WSO2 as IdP

Step 1: Setup WSO2 as Identity Provider

  • Login to your WSO2 admin console.
  • Select Add under Service Provider tab.
  • Enter the Service Provider Name.
  • Click on Register.
  • Under Basic Information, check SaaS Application.
  • Under Claim Configuration, select Use Local Claim Dialect.
  • For Requested Claims, add http://wso2.org/claims/emailaddress claim URI
  • Set Subject Claim URI to http://wso2.org/claims/nickname
  • Under Inbound Authentication Configuration > SAML2 Web SSO Configuration, click Configure.
  • Enter Issuer as SP-EntityID value provided under Service Provider Info tab. Eg. https://example.com/jira
  • Enter Assertion Consumer URL (ACS) as provided under Service Provider Info tab. Eg. https://example.com/jira/plugin/servlet/saml/auth
  • Check Enable Response Signing
  • Check Enable Assertion Signing
  • Check the Enable Attribute Profile and Include Attributes in the Response Always.
  • Check the Enable Audience Restriction.
  • Enter the Audience URL value provided under Service Provider Info tab and click Add Audience. Eg.https://example.com/jira
  • Check the Enable Recipient Validation. Enter the Audience URL value provided under Service Provider Info tab and click Add Recipient. Eg. https://example.com/plugin/servlet/saml/auth
  • Click on Register to save the configuration.
  • Click on Update on Service Providers to save the configuration.
  • Select List under Identity Providers tab from the menu.
  • Click on Resident Identity Provider link.
  • Enter Home Realm Identifier value that you want (usually your WSO2 server address). Eg. https://wso2.example.com
  • Click on Update.