Using the Service Provider API¶
This section guides you through using the Identity Application Management API and its operations.
About Identity Application Management API¶
The Identity Application Management API enables creating a service provider, updating it, deleting it. and the different operations you can use to work with it.
API operations¶
Before you begin
-
The service contract of this admin service can be found at the following URL:
https://<IS_HOST>:<IS_PORT>/services/IdentityApplicationManagementService?wsdlhttps://localhost:9443/services/IdentityApplicationManagementService?wsdl -
To enable the admin service, follow the instructions given in Calling Admin Services.
About creating applications
Creating an application via the Identity Application Management Service is a two-step process.
-
Create a service provider for the given application name and the description using the
createApplicationoperation. It returns a200 OKresponse.The service provider's application ID is required to use the
updateApplicationoperation. You can include an application ID for the new service provider within the same SOAP request when calling thecreateApplicationoperation. If you do not include an application ID in the request, you can retrieve the auto-generated application ID value by calling thegetApplicationservice method with the application name. -
Update the service provider with other configurations using the
updateApplicationoperation. The service provider's application ID is required for this request.
createApplication¶
| Description |
Creating an application via the Identity Application Management Service is a two-step process.
|
|---|---|
| Permission Level | /permission/admin/manage |
| Input Parameters |
|
| Request | See below |
| Response | See below |
Click to view request and response
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://org.apache.axis2/xsd" xmlns:xsd1="http://model.common.application.identity.carbon.wso2.org/xsd">
<soapenv:Header/>
<soapenv:Body>
<xsd:createApplication>
<!--Optional:-->
<xsd:serviceProvider>
<!--Optional:-->
<xsd1:applicationName>?</xsd1:applicationName>
<!--Optional:-->
<xsd1:description>?</xsd1:description>
</xsd:serviceProvider>
</xsd:createApplication>
</soapenv:Body>
</soapenv:Envelope><soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://org.apache.axis2/xsd" xmlns:xsd1="http://model.common.application.identity.carbon.wso2.org/xsd">
<soapenv:Header/>
<soapenv:Body>
<xsd:createApplication>
<!--Optional:-->
<xsd:serviceProvider>
<!--Optional:-->
<xsd1:applicationName>travelocity.com</xsd1:applicationName>
<!--Optional:-->
<xsd1:description>sample service provider</xsd1:description>
</xsd:serviceProvider>
</xsd:createApplication>
</soapenv:Body>
</soapenv:Envelope><soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
<soapenv:Body>
<ns:createApplicationResponse xmlns:ns="http://org.apache.axis2/xsd">
<ns:return xsi:nil="true" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"/>
</ns:createApplicationResponse>
</soapenv:Body>
</soapenv:Envelope>updateApplication¶
| Description |
After creating the service provider, it can be configured and updated with the following configurations:
|
|---|---|
| Permission Level | /permission/admin/manage |
| Input Parameters | Service provider level parameters:
|
| Request | See below |
| Response | See below |
Click to view request and response formats
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://org.apache.axis2/xsd" xmlns:xsd1="http://model.common.application.identity.carbon.wso2.org/xsd">
<soapenv:Header/>
<soapenv:Body>
<xsd:updateApplication>
<!--Optional:-->
<xsd:serviceProvider>
<!--Optional:-->
<xsd1:applicationID>?</xsd1:applicationID>
<!--Optional:-->
<xsd1:applicationName>?</xsd1:applicationName>
<!--Optional:-->
<xsd1:certificateContent>?</xsd1:certificateContent>
<!--Optional:-->
<xsd1:claimConfig>
</xsd1:claimConfig>
<!--Optional:-->
<xsd1:description>?</xsd1:description>
<!--Optional:-->
<xsd1:inboundAuthenticationConfig>...</xsd1:inboundAuthenticationConfig>
<!--Optional:-->
<xsd1:inboundProvisioningConfig>...</xsd1:inboundProvisioningConfig>
<!--Optional:-->
<xsd1:localAndOutBoundAuthenticationConfig>...</xsd1:localAndOutBoundAuthenticationConfig>
<!--Optional:-->
<xsd1:outboundProvisioningConfig>...</xsd1:outboundProvisioningConfig>
<!--Optional:-->
<xsd1:owner>...</xsd1:owner>
<!--Optional:-->
<xsd1:permissionAndRoleConfig>...</xsd1:permissionAndRoleConfig>
<!--Zero or more repetitions:-->
<xsd1:requestPathAuthenticatorConfigs>...</xsd1:requestPathAuthenticatorConfigs>
<!--Optional:-->
<xsd1:saasApp>?</xsd1:saasApp>
<xsd1:spProperties>
<!--Optional:-->
<xsd1:displayName>CERTIFICATE</xsd1:displayName>
<!--Optional:-->
<xsd1:name>CERTIFICATE</xsd1:name>
<!--Optional:-->
<xsd1:value>2</xsd1:value>
</xsd1:spProperties>
</xsd:serviceProvider>
</xsd:updateApplication>
</soapenv:Body>
</soapenv:Envelope><soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://org.apache.axis2/xsd" xmlns:xsd1="http://model.common.application.identity.carbon.wso2.org/xsd">
<soapenv:Header/>
<soapenv:Body>
<xsd:updateApplication>
<!--Optional:-->
<xsd:serviceProvider>
<!--Optional:-->
<xsd1:applicationID>2</xsd1:applicationID>
<!--Optional:-->
<xsd1:applicationName>travelocity.com</xsd1:applicationName>
<!--Optional:-->
<xsd1:claimConfig>
<!--Optional:-->
<xsd1:alwaysSendMappedLocalSubjectId>false</xsd1:alwaysSendMappedLocalSubjectId>
<!--Optional:-->
<xsd1:localClaimDialect>true</xsd1:localClaimDialect>
</xsd1:claimConfig>
<!--Optional:-->
<xsd1:description>sample service provider</xsd1:description>
<!--Optional:-->
<xsd1:inboundAuthenticationConfig></xsd1:inboundAuthenticationConfig>
<!--Optional:-->
<xsd1:inboundProvisioningConfig>
<!--Optional:-->
<xsd1:provisioningEnabled>false</xsd1:provisioningEnabled>
<!--Optional:-->
<xsd1:provisioningUserStore>PRIMARY</xsd1:provisioningUserStore>
</xsd1:inboundProvisioningConfig>
<!--Optional:-->
<xsd1:localAndOutBoundAuthenticationConfig>
<!--Optional:-->
<xsd1:alwaysSendBackAuthenticatedListOfIdPs>false</xsd1:alwaysSendBackAuthenticatedListOfIdPs>
<!--Optional:-->
<xsd1:authenticationStepForAttributes></xsd1:authenticationStepForAttributes>
<!--Optional:-->
<xsd1:authenticationStepForSubject></xsd1:authenticationStepForSubject>
<xsd1:authenticationType>default</xsd1:authenticationType>
<!--Optional:-->
<xsd1:subjectClaimUri>http://wso2.org/claims/fullname</xsd1:subjectClaimUri>
</xsd1:localAndOutBoundAuthenticationConfig>
<!--Optional:-->
<xsd1:outboundProvisioningConfig>
<!--Zero or more repetitions:-->
<xsd1:provisionByRoleList></xsd1:provisionByRoleList>
</xsd1:outboundProvisioningConfig>
<!--Optional:-->
<xsd1:permissionAndRoleConfig></xsd1:permissionAndRoleConfig>
<!--Optional:-->
<xsd1:saasApp>false</xsd1:saasApp>
</xsd:serviceProvider>
</xsd:updateApplication>
</soapenv:Body>
</soapenv:Envelope><soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://org.apache.axis2/xsd" xmlns:xsd1="http://model.common.application.identity.carbon.wso2.org/xsd">
