserIdInClaims | OpenID Connect User ID Location |
commonAuthQueryParams | Additional Query Parameters |
WS-Federation (Passive) configuration
<federatedAuthenticatorConfigs xmlns="http://model.common.application.identity.carbon.wso2.org/xsd">
<displayName>passivests</displayName>
<enabled>true</enabled>
<name>PassiveSTSAuthenticator</name>
<properties>
<name>RealmId</name>
<value>Passive STS Realm</value>
</properties>
<properties>
<name>PassiveSTSUrl</name>
<value>https://localhost:9443/passivests/</value>
</properties>
<properties>
<name>IsUserIdInClaims</name>
<value>false</value>
</properties>
<properties>
<name>commonAuthQueryParams</name>
<value>paramName1=value1</value>
</properties>
</federatedAuthenticatorConfigs>
Property Name | Description |
|---|---|
RealmId | Passive STS Realm |
PassiveSTSUrl | Passive STS URL |
IsUserIdInClaims | Passive STS User ID Location |
commonAuthQueryParams | Additional Query Parameters |
Facebook configuration
<federatedAuthenticatorConfigs xmlns="http://model.common.application.identity.carbon.wso2.org/xsd">
<displayName>facebook</displayName>
<enabled>true</enabled>
<name>FacebookAuthenticator</name>
<properties>
<name>ClientId</name>
<value>clientID</value>
</properties>
<properties>
<confidential>true</confidential>
<name>ClientSecret</name>
<value>secret</value>
</properties>
<properties>
<name>UserInfoFields</name>
<value>id,first_name,middle_name,gender,email</value>
</properties>
<properties>
<name>Scope</name>
<value>email</value>
</properties>
<properties>
<name>callBackUrl</name>
<value>https://localhost:9443/commonauth</value>
</properties>
</federatedAuthenticatorConfigs>
Property Name | Description |
|---|---|
ClientId | This refers to the Client Id you received from the Facebook app you created. |
ClientSecret | This refers to the Client Secret you received from the Facebook app you created. |
UserInfoFields | These are the claims related to the user account on Facebook. WSO2 Identity Server requests these fields from Facebook when a user is authenticated with Facebook through the IS. See public_profile permission for more information about these fields. |
Scope | Defines the permission to access particular information from a Facebook profile. See the Permissions Reference for a list of the different permission groups in Facebook APIs.  |
callBackUrl | Callback URL of the Identity Server. |
Yahoo configuration
<federatedAuthenticatorConfigs xmlns="http://model.common.application.identity.carbon.wso2.org/xsd">
<displayName>yahoo</displayName>
<enabled>true</enabled>
<name>YahooOpenIDAuthenticator</name>
</federatedAuthenticatorConfigs>
Google configuration
<federatedAuthenticatorConfigs
xmlns="http://model.common.application.identity.carbon.wso2.org/xsd">
<displayName>google</displayName>
<enabled>true</enabled>
<name>GoogleOpenIDAuthenticator</name>
</federatedAuthenticatorConfigs>
Microsoft (Hotmail,MSN,Live) configuration
<federatedAuthenticatorConfigs xmlns="http://model.common.application.identity.carbon.wso2.org/xsd">
<displayName>microsoft(hotmail,</displayName>
<enabled>true</enabled>
<name>MicrosoftWindowsLive</name>
<properties>
<name>ClientSecret</name>
<value>clientsecret</value>
</properties>
<properties>
<name>windows-live-callback-url</name>
<value>https://example.com/callback/url</value>
</properties>
<properties>
<name>ClientId</name>
<value>clientID</value>
</properties>
</federatedAuthenticatorConfigs>
Property Name | Description |
|---|---|
ClientSecret | Client Secret |
windows-live-callback-url | Callback Url |
ClientId | Client Id |
Outbound provisioning connector configuration samples
An outbound provisioning connector is used to provision users to external systems (e.g. Google, SalesForce).  To write your own custom outbound provisioning connector, see Writing an Outbound Provisioning Connector.Â
The <provisioningConnectorConfigs> and <defaultProvisioningConnectorConfig> tags have similar attributes. To configure an outbound provisioning connector as the default provisioning connector, use the desired configuration found below with the <defaultProvisioningConnectorConfig> tag instead of the <provisioningConnectorConfigs> tag. There can be only one <defaultProvisioningConnectorConfig> while there can be multiple <provisioningConnectorConfigs>.
