WSO2 Identity Server's passive security token service (Passive STS) is used as the WS-Federation implementation.
Configuring passive STS
- See here for details on adding a service provider.
- Expand the Inbound Authentication Configuration followed by the WS-Federation (Passive) Configuration section and provide the following values.
Passive STS Realm - This uniquely identifies the web app. Provide the same realm name given to the web app you are configuring WS-Federation for.
Passive STS WReply URL - Provide the URL of the web app you are configuring WS-Federation for. This endpoint URL handles the token response.
If you want to configure an expiration time for the security token, you need to add the following configuration in the
<IS_HOME>/repository/conf/carbon.xmlfile, under the
Here, the expiration time should be specified in milliseconds.
- Expand the Claim Configuration section and map the relevant claims. See Configuring Claims for a Service Provider for more information.
- Click Update to save changes.