Federated users can be provisioned to WSO2IS local user store using JIT provisioning. But; WSO2IS can not enforce end users to enter new attributes for provisioning. But; WSO2IS 5.3.0 contains new feature which end user’s can fill out the mandatory attributes for given service provider. Assume that federated IDP or local IDP does not contain […]
Category: SSO
Single Sign On
When WSO2IS is used as SSO IDP, end user (single browser agent) can have only one SSO session with WSO2IS. This session can not be based on the service provider or tenant domain or any other parameter. It means that once end user is authenticated to WSO2IS using given SP, All other SPs which are […]
In SSO login, you can plug different custom authenticators in to the WSO2IS. There are two major types. One is local authenticators and other one is Federated Authenticators. Federated authenticators are needed when you need to provide browser based redirections to another IDP. As an example Salesforce, Google, Facebook IDPs. (More details from here) In […]
In my previous blog post, we understood how to deploy in WSO2IS with proxy server or load balancer. But it is about a basic deployment. When it comes to the real production. Lets try to understand the most common deployment pattern. Followings are the important points to consider when it comes to the production deployment. […]
In my previous posts, we tried the federation authentication with WSO2IS and other third party identity provider such as Salesforce, Google IDP, Shibboleth and so on. You can find them from here In this post, we are trying to understand,, how to configure multiple federated IDPs with given service provider. Let assume that we have already […]
WSO2IS provides extensions to customize the SAML2 response and Assertion that is generated with SAML2 SSO web browser profile. You can find more on SAML2 SSO with WSO2IS from here as well. Lets go through quick to on customizing SAML2 Response and Assertion. Step 1. First, you need to implement a new SAML2 Response or […]
When we are working with SAML2 SSO, one of the common question that is come in to the picture, is that the handling of session time out between SAML2 IDP and multiple SPs. (when single logout is enabled) Lets try to understand some common problems. 1. Does SP need to send SAML Logout request to […]
I have seen some of the people you are using SSO mechanism (SAML2 SSO, OpenId , OpenID Connect) have raised this in several places. Answer is “Yes“.. it can be done. Simple way is that, Service provider can promote a login page for the end users (or else Service provider can retrieve end user’s credentials […]
In my last blog post, we went through, how we can configure Shibboleth IDP as an Federated IDP for WSO2 Identity Server. Today lets see how we can configure Identity Server with testshib (https://testshib.org/) which is also shibboleth IDP that is available online for testing purposes. Configure Identity Server as SP in testshib IDP testshib has been already configured. […]
As mentioned in my previous post, we discussed how we can use Identity Server as SAML2 SSO IDP. We tried to configure the sample “travelocity.com” application. Now let see how we can achieve the IDP Initiated SAML2 SSO with same setup. Step 1. Enable IdP Initiated SSO. You need to tick on “Enable IdP Initiated […]