SalesForce provisioning configuration
<provisioningConnectorConfigs xmlns="http://model.common.application.identity.carbon.wso2.org/xsd">
<enabled>true</enabled>
<name>salesforce</name>
<provisioningProperties>
<name>sf-username</name>
<value>testuser</value>
</provisioningProperties>
<provisioningProperties>
<confidential>true</confidential>
<name>sf-password</name>
<value>testpw</value>
</provisioningProperties>
<provisioningProperties>
<name>sf-clientid</name>
<value>clientID</value>
</provisioningProperties>
<provisioningProperties>
<confidential>true</confidential>
<name>sf-client-secret</name>
<value>clientsecret</value>
</provisioningProperties>
<provisioningProperties>
<name>sf-api-version</name>
<value>1.0.0</value>
</provisioningProperties>
<provisioningProperties>
<name>sf-domain-name</name>
<value>example.com</value>
</provisioningProperties>
</provisioningConnectorConfigs>
Property Name | Description |
|---|---|
sf-username | Username |
sf-password | Password |
sf-clientid | Client ID |
sf-client-secret | Client Secret |
sf-api-version | API version |
sf-domain-name | Domain Name |
Google provisioning configuration
<provisioningConnectorConfigs xmlns="http://model.common.application.identity.carbon.wso2.org/xsd">
<enabled>true</enabled>
<name>googleapps</name>
<provisioningProperties>
<name>google_prov_application_name</name>
<value>TestApp</value>
</provisioningProperties>
<provisioningProperties>
<name>google_prov_admin_email</name>
<value>test@mygoogledomain.com</value>
</provisioningProperties>
<provisioningProperties>
<name>google_prov_service_acc_email</name>
<value>test@developer.gserviceaccount.com</value>
</provisioningProperties>
<provisioningProperties>
<name>google_prov_familyname_claim_dropdown</name>
<value>ClaimB</value>
</provisioningProperties>
<provisioningProperties>
<name>google_prov_givenname_claim_dropdown</name>
<value>ClaimB</value>
</provisioningProperties>
<provisioningProperties>
<name>google_prov_email_claim_dropdown</name>
<value>ClaimA</value>
</provisioningProperties>
<provisioningProperties>
<name>google_prov_domain_name</name>
<value>mygoogledomain.com</value>
</provisioningProperties>
</provisioningConnectorConfigs>
Property Name | Description |
|---|---|
google_prov_application_name | Application Name |
google_prov_admin_email | Administrator's Email |
google_prov_service_acc_email | Service Account Email |
google_prov_familyname_claim_dropdown | Family Name |
google_prov_givenname_claim_dropdown | Given Name |
google_prov_email_claim_dropdown | Primary Email |
google_prov_domain_name | Google Domain |
SCIM provisioning configuration
<provisioningConnectorConfigs xmlns="http://model.common.application.identity.carbon.wso2.org/xsd">
<enabled>true</enabled>
<name>scim</name>
<provisioningProperties>
<name>scim-username</name>
<value>testuser</value>
</provisioningProperties>
<provisioningProperties>
<confidential>true</confidential>
<name>scim-password</name>
<value>testpw</value>
</provisioningProperties>
<provisioningProperties>
<name>scim-user-ep</name>
<value>example.com</value>
</provisioningProperties>
<provisioningProperties>
<name>scim-group-ep</name>
<value>example.com</value>
</provisioningProperties>
<provisioningProperties>
<name>scim-user-store-domain</name>
<value>example.com</value>
</provisioningProperties>
</provisioningConnectorConfigs>
Property Name | Description |
|---|---|
scim-username | Username |
scim-password | Password |
scim-user-ep | User Endpoint |
scim-group-ep | Group Endpoint |
scim-user-store-domain | User Store Domain |
SPML provisioning configuration
<provisioningConnectorConfigs xmlns="http://model.common.application.identity.carbon.wso2.org/xsd">
<enabled>true</enabled>
<name>spml</name>
<provisioningProperties>
<name>spml-username</name>
<value>testuser</value>
</provisioningProperties>
<provisioningProperties>
<confidential>true</confidential>
<name>spml-password</name>
<value>testpw</value>
</provisioningProperties>
<provisioningProperties>
<name>spml-ep</name>
<value>example.com</value>
</provisioningProperties>
<provisioningProperties>
<name>spml-oc</name>
<value>spml2person</value>
</provisioningProperties>
</provisioningConnectorConfigs>
Property Name | Description |
|---|---|
spml-username | Username |
spml-password | Password |
spml-ep | SPML Endpoint |
spml-oc | SPML ObjectClass |