This documentation is for WSO2 Identity Server 5.0.0. View documentation for the latest release.
Logging into the Identity Server using Facebook Credentials - Identity Server 5.0.0 - WSO2 Documentation
Skip to end of metadata
Go to start of metadata

Current trends require usage of services from hundreds of websites in a connected world. Most of these websites need the user to create an account with them by providing a valid email address and password. Remembering all the different user IDs and passwords that you use can be difficult and cumbersome. To make the life easier most websites now provide the user with an option to log in using their Facebook account, Twitter account or Google account. Since most of the internet users have one of these accounts, it makes creating a new account an instant action.

WSO2 Identity Server enables users to log in to the Identity Server using their Facebook account. To do that, first you have to create a Facebook app after registering as a Facebook developer.

This topic provides instructions on how to configure the Facebook app and the Identity Server to integrate using a sample app. See the following sections for more information.

Configuring the Facebook app

  1. Go to and log in using your Facebook credentials.
  2. Navigate to the window where you can create a new app by clicking Add a New App under the Apps menu. 
  3. Choose the platform you wish to use. Select Website here when working with this sample.
  4. Enter the name of your new app in the window that appears and click Create New Facebook App ID.
    The following window appears.
  5. Select if this app is a test version of another app. If you do this, you need to select the app from the dropdown instead of Category. If this is not a test version of another app, select an appropriate Category from the dropdown. 
  6. Click Confirm. This takes you to the quick start page where you can set up your app.
  7. Add the relevant website details by pointing to https://localhost:9443/.
  8. Click Skip to the Developer Dashboard to access the dashboard.
  9. This will take you to the app Dashboard where you can find the App ID and App Secret as shown in the image below. Click Show to view the App Secret.
  10. Click Settings on the left menu and navigate to the Advanced section by clicking on the tab at the top of your screen. Here you need to configure the security settings.

    1. Client OAuth Login should be set to Yes.
    2. Valid OAuth redirect URIs should be set to https://localhost:9443/commonauth.
  11. Click the Save Changes button to save the changes.

Now you have finished configuring Facebook as an Identity Provider.

About accessing the app

The app is not available to general public yet. To make to app available to every Facebook user, you have to submit the app for review. After a review, Facebook makes the app available to every Facebook user. You can find more information on the review process by clicking on Status and Review in the left navigation menu of your app's dashboard.

The review process may take some time, so for the purposes of this sample, you can specify some Facebook users as Developers or Testers. Only the users specified here can use this app to log in with Facebook until the app goes public. To do this, click on Roles in the left navigation menu of the dashboard and specify the required Facebook users as Developers or Testers.

Deploying sample app

The next step is to deploy the sample app in order to use it in this scenario.

  1. You can download file from here.
  2. Deploy this sample web app on a web container. 
    1. Use the Apache Tomcat server to do this.
    2. Since this sample is written based on Servlet 3.0, it needs to be deployed on Tomcat 7.x.
    3. Copy the .war file into the webapps folder. For example, <APACHE_HOME>/apache-tomcat-7.0.50/webapps.

Once this is done, the next step is to configure the WSO2 Identity Server by adding a service provider and identity provider.

Configuring the identity provider

Now you have to configure WSO2 Identity Server by adding a new identity provider.

  1. Download the WSO2 Identity Server from here and run it.
  2. Log in to the management console as an administrator.
  3. In the Identity section under the Main tab of the management console, click Add under Identity Providers.
  4. Give a suitable name as the Identity Provider Name.
  5. Go to Facebook Configuration under Federated Authenticators

  6. Enter the App ID and App Secret values from the Facebook app you created in the Client Id and Client Secret fields respectively.

  7. Select both checkboxes to Enable Facebook Authenticator and make it the Default.

  8. Click Register.

You have now added the identity provider.

Configuring the service provider

The next step is to configure the service provider.

  1. Return to the management console.
  2. In the Identity section under the Main tab, click Add under Service Providers.
  3. Enter in the Service Provider Name text box and click Register.
  4. In the Inbound Authentication Configuration section, click Configure under the SAML2 Web SSO Configuration section.
    1. Now set the configuration as follows:


      Assertion Consumer URLhttp://localhost:8080/

    2. Select the following check-boxes:

      Enable Response Signing

      Enable Assertion Signing

      Enable Single Logout

      Enable Attribute Profile

      Include Attributes in the Response Always

  5. Click Update to save the changes. Now you will be sent back to the Service Providers page.
  6. Go to Local and Outbound Authentication Configuration section.

  7. Select the Identity Provider you created from the dropdown list under Federated Authentication

  8. Ensure that the Federated Authentication radio button is selected and click Update to save the changes.

You have now added and configured the service provider.

Configuring claim mappings for Facebook

The next step is to configure claims in the Identity Server and map them with Facebook.

  1. In the Identity section under the Main tab, click List under Identity Providers.
  2. Click Edit to edit the facebook identity provider you created. 
  3. Under Claim Configuration, go to Basic Claim Configuration.
  4. Select the Define Custom Claim Dialect option under Select Claim mapping Dialect
  5. Click Add Claim Mapping to add custom claim mappings as follows.
  6. You can retrieve all the public information of the user and the email address. The following are some common attribute names.


    More information is available from the following link:

    You can map these attributes to any Local Claim URI that is suitable.

Configuring requested claims for

  1. In the Identity section under the Main tab, click List under Service Providers.
  2. Click Edit to edit the service provider.
  3. Go to Claim Configuration.
  4. Click on Add Claim URI under Requested Claims to add the requested claims as follows. Here you should add the claims you mapped in the Identity Provider claim configuration.
  5. Select a suitable claim for the Subject Claim URI.

    Note that the email address cannot be used for this step unless you allow the usage of email addresses as usernames in the <IS_HOME>/repository/conf/carbon.xml file. To allow using email address as usernames, uncomment the following in the carbon.xml file.


Now you have configured the Identity Server.

Testing the sample

  1. To test the sample, go to the following URL: http://localhost:8080/
  2. Click the link to log in with SAML from WSO2 Identity Server.
  3. You are redirected to the Facebook Login page. Enter your Facebook credentials and you will be taken to the home page of the app.


  • No labels