Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.


  1. The respective SSO Service Providers need to be registered in WSO2 Identity Server for each web application.   


    Note that the parameters/values defined in the file of WSO2 AS should correspond to the parameters defined for the service providers registered in WSO2 IS.

    1. Since the valve automatically determines the SSO issuer-id, the service provider issuer-id needs to be in the following format:

      For super tenant web applications: issuer-id = webapp-name
      For tenant web applications: issuer-id = t_tenant-name_webapp-name


        • When the foo.war web application is deployed for the Super Tenant, the issuer-id = foo.

        • When the bar.war web application is deployed in tenant, the issuer-id = t_wso2.com_bar.

    2. The 'Assertion Consumer URL' for the service providers should be set to the same value specified in the file. Shown below is the URL given in the default file. The format of the URL should be as follows: https://{ip}:{port}/{app-name}/acs

      Code Block
      #The URL of the SAML 2.0 Assertion Consumer
  2. Update "IdentityProviderURL" and “EntityId” in <IS_HOME>/repository/conf/identity.xml with the correct IS hostname.


    Note that the “EntityId” in <IS_HOME>/repository/conf/identity.xml should be the same as the “SAML2.IdPEntityId” defined in <AS_HOME>/repository/conf/security/

  3. In WSO2 IS, update the resident IDP "Entity Id"  with the same value as the "EntityId". Shown below is the default configuration.
    Resident Identity Provider in WSO2 IS