WSO2 as IdP

Step 1: Setup WSO2 as Identity Provider

  • Login to your WSO2 admin console.
  • Select Add under the Service Providers tab.
  • Select mode as Manual Configuration.
  • Enter the Service Provider Name and click on Register button.
  • SAML Single Sign On (SSO) using WSO2 as Identity Provider, Add Service Provider Manually
  • Select Upload SP certificate option under SP Certificate Type.
  • Copy the certificate from plugin and provide it into Application Certificate field.
  • You can also download the certificate file and upload it through Browse file option.
  • SAML Single Sign On (SSO) using WSO2 as Identity Provider, Add Service Provider Manually
  • Under Claim Configuration, select Use Local Claim Dialect.
  • For Requested Claims, add http://wso2.org/claims/emailaddress as a claim URI.
  • Set Subject Claim URI to http://wso2.org/claims/nickname.
  • Under Inbound Authentication Configuration > SAML2 Web SSO Configuration, click Configure.
  • SAML Single Sign On (SSO) using WSO2 as Identity Provider, Claim Configuration
  • Enter Issuer value as provided under the Service Provider Info tab of the plugin.
  • Enter Assertion Consumer URL (ACS) as provided under Service Provider Info tab and click on Add.
  • Check Enable Response Signing.
  • Check the Enable Attribute Profile and include attributes in the response always.
  • SAML Single Sign On (SSO) using WSO2 as Identity Provider, Configuring Service Providers Meta Details
  • Check the Enable Audience Restriction.
  • Enter the Audience URL value provided under Service Provider Info tab of plugin and click on Add.
  • Check the Enable Recipient Validation. Enter the Recipient URL value provided under Service Provider Info tab of plugin and click on Add.
  • Click on Download IDP Metadata button save the IDP metadata file.
  • Click on Register to save the configuration.
  • SAML Single Sign On (SSO) using WSO2 as Identity Provider, Enable Audience validation and Download IDP Metadata File
  • Click on Update on Service Providers page to save the configuration.
  • Select Resident under Identity Providers tab from the menu.
  • Enter Home Realm Identifier value that you want (usually your WSO2 server address).
  • SAML Single Sign On (SSO) using WSO2 as Identity Provider, Set Home Realm Identifier URL
  • Click on Update to save the changes.