WSO2 Identity Server can mediate authentication requests between service providers and identity providers. At the same time, the Identity Server itself can act as a service provider and an identity provider. When it acts as an identity provider it is known as the resident identity provider. This basically converts the Identity Server into a federated hub.
The resident identity provider configuration is very relevant for you if you are a service provider and want to send an authentication request or a provisioning request to the Identity Server (say via SAML, OpenID, OpenID Connect, SCIM, and WS-Trust).
Resident identity provider configuration is a one time configuration for a given tenant. It basically shows you the Identity Server's metadata, like the endpoints. In addition to the metadata, you can configure this if you want to secure the WS-Trust endpoint with a security policy.
Follow the instructions below to configure a resident identity provider.
- Sign in. Enter your username and password to log on to the Management Console.
- In the Main menu under the Identity section, click List under Identity Providers. The list of identity providers you added appears.
- Click the Resident Identity Provider link.
- The Resident Identity Provider page appears.
- Enter a Home Realm Identifier for the resident identity provider. Enter multiple identifiers as a comma separated list.
- Configure inbound authentication if required. This is not mandatory for creating a resident identity provider.
Set the Identity Provider Entity Id under SAML2 Web SSO Configuration. Specifying this gives the tenant identification, so any users provisioned through this tenant can be identified as such.
Configure the WS-Trust/WS-Federation (Passive). For more information on this, see here.
- Click Update.
- Click Ok to the confirmation message that appears.
Note the following information regarding the URLs on this screen.