Configuring External IDP through Identity Server for SSO

Note

Please follow Configuring Identity Server as IDP for SSO to configure MWARE IAM. This guide will assume you have already followed the above tutorial and configured the Identity Server as IDP for SSO.

  1. Add a new Identity Provider in MWARE IAM. For more details on configuring external IDPs in MWARE IAM, see Adding and Configuring an Identity Provider .

    • Identity Provider Name: ExternalIS
    • Do the following changes under Federated Authenticators > SAML2 Web SSO Configurations
      • Enable SAML2 Web SSO
      • Check Default
      • Set Service Provider Entity ID
      • Set SSO URL for the external IDP (e.g., https://localhost:9453/samlsso)
      • Enable Logout

  2. Enable Just-In-Time Provisioning for the external IDP. For more information, see Configuring Just-In-Time Provisioning for an Identity Provider .

  3. Map the external IDP roles to the roles configured in ESB. For more information on mapping roles, see Configuring Roles for an Identity Provider . role-config

  4. Open the management console, and click Edit under Service Providers.

  5. Under LocalĀ & Outbound Authentication Configuration select Federated Authentication . Select the newly created external IDP. local-inbound-auth

  6. Add http://wso2.org/claims/role as the Claim URI under Claim Configuration. Select the Mandatory Claim check box. Add http:/wso2.org/claims/username as the Subject Claim URI. claim-config

Tip

Additionally, you might need to configure claims to map them to the available claims in MWARE IAM. For more details, see Configuring Claims for an Identity Provider .

Top