This documentation is for WSO2 API Manager 2.5.0. View documentation for the latest release.

All docs This doc

Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Tested and updated for 2.5.0

You can integrate WSO2 Identity Server with WSO2 API Manager and use your social media credentials to log in to the API Store and API Publisher. This tutorial shows you how to integrate Facebook authentication and log in to the API Store. Before following these steps, configure WSO2 Identity Server to provide Single Sign On for WSO2 API Manager by following Configuring External IDP through Identity Server for SSO.

Table of Contents


  1. Go to and log in using your Facebook credentials.
  2. Select AppsMy Apps in the navigation and create a new app by clicking Add a New App.
  3. Enter the name of your app and your email address. Click Create App ID.
  4. Click Set Up of Facebook Login Product to create a Facebook Login product.
    Image RemovedSelect Website here when working Image Added
  5. Select Web to work with this sample. You can select any other platform you wish to use.
    Image RemovedImage Added


    Change the port offset to 1 by modifying the <Offset> element value in <Identity<IAM_server_home>HOME>/repository/conf/carbon.xml as xml as following.

  6. Add the the serverURL of  of WSO2 Identity Server (which is configured with offset=1) https://localhost:9444/ and click Save and  and click Save and Continue.


    If you have changed the hostname of identity server use that instead of localhost.

    For example, if the host name is, then the server url URL is  

    Image RemovedImage Added

  7. Go to Set Up the Facebook SDK for Javascriptfor JavaScript. Click Next 
  8. Click Dashboard and go to the Developer DashboardClick Settings and select Basic. You can find your App ID and the App Secret as shown in the image below.
    Image RemovedGo to Settings from the navigation bar. Select a Category. Add the correct website URL as Image Added
  9. Select a Category for you application.
    Image AddedAdd the correct Site URL as shown below and click Save Changes.
    Image RemovedImage Added
  10. Click on the new Facebook Login product you have added and configure it as follows.
    Image Added

    Image Removed
    Client OAuth Login
    Web OAuth Login
    Valid OAuth
    redirect URLs -  

    After the user authorizes the application, the authorization server redirects the user back to the application with access token or the authorization code in the URL. Since the redirected URL contains sensitive information, it is required to assure that the service does not redirect to arbitary arbitrary locations. The best way to ensure that the user is directed to the appropriate location is to define an OAuth redirect Redirect URL as shown above.

Now you have configure Facebook you have configured Facebook as your Identity Provider


Let's see how to configure WSO2 Identity Server to work with Facebook for user authentication, so that when you try to login to the API Publisher or Store, WSO2 Identity Server will redirect to Facebook to do the authentication. As a prerequisite, you have to configure WSO2 Identity Server by adding a new identity provider .

  1. Download the WSO2 Identity Server here Server 5.5.0 here .
  2. Configure Single Sign On with WSO2 API Manager 2.15.0.
  3. Log in to the Management Console of  of WSO2 Identity Server as an administrator.
  4. Go to the Identity section under the Main tab. Click Add under Identity


    Providers and enter following details.

    Identity provider NameAlias


    To authenticate the user with Facebook (External System) we have to configure the federated authenticator. For more details, see Federated Authetication.

  5. Go to Facebook Configuration under Federated Authenticators

  6. Enter the Client ID and Client Secret values  values obtained from the Facebook app created in the previous section .
  7. Select Select Enable Facebook Authenticator and select Default  to  to make it the default authentication method.
  8. Enter the User information feilds you want to retreive seperated by commas under information fields you want to retrieve separated by commas under User Information fields.
  9. Click Register.


    The Scope defines defines the permission to access particular information from a Facebook profile. See the Permissions Reference for a list of the different permission different permission groups in Facebook APIs.

Configuring requested claims for user authentication in Facebook Identity Provider

We need to acquire the identity information by configuring claims for use Authentication in facebook. Let's see how you can configure Identity Server with Facebook by mapping the claims. For more information on claim Mapping refer Claim Management.

  1. Go to the Identity section under the Main  tab tab. Select Select List  under  under Identity Providers .
  2. Click Edit to edit the facebook identity provider you created.
  3. Go to Basic Claim Configuration under  under Claim Configuration
  4. Select the  Define  Define Custom Claim Dialect Dialect  option under  under  Select Claim mapping Dialect Dialect . Click  Add  Add Claim Mapping Mapping  to add custom claim mappings as follows.

    If you prefer to use the User ID as your first name of Facebook account, configure first_name claim as above. You need to select the same claim as  UserID Claim URI .
  5. The following are some common attribure namescommon attribute names. You can map these names to any suitable Local Claim URI. (Local Claim is a set of standard claim values which are local to the WSO2 Identity Server)
    • id
    • email
    • name
    • first_name
    • last_name
    • link
    • gender
    • locale
    • age_range


To federate logging in to the Publisher and Store with Facebook, you need to configure the the service to configure the service provider with the Facebook Identity Provider. 


You have to allow the usage of email addresses as usernames, to use email addresses. For instructions, Setting up an e-mail login.

  1. Go to the Management console of WSO2 Identity Server ( https://localhost:9444/carbon ) and click on Service Providers.
  2. Click Edit to edit the API_PUBLISHER.
  3. Go to the  the  Local and Outbound Authentication Configuration  section.  Select the Identity Provider you created from the dropdown list under  the dropdown list under  Federated Authentication .
  4. Make sure that Federated Authentication  is   is selected. Click  Click  Update to  to save the changes.
    Image Modified
  5. Repeat steps 1 to 4 and configure the API_STORE service provider.

Test Facebook authentication

  1. Access the API Publisher via via https://localhost:<port-number>/publisher. Observe the request redirect to the WSO2 IS SAML2.0 based SSO login page and then Facebook login page. 
  2. Enter the username and the username and password of you facebook account.
  3. After the login is authenticated successfullysuccessfully authenticating the log in, you will be logged into the API Publisher. Your username will Your username will be the first name of your Facebook account. This is because you have already configured the first name as the UserID Claim URI.
    If you configure your UserID Claim URI with  with the last_name, your username will your username will be the last name of your Facebook account.



the associated social login in IS dashboard

Identity Server has a dashboard which offers multiple options for users to maintain user accounts. Associating a social login for their account is a one of the options provided in this dashboard.This dashboard can be accessed in the following url following URL https://<IS_HOST>:<IS_PORT>/dashboard. By association the social login you have the option to use local claims, instead of showing the logged name as facebook username you facebook username you can use logged users as the username in the username in user local user store

  1. Login to the dashboard with API Store user account. 
  2. Click View Details in the Social Login gadget.
  3. Click Click Associate Social Login to  to give your facebook account details.

  4. Enter your IDP ID (facebook) and your username your username (as configured in Subject Claim URI) and click Register.

    Image Modified
  5. Select Local & Outbound Configuration and check Assert identity using mapped local subject identifier.

After logging in to API Publisher, you will see the configured local claim appearing as your usernameyour username.

You have now successfully logged in to the API Publisher using your facebook credentials.