In the miniOrange SAML SP SSO plugin, navigate to Service Provider Metadata tab. Here, you can find the SP metadata such as SP Entity ID and ACS (AssertionConsumerService) URL which are required to configure the Identity Provider.
Login to your WSO2 admin console.
Select Add under Service Provider tab.
Enter the Service Provider Name.
Click on Register.
Under Basic Information, check SaaS Application.
Under Claim Configuration, select Use Local Claim Dialect.
For Requested Claims, add https://wso2.org/claims/emailaddress claim URI.
Set Subject Claim URI to https://wso2.org/claims/nickname.
Under Inbound Authentication Configuration > SAML2 Web SSO Configuration, click Configure.
Enter Issuer as SP-EntityID value provided under Service Provider Info tab. Eg. https://example.com/wordpress
Enter Assertion Consumer URL (ACS) as provided under Service Provider Info tab.
Check Enable Response Signing.
Check Enable Assertion Signing.
Check the Enable Attribute Profile and Include Attributes in the Response Always.
Check the Enable Audience Restriction.
Enter the Audience URL value provided under Service Provider Info tab and click Add Audience. Eg.https://example.com/wordpress
Check the Enable Recipient Validation. Enter the Audience URL value provided under Service Provider Info tab and click Add Recipient.
Eg. https://example.com/plugin/servlet/saml/auth
Click on Register to save the configuration.
Click on Update on Service Providers to save the configuration.
Select List under Identity Providers tab from the menu.
Click on Resident Identity Provider link.
Enter Home Realm Identifier value that you want (usually your WSO2 server address). Eg. https://wso2.example.com
