wso2is as SP with 3rd party IDP Initiated SAML

0
votes

I'm trying to setup what I'll call a SAML2 idp initiated chain on wso2is (5.1.0) . Diagram below:

website.com (sp) <--saml2 idp init-- (idp) wso2is (sp) <--POST saml2 idp init-- (idp) 3rdPartyIDP

The idea being that a 3rd party want's to do an IDP initiated POST saml2 call to authenticate against our internal website but anytime the saml2 call is made wso2 just shows the login page (on wso2is) for the website.com sp. I currently have advanced authentication setup with 3rdParty saml IDP and other IDPs that allow SP initiated saml, they work as expected.

idp iniated SAML2 works fine from wso2is if i use the link: https://wso2is/samlsso?spEntityID=website.com so I thought I would be able to use this as the saml consumer location for the 3rdParty site however as stated however it ends up on the wso2is login page for the website sp with a SAMLresponse as a query parameter instead of performing a second IDP initiated call down the website sp as I'd expect.

Does my consumer URL that I'm providing to the 3rdParty IDP seem correct? Is this flow even possible with wso2is?

1
wso2wso2is

1 Answers

1
votes

https://wso2is/samlsso?spEntityID=website.com is the correct consumer URL to point in this scenario. You need to do following as well. Configure an Identity Provider in WSO2 IS adding 3rd party saml2 Idp as a Federated authenticator. Refer this URL for more details https://docs.wso2.com/display/IS510/Configuring+an+Identity+Provider

Go to the Service Provider Configuration added for website.com in IS, expand Local & Outbound Authentication Configuration. Select Federated Authentication and pick the Identity Provider you configured from the drop down. Update the Service Provider configuration.