<soapenv:Header/>
<soapenv:Body>
<xsd:updateApplication>
<!--Optional:-->
<xsd:serviceProvider>
<!--Optional:-->
<xsd1:applicationID>5</xsd1:applicationID>
<!--Optional:-->
<xsd1:applicationName>SampleApplication</xsd1:applicationName>
<!--Optional:-->
<xsd1:claimConfig>
<!--Optional:-->
<xsd1:alwaysSendMappedLocalSubjectId>false</xsd1:alwaysSendMappedLocalSubjectId>
<!--Optional:-->
<xsd1:localClaimDialect>true</xsd1:localClaimDialect>
</xsd1:claimConfig>
<!--Optional:-->
<xsd1:description>oauth application</xsd1:description>
<!--Optional:-->
<xsd1:inboundAuthenticationConfig>
<!--Zero or more repetitions:-->
<xsd1:inboundAuthenticationRequestConfigs>
<!--Optional:-->
<xsd1:inboundAuthKey>CLIENT_ID</xsd1:inboundAuthKey>
<!--Optional:-->
<xsd1:inboundAuthType>oauth2</xsd1:inboundAuthType>
<!--Zero or more repetitions:-->
<xsd1:properties>
<!--Optional:-->
<xsd1:advanced>false</xsd1:advanced>
<!--Optional:-->
<xsd1:confidential>false</xsd1:confidential>
<!--Optional:-->
<xsd1:defaultValue></xsd1:defaultValue>
<!--Optional:-->
<xsd1:description></xsd1:description>
<!--Optional:-->
<xsd1:displayName></xsd1:displayName>
<!--Optional:-->
<xsd1:name>oauthConsumerSecret</xsd1:name>
<!--Optional:-->
<xsd1:required>false</xsd1:required>
<!--Optional:-->
<xsd1:type></xsd1:type>
<!--Optional:-->
<xsd1:value>CLIENT_SECRET</xsd1:value>
</xsd1:properties>
</xsd1:inboundAuthenticationRequestConfigs>
</xsd1:inboundAuthenticationConfig>
<!--Optional:-->
<xsd1:inboundProvisioningConfig>
<!--Optional:-->
<xsd1:provisioningEnabled>false</xsd1:provisioningEnabled>
<!--Optional:-->
<xsd1:provisioningUserStore>PRIMARY</xsd1:provisioningUserStore>
</xsd1:inboundProvisioningConfig>
<!--Optional:-->
<xsd1:localAndOutBoundAuthenticationConfig>
<!--Optional:-->
<xsd1:alwaysSendBackAuthenticatedListOfIdPs>false</xsd1:alwaysSendBackAuthenticatedListOfIdPs>
<!--Optional:-->
<xsd1:authenticationStepForAttributes></xsd1:authenticationStepForAttributes>
<!--Optional:-->
<xsd1:authenticationStepForSubject></xsd1:authenticationStepForSubject>
<xsd1:authenticationType>default</xsd1:authenticationType>
<!--Optional:-->
<xsd1:subjectClaimUri>http://wso2.org/claims/fullname</xsd1:subjectClaimUri>
</xsd1:localAndOutBoundAuthenticationConfig>
<!--Optional:-->
<xsd1:outboundProvisioningConfig>
<!--Zero or more repetitions:-->
<xsd1:provisionByRoleList></xsd1:provisionByRoleList>
</xsd1:outboundProvisioningConfig>
<!--Optional:-->
<xsd1:permissionAndRoleConfig></xsd1:permissionAndRoleConfig>
<!--Optional:-->
<xsd1:saasApp>false</xsd1:saasApp>
</xsd:serviceProvider>
</xsd:updateApplication>
</soapenv:Body>
</soapenv:Envelope><soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
<soapenv:Body>
<ns:updateApplicationResponse xmlns:ns="http://org.apache.axis2/xsd">
<ns:return xsi:nil="true" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"/>
</ns:updateApplicationResponse>
</soapenv:Body>
</soapenv:Envelope>Claims¶
The <claimConfig> element defines all claim configuration level inputs. This element can have zero or more <claimMappings> elements that specify claims
referred by this service provider. A <claimMappings> element includes two elements; <localClaim> and <remoteClaim>
where each is represented by a claimId and a claimURI. The <localClaim> denotes a standard claim which is local to the WSO2 Identity Server and the
<remoteClaim> denotes some remote claim value that maps to the local claim under the same claim mapping. Remote
claims are specifically used with identity federation scenarios to map claims received from the federated Identity Provider to local claims.
Parameter |
Type |
Description |
|---|---|---|
alwaysSendMappedLocalSubjectId |
Boolean |
This configuration specifies whether the subject attribute that returns to the service provider is taken from the locally mapped user or from the federated user. |
localClaimDialect |
Boolean |
This is a boolean that specifies whether this service provider is using the local claim dialect or a custom claim dialect. true - using the local claim dialect false - using the custom claim dialect If it is using the custom claim dialect, the local claim should map with a remote claim in each claim mapping otherwise, both the local claim URI and the remote claim URI should be the same (i.e. a URI defined under a dialect local to the WSO2 Identity Server). |
claimMappings.localClaim.claimId claimMappings.remoteClaim.claimId |
Integer |
Integer value that identifies the claim. Applies to both |
claimMappings.localClaim.claimUri claimMappings.remoteClaim.claimUri |
String |
URI specific to the claim. It applies to both |
claimMappings.requested |
Boolean |
This is a boolean that marks a mapped claim as a requested claim which ensures that the service provider definitely sends this claim to the Identity Server. true - mark as requested false - mark as not requested |
roleClaimURI |
String |
Role claim URI is used to identify the claim that equates to the role of the user. This is linked to the permissions that you can apply for specific user roles. This is a remote claim URI mapped via claim mappings. |
userClaimURI |
String |
User claim URI is also referred to as Subject claim URI in the management console. It is the claim that is used to uniquely identiy a user. For example, mapping the claims to the users email or ID attribute. |
Click to view request
<xsd1:claimConfig>
<!--Optional:-->
<xsd1:alwaysSendMappedLocalSubjectId>?</xsd1:alwaysSendMappedLocalSubjectId>
<!--Zero or more repetitions:-->
<xsd1:claimMappings>
<!--Optional:-->
<xsd1:defaultValue>?</xsd1:defaultValue>
<!--Optional:-->
<xsd1:localClaim>
<!--Optional:-->
<xsd1:claimId>?</xsd1:claimId>
<!--Optional:-->
<xsd1:claimUri>?</xsd1:claimUri>
</xsd1:localClaim>
<!--Optional:-->
<xsd1:mandatory>?</xsd1:mandatory>
<!--Optional:-->
<xsd1:remoteClaim>
<!--Optional:-->
<xsd1:claimId>?</xsd1:claimId>
<!--Optional:-->
<xsd1:claimUri>?</xsd1:claimUri>
</xsd1:remoteClaim>
<!--Optional:-->
<xsd1:requested>?</xsd1:requested>
</xsd1:claimMappings>
<!--Zero or more repetitions:-->
<xsd1:idpClaims>
<!--Optional:-->
<xsd1:claimId>?</xsd1:claimId>
<!--Optional:-->
<xsd1:claimUri>?</xsd1:claimUri>
</xsd1:idpClaims>
<!--Optional:-->
<xsd1:localClaimDialect>?</xsd1:localClaimDialect>
<!--Optional:-->
<xsd1:roleClaimURI>?</xsd1:roleClaimURI>
<!--Optional:-->
<xsd1:userClaimURI>?</xsd1:userClaimURI>
</xsd1:claimConfig><soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://org.apache.axis2/xsd" xmlns:xsd1="http://model.common.application.identity.carbon.wso2.org/xsd">
<soapenv:Header/>
<soapenv:Body>
<xsd:updateApplication>
<!--Optional:-->
<xsd:serviceProvider>
<!--Optional:-->
<xsd1:applicationID>2</xsd1:applicationID>
<!--Optional:-->
<xsd1:applicationName>travelocity.com</xsd1:applicationName>
<!--Optional:-->
<xsd1:claimConfig>
<!--Optional:-->
<xsd1:alwaysSendMappedLocalSubjectId>false</xsd1:alwaysSendMappedLocalSubjectId>
