This documentation is for WSO2 Identity Server 5.4.0 . View documentation for the latest release.
||
Skip to end of metadata
Go to start of metadata

This section lists out some sample configurations that can be used when configuring an Identity Provider. 

Federated authenticator configuration samples

A federated authenticator is used to authenticate a user through an external system (e.g. Yahoo, MSN, OpenIDConnect). To write your own custom federated authenticator, see Writing a Custom Federated Authenticator

The <federatedAuthenticatorConfigs> and <defaultAuthenticatorConfig> tags have similar attributes. To configure a federated authenticator as the default authenticator, use the desired configuration found below with the <defaultAuthenticatorConfig> tag instead of the <federatedAuthenticatorConfigs> tag. Note that there can be only one <defaultAuthenticatorConfig> while there can be multiple <federatedAuthenticatorConfigs>.

SAML2 Web SSO configuration

<federatedAuthenticatorConfigs xmlns="http://model.common.application.identity.carbon.wso2.org/xsd">
               <displayName>samlsso</displayName>
               <enabled>true</enabled>
               <name>SAMLSSOAuthenticator</name>
               <properties>
                  <name>IdPEntityId</name>
                  <value>Identity Provider Entity Id</value>
               </properties>
               <properties>
                  <name>SPEntityId</name>
                  <value>Service Provider Entity Id</value>
               </properties>
               <properties>
                  <name>SSOUrl</name>
                  <value>https://localhost:9443/samlsso/</value>
               </properties>
               <properties>
                  <name>ISAuthnReqSigned</name>
                  <value>true</value>
               </properties>
               <properties>
                  <name>IsLogoutEnabled</name>
                  <value>true</value>
               </properties>
               <properties>
                  <name>LogoutReqUrl</name>
                  <value>https://example.com/logout/url</value>
               </properties>
               <properties>
                  <name>IsLogoutReqSigned</name>
                  <value>true</value>
               </properties>
               <properties>
                  <name>IsAuthnRespSigned</name>
                  <value>true</value>
               </properties>
               <properties>
                  <name>IsUserIdInClaims</name>
                  <value>false</value>
               </properties>
               <properties>
                  <name>IsAssertionEncrypted</name>
                  <value>true</value>
               </properties>
               <properties>
                  <name>isAssertionSigned</name>
                  <value>true</value>
               </properties>
               <properties>
                  <name>commonAuthQueryParams</name>
                  <value>paramName1=value1&paramName2=value2</value>
               </properties>
            </federatedAuthenticatorConfigs>

Property Name

Description

IdPEntityId

Identity Provider Entity Id

SPEntityId

Service Provider Entity Id

SSOUrl

SSO URL

ISAuthnReqSigned

Enable Authentication Request Signing

IsLogoutEnabled

Enable Logout

LogoutReqUrl

Logout Url

IsLogoutReqSigned

Enable Logout Request Signing

IsAuthnRespSigned

Enable Authentication Response Signing

IsUserIdInClaims

SAML2 Web SSO User ID Location

IsAssertionEncrypted

Enable Assertion Encryption

isAssertionSigned

Enable Assertion Signing

commonAuthQueryParams

Additional Query Parameters


OAuth2/OpenID Connect configuration

<federatedAuthenticatorConfigs xmlns="http://model.common.application.identity.carbon.wso2.org/xsd">
               <displayName>openidconnect</displayName>
               <enabled>true</enabled>
               <name>OpenIDConnectAuthenticator</name>
               <properties>
                  <name>ClientId</name>
                  <value>ClientID</value>
               </properties>
               <properties>
                  <name>OAuth2AuthzUrl</name>
                  <value>https://localhost:9443/oauth2/authorize/</value>
               </properties>
               <properties>
                  <name>OAUTH2TokenUrl</name>
                  <value>https://localhost:9443/oauth2/token/</value>
               </properties>
               <properties>
                  <confidential>true</confidential>
                  <name>ClientSecret</name>
                  <value>ClientSecret</value>
               </properties>
               <properties>
                  <name>IsUserIdInClaims</name>
                  <value>false</value>
               </properties>
               <properties>
                  <name>commonAuthQueryParams</name>
                  <value>paramName1=value1&paramName2=value2</value>
               </properties>
            </federatedAuthenticatorConfigs>



