Under Claim Configuration, select Use Local Claim Dialect.
For Requested Claims, add http://wso2.org/claims/emailaddress claim URI
Set Subject Claim URI to http://wso2.org/claims/nickname
Under Inbound Authentication Configuration > SAML2 Web SSO Configuration, click Configure.
Enter Issuer as SP-EntityID value provided under Service Provider Info tab. Eg. https://example.com/jira
Enter Assertion Consumer URL (ACS) as provided under Service Provider Info tab. Eg. https://example.com/jira/plugin/servlet/saml/auth
Check Enable Response Signing
Check Enable Assertion Signing
Check the Enable Attribute Profile and Include Attributes in the Response Always.
Check the Enable Audience Restriction.
Enter the Audience URL value provided under Service Provider Info tab and click Add Audience. Eg.https://example.com/jira
Check the Enable Recipient Validation. Enter the Audience URL value provided under Service Provider Info tab and click Add Recipient.
Eg. https://example.com/plugin/servlet/saml/auth
Click on Register to save the configuration.
Click on Update on Service Providers to save the configuration.
Select List under Identity Providers tab from the menu.
Click on Resident Identity Provider link.
Enter Home Realm Identifier value that you want (usually your WSO2 server address). Eg. https://wso2.example.com