<!--Zero or more repetitions:-->
<xsd1:claimMappings>
<!--Optional:-->
<xsd1:localClaim>
<!--Optional:-->
<xsd1:claimUri>http://wso2.org/claims/givenname</xsd1:claimUri>
</xsd1:localClaim>
<!--Optional:-->
<xsd1:mandatory>true</xsd1:mandatory>
<!--Optional:-->
<xsd1:remoteClaim>
<!--Optional:-->
<xsd1:claimUri>name</xsd1:claimUri>
</xsd1:remoteClaim>
<!--Optional:-->
<xsd1:requested>true</xsd1:requested>
</xsd1:claimMappings>
<xsd1:claimMappings>
<!--Optional:-->
<xsd1:localClaim>
<!--Optional:-->
<xsd1:claimUri>http://wso2.org/claims/role</xsd1:claimUri>
</xsd1:localClaim>
<!--Optional:-->
<xsd1:mandatory>true</xsd1:mandatory>
<!--Optional:-->
<xsd1:remoteClaim>
<!--Optional:-->
<xsd1:claimUri>role</xsd1:claimUri>
</xsd1:remoteClaim>
<!--Optional:-->
<xsd1:requested>true</xsd1:requested>
</xsd1:claimMappings>
<!--Optional:-->
<xsd1:localClaimDialect>false</xsd1:localClaimDialect>
<!--Optional:-->
<xsd1:roleClaimURI>role</xsd1:roleClaimURI>
<!--Optional:-->
<xsd1:userClaimURI>user</xsd1:userClaimURI>
</xsd1:claimConfig>
<!--Optional:-->
<xsd1:description>sample service provider</xsd1:description>
<!--Optional:-->
<xsd1:inboundAuthenticationConfig></xsd1:inboundAuthenticationConfig>
<!--Optional:-->
<xsd1:inboundProvisioningConfig>
<!--Optional:-->
<xsd1:provisioningEnabled>false</xsd1:provisioningEnabled>
<!--Optional:-->
<xsd1:provisioningUserStore>PRIMARY</xsd1:provisioningUserStore>
</xsd1:inboundProvisioningConfig>
<!--Optional:-->
<xsd1:localAndOutBoundAuthenticationConfig>
<!--Optional:-->
<xsd1:alwaysSendBackAuthenticatedListOfIdPs>false</xsd1:alwaysSendBackAuthenticatedListOfIdPs>
<!--Optional:-->
<xsd1:authenticationStepForAttributes></xsd1:authenticationStepForAttributes>
<!--Optional:-->
<xsd1:authenticationStepForSubject></xsd1:authenticationStepForSubject>
<xsd1:authenticationType>default</xsd1:authenticationType>
<!--Optional:-->
<xsd1:subjectClaimUri>name</xsd1:subjectClaimUri>
</xsd1:localAndOutBoundAuthenticationConfig>
<!--Optional:-->
<xsd1:outboundProvisioningConfig>
<!--Zero or more repetitions:-->
<xsd1:provisionByRoleList></xsd1:provisionByRoleList>
</xsd1:outboundProvisioningConfig>
<!--Optional:-->
<xsd1:permissionAndRoleConfig></xsd1:permissionAndRoleConfig>
<!--Optional:-->
<xsd1:saasApp>false</xsd1:saasApp>
</xsd:serviceProvider>
</xsd:updateApplication>
</soapenv:Body>
</soapenv:Envelope>Roles and permissions¶
The <permissionAndRoleConfig> element defines all permission and role configuration level inputs. Under this element, specific permissions can be specified via zero or more
<permissions> blocks.
| Parameter | Type | Description |
|---|---|---|
| permissions.value | String | A string value that defines a service provider specific permission. This permission is added under /permission/applications/<service-provider-name>/<given-permission-name> and is available when adding roles. |
Once the permissions are specified, the roles specific to the service provider can be mapped to local roles defined in the Identity Server via zero or more <roleMappings> blocks. A <roleMappings> block includes a <localRole> element and a <remoteRole> element. The
<localRole> represents a local role defined in the identity server and the <remoteRole> represents the service provider specific role that you want to map to the local role.
Parameter |
Type |
Description |
|---|---|---|
localRole.localRoleName |
String |
This is the name of the local role which is defined in Identity Server. |
localRole.userStoreId |
String |
This is the key of the userstore used by Identity Server. |
remoteRole |
String |
Role specific to the service provider |
Click to view request
<xsd1:permissionAndRoleConfig>
<!--Zero or more repetitions:-->
<xsd1:idpRoles>?</xsd1:idpRoles>
<!--Zero or more repetitions:-->
<xsd1:permissions>
<!--Optional:-->
<xsd1:value>?</xsd1:value>
</xsd1:permissions>
<!--Zero or more repetitions:-->
<xsd1:roleMappings>
<!--Optional:-->
<xsd1:localRole>
<!--Optional:-->
<xsd1:localRoleName>?</xsd1:localRoleName>
<!--Optional:-->
<xsd1:userStoreId>?</xsd1:userStoreId>
</xsd1:localRole>
<!--Optional:-->
<xsd1:remoteRole>?</xsd1:remoteRole>
</xsd1:roleMappings>
</xsd1:permissionAndRoleConfig><soapenv:Envelope
xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:xsd="http://org.apache.axis2/xsd"
xmlns:xsd1="http://model.common.application.identity.carbon.wso2.org/xsd">
<soapenv:Header/>
<soapenv:Body>
<xsd:updateApplication>
<!--Optional:-->
<xsd:serviceProvider>
<!--Optional:-->
<xsd1:applicationID>2</xsd1:applicationID>
<!--Optional:-->
<xsd1:applicationName>travelocity.com</xsd1:applicationName>
<!--Optional:-->
<xsd1:claimConfig>
<!--Optional:-->
<xsd1:alwaysSendMappedLocalSubjectId>false</xsd1:alwaysSendMappedLocalSubjectId>
<!--Optional:-->
<xsd1:localClaimDialect>true</xsd1:localClaimDialect>
</xsd1:claimConfig>
<!--Optional:-->
<xsd1:description>sample service provider</xsd1:description>
<!--Optional:-->
<xsd1:inboundAuthenticationConfig></xsd1:inboundAuthenticationConfig>
<!--Optional:-->
<xsd1:inboundProvisioningConfig>
<!--Optional:-->
<xsd1:provisioningEnabled>false</xsd1:provisioningEnabled>
<!--Optional:-->
<xsd1:provisioningUserStore>PRIMARY</xsd1:provisioningUserStore>
</xsd1:inboundProvisioningConfig>
<!--Optional:-->
<xsd1:localAndOutBoundAuthenticationConfig>
<!--Optional:-->
<xsd1:alwaysSendBackAuthenticatedListOfIdPs>false</xsd1:alwaysSendBackAuthenticatedListOfIdPs>
<!--Optional:-->
<xsd1:authenticationStepForAttributes></xsd1:authenticationStepForAttributes>
<!--Optional:-->
<xsd1:authenticationStepForSubject></xsd1:authenticationStepForSubject>
<xsd1:authenticationType>default</xsd1:authenticationType>
<!--Optional:-->
<xsd1:subjectClaimUri>http://wso2.org/claims/fullname</xsd1:subjectClaimUri>
</xsd1:localAndOutBoundAuthenticationConfig>
<!--Optional:-->
<xsd1:outboundProvisioningConfig>
<!--Zero or more repetitions:-->
<xsd1:provisionByRoleList></xsd1:provisionByRoleList>
</xsd1:outboundProvisioningConfig>
<!--Optional:-->
<xsd1:permissionAndRoleConfig>
<!--Zero or more repetitions:-->
<xsd1:permissions>
<!--Optional:-->
<xsd1:value>/sample/permission</xsd1:value>
</xsd1:permissions>
<!--Zero or more repetitions:-->
<xsd1:roleMappings>
<!--Optional:-->
<xsd1:localRole>
<!--Optional:-->
<xsd1:localRoleName>tester</xsd1:localRoleName>
</xsd1:localRole>
<!--Optional:-->
<xsd1:remoteRole>app-tester</xsd1:remoteRole>
</xsd1:roleMappings>
</xsd1:permissionAndRoleConfig>
<!--Optional:-->
<xsd1:saasApp>false</xsd1:saasApp>
</xsd:serviceProvider>
</xsd:updateApplication>
</soapenv:Body>
</soapenv:Envelope>Inbound authentication¶
Inbound Authentication Configuration defines the protocol that the service provider and the Identity Server uses to communicate. You can add a common set of configurations for the service provider for any protocol such as SAML 2.0, OpenID Connect, OAuth 2.0, and WS-Federation (passive) that is supported by WSO2 Identity Server.
