使用外部IDP(AWS SSO)为SAML2配置WSO2 API

时间:2019-04-01 11:01:30

标签: wso2 wso2is wso2-am

I created an external Identity provider in the wso2 identity server carbon console under Identity Providers and have configure saml web sso authenticator with aws sso service url. I have added this identity provider to my Service provider API_PUBLISHER in wso2 identity server carbon console. I opted for Federated Authentication under Local & Outbound Authentication Configuration for the service provider. I have both wso2 apim and wso2 is running on the same instance . I have given an offset of 1 in carbon.xml of wso2 identity server so that it runs on port 9444. But on starting both services(wso2 api manager  and wso2 identity server), when I browse for 
https://<subdomain-url>:9443/publisher,  it gets redirected https://<subdomain-url>:9443/samlsso?spEntityID=API_STORE&RelayState=c1834ad1-c745-43c8-a5fd-476e75173c74 with error "Error 405 method not found".

Additionally when I browse https://<subdomainurl>:9444/identity/metadata/saml2, the single sign on service url has value with port 9443..The url is meta data xml is https://<subdomain url>:9443/samlsso. 
1) I want to know which are the configuration files and values  in api manager and wso2 is server where I have to configure port 9444 explicitly.
2) In wso2 identity server, under path security\authenticators.xml, what should be the value of ServiceProviderID  and AssertionConsumerServiceURL port,

 <Authenticator name="SAML2SSOAuthenticator" disabled="false">
        <Priority>1</Priority>
        <!--Priority>10</Priority-->
        <Config>
            <Parameter name="LoginPage">/carbon/admin/login.jsp</Parameter>
            <Parameter name="ServiceProviderID">carbonServer</Parameter>
            <Parameter name="IdentityProviderSSOServiceURL">https://<<subdomainurl>:9444/samlsso</Parameter>
            <Parameter name="NameIDPolicyFormat">urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</Parameter>
            <Parameter name="AssertionConsumerServiceURL">https://<<subdomainurl>>:9443/acs</Parameter>
3) What should be the value of identityAlias in site.json in api manager publisher and store.

4)配置saml web sso身份验证器时,服务提供商实体ID的值应该是什么

0 个答案:

没有答案