SAML 2.0 protocol exposed as Web Service

0
votes

I want to implement an SSO system with SAML 2.0 protocol using WSO2 IS as Identity Provider. I've analyzed the SSO sample https://docs.wso2.com/display/IS500/Configuring+Single+Sign-On+with+SAML+2.0 to learn how to implement the Service Provider side to generate an SAML 2.0 authentication request. AFAIK another ways to implement the SAML SP would be using either OpenAM, OpenSAML or Shibboleth. But all those methods require programming knowledge from the Service Provider to implement it.

Thus my question: Is there any Web Admin Service in WSO2 IS to ease the implementation of a SAML SP? I've find out the SAML2SSOAuthenticationService.wsdl but I'm not sure how it works and whether I need some other Admin Services in order to implement the desired solution.

1
wso2single-sign-onsaml-2.0wso2is

1 Answers

0
votes

You can use https://localhost:9443/services/IdentityApplicationManagementService admin service createApplication method to create the service provider.

or You can create service provider using configuration files.

please follow the setps below

1) Open the /repository/conf/security/sso-idp-config.xml file and add the following configuration to it. This adds the travelocity application as a service provider.

<ServiceProvider>
    <Issuer>travelocity.com</Issuer>
    <AssertionConsumerService>http://localhost:8080/travelocity.com/home.jsp</AssertionConsumerService>
    <SignAssertion>false</SignAssertion>
    <SignResponse>false</SignResponse>
    <EnableAttributeProfile>true</EnableAttributeProfile>
    <IncludeAttributeByDefault>true</IncludeAttributeByDefault>
    <EnableSingleLogout>true</EnableSingleLogout>
    <Claims>
        <Claim>http://wso2.org/claims/givenName</Claim>
    </Claims>
    <LogoutUrl></LogoutUrl>
    <EnableAudienceRestriction>false</EnableAudienceRestriction>
    <ConsumingServiceIndex>2104589</ConsumingServiceIndex>
</ServiceProvider>

2) Create a file named travelocity.com.xml in the /repository/conf/identity/service-providers directory

3) Add the following configurations into the travelocity.com.xml file you created. This adds the necessary SAML configurations to the travelocity service provider

<ServiceProvider>
    <ApplicationID>3</ApplicationID>
    <ApplicationName>travelocity.com</ApplicationName>
    <Description>travelocity Service Provider</Description>
    <IsSaaSApp>true</IsSaaSApp>
    <InboundAuthenticationConfig>
        <InboundAuthenticationRequestConfigs>
            <InboundAuthenticationRequestConfig>
                <InboundAuthKey>travelocity.com</InboundAuthKey>
                <InboundAuthType>samlsso</InboundAuthType>
                <Properties></Properties>
            </InboundAuthenticationRequestConfig>
        </InboundAuthenticationRequestConfigs>
    </InboundAuthenticationConfig>

    <LocalAndOutBoundAuthenticationConfig>
        <AuthenticationSteps>
            <AuthenticationStep>
                <StepOrder>1</StepOrder>
                ­­<LocalAuthenticatorConfigs>
                    <LocalAuthenticatorConfig>
                        <Name>BasicAuthenticator</Name>
                        <DisplayName>basicauth</DisplayName>
                        <IsEnabled>true</IsEnabled>
                    </LocalAuthenticatorConfig>
                </LocalAuthenticatorConfigs>­­>
                <FederatedIdentityProviders>
                    <IdentityProvider>
                        <IdentityProviderName>identityProviderIDP_IS</IdentityProviderName>
                        <IsEnabled>true</IsEnabled>
                        <DefaultAuthenticatorConfig>
                            <FederatedAuthenticatorConfig>
                                <Name>SAMLSSOAuthenticator</Name>
                                <DisplayName>samlsso</DisplayName>
                                <IsEnabled>true</IsEnabled>
                            </FederatedAuthenticatorConfig>
                        </DefaultAuthenticatorConfig>
                    </IdentityProvider>
                </FederatedIdentityProviders>
                <SubjectStep>true</SubjectStep>
                <AttributeStep>true</AttributeStep>
            </AuthenticationStep>
        </AuthenticationSteps>
    </LocalAndOutBoundAuthenticationConfig>
    <RequestPathAuthenticatorConfigs></RequestPathAuthenticatorConfigs>
    <InboundProvisioningConfig></InboundProvisioningConfig>
    <OutboundProvisioningConfig></OutboundProvisioningConfig>
    <ClaimConfig>
        <AlwaysSendMappedLocalSubjectId>true</AlwaysSendMappedLocalSubjectId>
        <LocalClaimDialect>true</LocalClaimDialect><ClaimMappings><ClaimMapping><LocalClaim><ClaimUri>http://wso2.org/claims/givenname</ClaimUri></LocalClaim><RemoteClaim><ClaimUri>http://wso2.org/claims/givenName</ClaimUri>ClaimUri></RemoteClaim><RequestClaim>true</RequestClaim></ClaimMapping></ClaimMappings></ClaimConfig>    
    <PermissionAndRoleConfig></PermissionAndRoleConfig>
</ServiceProvider>

please refer this link for more details [1] https://docs.wso2.com/display/IS500/Adding+a+Service+Provider+and+Identity+Provider+Using+Configuration+Files