Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.



The steps above explain how to configure SSO between the API Publisher and Store Jagger applications, using WSO2 IS as the IDP. If there are many WSO2 products in your environment, you can configure SSO for the management consoles of those products by changing the SAML2SSOAuthenticator configuration in <PRODUCT_HOME>/repository/conf/security/authenticators.xml file as follows:

  • Set disabled attributes in <Authenticator> element to false
  • ServiceProviderID : In this example, it is the issuer name of the service provider created in step 1
  • IdentityProviderSSOServiceURL : In this example, it is the Identity Server port

    Code Block
    <Authenticator name="SAML2SSOAuthenticator" disabled="false">
                <Parameter name="LoginPage">/carbon/admin/login.jsp</Parameter>
                <Parameter name="ServiceProviderID">carbonserver1</Parameter>
                <Parameter name="IdentityProviderSSOServiceURL">https://localhost:9444/samlsso&lt;/Parameter>
               <Parameter name="NameIDPolicyFormat">urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</Parameter>

    Make sure the <priority> of the SAML2SSOAuthenticator is less than that of the BasicAuthenticator handler. See here for more information.

Configuring the API Store for SSO in passive mode

If the passive mode is disabled and single sign-on (SSO) is enabled, it redirects the user to the SSO login page. Therefore, as the WSO2 API Store allows anonymous access, passive mode is enabled by default, so that irrespective of whether SSO is enabled or not it directs the user to the API Store URL, and enables the SSO work flow only when the Sign In button is clicked.

To disable the passive mode, set the property named passive to false in the <API-M_HOME>/repository/deployment/server/jaggeryapps/store/site/conf/site.json file.

Code Block
"ssoConfiguration" : {
        "passive" : "true",