This documentation is for WSO2 Identity Server 5.0.0. View documentation for the latest release.
Page Comparison - Configuring Federated Authenticators for an Identity Provider (v.27 vs v.28) - Identity Server 5.0.0 - WSO2 Documentation

Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.


  1. Expand the SAML2 Web SSO Configuration form.
  2. Fill in the following fields where relevant.

    Enable SAML2 Web SSOSelecting this option enables SAML2 Web SSO to be used as an authenticator for users provisioned to the Identity Server.
    DefaultSelecting the Default checkbox signifies that SAML2 Web SSO is the main/default form of authentication. This removes the selection made for any other Default checkboxes for other authenticators.
    Identity Provider Entity IdThis is basically the issuer of the response. It must be unique among identity providers.
    Service Provider Entity IdThis is the entity Id of the Identity Server. This is useful when differentiating between tenants.
    SSO URLThis is the URL to which the browser should be redirected after the authentication is successful. It should have this format: https://(host-name):(port)/acs.
    Enable Authentication Request SigningSelecting this checkbox enables you to sign the authentication request.
    Enable Assertion EncryptionThis is a security feature where you can encrypt the SAML2 Assertions returned after authentication.
    Enable Assertion Signing

    Select Enable Assertion Signing to sign the SAML2 Assertions returned after the authentication. SAML2 relying party components expect these assertions to be signed by the Identity Server.

    Enable LogoutSelect Enable Single Logout so that all sessions are terminated once the user signs out from one server.
    Logout URLYou can enter a custom Logout URL if required. If you do not enter anything here it will simply return to the SSO URL you specified.
    Enable Logout Request SigningSelecting this checkbox enables you to sign the logout request.
    Enable Authentication Response Signing

    Select Enable Authentication Response Signing to sign the SAML2 Responses returned after the authentication.

    SAML2 Web SSO User Id LocationSelect whether the User ID is found in 'Name Identifier' or if it is found among claims.
    Additional Query ParametersThis is necessary if you are connecting to another Identity Server or application. Sometimes extra parameters are required by this IS or application so these can be specified here.