SAML integration with APIM 1.9.0

1
votes

I have a task to configure WSO2 with SSO with SAML2. When a user accesses the WSO2 products, they will be re-directed to an external Identity Provider. That external provider will then request the user's PKI cert, validate the cert and then send a SAML2 token back to WSO2. At this point, the user would be denied/granted access to the WSO2 products.

Can WSO2 APIM ingest a SAML 2.0 token without having the WSO2 Identity Server?

1
wso2wso2iswso2carbonwso2-am
Is there a specific reason for you to use an external Identity provider other than the wso2 Identity Server? Also, do you mind mentioning which identity provider you are planning on using? Thanks.Pubudu

1 Answers

0
votes

Yes. This should be possible. However, it is required the external Identity provider to support SAML2 standards. You can refer to the WSO2 documentation at [1] on how to set this up with WSO2 Identity Server to get an idea. Depending on your external IDP some of this config (on IDP side) may differ.

[1] https://docs.wso2.com/display/AM190/Configuring+Single+Sign-on+with+SAML2

Cheers, Pubudu.