The <inboundAuthenticationConfig> element consists of zero or more <inboundAuthenticationRequestConfigs\> elements. The <inboundAuthenticationRequestConfigs\> element has following elements (Note: Only the required element are mentioned).
Important
You need to create inbound authenticator configurations accessing the appropriate services(Ex: OAuthAdminService, IdentitySAMLSSOConfigService, etc.), before updating service provider with inbound authenticator configurations.
| Parameter | Type | Description |
|---|---|---|
| inboundAuthKey | String | Specify an identifier for the service provider as the authentication key. |
| inboundAuthType | String | Specify the authentication type. ex: samlsso, oauth2, wstrust, passivests, |
| properties | Property | Inbound authentication request properties |
| properties.name | String | Specify the property name |
| properties.value | String | Specify the property value |
Click to view request
<xsd1:inboundAuthenticationConfig>
<!--Zero or more repetitions:-->
<xsd1:inboundAuthenticationRequestConfigs>
<!--Optional:-->
<xsd1:friendlyName>?</xsd1:friendlyName>
<!--Optional:-->
<xsd1:inboundAuthKey>?</xsd1:inboundAuthKey>
<!--Optional:-->
<xsd1:inboundAuthType>?</xsd1:inboundAuthType>
<!--Optional:-->
<xsd1:inboundConfigType>?</xsd1:inboundConfigType>
<!--Zero or more repetitions:-->
<xsd1:properties>
<!--Optional:-->
<xsd1:advanced>?</xsd1:advanced>
<!--Optional:-->
<xsd1:confidential>?</xsd1:confidential>
<!--Optional:-->
<xsd1:defaultValue>?</xsd1:defaultValue>
<!--Optional:-->
<xsd1:description>?</xsd1:description>
<!--Optional:-->
<xsd1:displayName>?</xsd1:displayName>
<!--Optional:-->
<xsd1:displayOrder>?</xsd1:displayOrder>
<!--Optional:-->
<xsd1:name>?</xsd1:name>
<!--Optional:-->
<xsd1:required>?</xsd1:required>
<!--Optional:-->
<xsd1:type>?</xsd1:type>
<!--Optional:-->
<xsd1:value>?</xsd1:value>
</xsd1:properties>
</xsd1:inboundAuthenticationRequestConfigs>
</xsd1:inboundAuthenticationConfig><soapenv:Envelope
xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:xsd="http://org.apache.axis2/xsd"
xmlns:xsd1="http://model.common.application.identity.carbon.wso2.org/xsd">
<soapenv:Header/>
<soapenv:Body>
<xsd:updateApplication>
<!--Optional:-->
<xsd:serviceProvider>
<!--Optional:-->
<xsd1:applicationID>2</xsd1:applicationID>
<!--Optional:-->
<xsd1:applicationName>travelocity.com</xsd1:applicationName>
<!--Optional:-->
<xsd1:claimConfig>
<!--Optional:-->
<xsd1:alwaysSendMappedLocalSubjectId>false</xsd1:alwaysSendMappedLocalSubjectId>
<!--Optional:-->
<xsd1:localClaimDialect>true</xsd1:localClaimDialect>
</xsd1:claimConfig>
<!--Optional:-->
<xsd1:description>sample service provider</xsd1:description>
<!--Optional:-->
<xsd1:inboundAuthenticationConfig>
<!--Zero or more repetitions:-->
<xsd1:inboundAuthenticationRequestConfigs>
<!--Optional:-->
<xsd1:inboundAuthKey>li6JMbjW6WDMKTWsRnGcjp5zcGhi</xsd1:inboundAuthKey>
<!--Optional:-->
<xsd1:inboundAuthType>oauth2</xsd1:inboundAuthType>
<!--Zero or more repetitions:-->
<xsd1:properties>
<!--Optional:-->
<xsd1:name>oauthConsumerSecret</xsd1:name>
<!--Optional:-->
<xsd1:value>NMB3EAfxh4YvSTqbb3iMkongAHjW</xsd1:value>
</xsd1:properties>
</xsd1:inboundAuthenticationRequestConfigs>
<xsd1:inboundAuthenticationRequestConfigs>
<!--Optional:-->
<xsd1:inboundAuthKey>travelocity.com</xsd1:inboundAuthKey>
<!--Optional:-->
<xsd1:inboundAuthType>samlsso</xsd1:inboundAuthType>
<!--Zero or more repetitions:-->
<xsd1:properties>
<!--Optional:-->
<xsd1:name>attrConsumServiceIndex</xsd1:name>
<!--Optional:-->
<xsd1:value>202240762</xsd1:value>
</xsd1:properties>
</xsd1:inboundAuthenticationRequestConfigs>
</xsd1:inboundAuthenticationConfig>
<!--Optional:-->
<xsd1:inboundProvisioningConfig>
<!--Optional:-->
<xsd1:provisioningEnabled>false</xsd1:provisioningEnabled>
<!--Optional:-->
<xsd1:provisioningUserStore>PRIMARY</xsd1:provisioningUserStore>
</xsd1:inboundProvisioningConfig>
<!--Optional:-->
<xsd1:localAndOutBoundAuthenticationConfig>
<!--Optional:-->
<xsd1:alwaysSendBackAuthenticatedListOfIdPs>false</xsd1:alwaysSendBackAuthenticatedListOfIdPs>
<!--Optional:-->
<xsd1:authenticationStepForAttributes></xsd1:authenticationStepForAttributes>
<!--Optional:-->
<xsd1:authenticationStepForSubject></xsd1:authenticationStepForSubject>
<xsd1:authenticationType>default</xsd1:authenticationType>
<!--Optional:-->
<xsd1:subjectClaimUri>http://wso2.org/claims/fullname</xsd1:subjectClaimUri>
</xsd1:localAndOutBoundAuthenticationConfig>
<!--Optional:-->
<xsd1:outboundProvisioningConfig>
<!--Zero or more repetitions:-->
<xsd1:provisionByRoleList></xsd1:provisionByRoleList>
</xsd1:outboundProvisioningConfig>
<!--Optional:-->
<xsd1:permissionAndRoleConfig></xsd1:permissionAndRoleConfig>
<!--Optional:-->
<xsd1:saasApp>false</xsd1:saasApp>
</xsd:serviceProvider>
</xsd:updateApplication>
</soapenv:Body>
</soapenv:Envelope>Inbound provisioning¶
The inbound provisioning of the service provider can be configured.
| Parameter | Type | Description |
|---|---|---|
| provisioningEnabled | Boolean | Specify whether inbound provisioning is enabled |
| provisioningUserStore | String | User store domain name |
Click to view request
<xsd1:inboundProvisioningConfig>
<!--Optional:-->
<xsd1:dumbMode>?</xsd1:dumbMode>
<!--Optional:-->
<xsd1:provisioningEnabled>?</xsd1:provisioningEnabled>
<!--Optional:-->
<xsd1:provisioningUserStore>?</xsd1:provisioningUserStore>
</xsd1:inboundProvisioningConfig><soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://org.apache.axis2/xsd" xmlns:xsd1="http://model.common.application.identity.carbon.wso2.org/xsd">
<soapenv:Header/>
<soapenv:Body>
<xsd:updateApplication>
<!--Optional:-->
<xsd:serviceProvider>
<!--Optional:-->
<xsd1:applicationID>2</xsd1:applicationID>
<!--Optional:-->
<xsd1:applicationName>travelocity.com</xsd1:applicationName>
<!--Optional:-->
<xsd1:claimConfig>
<!--Optional:-->
<xsd1:alwaysSendMappedLocalSubjectId>false</xsd1:alwaysSendMappedLocalSubjectId>
<!--Optional:-->
<xsd1:localClaimDialect>true</xsd1:localClaimDialect>
</xsd1:claimConfig>
<!--Optional:-->
<xsd1:description>sample service provider</xsd1:description>
<!--Optional:-->
<xsd1:inboundAuthenticationConfig></xsd1:inboundAuthenticationConfig>
<!--Optional:-->
<xsd1:inboundProvisioningConfig>
<!--Optional:-->
<xsd1:provisioningEnabled>true</xsd1:provisioningEnabled>
<!--Optional:-->
<xsd1:provisioningUserStore>PRIMARY</xsd1:provisioningUserStore>
</xsd1:inboundProvisioningConfig>
<!--Optional:-->
<xsd1:localAndOutBoundAuthenticationConfig>
<!--Optional:-->
<xsd1:alwaysSendBackAuthenticatedListOfIdPs>false</xsd1:alwaysSendBackAuthenticatedListOfIdPs>
<!--Optional:-->
<xsd1:authenticationStepForAttributes></xsd1:authenticationStepForAttributes>
<!--Optional:-->
<xsd1:authenticationStepForSubject></xsd1:authenticationStepForSubject>
<xsd1:authenticationType>default</xsd1:authenticationType>
<!--Optional:-->
<xsd1:subjectClaimUri>http://wso2.org/claims/fullname</xsd1:subjectClaimUri>
</xsd1:localAndOutBoundAuthenticationConfig>
<!--Optional:-->
<xsd1:outboundProvisioningConfig>
<!--Zero or more repetitions:-->
<xsd1:provisionByRoleList></xsd1:provisionByRoleList>
</xsd1:outboundProvisioningConfig>
<!--Optional:-->
<xsd1:permissionAndRoleConfig></xsd1:permissionAndRoleConfig>
<!--Optional:-->
<xsd1:saasApp>false</xsd1:saasApp>
</xsd:serviceProvider>
</xsd:updateApplication>
</soapenv:Body>
</soapenv:Envelope>Local and outbound authentication¶
Parameter |
Type |
Description |
|---|---|---|
alwaysSendBackAuthenticatedListOfIdPs |
boolean |
Always send back the authenticated list of identity providers.
