Skip to content

Using the Service Provider API

This section guides you through using the Identity Application Management API and its operations.

About Identity Application Management API

The Identity Application Management API enables creating a service provider, updating it, deleting it. and the different operations you can use to work with it.  

API operations

Before you begin

  • The service contract of this admin service can be found at the following URL:

    https://<IS_HOST>:<IS_PORT>/services/IdentityApplicationManagementService?wsdl
    https://localhost:9443/services/IdentityApplicationManagementService?wsdl
  • To enable the admin service, follow the instructions given in Calling Admin Services.

About creating applications

Creating an application via the Identity Application Management Service is a two-step process.

  1. Create a service provider for the given application name and the description using the createApplication operation. It returns a 200 OK response.

    The service provider's application ID is required to use the updateApplication operation. You can include an application ID for the new service provider within the same SOAP request when calling the createApplication operation. If you do not include an application ID in the request, you can retrieve the auto-generated application ID value by calling the getApplication service method with the application name.

  2. Update the service provider with other configurations using the updateApplication operation. The service provider's application ID is required for this request.

createApplication

Description

Creating an application via the Identity Application Management Service is a two-step process.

  1. Create a service provider for the given application name and the description using the createApplication operation. It returns a 200 OK response.
    The service provider's application ID is required to use the updateApplication operation. You can include an application ID for the new service provider within the same SOAP request when calling the createApplication operation. If you do not include an application ID in the request, you can retrieve the auto-generated application ID value by calling the getApplication service method with the application name.
  2. Update the service provider with other configurations using the updateApplication operation. The service provider's application ID is required for this request.
Permission Level /permission/admin/manage
Input Parameters
  • applicationID [Integer]: This uniquely identifies the service provider application. This is an optional parameter, if you have not included this value in the SOAP request, WSO2 Identity Server assigns a unique application Id.
  • applicationName [String]: This is the desired service provider name.

    Note

    Adding a service provider creates an internal application role for the given application name in the following format: Internal/. Therefore, creating another service provider for the same application name is not possible and will throw an IdentityApplicationManagementException.

  • description [String]: This is a brief text description of the service provider.
Request See below
Response See below
Click to view request and response
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://org.apache.axis2/xsd" xmlns:xsd1="http://model.common.application.identity.carbon.wso2.org/xsd">
   <soapenv:Header/>
   <soapenv:Body>
      <xsd:createApplication>
         <!--Optional:-->
         <xsd:serviceProvider>
            <!--Optional:-->
            <xsd1:applicationName>?</xsd1:applicationName>
            <!--Optional:-->
            <xsd1:description>?</xsd1:description>
         </xsd:serviceProvider>
      </xsd:createApplication>
   </soapenv:Body>
</soapenv:Envelope>
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://org.apache.axis2/xsd" xmlns:xsd1="http://model.common.application.identity.carbon.wso2.org/xsd">
   <soapenv:Header/>
   <soapenv:Body>
      <xsd:createApplication>
         <!--Optional:-->
         <xsd:serviceProvider>
            <!--Optional:-->
            <xsd1:applicationName>travelocity.com</xsd1:applicationName>
            <!--Optional:-->
            <xsd1:description>sample service provider</xsd1:description>
         </xsd:serviceProvider>
      </xsd:createApplication>
   </soapenv:Body>
</soapenv:Envelope>
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
   <soapenv:Body>
      <ns:createApplicationResponse xmlns:ns="http://org.apache.axis2/xsd">
         <ns:return xsi:nil="true" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"/>
      </ns:createApplicationResponse>
   </soapenv:Body>
</soapenv:Envelope>

updateApplication

Description

After creating the service provider, it can be configured and updated with the following configurations:

  • Claim configuration
  • Role/Permission configuration
  • Inbound and Outbound authentication configuration
  • Inbound and Outbound provisioning configuration
  • Get application ID: The service provider is updated based on its application Id. If you have not provided an application ID when creating the service provider, you can use the getApplication operation to retrieve the application Id value from WSO2 Identity Server.
  • Get certificate reference ID: The certificate of the service provider is updated based on its certificate reference Id. Use the getApplication operation to retrieve the certificate reference Id value from WSO2 Identity Server and include it in the updateApplication SOAP request to update the same certificate. The code block below shows the certificate reference ID value included in the getApplication response.