Property Name

Description

ClientId

Client Id

OAuth2AuthzUrl

Authorization Endpoint URL

OAUTH2TokenUrl

Token Endpoint URL

ClientSecret

Client Secret

IsUserIdInClaims

OpenID Connect User ID Location

commonAuthQueryParams

Additional Query Parameters


WS-Federation (Passive) configuration

<federatedAuthenticatorConfigs xmlns="http://model.common.application.identity.carbon.wso2.org/xsd">
               <displayName>passivests</displayName>
               <enabled>true</enabled>
               <name>PassiveSTSAuthenticator</name>
               <properties>
                  <name>RealmId</name>
                  <value>Passive STS Realm</value>
               </properties>
               <properties>
                  <name>PassiveSTSUrl</name>
                  <value>https://localhost:9443/passivests/</value>
               </properties>
               <properties>
                  <name>IsUserIdInClaims</name>
                  <value>false</value>
               </properties>
               <properties>
                  <name>commonAuthQueryParams</name>
                  <value>paramName1=value1</value>
               </properties>
</federatedAuthenticatorConfigs>

Property Name

Description

RealmId

Passive STS Realm

PassiveSTSUrl

Passive STS URL

IsUserIdInClaims

Passive STS User ID Location

commonAuthQueryParams

Additional Query Parameters


Facebook configuration


<federatedAuthenticatorConfigs xmlns="http://model.common.application.identity.carbon.wso2.org/xsd">
               <displayName>facebook</displayName>
               <enabled>true</enabled>
               <name>FacebookAuthenticator</name>
               <properties>
                  <name>ClientId</name>
                  <value>clientID</value>
               </properties>
               <properties>
                  <confidential>true</confidential>
                  <name>ClientSecret</name>
                  <value>secret</value>
               </properties>
               <properties>
                  <name>UserInfoFields</name>
                  <value>id,first_name,middle_name,gender,email</value>
               </properties>
               <properties>
                  <name>Scope</name>
                  <value>email</value>
               </properties>
               <properties>
                  <name>callBackUrl</name>
                  <value>https://localhost:9443/commonauth</value>
               </properties>
</federatedAuthenticatorConfigs>

Property Name

Description

ClientId

This refers to the Client Id you received from the Facebook app you created.

ClientSecret

This refers to the Client Secret you received from the Facebook app you created.

UserInfoFields

These are the claims related to the user account on Facebook. WSO2 Identity Server requests these fields from Facebook when a user is authenticated with Facebook through the IS. See public_profile permission for more information about these fields.

Scope

Defines the permission to access particular information from a Facebook profile. See the Permissions Reference for a list of the different permission groups in Facebook APIs.  

callBackUrl

Callback URL of the Identity Server.


Yahoo configuration

<federatedAuthenticatorConfigs xmlns="http://model.common.application.identity.carbon.wso2.org/xsd">
               <displayName>yahoo</displayName>
               <enabled>true</enabled>
               <name>YahooOpenIDAuthenticator</name>
            </federatedAuthenticatorConfigs>


Google configuration

<federatedAuthenticatorConfigs
    xmlns="http://model.common.application.identity.carbon.wso2.org/xsd">
    <displayName>google</displayName>
    <enabled>true</enabled>
    <name>GoogleOpenIDAuthenticator</name>
</federatedAuthenticatorConfigs>


Microsoft (Hotmail,MSN,Live) configuration

<federatedAuthenticatorConfigs xmlns="http://model.common.application.identity.carbon.wso2.org/xsd">
               <displayName>microsoft(hotmail,</displayName>
               <enabled>true</enabled>
               <name>MicrosoftWindowsLive</name>
               <properties>
                  <name>ClientSecret</name>
                  <value>clientsecret</value>
               </properties>
               <properties>
                  <name>windows-live-callback-url</name>
                  <value>https://example.com/callback/url</value>
               </properties>
               <properties>
                  <name>ClientId</name>
                  <value>clientID</value>
               </properties>
</federatedAuthenticatorConfigs>

Property Name

Description

ClientSecret

Client Secret

windows-live-callback-url

Callback Url

ClientId

Client Id


Outbound provisioning connector configuration samples

An outbound provisioning connector is used to provision users to external systems (e.g. Google, SalesForce).  To write your own custom outbound provisioning connector, see Writing an Outbound Provisioning Connector

The <provisioningConnectorConfigs> and <defaultProvisioningConnectorConfig> tags have similar attributes. To configure an outbound provisioning connector as the default provisioning connector, use the desired configuration found below with the <defaultProvisioningConnectorConfig> tag instead of the <provisioningConnectorConfigs> tag. There can be only one <defaultProvisioningConnectorConfig> while there can be multiple <provisioningConnectorConfigs>.

