How to add Service provider and Identity Provider in Wso2 IS configuration file for SSO?

0
votes

We are using an automation process currently in our environment. And I have configured SSO manually from UI, I have tried configuring Service Provider from sso-idp-config.xml but i dont see any entry in the database.The configuration i added as :

<SSOIdentityProviderConfig>
<ServiceProvider>
    <Issuer>Application</Issuer>
    <AssertionConsumerService>https://<%= node[:carbon][:dns_esb_name] %>:9443/acs</AssertionConsumerService>
    <SignAssertion>true</SignAssertion>
    <SignResponse>true</SignResponse>
    <EnableAttributeProfile>true</EnableAttributeProfile>
    <IncludeAttributeByDefault>false</IncludeAttributeByDefault>
    <EnableAudienceRestriction>true</EnableAudienceRestriction>
    <AudiencesList>
        <Audience>https://<%= node[:carbon][:dns_elb_name] %>:9443/oauth/token</Audience>
    </AudiencesList>
    <EnableRecipientValidation>true</EnableRecipientValidation>
    <RecipientList>
        <Recipient>https://<%= node[:carbon][:dns_elb_name] %>:9443/oauth/token</Recipient>
    </RecipientList>
    <EnableSingleLogout>true</EnableSingleLogout>
    <SingleLogoutUrl></SingleLogoutUrl>
    <CallbackUrl>https://<%= node[:carbon][:dns_elb_name] %>:9443/carbon</CallbackUrl>
</ServiceProvider>
</SSOIdentityProviderConfig>

Where to add Service Provider ID so that I can view in the database with its name. Also please help me with the approach to automate Identity Provider. Thanks in advance.

3
wso2single-sign-onwso2is

3 Answers

2
votes

Any service provider entry that you put in sso-idp-config.xml will not show up in the Identity Server Management Console. With that said, to confirm that your entries configured in the XML have been loaded (besides trying some authentication), you can look into the log during Identity Server start-up and you'll see entries like this:

INFO {org.wso2.carbon.identity.sso.saml.admin.FileBasedConfigManager} - A SSO Service Provider is registered for : <serviceProviderEntityID>

Also it's worth noting that Identity Server will use both sets of service provider entries should you decide to configure some in the UI and some via XML.

1
votes

the IdP and SP configured through the files (file-based configuration) are not stored in the database. They are loaded into the manager instance, they are used, but they have no database counterpart.

We are trying to automate the deployment as well, but seems there is still a lot of space to improve. The provided sample configuration files are not fully correct (different XML elements are read as present in the sample files) and not all parameters are respected yet.

We had to fall back to manual configuration of the environment - it's one time job as the configuration is persisted in the registry database and all following deployments / instances point to the registry and session cache database. :(

Until you are ok with basic configuration and can provide environment with some strong assumptions (the servers could see/talk to each other, AuthRefCtx is ignored, ...) you should be ok with the file based configuration.

Good luck.

0
votes

You can add any Identity provider into database by prefixing its name with "SHARED_". It worked for me for WSO2 IS 5.1.0