WSO2 as IdP

Step 1: Setup WSO2 as Identity Provider

• Login to your WSO2 admin console.
• Select Add under the Service Providers tab.
• Select mode as Manual Configuration.
• Enter the Service Provider Name and click on Register button.

• Select Upload SP certificate option under SP Certificate Type.
• Copy the certificate from plugin and provide it into Application Certificate field.
• You can also download the certificate file and upload it through Browse file option.

• Under Claim Configuration, select Use Local Claim Dialect.
• For Requested Claims, add http://wso2.org/claims/emailaddress as a claim URI.
• Set Subject Claim URI to http://wso2.org/claims/nickname.
• Under Inbound Authentication Configuration > SAML2 Web SSO Configuration, click Configure.

• Enter Issuer value as provided under the Service Provider Info tab of the plugin.
• Enter Assertion Consumer URL (ACS) as provided under Service Provider Info tab and click on Add.
• Check Enable Response Signing.
• Check the Enable Attribute Profile and include attributes in the response always.

• Check the Enable Audience Restriction.
• Enter the Audience URL value provided under Service Provider Info tab of plugin and click on Add.
• Check the Enable Recipient Validation. Enter the Recipient URL value provided under Service Provider Info tab of plugin and click on Add.
• Click on Download IDP Metadata button save the IDP metadata file.
• Click on Register to save the configuration.

• Click on Update on Service Providers page to save the configuration.
• Select Resident under Identity Providers tab from the menu.
• Enter Home Realm Identifier value that you want (usually your WSO2 server address).

• Click on Update to save the changes.