In SSO login, you can plug different custom authenticators in to the WSO2IS. There are two major types. One is local authenticators and other one is Federated Authenticators. Federated authenticators are needed when you need to provide browser based redirections to another IDP. As an example Salesforce, Google, Facebook IDPs. (More details from here) In […]
Category: SAML2
Security Assertion Markup Language
This is a simple command line tool that you can validate your SAML2 Response and Assertion signatures. This has been implemented using Apache OpenSAML and Xmlsec libraries. You can download the zip file from here… and source also would be available inside side and svn from here. Therefore you can modify and change it as […]
WSO2IS provides extensions to customize the SAML2 response and Assertion that is generated with SAML2 SSO web browser profile. You can find more on SAML2 SSO with WSO2IS from here as well. Lets go through quick to on customizing SAML2 Response and Assertion. Step 1. First, you need to implement a new SAML2 Response or […]
When we are working with SAML2 SSO, one of the common question that is come in to the picture, is that the handling of session time out between SAML2 IDP and multiple SPs. (when single logout is enabled) Lets try to understand some common problems. 1. Does SP need to send SAML Logout request to […]
I have seen some of the people you are using SSO mechanism (SAML2 SSO, OpenId , OpenID Connect) have raised this in several places. Answer is “Yes“.. it can be done. Simple way is that, Service provider can promote a login page for the end users (or else Service provider can retrieve end user’s credentials […]
In my last blog post, we went through, how we can configure Shibboleth IDP as an Federated IDP for WSO2 Identity Server. Today lets see how we can configure Identity Server with testshib (https://testshib.org/) which is also shibboleth IDP that is available online for testing purposes. Configure Identity Server as SP in testshib IDP testshib has been already configured. […]
As mentioned in my previous post, we discussed how we can use Identity Server as SAML2 SSO IDP. We tried to configure the sample “travelocity.com” application. Now let see how we can achieve the IDP Initiated SAML2 SSO with same setup. Step 1. Enable IdP Initiated SSO. You need to tick on “Enable IdP Initiated […]
In my previous blog post, we went through how you can configure the SAML2 SSO web application with Identity Server. Users authenticate to Identity Server by proving username/password. These username/password must be authenticated with the enterprise user store that is deployed with Identity Server. Therefore only the user who are in the enterprise user store […]
SAML2 Bearer grant type is one of the popular profile in OAuth 2.0. Once end user login in to a web application using SAML2 SSO and if web application needs to call an OAuth secured API behalf of the user, SAML2 Bearer grant type would be the ideal way to do it. With this profile, […]
If you are working on developing, integrating and testing SAML2 based SSO scenarios; It would be really useful, If we can trace the SAML2 messages that are going here and there. Once of the great tool that we can use for this, is the SSO Tracer It is just a firefox plugin and you can install it in […]