    <ax2140:spProperties xsi:type="ax2140:ServiceProviderProperty">
              <ax2140:displayName>CERTIFICATE</ax2140:displayName>
              <ax2140:name>CERTIFICATE</ax2140:name>
              <ax2140:value>2</ax2140:value>
            </ax2140:spProperties>

    To update the same certificate, include the certificate reference ID you retrieved in the updateApplication SOAP request as follows.

    <xsd1:spProperties>
          <!--Optional:-->
          <xsd1:displayName>CERTIFICATE</xsd1:displayName>
          <!--Optional:-->
          <xsd1:name>CERTIFICATE</xsd1:name>
          <!--Optional:-->
          <xsd1:value>2</xsd1:value>
        </xsd1:spProperties>

Permission Level /permission/admin/manage
Input Parameters

Service provider level parameters:

  • applicationID [Integer]: This is the Application ID of the service provider. This is mandatory when updating the SP.
  • applicationName [String]: This is the Service provider name.
  • claimConfig [ClaimConfig]: These are Claims that are related configurations.
  • description [String]: This is the description of the SP.
  • inboundAuthenticationConfig [InboundAuthenticationConfig]: This is an Inbound authentication related configurations.
  • inboundProvisioningConfig [InboundProvisioningConfig]: This is an inbound provisioning related configurations.
  • localAndOutBoundAuthenticationConfig [LocalAndOutboundAuthenticationConfig]: This is for local and outbound authentication.
  • outboundProvisioningConfig [OutboundProvisioningConfig]: This is for outbound provisioning related configurations.
  • owner [User]: This is the applicationn owner.
  • permissionAndRoleConfig [PermissionsAndRoleConfig]: These are permission and role related configurations.
  • requestPathAuthenticatorConfigs [RequestPathAuthenticatorConfig]: These are request patch authenticator related configurationsr.
  • saasApp: This is optional. This parameter allows you to determine whether the service provider is a SaaS application (true) or not (false).
    If no value is passed for this parameter, the service provider is marked as SaaS disabled by default. Thus, the web application is not shared among tenants so only users in the current tenant (the one you are logged in when creating the service provider) are allowed to log into the web application. Alternatively, if you enabled SaaS application, that means this web application is shared among tenants so users from any tenant are allowed to log into the web application.
Request See below
Response See below
Click to view request and response formats
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://org.apache.axis2/xsd" xmlns:xsd1="http://model.common.application.identity.carbon.wso2.org/xsd">
   <soapenv:Header/>
   <soapenv:Body>
      <xsd:updateApplication>
         <!--Optional:-->
         <xsd:serviceProvider>
            <!--Optional:-->
            <xsd1:applicationID>?</xsd1:applicationID>
            <!--Optional:-->
            <xsd1:applicationName>?</xsd1:applicationName>
            <!--Optional:-->
            <xsd1:certificateContent>?</xsd1:certificateContent>
            <!--Optional:-->
            <xsd1:claimConfig>
            </xsd1:claimConfig>
            <!--Optional:-->
            <xsd1:description>?</xsd1:description>
            <!--Optional:-->
            <xsd1:inboundAuthenticationConfig>...</xsd1:inboundAuthenticationConfig>
            <!--Optional:-->
            <xsd1:inboundProvisioningConfig>...</xsd1:inboundProvisioningConfig>
            <!--Optional:-->
            <xsd1:localAndOutBoundAuthenticationConfig>...</xsd1:localAndOutBoundAuthenticationConfig>
            <!--Optional:-->
            <xsd1:outboundProvisioningConfig>...</xsd1:outboundProvisioningConfig>
            <!--Optional:-->
            <xsd1:owner>...</xsd1:owner>
            <!--Optional:-->
            <xsd1:permissionAndRoleConfig>...</xsd1:permissionAndRoleConfig>
            <!--Zero or more repetitions:-->
            <xsd1:requestPathAuthenticatorConfigs>...</xsd1:requestPathAuthenticatorConfigs>
            <!--Optional:-->
            <xsd1:saasApp>?</xsd1:saasApp>
            <xsd1:spProperties>
            <!--Optional:-->
            <xsd1:displayName>CERTIFICATE</xsd1:displayName>
            <!--Optional:-->
