Login  
Hello there!

Need Help? We are right here!

Support Icon
miniOrange Email Support
success

Thanks for your Enquiry. Our team will soon reach out to you.

If you don't hear from us within 24 hours, please feel free to send a follow-up email to info@xecurify.com

Search Results:

×

Configure WSO2 as SAML or OAuth IDP for SSO

miniOrange Identity Broker service solution enables cross protocol authentication. You can configure WSO2 as an IDP for Single Sign-On (SSO) into your applications/websites. Here, WSO2 will act as an Identity Provider (IDP) and miniOrange will act as a broker.

We offer a pre-built solution for integrating with WSO2, making it easier and quick to implement. Our team can also help you set up WSO2 as SAML or OAuth IDP to login into your applications.

Get Free Installation Help


miniOrange offers free help through a consultation call with our System Engineers to configure SSO for different apps using WSO2 as IDP in your environment with 30-day free trial.

For this, you need to just send us an email at idpsupport@xecurify.com to book a slot and we'll help you in no time.



1. Configure miniOrange as SP in WSO2

Mentioned below are steps to configure WSO2 as identity provider via SAML and OAuth configuration. Follow the steps accordingly based on your requirement (SAML or OAuth).


  • Go to miniOrange Admin console and navigate to Identity Providers in the left navigation menu. Then, click on Add Identity Provider button.
    • WSO2 as IDP : Add Identity Provider

  • In Choose Identity Provider, select SAML from the dropdown.
    • WSO2 as IDP : Select SAML from dropdown

  • Search for WSO2 in the list. If you don’t find it, search for SAML Provider and set up your application there.
    • WSO2 as IDP : Search Entra ID

  • Now click on the Click here link to get miniOrange metadata as shown in Screen below.
    • WSO2 as IDP : Get metadetails to configure salesforce SAML IDP

  • For SP -INITIATED SSO section, select Show Metadata Details.
    • WSO2 as ID: SP intiated Metadata

  • Then, click on Download Metadata.
    • WSO2 as IDP: SAML attributes

  • Let’s first register in WSO2 Identity Server (IS).
  • Download and start WSO2 IS using WSO2server.bat run command.
  • Enter Username and Password as admin. Click on Sign in.
    • WSO2 single sign-on management console

  • From the left navigation menu select ADD under Service Provider Tab.
    • WSO2 IS single sign-on: Add Service Provider

  • Add Service Provider name according to your preference and add description if necessary.
  • Click on Register.
    • WSO2 SSO: Register service provider

    WSO2 as Identity Provider: service provider

  • Under Claims configuration choose https://WSO2.org/claims/emailaddress from Subject Claim URI dropdown.
  • Add following URIs in Service Provider Claim Dialect: https://WSO2.org/oidc/claim & https://WSO2.org/claims.
    • WSO2 sso: claims configuration

  • Select Inbound Authentication Configuration.
  • Select SAML2 Web SSO Configuration from the dropdown. Click on Configure.
    • WSO2 SSO: configure saml2 web configuration

    WSO2 as IDP: add acs url

  • First, let’s register this Consumer App in WSO2 IS. Download and start WSO2 IS.
    • WSO2 SSO

  • Once logged in, go to Main -> Service Provider and click on Add.
    • WSO2 IS SSO: Service Provider

  • Enter the Service Provider Name and Description and click on Register.
    • WSO2 SSO: Register

  • Now go to the Service Provider->List and edit the Service Provider you have created.
  • Scroll down and select Inbound Authentication Configuration and then select OAuth/OpenID Connect Configuration and click on Configure.
    • WSO2 IS as Identity Provider: Inbound Authentication Configuration

  • To get the Redirect URL:
    • Go to miniOrange Admin Console.
    • From the left navigation bar select Identity Providers >> click Add Identity Provider.
      • WSO2 SSO : Go to Identity Providers

    • In Choose Identity Provider, select OAuth/OpenID from the dropdown.
      • WSO2 SSO: Select OAuth/OpenID from dropdown

    • Search for WSO2 in the list. If you don’t find it, search for OAuth Provider and set up your application there.
      • WSO2 SSO: Search OAuth Provider

    • Keep the OAuth Callback URL as Redirect URL, required for next step.
      • WSO2 SSO: Copy OAuth Callback URL

  • Back in WSO2 API, select the OAuth Version 2.0 and enter the Redirect/Callback URL from the plugin in Callback URL field. Click on Add.
    • WSO2 Single Sign-On (SSO) API

  • When the app has been added, Client ID and Client Secret are generated for the application. Configure miniOrange with Client ID, Client Secret, Authentication and Access Token, Get User Info Endpoint of WSO2. Endpoints are provided at the bottom of this guide.
    • WSO2 Single Sign-On (SSO): Get Client ID and Client Secret

    • First, let’s register this Consumer App in WSO2 IS. Download and start WSO2 IS.
      • WSO2 sso

    • Once logged in, go to Main -> Service Provider and click on Add.
      • WSO2 IS SSO: Service Provider

    • Enter the Service Provider Name and Description and click on Register.
      • WSO2 IS SSO: Register

