This documentation is for WSO2 Identity Server 5.0.0. View documentation for the latest release.
Page Comparison - Configuring SAML2 SSO (v.5 vs v.6) - Identity Server 5.0.0 - WSO2 Documentation

Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.


Configuring WSO2 Identity Server as an identity provider

  1. Start the Identity Server and access the management console using https://localhost:9443/carbon/
  2. Login to management console Log in to the Identity Server using default administrator credentials (the username and password are both "admin").
  3. In the management console found on the left of your screen, navigate to Main > Manage > SAML SSO.
  4. Click on Register New Service Provider
  5. A the Main menu and click add under Service Provider
  6. Expand the Inbound Authentication Configuration section and then expand SAML2 Web SSO Configuration
  7. Click Configure. A form appears. Register the new service provider by providing the following values.
    • Issuer:


      This value should be same as the SAML.IssuerID value specified inside the file.

    • Assertion Consumer URL: http://localhost:8080/


      This value should be same as the SAML.ConsumerUrl value mentioned inside the file.

    • NameID format: Enter the default value here (i.e., urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress)
    • Use fully qualified username in the NameID: Set this as true by selecting the checkbox
    • Enable Response Signing: Set this as true by selecting the checkbox
    • Enable Assertion Signing: Set this as true by selecting the checkbox
    • Enable Signature Validation in Authentication Requests and Logout Requests: Set this as true (Certificate alias = wso2carbon)
    • Enable Single Logout: Set this as true by selecting the checkbox
  8. After providing above values click Register.

After successfully registering the service provider, logout log out from management console. You  You have now configuring Identity Server as the identity provider. The next step is to run the sample.

Running the sample

  1. Visit http://localhost:8080/ You are directed to the following page:
  2. Since you need to use SAML2 for this sample, click the first link, i.e., Click here to login with SAML from Identity Server. You  You are redirected to the Identity Server for authentication.
  3. Enter the default admin credentials (admin/admin).
  4. Now you are logged in and you can see the home page of the app.