            <xsd1:name>CERTIFICATE</xsd1:name>
            <!--Optional:-->
            <xsd1:value>2</xsd1:value>
            </xsd1:spProperties>
         </xsd:serviceProvider>
      </xsd:updateApplication>
   </soapenv:Body>
</soapenv:Envelope>
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://org.apache.axis2/xsd" xmlns:xsd1="http://model.common.application.identity.carbon.wso2.org/xsd">
   <soapenv:Header/>
   <soapenv:Body>
      <xsd:updateApplication>
         <!--Optional:-->
         <xsd:serviceProvider>
            <!--Optional:-->
            <xsd1:applicationID>2</xsd1:applicationID>
            <!--Optional:-->
            <xsd1:applicationName>travelocity.com</xsd1:applicationName>
            <!--Optional:-->
            <xsd1:claimConfig>
               <!--Optional:-->
               <xsd1:alwaysSendMappedLocalSubjectId>false</xsd1:alwaysSendMappedLocalSubjectId>
               <!--Optional:-->
               <xsd1:localClaimDialect>true</xsd1:localClaimDialect>
            </xsd1:claimConfig>
            <!--Optional:-->
            <xsd1:description>sample service provider</xsd1:description>
            <!--Optional:-->
            <xsd1:inboundAuthenticationConfig></xsd1:inboundAuthenticationConfig>
            <!--Optional:-->
            <xsd1:inboundProvisioningConfig>
               <!--Optional:-->
               <xsd1:provisioningEnabled>false</xsd1:provisioningEnabled>
               <!--Optional:-->
               <xsd1:provisioningUserStore>PRIMARY</xsd1:provisioningUserStore>
            </xsd1:inboundProvisioningConfig>
            <!--Optional:-->
            <xsd1:localAndOutBoundAuthenticationConfig>
               <!--Optional:-->
               <xsd1:alwaysSendBackAuthenticatedListOfIdPs>false</xsd1:alwaysSendBackAuthenticatedListOfIdPs>
               <!--Optional:-->
               <xsd1:authenticationStepForAttributes></xsd1:authenticationStepForAttributes>
               <!--Optional:-->
               <xsd1:authenticationStepForSubject></xsd1:authenticationStepForSubject>
               <xsd1:authenticationType>default</xsd1:authenticationType>
               <!--Optional:-->
               <xsd1:subjectClaimUri>http://wso2.org/claims/fullname</xsd1:subjectClaimUri>
            </xsd1:localAndOutBoundAuthenticationConfig>
            <!--Optional:-->
            <xsd1:outboundProvisioningConfig>
               <!--Zero or more repetitions:-->
               <xsd1:provisionByRoleList></xsd1:provisionByRoleList>
            </xsd1:outboundProvisioningConfig>
            <!--Optional:-->
            <xsd1:permissionAndRoleConfig></xsd1:permissionAndRoleConfig>
            <!--Optional:-->
            <xsd1:saasApp>false</xsd1:saasApp>
         </xsd:serviceProvider>
      </xsd:updateApplication>
   </soapenv:Body>
</soapenv:Envelope>
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://org.apache.axis2/xsd" xmlns:xsd1="http://model.common.application.identity.carbon.wso2.org/xsd">
   <soapenv:Header/>
   <soapenv:Body>
      <xsd:updateApplication>
         <!--Optional:-->
         <xsd:serviceProvider>
            <!--Optional:-->
            <xsd1:applicationID>5</xsd1:applicationID>
            <!--Optional:-->
            <xsd1:applicationName>SampleApplication</xsd1:applicationName>
            <!--Optional:-->
            <xsd1:claimConfig>
               <!--Optional:-->
               <xsd1:alwaysSendMappedLocalSubjectId>false</xsd1:alwaysSendMappedLocalSubjectId>
               <!--Optional:-->
               <xsd1:localClaimDialect>true</xsd1:localClaimDialect>
            </xsd1:claimConfig>
            <!--Optional:-->
            <xsd1:description>oauth application</xsd1:description>
            <!--Optional:-->
            <xsd1:inboundAuthenticationConfig>
               <!--Zero or more repetitions:-->
               <xsd1:inboundAuthenticationRequestConfigs>
                  <!--Optional:-->
                  <xsd1:inboundAuthKey>CLIENT_ID</xsd1:inboundAuthKey>
                  <!--Optional:-->
                  <xsd1:inboundAuthType>oauth2</xsd1:inboundAuthType>
                  <!--Zero or more repetitions:-->
                  <xsd1:properties>
                     <!--Optional:-->
                     <xsd1:advanced>false</xsd1:advanced>
                     <!--Optional:-->