|
authenticationSteps |
AuthenticationStep |
Zero or more authentication steps. This can be used for subjects and attributes as well. |
authenticationSteps.attributeStep |
boolean |
true - Use attributes from the current step |
authenticationSteps.federatedIdentityProviders |
IdentityProvider |
To configure federated IdPs, there should be one or more registered IdPs with at least one federated authenticator enabled. With the request, it is necessary to include the IdP name and the federated authenticator name. The federated authenticator should be enabled in the IdP. If a federated authenticator is not mentioned, the default federated authenticator for the IdP will be used. |
authenticationSteps.localAuthenticatorConfigs |
LocalAuthenticatorConfigs |
Local authentication related configs for the authentication step. For example, you can specify whether to use a basic or an IWA authenticator. To use basic, localAuthenticatorConfigs.name should be 'BasicAuthenticator' while 'IWAAuthenticator' for iwa. |
authenticationSteps.stepOrder |
int |
Execution order of the step |
authenticationSteps.subjectStep |
boolean |
true - Use subject identifier from this step |
authenticationType |
String |
Depending on the requirement, the authentication type can be specified. The available types are: default, local, federated, flow . Refer the sample requests below on each authentication type configuration. |
subjectClaimUri |
String |
Subject claim URI |
Click to view default request
<xsd1:localAndOutBoundAuthenticationConfig>
<!--Optional:-->
<xsd1:alwaysSendBackAuthenticatedListOfIdPs>false</xsd1:alwaysSendBackAuthenticatedListOfIdPs>
<!--Optional:-->
<xsd1:authenticationType>default</xsd1:authenticationType>
<!--Optional:-->
<xsd1:subjectClaimUri>http://wso2.org/claims/fullname</xsd1:subjectClaimUri>
</xsd1:localAndOutBoundAuthenticationConfig><soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://org.apache.axis2/xsd" xmlns:xsd1="http://model.common.application.identity.carbon.wso2.org/xsd">
<soapenv:Header/>
<soapenv:Body>
<xsd:updateApplication>
<!--Optional:-->
<xsd:serviceProvider>
<!--Optional:-->
<xsd1:applicationID>2</xsd1:applicationID>
<!--Optional:-->
<xsd1:applicationName>travelocity.com</xsd1:applicationName>
<!--Optional:-->
<xsd1:claimConfig>
<!--Optional:-->
<xsd1:alwaysSendMappedLocalSubjectId>false</xsd1:alwaysSendMappedLocalSubjectId>
<!--Optional:-->
<xsd1:localClaimDialect>true</xsd1:localClaimDialect>
</xsd1:claimConfig>
<!--Optional:-->
<xsd1:description>sample service provider</xsd1:description>
<!--Optional:-->
<xsd1:inboundAuthenticationConfig></xsd1:inboundAuthenticationConfig>
<!--Optional:-->
<xsd1:inboundProvisioningConfig>
<!--Optional:-->
<xsd1:provisioningEnabled>false</xsd1:provisioningEnabled>
<!--Optional:-->
<xsd1:provisioningUserStore>PRIMARY</xsd1:provisioningUserStore>
</xsd1:inboundProvisioningConfig>
<!--Optional:-->
<xsd1:localAndOutBoundAuthenticationConfig>
<!--Optional:-->
<xsd1:alwaysSendBackAuthenticatedListOfIdPs>false</xsd1:alwaysSendBackAuthenticatedListOfIdPs>
<!--Optional:-->
<xsd1:authenticationType>default</xsd1:authenticationType>
<!--Optional:-->
<xsd1:subjectClaimUri>http://wso2.org/claims/fullname</xsd1:subjectClaimUri>
</xsd1:localAndOutBoundAuthenticationConfig>
<!--Optional:-->
<xsd1:outboundProvisioningConfig>
<!--Zero or more repetitions:-->
<xsd1:provisionByRoleList></xsd1:provisionByRoleList>
</xsd1:outboundProvisioningConfig>
<!--Optional:-->
<xsd1:permissionAndRoleConfig></xsd1:permissionAndRoleConfig>
<!--Optional:-->
<xsd1:saasApp>false</xsd1:saasApp>
</xsd:serviceProvider>
</xsd:updateApplication>
</soapenv:Body>
</soapenv:Envelope>Click to view local request
As there is only one <authenticationSteps> element configured here, there is no need to set the authenticationSteps.stepOrder, authenticationSteps.subjectStep, authenticationSteps.attributeStep attributes.
<xsd1:localAndOutBoundAuthenticationConfig>
<!--Zero or more repetitions:-->
<xsd1:authenticationSteps>
<!--Zero or more repetitions:-->
<xsd1:localAuthenticatorConfigs>
<!--Optional:-->
<xsd1:displayName>basic</xsd1:displayName>
<!--Optional:-->
<xsd1:name>BasicAuthenticator</xsd1:name>
<!--Optional:-->
<xsd1:valid>true</xsd1:valid>
<!--Zero or more repetitions:-->
</xsd1:localAuthenticatorConfigs>
<!--Optional:-->
<xsd1:stepOrder>1</xsd1:stepOrder>
<!--Optional:-->
<xsd1:subjectStep>false</xsd1:subjectStep>
<!--Optional:-->
</xsd1:authenticationSteps>
<xsd1:authenticationType>local</xsd1:authenticationType>
<!--Optional:-->
<xsd1:subjectClaimUri>http://wso2.org/claims/fullname</xsd1:subjectClaimUri>
</xsd1:localAndOutBoundAuthenticationConfig><soapenv:Envelope
xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:xsd="http://org.apache.axis2/xsd"
xmlns:xsd1="http://model.common.application.identity.carbon.wso2.org/xsd">
<soapenv:Header/>
<soapenv:Body>
<xsd:updateApplication>
<!--Optional:-->
<xsd:serviceProvider>
<!--Optional:-->
<xsd1:applicationID>2</xsd1:applicationID>
<!--Optional:-->
<xsd1:applicationName>travelocity.com</xsd1:applicationName>
<!--Optional:-->
<xsd1:claimConfig>
<!--Optional:-->
<xsd1:alwaysSendMappedLocalSubjectId>false</xsd1:alwaysSendMappedLocalSubjectId>
<!--Optional:-->
<xsd1:localClaimDialect>true</xsd1:localClaimDialect>
</xsd1:claimConfig>
<!--Optional:-->
<xsd1:description>sample service provider</xsd1:description>
<!--Optional:-->
<xsd1:inboundAuthenticationConfig></xsd1:inboundAuthenticationConfig>
<!--Optional:-->
<xsd1:inboundProvisioningConfig>
<!--Optional:-->
<xsd1:provisioningEnabled>false</xsd1:provisioningEnabled>
<!--Optional:-->
<xsd1:provisioningUserStore>PRIMARY</xsd1:provisioningUserStore>
</xsd1:inboundProvisioningConfig>
<!--Optional:-->
<xsd1:localAndOutBoundAuthenticationConfig>
<!--Zero or more repetitions:-->
<xsd1:authenticationSteps>
<!--Zero or more repetitions:-->
<xsd1:localAuthenticatorConfigs>
<!--Optional:-->
<xsd1:displayName>basic</xsd1:displayName>
<!--Optional:-->
<xsd1:name>BasicAuthenticator</xsd1:name>
<!--Optional:-->
<xsd1:valid>true</xsd1:valid>
<!--Zero or more repetitions:-->
</xsd1:localAuthenticatorConfigs>
<!--Optional:-->
<xsd1:stepOrder>1</xsd1:stepOrder>
<!--Optional:-->
<xsd1:subjectStep>false</xsd1:subjectStep>
<!--Optional:-->
</xsd1:authenticationSteps>
<xsd1:authenticationType>local</xsd1:authenticationType>
<!--Optional:-->
<xsd1:subjectClaimUri>http://wso2.org/claims/fullname</xsd1:subjectClaimUri>
</xsd1:localAndOutBoundAuthenticationConfig>
<!--Optional:-->
<xsd1:outboundProvisioningConfig>
<!--Zero or more repetitions:-->
<xsd1:provisionByRoleList></xsd1:provisionByRoleList>
</xsd1:outboundProvisioningConfig>
<!--Optional:-->
<xsd1:permissionAndRoleConfig></xsd1:permissionAndRoleConfig>
<!--Optional:-->
<xsd1:saasApp>false</xsd1:saasApp>
</xsd:serviceProvider>
</xsd:updateApplication>
</soapenv:Body>
</soapenv:Envelope>Click to view federated request
As there is only one <authenticationSteps>
configured here, there is no need to set the
authenticationSteps.stepOrder, authenticationSteps.subjectStep, authenticationSteps.attributeStep
attributes.
