- Sign in. Enter your username and password to log on to the Management Console.
In the Main menu under the Identity section, click Resident under Identity Providers.
The Resident Identity Provider page appears.
Enter a Home Realm Identifier for the resident identity provider. You can enter multiple identifiers as a comma separated list.
This value is essentially the domain name of the identity provider. If you do not enter a value here, when an authentication request comes to the Identity Server, a page is displayed prompting the user to specify a domain.
Idle Session Time Out : This represents the idle session time out for SSO sessions. The default value is set to 15min which means that if Identity Server does not receive any SSO authentication request for 15min for a given user SSO session would be timeout. You can configure the idle time out value.
Remember Me Period : You can tick on the Remember Me option in Identity Server login page if you need to make remember the SSO session. You can define an expiry time for this remembrance period by configuring Remember Me Period . This is configurable and the default time is 2 weeks.
- Optionally, configure inbound authentication if required by setting the Indetity Identity Provider Entity Id. This is not mandatory for creating a resident identity provider.
If you want to change the default issuer that is localhost to a domain name, you need define the Identity Provider Entity Id under SAML2 Web SSO Configuration.
Configure the Security Token Service (STS). You can configure this if you want to secure the WS-Trust endpoint with a security policy.
- Click Update.
- Click Ok to the confirmation message that appears.
You can modify the host nameoftheseURLs name of these URLs by changing the value in the
Once you update the host nameinthename in the carbon.xml file, change the URL to reflect the new hostname in the
The above URL is used for destination validation of the SAML request. The Identity Server compares the value of the "destination" inside the SAML request with the URL in the above configuration. This is done to ensure that the correct application is communicating with the right identity provider.
Exporting SAML2 metadata of the resident IdP
To configure WSO2 Identity Server as a trusted identity provider in a service provider application, export the SAML2 metadata of the resident identity provider of WSO2 IS and import the metadata to the relevant service provider.
Use one of the following approaches to do this.
- Expand the Inbound Authentication Configuration section and then expand SAML2 Web SSO Configuration.
- Click Download SAML2 metadata. A
metadata.xmlfile will be downloaded on to your machine.
metadata.xmlfile to the relevant service provider to configure WSO2 Identity Server as a trusted identity provider for your application.
Managing identity providers