Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.


  1. Once a Web application is published from App Manager publisher, synapse handler for SAML SSO is attached to the synapse configurations as follows. API resource will be created under <PRODUCT_HOME>/repository/deployment/server/synapse-configs/default/api/ directory. Name of the file will be {app created user}–{app name}_v{version}.xml.
    <handler class=""/>

    The SAML2AuthenticationHandler validates incoming requests. If authenticated cookie is not found, request is sent to the IDP. The IDP URL is configured as a synapse sequence as follows.


    If App Manager is running with a port offset of zero and default IDP is used, then these configurations need not to be changed.

    Code Block
    <sequence xmlns="" name="saml2_sequence">
        <property name="uri.var.saml2.request" expression="get-property('SAMLRequest')" />
            <endpoint xmlns="" name="HTTPEndpoint">
                <http uri-template="https://localhost:9443/samlsso?SAMLRequest={uri.var.saml2.request}" method="POST">
  2. Add the Web application as a service provider in service provider configurations in IDP. For more information on configuring a SAML2 service provider in WSO2 Identity Server, go to Adding a Service Provider.


    When setting up a service provider;

    • Web application name should be provided as the issuer in the service provider configuration.

    • Assertion consumer URL should be gateway URL of the Web application.