WSO2 Identity Cloud allows SSO for proxy-based applications using SAML 2.0. Proxy-type applications do not need to handle the SSO logic. There is a central gateway provided that acts as a proxy for the application, handles SSO requests/responses on behalf of the application, and sends a signed JWT token to the application where it can process it and identify the authenticated user.
The following diagram illustrates the process that is followed for authentication to a proxy-based SAML application once this configuration is done with the WSO2 Identity Cloud.
Figure: Accessing a proxy-based SAML application using Identity Cloud
The above diagram illustrates how a user accesses the proxy-based application from the application list in the User Portal of the WSO2 Identity Cloud. This is redirected to the Identity Cloud Gateway and an authentication request is sent to the Identity Cloud using the SAML protocol. The Identity Cloud sends an authentication response to the application through Identity Cloud Gateway and the user is able to log in to the application.
Now let's begin.
- Select Proxy-based Federation from Select App Type.
- Scroll down. In Gateway Configuration, enter Context as '/proxyContent' and Access URL as '.
- Click Save to save the application details and the added application is displayed on the page.
- Click Go to User Portal.
- Click the added custom application that is in the user portal.
You are directed to WSO2 website home page without having to sign in explicitly. This shows SAML based SSO capability for a proxy-based custom application using Identity Cloud.