SalesForce provisioning configuration

<provisioningConnectorConfigs xmlns="http://model.common.application.identity.carbon.wso2.org/xsd">
               <enabled>true</enabled>
               <name>salesforce</name>
               <provisioningProperties>
                  <name>sf-username</name>
                  <value>testuser</value>
               </provisioningProperties>
               <provisioningProperties>
                  <confidential>true</confidential>
                  <name>sf-password</name>
                  <value>testpw</value>
               </provisioningProperties>
               <provisioningProperties>
                  <name>sf-clientid</name>
                  <value>clientID</value>
               </provisioningProperties>
               <provisioningProperties>
                  <confidential>true</confidential>
                  <name>sf-client-secret</name>
                  <value>clientsecret</value>
               </provisioningProperties>
               <provisioningProperties>
                  <name>sf-api-version</name>
                  <value>1.0.0</value>
               </provisioningProperties>
               <provisioningProperties>
                  <name>sf-domain-name</name>
                  <value>example.com</value>
               </provisioningProperties>
</provisioningConnectorConfigs>

Property Name

Description

sf-username

Username

sf-password

Password

sf-clientid

Client ID

sf-client-secret

Client Secret

sf-api-version

API version

sf-domain-name

Domain Name


Google provisioning configuration

<provisioningConnectorConfigs xmlns="http://model.common.application.identity.carbon.wso2.org/xsd">
               <enabled>true</enabled>
               <name>googleapps</name>
               <provisioningProperties>
                  <name>google_prov_application_name</name>
                  <value>TestApp</value>
               </provisioningProperties>
               <provisioningProperties>
                  <name>google_prov_admin_email</name>
                  <value>test@mygoogledomain.com</value>
               </provisioningProperties>
               <provisioningProperties>
                  <name>google_prov_service_acc_email</name>
                  <value>test@developer.gserviceaccount.com</value>
               </provisioningProperties>
               <provisioningProperties>
                  <name>google_prov_familyname_claim_dropdown</name>
                  <value>ClaimB</value>
               </provisioningProperties>
               <provisioningProperties>
                  <name>google_prov_givenname_claim_dropdown</name>
                  <value>ClaimB</value>
               </provisioningProperties>
               <provisioningProperties>
                  <name>google_prov_email_claim_dropdown</name>
                  <value>ClaimA</value>
               </provisioningProperties>
               <provisioningProperties>
                  <name>google_prov_domain_name</name>
                  <value>mygoogledomain.com</value>
               </provisioningProperties>
            </provisioningConnectorConfigs>

Property Name

Description

google_prov_application_name

Application Name

google_prov_admin_email

Administrator's Email

google_prov_service_acc_email

Service Account Email

google_prov_familyname_claim_dropdown

Family Name

google_prov_givenname_claim_dropdown

Given Name

google_prov_email_claim_dropdown

Primary Email

google_prov_domain_name

Google Domain


SCIM provisioning configuration

   <provisioningConnectorConfigs xmlns="http://model.common.application.identity.carbon.wso2.org/xsd">
               <enabled>true</enabled>
               <name>scim</name>
               <provisioningProperties>
                  <name>scim-username</name>
                  <value>testuser</value>
               </provisioningProperties>
               <provisioningProperties>
                  <confidential>true</confidential>
                  <name>scim-password</name>
                  <value>testpw</value>
               </provisioningProperties>
               <provisioningProperties>
                  <name>scim-user-ep</name>
                  <value>example.com</value>
               </provisioningProperties>
               <provisioningProperties>
                  <name>scim-group-ep</name>
                  <value>example.com</value>
               </provisioningProperties>
               <provisioningProperties>
                  <name>scim-user-store-domain</name>
                  <value>example.com</value>
               </provisioningProperties>
   </provisioningConnectorConfigs>



Property Name

Description

scim-username

Username

scim-password

Password

scim-user-ep

User Endpoint

scim-group-ep

Group Endpoint

scim-user-store-domain

User Store Domain


SPML provisioning configuration

<provisioningConnectorConfigs xmlns="http://model.common.application.identity.carbon.wso2.org/xsd">
               <enabled>true</enabled>
               <name>spml</name>
               <provisioningProperties>
                  <name>spml-username</name>
                  <value>testuser</value>
               </provisioningProperties>
               <provisioningProperties>
                  <confidential>true</confidential>
                  <name>spml-password</name>
                  <value>testpw</value>
               </provisioningProperties>
               <provisioningProperties>
                  <name>spml-ep</name>
                  <value>example.com</value>
               </provisioningProperties>
               <provisioningProperties>
                  <name>spml-oc</name>
                  <value>spml2person</value>
               </provisioningProperties>
</provisioningConnectorConfigs>

Property Name

Description

spml-username

Username

spml-password

Password

spml-ep

SPML Endpoint

spml-oc

SPML ObjectClass

  • No labels