IDP Initiated SAML2 SSO with WSO2 Identity Server

As mentioned in my previous post, we discussed how we can use Identity Server as SAML2 SSO IDP. We tried to configure the sample “travelocity.com” application.

Now let see how we can achieve the IDP Initiated SAML2 SSO with same setup.

Step 1. Enable IdP Initiated SSO. You need to tick on “Enable IdP Initiated SSO” check box in SAML2 SSO issuer configuration (Please refer Step 3 in my previous post)

Step 2. Do GET request. You need to follow the pattern

https://{Hostname}:{Port}/samlsso?spEntityID={SAML2 SSO Issuer name}

In our sample, this would be

https://localhost:9443/samlsso?spEntityID=travelocity.com

If your SAML2 SSO issuer has been configured in a separate tenant other than super tenant, then you need to append the tenantDomain parameter as well.

If tenant domain is soasecurity.org, GET would be

https://localhost:9443/samlsso?spEntityID=travelocity.com&tenantDomain=soasecurity.org