<xsd1:localAndOutBoundAuthenticationConfig>
<!--Zero or more repetitions:-->
<xsd1:authenticationSteps>
<!--Zero or more repetitions:-->
<xsd1:federatedIdentityProviders>
<!--Zero or more repetitions:-->
<xsd1:federatedAuthenticatorConfigs>
<!--Optional:-->
<xsd1:displayName>samlsso</xsd1:displayName>
<!--Optional:-->
<xsd1:name>SAMLSSOAuthenticator</xsd1:name>
<!--Optional:-->
<xsd1:valid>true</xsd1:valid>
</xsd1:federatedAuthenticatorConfigs>
<!--Optional:-->
<xsd1:identityProviderName>TrustedIdP</xsd1:identityProviderName>
</xsd1:federatedIdentityProviders>
<!--Optional:-->
<xsd1:stepOrder>1</xsd1:stepOrder>
<!--Optional:-->
<xsd1:subjectStep>false</xsd1:subjectStep>
<!--Optional:-->
</xsd1:authenticationSteps>
<xsd1:authenticationType>federated</xsd1:authenticationType>
<!--Optional:-->
<xsd1:subjectClaimUri>http://wso2.org/claims/fullname</xsd1:subjectClaimUri>
</xsd1:localAndOutBoundAuthenticationConfig><soapenv:Envelope
xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:xsd="http://org.apache.axis2/xsd"
xmlns:xsd1="http://model.common.application.identity.carbon.wso2.org/xsd">
<soapenv:Header/>
<soapenv:Body>
<xsd:updateApplication>
<!--Optional:-->
<xsd:serviceProvider>
<!--Optional:-->
<xsd1:applicationID>2</xsd1:applicationID>
<!--Optional:-->
<xsd1:applicationName>travelocity.com</xsd1:applicationName>
<!--Optional:-->
<xsd1:claimConfig>
<!--Optional:-->
<xsd1:alwaysSendMappedLocalSubjectId>false</xsd1:alwaysSendMappedLocalSubjectId>
<!--Optional:-->
<xsd1:localClaimDialect>true</xsd1:localClaimDialect>
</xsd1:claimConfig>
<!--Optional:-->
<xsd1:description>sample service provider</xsd1:description>
<!--Optional:-->
<xsd1:inboundAuthenticationConfig></xsd1:inboundAuthenticationConfig>
<!--Optional:-->
<xsd1:inboundProvisioningConfig>
<!--Optional:-->
<xsd1:provisioningEnabled>false</xsd1:provisioningEnabled>
<!--Optional:-->
<xsd1:provisioningUserStore>PRIMARY</xsd1:provisioningUserStore>
</xsd1:inboundProvisioningConfig>
<!--Optional:-->
<xsd1:localAndOutBoundAuthenticationConfig>
<!--Zero or more repetitions:-->
<xsd1:authenticationSteps>
<!--Zero or more repetitions:-->
<xsd1:federatedIdentityProviders>
<!--Zero or more repetitions:-->
<xsd1:federatedAuthenticatorConfigs>
<!--Optional:-->
<xsd1:displayName>samlsso</xsd1:displayName>
<!--Optional:-->
<xsd1:name>SAMLSSOAuthenticator</xsd1:name>
<!--Optional:-->
<xsd1:valid>true</xsd1:valid>
</xsd1:federatedAuthenticatorConfigs>
<!--Optional:-->
<xsd1:identityProviderName>TrustedIdP</xsd1:identityProviderName>
</xsd1:federatedIdentityProviders>
<!--Optional:-->
<xsd1:stepOrder>1</xsd1:stepOrder>
<!--Optional:-->
<xsd1:subjectStep>false</xsd1:subjectStep>
<!--Optional:-->
</xsd1:authenticationSteps>
<xsd1:authenticationType>federated</xsd1:authenticationType>
<!--Optional:-->
<xsd1:subjectClaimUri>http://wso2.org/claims/fullname</xsd1:subjectClaimUri>
</xsd1:localAndOutBoundAuthenticationConfig>
<!--Optional:-->
<xsd1:outboundProvisioningConfig>
<!--Zero or more repetitions:-->
<xsd1:provisionByRoleList></xsd1:provisionByRoleList>
</xsd1:outboundProvisioningConfig>
<!--Optional:-->
<xsd1:permissionAndRoleConfig></xsd1:permissionAndRoleConfig>
<!--Optional:-->
<xsd1:saasApp>false</xsd1:saasApp>
</xsd:serviceProvider>
</xsd:updateApplication>
</soapenv:Body>
</soapenv:Envelope>Click to view the advanced format
Multiple <authenticationSteps> can be configured here.
Therefore, in each <authenticationSteps>, the
stepOrder and whether the subject identifiers and attributes should be
used from that particular step.
