This documentation is in progress and includes all updates released after Identity Server 5.4.1. For documentation specific to a version, see About This Release.
Configuring WS-Federation Single Sign-On - WSO2 Identity Server 5.x.x - WSO2 Documentation
||
Skip to end of metadata
Go to start of metadata

WSO2 Identity Server's passive security token service (Passive STS) is used as the WS-Federation implementation. The Passive STS is capable of issuing SAML 1.1 and 2.0 security tokens.

>To request a SAML 2.0 security token, the Request Security Token (RST) should be sent to the passive STS endpoint with the TokenType 'SAMLV2.0' when sending the token request. If there is no RST specified, the WSO2 Identity Server will issue a SAML 1.1 token by default.

Configuring passive STS

  1. See here for details on adding a service provider. 
  2. Expand the Inbound Authentication Configuration followed by the WS-Federation (Passive) Configuration section and provide the following values. See Configuring WS-Federation (Passive) for more information.

    • Passive STS Realm - This uniquely identifies the web app. Provide the same realm name given to the web app you are configuring WS-Federation for.

    • Passive STS WReply URL - Provide the URL of the web app you are configuring WS-Federation for.  This endpoint URL handles the token response. 

  3. Expand the Claim Configuration section and map the relevant claims. See Configuring Claims for a Service Provider for more information. 
  4. Click Update to save changes. 
Related Topics
  • No labels