Single Sign-On (SSO) allows users, who are authenticated against one application, to gain access to multiple other related applications without having to repeatedly authenticate themselves. It also allows the web applications to gain access to a set of back-end services with the logged-in user's access rights, and the back-end services can authorize the user based on different claims like the user role. An Identity Provider (IDP) is responsible for issuing identification information and authenticating users by using security tokens. WSO2 API Cloud uses WSO2 Identity Server as the default Identity provider (IDP). An organization can have it’s own IDP that provides authentication for internal users. In such scenarios, the organization can link their IDP to WSO2 Identity Cloud to provide SSO based authentication for API Cloud apps.
In this tutorial, you learn how to configure an External Identity Provider for API Cloud authentication.
- Log in to WSO2 API Cloud. Click Support in the top menu bar, and submit a support request. To configure an external identity provider, you need to provide the name of your preferred identity provider.
- The WSO2 team will contact you and get the required information and configure your IDP in the Identity cloud.
Configure custom URLs for SSO login
API Cloud applications identify secondary user-store configured organizations based on a specific custom header. When the header is available in the request, the application executes the secondary user-store based authentication flow. If the header unavailable, the default authentication flow is executed. This custom header is sent through custom URL configurations. Let’s say we have configured a load balancer to send the custom header with
api.cloud.wso2.com/publisherwhich does not have a custom header will be executed with the default authentication flow. But,
api.customdomain.organization.com/publisherwhich includes a custom header secondary user store based authentication flow.
For details on how to configure a custom URL for API Cloud Store, see Customize Cloud URLs.
Info title Configuring a custom URL for API Publisher and Admin Apps
To configure custom URLs for API Cloud Publisher and Admin apps you have to submit a support request as described in step 2 (This will be supported through a UI in the future).
Provide the following information to configure custom URLs :
- SSL Certificates
- SSL Key and Chain Files
You can always use the default cloud URLs and login to your cloud account for administrative tasks.
- WSO2 will inform you once the configurations are completed. You will be able to create, publish, subscribe and invoke APIs after completion.