<xsd1:localAndOutBoundAuthenticationConfig>
<!--Zero or more repetitions:-->
<xsd1:authenticationSteps>
<!--Zero or more repetitions:-->
<xsd1:federatedIdentityProviders>
<!--Zero or more repetitions:-->
<xsd1:federatedAuthenticatorConfigs>
<!--Optional:-->
<xsd1:displayName>samlsso</xsd1:displayName>
<!--Optional:-->
<xsd1:name>SAMLSSOAuthenticator</xsd1:name>
<!--Optional:-->
<xsd1:valid>true</xsd1:valid>
</xsd1:federatedAuthenticatorConfigs>
<!--Optional:-->
<xsd1:identityProviderName>TrustedIdP</xsd1:identityProviderName>
</xsd1:federatedIdentityProviders>
<!--Zero or more repetitions:-->
<xsd1:localAuthenticatorConfigs>
<!--Optional:-->
<xsd1:displayName>basic</xsd1:displayName>
<!--Optional:-->
<xsd1:name>BasicAuthenticator</xsd1:name>
<!--Optional:-->
<xsd1:valid>true</xsd1:valid>
<!--Zero or more repetitions:-->
</xsd1:localAuthenticatorConfigs>
<!--Optional:-->
<xsd1:stepOrder>1</xsd1:stepOrder>
<!--Optional:-->
<xsd1:subjectStep>false</xsd1:subjectStep>
<!--Optional:-->
</xsd1:authenticationSteps>
<xsd1:authenticationType>flow</xsd1:authenticationType>
<!--Optional:-->
<xsd1:subjectClaimUri>http://wso2.org/cla<soapenv:Envelope
xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:xsd="http://org.apache.axis2/xsd"
xmlns:xsd1="http://model.common.application.identity.carbon.wso2.org/xsd">
<soapenv:Header/>
<soapenv:Body>
<xsd:updateApplication>
<!--Optional:-->
<xsd:serviceProvider>
<!--Optional:-->
<xsd1:applicationID>2</xsd1:applicationID>
<!--Optional:-->
<xsd1:applicationName>travelocity.com</xsd1:applicationName>
<!--Optional:-->
<xsd1:claimConfig>
<!--Optional:-->
<xsd1:alwaysSendMappedLocalSubjectId>false</xsd1:alwaysSendMappedLocalSubjectId>
<!--Optional:-->
<xsd1:localClaimDialect>true</xsd1:localClaimDialect>
</xsd1:claimConfig>
<!--Optional:-->
<xsd1:description>sample service provider</xsd1:description>
<!--Optional:-->
<xsd1:inboundAuthenticationConfig></xsd1:inboundAuthenticationConfig>
<!--Optional:-->
<xsd1:inboundProvisioningConfig>
<!--Optional:-->
<xsd1:provisioningEnabled>false</xsd1:provisioningEnabled>
<!--Optional:-->
<xsd1:provisioningUserStore>PRIMARY</xsd1:provisioningUserStore>
</xsd1:inboundProvisioningConfig>
<!--Optional:-->
<xsd1:localAndOutBoundAuthenticationConfig>
<!--Zero or more repetitions:-->
<xsd1:authenticationSteps>
<!--Zero or more repetitions:-->
<xsd1:federatedIdentityProviders>
<!--Zero or more repetitions:-->
<xsd1:federatedAuthenticatorConfigs>
<!--Optional:-->
<xsd1:displayName>samlsso</xsd1:displayName>
<!--Optional:-->
<xsd1:name>SAMLSSOAuthenticator</xsd1:name>
<!--Optional:-->
<xsd1:valid>true</xsd1:valid>
</xsd1:federatedAuthenticatorConfigs>
<!--Optional:-->
<xsd1:identityProviderName>TrustedIdP</xsd1:identityProviderName>
</xsd1:federatedIdentityProviders>
<!--Zero or more repetitions:-->
<xsd1:localAuthenticatorConfigs>
<!--Optional:-->
<xsd1:displayName>basic</xsd1:displayName>
<!--Optional:-->
<xsd1:name>BasicAuthenticator</xsd1:name>
<!--Optional:-->
<xsd1:valid>true</xsd1:valid>
<!--Zero or more repetitions:-->
</xsd1:localAuthenticatorConfigs>
<!--Optional:-->
<xsd1:stepOrder>1</xsd1:stepOrder>
<!--Optional:-->
<xsd1:subjectStep>false</xsd1:subjectStep>
<!--Optional:-->
</xsd1:authenticationSteps>
<xsd1:authenticationType>flow</xsd1:authenticationType>
<!--Optional:-->
<xsd1:subjectClaimUri>http://wso2.org/claims/fullname</xsd1:subjectClaimUri>
</xsd1:localAndOutBoundAuthenticationConfig>
<!--Optional:-->
<xsd1:outboundProvisioningConfig>
<!--Zero or more repetitions:-->
<xsd1:provisionByRoleList></xsd1:provisionByRoleList>
</xsd1:outboundProvisioningConfig>
<!--Optional:-->
<xsd1:permissionAndRoleConfig></xsd1:permissionAndRoleConfig>
<!--Optional:-->
<xsd1:saasApp>false</xsd1:saasApp>
</xsd:serviceProvider>
</xsd:updateApplication>
</soapenv:Body>
</soapenv:Envelope> Request path authenticator¶
Specify configurations related to zero or more request path authenticators.
Parameter |
Type |
Description |
|---|---|---|
displayName |
String |
The name that displays |
enabled |
Boolean |
true - enable false - deisable |
name |
String |
OAuthRequestPathAuthenticator BasicAuthRequestPathAuthenticator |
valid |
boolean |
true - valid false - invalid |
properties |
Property |
List of properties in a array |
Click to view request
<xsd1:requestPathAuthenticatorConfigs>
<!--Optional:-->
<xsd1:name>BasicAuthRequestPathAuthenticator</xsd1:name>
<!--Optional:-->
<xsd1:valid>true</xsd1:valid>
</xsd1:requestPathAuthenticatorConfigs>
<xsd1:requestPathAuthenticatorConfigs>
<!--Optional:-->
<xsd1:name>OAuthRequestPathAuthenticator</xsd1:name>
<!--Optional:-->
<xsd1:valid>true</xsd1:valid>
</xsd1:requestPathAuthenticatorConfigs><soapenv:Envelope
xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:xsd="http://org.apache.axis2/xsd"
xmlns:xsd1="http://model.common.application.identity.carbon.wso2.org/xsd">
<soapenv:Header/>
<soapenv:Body>
<xsd:updateApplication>
<!--Optional:-->
<xsd:serviceProvider>
<!--Optional:-->
<xsd1:applicationID>2</xsd1:applicationID>
<!--Optional:-->
<xsd1:applicationName>travelocity.com</xsd1:applicationName>
<!--Optional:-->
<xsd1:claimConfig>
<!--Optional:-->
<xsd1:alwaysSendMappedLocalSubjectId>false</xsd1:alwaysSendMappedLocalSubjectId>
<!--Optional:-->
<xsd1:localClaimDialect>true</xsd1:localClaimDialect>
</xsd1:claimConfig>
<!--Optional:-->
<xsd1:description>sample service provider</xsd1:description>
<!--Optional:-->
<xsd1:inboundAuthenticationConfig></xsd1:inboundAuthenticationConfig>
<!--Optional:-->
<xsd1:inboundProvisioningConfig>
<!--Optional:-->
<xsd1:provisioningEnabled>false</xsd1:provisioningEnabled>
<!--Optional:-->
<xsd1:provisioningUserStore>PRIMARY</xsd1:provisioningUserStore>
</xsd1:inboundProvisioningConfig>
<!--Optional:-->
<xsd1:localAndOutBoundAuthenticationConfig>
<!--Optional:-->
<xsd1:alwaysSendBackAuthenticatedListOfIdPs>false</xsd1:alwaysSendBackAuthenticatedListOfIdPs>
<!--Optional:-->
<xsd1:authenticationStepForAttributes></xsd1:authenticationStepForAttributes>
<!--Optional:-->
<xsd1:authenticationStepForSubject></xsd1:authenticationStepForSubject>
<xsd1:authenticationType>default</xsd1:authenticationType>
<!--Optional:-->
<xsd1:subjectClaimUri>http://wso2.org/claims/fullname</xsd1:subjectClaimUri>
</xsd1:localAndOutBoundAuthenticationConfig>
<!--Optional:-->
<xsd1:outboundProvisioningConfig>
<!--Zero or more repetitions:-->
<xsd1:provisionByRoleList></xsd1:provisionByRoleList>
</xsd1:outboundProvisioningConfig>
<!--Optional:-->
<xsd1:permissionAndRoleConfig></xsd1:permissionAndRoleConfig>
<!--Zero or more repetitions:-->
<xsd1:requestPathAuthenticatorConfigs>
<!--Optional:-->
<xsd1:name>BasicAuthRequestPathAuthenticator</xsd1:name>
<!--Optional:-->
<xsd1:valid>true</xsd1:valid>
</xsd1:requestPathAuthenticatorConfigs>
<xsd1:requestPathAuthenticatorConfigs>
<!--Optional:-->
<xsd1:name>OAuthRequestPathAuthenticator</xsd1:name>
<!--Optional:-->
<xsd1:valid>true</xsd1:valid>
</xsd1:requestPathAuthenticatorConfigs>
<!--Optional:-->
<xsd1:saasApp>false</xsd1:saasApp>
</xsd:serviceProvider>
</xsd:updateApplication>
</soapenv:Body>
</soapenv:Envelope> Outbound provisioning¶
To configure the outbound provisioning of the service provider, use the following parameters.
