This documentation is for WSO2 Identity Server 5.1.0 . View documentation for the latest release.

Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.


Follow the instructions in the sections below to set up and configure this scenario:

Table of Contents

Setting up the WSO2 Identity Server instances


The next step in this scenario is to configure the secondary Identity Server as an identity provider (IdP) in the primary Identity Server.

  1. Go to the Management Console of the primary IS.
  2. Navigate to the Identity Providers section in the Main menu and click Add.
  3. Enter “Secondary" as the Identity Provider Name for this scenario.
  4. Expand the Federated Authenticators section and then expand the SAML2 Web SSOConfiguration section.

  5. Make the following changes.
    1. Select the Enable SAML2 Web SSO checkbox.
    2. Enter “Secondary IDP” as Identity Provider Entity Id.
    3. Enter “Primary'” as the Service Provider Entity Id.
    4. Enter 'https://localhost:9444/samlsso/' as the SSO URL. This is the SAML2 SSO URL of the secondary IS.

    5. Select the Enable Logout checkbox.
  6. Click Register. The new identity provider named 'Secondary' is listed under List (go to Main menu and click List under Identity Providers).

Configuring the primary IS as an SP in the secondary IS

Now that the secondary Identity Server is added as an IdP in the primary Identity Server,


the primary IS should be added as service provider (SP) in the


secondary IS instance.

  1. Go to Management Console Log in to the management console of the Secondary secondary IS instance using the following URL: https://localhost:9444/carbon

  2. Navigate to the Main menu and click Add under Service Providers. Enter service provider name as 'PrimaryIDP' for this sample scenario.

  3. Click Register

  4. In the form that appears, expand the Inbound Authentication Configuration and SAML2 Web SSO Configuration sections. 

  5. Click Configure. The following form appears.

  6. Enter the following details in the form.

    1. Enter “Primary” as the Issuer, this is the same value as Service Provider Entity Id in step 5c.

    2. Enter value https://localhost:9443/commonauth as Assertion Consumer URL and click Add.

    3. Enable the following checkboxes.

      1. Enable Response Signing

      2. Enable Single Logout

  7. Click Register and then click Update. The primary Identity Server instance is added as the service provider in the secondary Identity Server instance.