    • Now go to the Service Provider->List and edit the Service Provider you have created.
    • Scroll down and select Inbound Authentication Configuration and then select OAuth/OpenID Connect Configuration and click on Configure.
      • WSO2 IS as IDP: Inbound Authentication Configuration

    • To get the Redirect URL:
      • Go to miniOrange Admin Console.
      • From the left navigation bar select Identity Provider. Select Oauth
        • WSO2 IS IDP: Select Identity Provider

        WSO2 IS SSO: Select OAuth

      • Copy the Callback URL as Redirect URL required for next step.
        • WSO2 Single Sign-On using (Identity Provider with WSO2 OAuth 2.0 Provider)

    • Back in WSO2 API, select the OAuth Version 2.0 and enter the Redirect/Callback URL from the plugin in Callback URL field. Click on Add.
      • WSO2 SSO API

    • When the app has been added, Client ID and Client Secret are generated for the application. Configure miniOrange with Client ID, Client Secret, Authentication and Access Token, Get User Info Endpoint of WSO2. Endpoints are provided at the bottom of this guide.
      • WSO2 SSO: Get Client ID and Client Secret

      https://WSO2.org/oidc/claim & https://WSO2.org/claims WSO2 IS SSO: Claim Redirects

    • You have successfully completed your WSO2 Server side configurations.

2. Configure WSO2 as Identity Provider in miniOrange


  • Return to the miniOrange Admin Console (you should have kept it open from Step 1).
  • Click on Import IDP metadata.
    • WSO2 as IDP: Select SAML and Import IDP Metadata

  • Choose an appropriate IDP name. Browse for the file downloaded from WSO2.
  • Click on Import.
    • WSO2 SSO

  • As shown in the below screen the IDP Entity ID, SAML SSO Login URL and x.509 Certificate will be filled from the Metadata file we just imported.
    • WSO2 SSO

  • Click Save.

Test Connection

  • Go to Identity Providers tab.
  • Click on Select>>Test Connection option against the Identity Provider you configured.
    • WSO2-IDP-TestConnection

  • On entering valid WSO2 credentials you will see a pop-up window which is shown in the below screen.
    • SucessTestConn-WSO2-IDP
  • Hence your configuration of WSO2 as an Identity Provider in miniOrange is successfully completed.
  • Return to the miniOrange Admin Console (you should have kept it open from Step 1).
  • Enter the following values.
    • Display Name Enter appropriate Name
    Client ID From step 1
    Client secret From step 1
    Authorization Endpoint https://{your-base-url}/as/authorization.oauth2
    Token Endpoint https://{your-base-url}/as/token.oauth2
    User Info Endpoint (optional) https://{your-base-url}/idp/userinfo.oauth2
    Scopes auto
    WSO2 IS as IDP: Select OAuth

  • Click on Save.

3. Test Connection

  • Visit your Login Page URL.
  • Go to Identity Providers tab.
  • Search for your app, click the three dots in the Actions menu, and select Test Connection against the Identity Provider (IDP) you configured.
    • WSO2-IDP-TestConnection

  • On entering valid WSO2 credentials (credentials of user assigned to app created in WSO2), you will see a pop-up window which is shown in the below screen.
    • SucessTestConn-WSO2-IDP

  • Hence your configuration of WSO2 as IDP in miniOrange is successfully completed.

Note:

You can follow this guide, if you want to configure SAML/WS-FED, OAuth/OIDC, JWT, Radius etc



Configure Attribute Mapping

  • Go to Identity Providers.
  • Click the three dots in the Actions menu, and select Attribute Mapping against the Identity Provider (IDP) you configured.
    • WSO2 Single Sign-On SSO Select and Configure Attribute Mapping


Maps information, such as email and username, during Just-In-Time (JIT) user creation. Email and Username attributes are necessary to create the user profile.

  • Click on the + Add Attribute button to add the attribute fields.
    • WSO2 Single Sign-On SSO Map USER Attribute

  • Check the attributes in the Test Connection window from the previous step. Choose any attribute names you want to send to your application under Attribute Name sent to SP.
  • Enter the values of the attributes coming from IdP into the Attribute Name from IdP field on the Xecurify side.

EXTERNAL mappings help alter incoming attribute names before sending them to apps, ensuring that the data is in the correct format.

  • Click on the + Add Attribute button to add the attribute fields.
    • WSO2 Single Sign-On SSO Map EXTERNAL Attribute

  • Check attributes in test connection window from last step. Enter the attribute names (any name) that you want to send to your application under Attribute Name sent to SP.
  • Enter the value of attributes that are coming from IdP into the Attribute Name from IdP field on the Xecurify side.

Configure Multiple IDPs:

You can follow this guide, if you want to configure multiple IDPs (Identity Providers) and give users the option to select the IDP of their choice to authenticate with.


External References

Want To Schedule A Demo?

Request a Demo
  



Our Other Identity & Access Management Products

Single Sign-On

Seamless login for workforce and customer identity to cloud or on-premise apps

Learn more

Multi-factor Authentication

Secure access for identities with an additional layer of authentication

Learn more

Adaptive Authentication

Block or grant user access based on IP, Device, Time & Location

Learn more

Lifecycle Management

Manage & automate user provisioning and deprovisioning to apps

Learn More