Could you please clarify if there is a chance to interconnect a WSO2 Identity Server with an existing corporate IdP using the SAML as federated connection mechanism. What exactly needs to be configured to unify the realm and proxy the authentication with the external IDP?
Thanks in advance for your support.
If you use WSO2 IS as a proxy or a federation bus, then you need to register your IDP and Service provider in WSO2 IS and in your IDP you should register WSO2 IS as a service provider.
If you use WSO2 IS as your service provider, you need to register your existing IDP in WSO2 IS as IDP and WSO2 as service provider in you IDP side.
You can follow this document for more information.
Thanks!
Related
I created an external Identity provider in the wso2 identity server carbon console under Identity Providers. I want to add this identity provider to my Service provider API_PUBLISHER in wso2 identity server carbon console.
But I see the option Federated Authentication disabled under Local & Outbound Authentication Configuration for the service provider. All other options (Default,Local Authentication and Advanced Authentication) are enabled
You need to configure a federated authenticator for the external identity provider.
When you created an external identity provider, it needs a defined method to communicate with an actual identity provider like google. Federated authenticators are used for that purpose. Once you configured a federated authenticator for your external IDP, wso2is will allow you to use the external IDP with your service provider.
wso2is supports federated authentication with many popular IDPs including Google, Facebook. It also lets you configure any OAuth2, SAML and WS-Fed based IDP as well.
I need to implement SSO with openid connect in WSO2 IS 5.3.0.
All documentation, articles dealing with SSO are referred to SAML.
I have read in the "Thirty Solution Patterns with the WSO2 Identity Server" that the solution is "In each service provider, configure WSO2 Identity Server as a trusted identity provider".
How can I do that?
We have WSO2 IS set up as IDP for inbound SSO. As infra migration we rebuilt new WSO2 IS on new server. Is there any way to import all the SP and Identity Providers configured on ild IDP server to new ISP server?
In Wso2 IS 5.3.0 you can download the resident IDP metadata.Additionally it supports uploading service providers and identity providers using standard SAML metadata files. Follow the below link for more information.
http://saml-metadata-featurer.blogspot.com/2016/11/saml-metadata-feature-for-identity.html
How easy or difficult it is for a SAML Identity Provider to work with a WS-Federation Service Provider? Are there tools that will allow a SAML IDp to work with any Service Provider despite the technology used?
Which side will have the most effort?
Thank you!
If each IDP only supports that protocol, then no.
Most IDP e.g. ADFS support both so can act as a bridge.
Update:
ADFS sits in the middle as a broker. It can talk SAML to SAML sites and WS-Fed to WS-Fed sites.
So you now have three STS: SAML, WS-Fed and ADFS. ADFS essentially translates between the two.
The only "tools" that are available are the stacks for SAML and WS-Fed e.g.
WIF for WS-Fed
SAML : SAML connectivity / toolkit
Can I configure WSO2 Identity Server 4.6.0 as an IDP for my own SAML applications and, at the same time, configure IS as a SAML service provider to an external IDP?
I would like to achieve the following:
user access my own SAML SP, which sends an AuthnRequest to my local WSO2 IDP, which in turn forwards the user to the external IDP for authentication. And after authentication with the external IDP returns to my own SAML SP application.
The scenario seems only possible with WSO2 IS 5.0.0 and the new "identity bus" feature.