WSO2 Identity Server supports service provider initiated SSO in SAML?

0
votes

I found docs about IDP intitiated SSO in WSO2 IS. But haven't found anything about service provider initiated SSO.

Consider the scenario in which a local IS is used as a service provider which is connected to several externally hosted SAML IDP for outbound authentication.

Am I able to trigger a SP initiated login to one specific external IDP with a static link? Ideally with a relay state attribute which is evaluated after successful SAML sign on process.

I am using WSO2 IS 5.0.0 - but hints for 5.1.0 would also be appreciated.

2
wso2samlwso2is

2 Answers

1
votes

IDP initiated login.

https://localhost:9443/samlsso?spEntityID=(Your SP Issuer ID)&fidp=(Your Home Realm Identifier if you have multiple IDP's)

https://localhost:9443/samlsso?spEntityID=myspissueid&fidp=myidp

OR If you only have one IDP or don't need to skip selection page. https://localhost:9443/samlsso?spEntityID=myspissueid

I believe if you get the fidp parameter in the SAML authnrequest then that will do the trick for the SP initiated one.

0
votes

considering IDP is running over localhost

IDP init SSO : https://localhost:9443/samlsso?spEntityID=yourSPEntityName

SP init SSO: https://localhost:9443/samlsso