Parameter |
Type |
Description |
|---|---|---|
provisionByRoleList |
String |
- |
provisioningIdentityProviders |
IdentityProvider |
To configure provisioning IdPs, there should be one or more registered IdPs, with at least one outbound provisioning connector enabled. Include the IdP name and provisioning connector name and specify whether to enable JiT provisioning with the request. |
Click to view request
<xsd1:outboundProvisioningConfig>
<!--Zero or more repetitions:-->
<xsd1:provisionByRoleList></xsd1:provisionByRoleList>
<!--Zero or more repetitions:-->
<xsd1:provisioningIdentityProviders>
<!--Optional:-->
<xsd1:defaultProvisioningConnectorConfig>
<!--Optional:-->
<xsd1:blocking>false</xsd1:blocking>
<!--Optional:-->
<xsd1:enabled>false</xsd1:enabled>
<!--Optional:-->
<xsd1:name>scim</xsd1:name>
<!--Optional:-->
</xsd1:defaultProvisioningConnectorConfig>
<!--Optional:-->
<xsd1:identityProviderName>TrustedIdP</xsd1:identityProviderName>
<!--Optional:-->
<xsd1:justInTimeProvisioningConfig>
<!--Optional:-->
<xsd1:dumbMode>false</xsd1:dumbMode>
<!--Optional:-->
<xsd1:provisioningEnabled>true</xsd1:provisioningEnabled>
</xsd1:justInTimeProvisioningConfig>
</xsd1:provisioningIdentityProviders>
</xsd1:outboundProvisioningConfig><soapenv:Envelope
xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:xsd="http://org.apache.axis2/xsd"
xmlns:xsd1="http://model.common.application.identity.carbon.wso2.org/xsd">
<soapenv:Header/>
<soapenv:Body>
<xsd:updateApplication>
<!--Optional:-->
<xsd:serviceProvider>
<!--Optional:-->
<xsd1:applicationID>2</xsd1:applicationID>
<!--Optional:-->
<xsd1:applicationName>travelocity.com</xsd1:applicationName>
<!--Optional:-->
<xsd1:claimConfig>
<!--Optional:-->
<xsd1:alwaysSendMappedLocalSubjectId>false</xsd1:alwaysSendMappedLocalSubjectId>
<!--Zero or more repetitions:-->
<xsd1:claimMappings>
<!--Optional:-->
<xsd1:localClaim>
<!--Optional:-->
<xsd1:claimUri>http://wso2.org/claims/givenname</xsd1:claimUri>
</xsd1:localClaim>
<!--Optional:-->
<xsd1:mandatory>true</xsd1:mandatory>
<!--Optional:-->
<xsd1:remoteClaim>
<!--Optional:-->
<xsd1:claimUri>name</xsd1:claimUri>
</xsd1:remoteClaim>
<!--Optional:-->
<xsd1:requested>true</xsd1:requested>
</xsd1:claimMappings>
<xsd1:claimMappings>
<!--Optional:-->
<xsd1:localClaim>
<!--Optional:-->
<xsd1:claimUri>http://wso2.org/claims/role</xsd1:claimUri>
</xsd1:localClaim>
<!--Optional:-->
<xsd1:mandatory>true</xsd1:mandatory>
<!--Optional:-->
<xsd1:remoteClaim>
<!--Optional:-->
<xsd1:claimUri>role</xsd1:claimUri>
</xsd1:remoteClaim>
<!--Optional:-->
<xsd1:requested>true</xsd1:requested>
</xsd1:claimMappings>
<!--Optional:-->
<xsd1:localClaimDialect>false</xsd1:localClaimDialect>
<!--Optional:-->
<xsd1:roleClaimURI>role</xsd1:roleClaimURI>
<!--Optional:-->
<xsd1:userClaimURI>user</xsd1:userClaimURI>
</xsd1:claimConfig>
<!--Optional:-->
<xsd1:description>sample service provider</xsd1:description>
<!--Optional:-->
<xsd1:inboundAuthenticationConfig></xsd1:inboundAuthenticationConfig>
<!--Optional:-->
<xsd1:inboundProvisioningConfig>
<!--Optional:-->
<xsd1:provisioningEnabled>false</xsd1:provisioningEnabled>
<!--Optional:-->
<xsd1:provisioningUserStore>PRIMARY</xsd1:provisioningUserStore>
</xsd1:inboundProvisioningConfig>
<!--Optional:-->
<xsd1:localAndOutBoundAuthenticationConfig>
<!--Optional:-->
<xsd1:alwaysSendBackAuthenticatedListOfIdPs>false</xsd1:alwaysSendBackAuthenticatedListOfIdPs>
<!--Optional:-->
<xsd1:authenticationStepForAttributes></xsd1:authenticationStepForAttributes>
<!--Optional:-->
<xsd1:authenticationStepForSubject></xsd1:authenticationStepForSubject>
<xsd1:authenticationType>default</xsd1:authenticationType>
<!--Optional:-->
<xsd1:subjectClaimUri>name</xsd1:subjectClaimUri>
</xsd1:localAndOutBoundAuthenticationConfig>
<!--Optional:-->
<xsd1:outboundProvisioningConfig>
<!--Zero or more repetitions:-->
<xsd1:provisionByRoleList></xsd1:provisionByRoleList>
<!--Zero or more repetitions:-->
<xsd1:provisioningIdentityProviders>
<!--Optional:-->
<xsd1:defaultProvisioningConnectorConfig>
<!--Optional:-->
<xsd1:blocking>false</xsd1:blocking>
<!--Optional:-->
<xsd1:enabled>false</xsd1:enabled>
<!--Optional:-->
<xsd1:name>scim</xsd1:name>
<!--Optional:-->
</xsd1:defaultProvisioningConnectorConfig>
<!--Optional:-->
<xsd1:identityProviderName>TrustedIdP</xsd1:identityProviderName>
<!--Optional:-->
<xsd1:justInTimeProvisioningConfig>
<!--Optional:-->
<xsd1:dumbMode>false</xsd1:dumbMode>
<!--Optional:-->
<xsd1:provisioningEnabled>true</xsd1:provisioningEnabled>
</xsd1:justInTimeProvisioningConfig>
</xsd1:provisioningIdentityProviders>
</xsd1:outboundProvisioningConfig>
<!--Optional:-->
<xsd1:permissionAndRoleConfig></xsd1:permissionAndRoleConfig>
<!--Optional:-->
<xsd1:saasApp>false</xsd1:saasApp>
</xsd:serviceProvider>
</xsd:updateApplication>
</soapenv:Body>
</soapenv:Envelope>deleteApplication¶
| Description | A service provider is deleted based on the application name. The input parameters and the format of the request should be as follows. |
|---|---|
| Permission Level | /permission/admin/manage |
| Input Parameters |
|
| Request |
|
| Response |
|
getAllApplicationBasicInfo¶
| Description | This operation can use to get all available service provider names and their descriptions. |
|---|---|
| Permission Level | /permission/admin/manage |
| Request |
|
| Response |
|
getAllIdentityProviders¶
| Description | This operation retrieves the available identity providers. |
|---|---|
| Permission Level | /permission/admin/manage |
| Request |
|
| Response |
|
getAllLocalAuthenticators¶
| Description | This operation retrieves the available local authenticators. |
|---|---|
| Permission Level | /permission/admin/manage |
| Request |
|
| Response |
|
getAllLocalClaimUris¶
| Description | This operation retrieves the available claim URI values that are in http://wso2.org/claims dialect. |
|---|---|
| Permission Level | /permission/admin/manage |
| Request |
|
| Response |
|
getAllRequestPathAuthenticators¶
| Description | This operation retrieves the available request patch authenticators. |
|---|---|
| Permission Level | /permission/admin/manage |
| Request |
|
| Response |
|
getApplication¶
| Description | This operation retrieves the the service provider information while passing the application name. |
|---|---|
| Permission Level | /permission/admin/manage |
| Input Parameters |
|
| Request |
|
| Response |
|
getIdentityProvider¶
| Description | This operation retrieves the identity provider information while passing the identity provider name. |
|---|---|
| Permission Level | /permission/admin/manage |
| Input Parameters |
|
| Request |
|
| Response |
|