When WSO2IS is used as SSO IDP, end user (single browser agent) can have only one SSO session with WSO2IS. This session can not be based on the service provider or tenant domain or any other parameter. It means that once end user is authenticated to WSO2IS using given SP, All other SPs which are […]
Tag: SSO
In SSO login, you can plug different custom authenticators in to the WSO2IS. There are two major types. One is local authenticators and other one is Federated Authenticators. Federated authenticators are needed when you need to provide browser based redirections to another IDP. As an example Salesforce, Google, Facebook IDPs. (More details from here) In […]
In my previous posts, we tried the federation authentication with WSO2IS and other third party identity provider such as Salesforce, Google IDP, Shibboleth and so on. You can find them from here In this post, we are trying to understand,, how to configure multiple federated IDPs with given service provider. Let assume that we have already […]
WSO2IS provides extensions to customize the SAML2 response and Assertion that is generated with SAML2 SSO web browser profile. You can find more on SAML2 SSO with WSO2IS from here as well. Lets go through quick to on customizing SAML2 Response and Assertion. Step 1. First, you need to implement a new SAML2 Response or […]
When we are working with SAML2 SSO, one of the common question that is come in to the picture, is that the handling of session time out between SAML2 IDP and multiple SPs. (when single logout is enabled) Lets try to understand some common problems. 1. Does SP need to send SAML Logout request to […]
I have seen some of the people you are using SSO mechanism (SAML2 SSO, OpenId , OpenID Connect) have raised this in several places. Answer is “Yes“.. it can be done. Simple way is that, Service provider can promote a login page for the end users (or else Service provider can retrieve end user’s credentials […]
Identity Server supports for the OpenId connect core specification which can be found from here. If you like to try out the openid connect with Identity Server, you can find the sample from here. You can even modify the source and rebuild the web application as you like. Please note: In this blog post, sample […]
In my last blog post, we went through, how we can configure Shibboleth IDP as an Federated IDP for WSO2 Identity Server. Today lets see how we can configure Identity Server with testshib (https://testshib.org/) which is also shibboleth IDP that is available online for testing purposes. Configure Identity Server as SP in testshib IDP testshib has been already configured. […]
As mentioned in my previous post, we discussed how we can use Identity Server as SAML2 SSO IDP. We tried to configure the sample “travelocity.com” application. Now let see how we can achieve the IDP Initiated SAML2 SSO with same setup. Step 1. Enable IdP Initiated SSO. You need to tick on “Enable IdP Initiated […]
In my previous blog post, we went through how you can configure the SAML2 SSO web application with Identity Server. Users authenticate to Identity Server by proving username/password. These username/password must be authenticated with the enterprise user store that is deployed with Identity Server. Therefore only the user who are in the enterprise user store […]