Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. Once a Web application is published from App Manager publisher, synapse handler for SAML SSO is attached to the synapse configurations as follows. API resource will be created under <PRODUCT_HOME>/repository/deployment/server/synapse-configs/default/api/ directory. Name of the file will be {app created user}–{app name}_v{version}.xml.
    <handler class="org.wso2.carbon.appmgt.gateway.handlers.security.saml2.SAML2AuthenticationHandler"/>

    The SAML2AuthenticationHandler validates incoming requests. If authenticated cookie is not found, request is sent to the IDP. The IDP URL is configured as a synapse sequence as follows.

    Info

    If App Manager is running with a port offset of zero and default IDP is used, then these configurations need not to be changed.

    Code Block
    languagehtml/xml
    <sequence xmlns="http://ws.apache.org/ns/synapse" name="saml2_sequence">
        <property name="uri.var.saml2.request" expression="get-property('SAMLRequest')" />
        <call>
            <endpoint xmlns="http://ws.apache.org/ns/synapse" name="HTTPEndpoint">
                <http uri-template="https://localhost:9443/samlsso?SAMLRequest={uri.var.saml2.request}" method="POST">
            </http>
         </endpoint>
       </call>
        <respond/>
    </sequence>
  2. Add the Web application as a service provider in service provider configurations in IDP. For more information on configuring a SAML2 service provider in WSO2 Identity Server, go to Adding a Service Provider.

    Info

    When setting up a service provider;

    • Web application name should be provided as the issuer in the service provider configuration.

    • Assertion consumer URL should be gateway URL of the Web application.

...

Code Block
languagetext
{"iss":"wso2.org/products/am","exp":1394072102566,"Subject":"admin","http://wso2.org/claims/emailaddress":"appm@wso2.com",
"http://wso2.org/claims/mobile":"123123213","http://wso2.org/claims/role":"admin,subscriber,Internal/everyone"}

 


Sending SAML response to backend

...