- Add the WSO2 online P2 repository as a new repository. Usually, the hosted P2 repository is available at this URL: http://product-dist.wso2.orgcom/p2/carbon/releases/(Carbon-Release-Version)/wilkes/. To learn how to add a repository to the Identity Server Managing the Feature Repository in the WSO2 Product Administration Guide.
- Search for the word "authenticator". Select "SAML2 based Single Sign-On authenticator" from the result and click "Install." See Installing Features in the WSO2 Product Administration Guide.
Authenticator disabled- This should be set to
Priority- This is the priority level of the authenticator. In the Carbon Runtime, the authenticator with the highest priority will be picked up. This value should be greater than 5 in order to supersede the default username/password-based authenticator.
Parameter LoginPage- This is the default login page URL of Carbon. All requests coming to this page will be intercepted for authentication. It is not necessary to change this value from the value given in the sample configuration.
Parameter ServiceProviderID- This is the unique identifier for the Carbon Server in an SSO setup. This value should be used as the value of the issuer in the Identity Server configuration.
Parameter IdentityProviderSSOServiceURL- This is the Identity Server URL to which the users will be redirected for authentication. It should have this format:
Parameter NameIDPolicyFormat- This specifies the name identifier format that the Carbon server wants to receive in the subject of an assertion from a particular identity provider.
Parameter IdPCertAlias- This is uncommented by default. This is the alias of the identity provider certificate. This is specifically used whenever a Carbon server uses IS as the identity provider. The configuration needs to be done at the relying party server's
Step 3 - Sharing the user store
For single sign-on to work, you need to configure the WSO2 products to share a common user store. For more information on configuring this, see Configuring the Primary User Store.
Step 4 - Configuring the Identity Server as the Single Sign-On provider
Finally, you need to configure the Identity Server to act as the Single Sign-on provider. Each relying party should be registered as a service provider at the Identity Server-end. The following is a sample configuration for registering a Carbon server as a service provider.