                     <xsd1:confidential>false</xsd1:confidential>
                     <!--Optional:-->
                     <xsd1:defaultValue></xsd1:defaultValue>
                     <!--Optional:-->
                     <xsd1:description></xsd1:description>
                     <!--Optional:-->
                     <xsd1:displayName></xsd1:displayName>
                     <!--Optional:-->
                     <xsd1:name>oauthConsumerSecret</xsd1:name>
                     <!--Optional:-->
                     <xsd1:required>false</xsd1:required>
                     <!--Optional:-->
                     <xsd1:type></xsd1:type>
                     <!--Optional:-->
                     <xsd1:value>CLIENT_SECRET</xsd1:value>
                  </xsd1:properties>
               </xsd1:inboundAuthenticationRequestConfigs>
            </xsd1:inboundAuthenticationConfig>
            <!--Optional:-->
            <xsd1:inboundProvisioningConfig>
               <!--Optional:-->
               <xsd1:provisioningEnabled>false</xsd1:provisioningEnabled>
               <!--Optional:-->
               <xsd1:provisioningUserStore>PRIMARY</xsd1:provisioningUserStore>
            </xsd1:inboundProvisioningConfig>
            <!--Optional:-->
            <xsd1:localAndOutBoundAuthenticationConfig>
               <!--Optional:-->
               <xsd1:alwaysSendBackAuthenticatedListOfIdPs>false</xsd1:alwaysSendBackAuthenticatedListOfIdPs>
               <!--Optional:-->
               <xsd1:authenticationStepForAttributes></xsd1:authenticationStepForAttributes>
               <!--Optional:-->
               <xsd1:authenticationStepForSubject></xsd1:authenticationStepForSubject>
               <xsd1:authenticationType>default</xsd1:authenticationType>
               <!--Optional:-->
               <xsd1:subjectClaimUri>http://wso2.org/claims/fullname</xsd1:subjectClaimUri>
            </xsd1:localAndOutBoundAuthenticationConfig>
            <!--Optional:-->
            <xsd1:outboundProvisioningConfig>
               <!--Zero or more repetitions:-->
               <xsd1:provisionByRoleList></xsd1:provisionByRoleList>
            </xsd1:outboundProvisioningConfig>
            <!--Optional:-->
            <xsd1:permissionAndRoleConfig></xsd1:permissionAndRoleConfig>
            <!--Optional:-->
            <xsd1:saasApp>false</xsd1:saasApp>
         </xsd:serviceProvider>
      </xsd:updateApplication>
   </soapenv:Body>
</soapenv:Envelope>
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
   <soapenv:Body>
      <ns:updateApplicationResponse xmlns:ns="http://org.apache.axis2/xsd">
         <ns:return xsi:nil="true" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"/>
      </ns:updateApplicationResponse>
   </soapenv:Body>
</soapenv:Envelope>

Claims

The <claimConfig> element  defines all claim configuration level inputs. This element can have zero or more <claimMappings> elements that specify claims referred by this service provider. A <claimMappings> element includes two elements; <localClaim> and <remoteClaim> where each is represented by a claimId and a claimURI.  The <localClaim> denotes a standard claim which is local to the WSO2 Identity Server and the <remoteClaim> denotes some remote claim value that maps to the local claim under the same claim mapping. Remote claims are specifically used with identity federation scenarios to map claims received from the federated Identity Provider to local claims.

Parameter

Type

Description

alwaysSendMappedLocalSubjectId

Boolean

This configuration specifies whether the subject attribute that returns to the service provider is taken from the locally mapped user or from the federated user.

localClaimDialect

Boolean

This is a boolean that specifies whether this service provider is using the local claim dialect or a custom claim dialect.

true - using the local claim dialect

false - using the custom claim dialect


If it is using the custom claim dialect, the local claim should map with a remote claim in each claim mapping otherwise, both the local claim URI and the remote claim URI should be the same (i.e. a URI defined under a dialect local to the WSO2 Identity Server).

claimMappings.localClaim.claimId

claimMappings.remoteClaim.claimId

Integer

Integer value that identifies the claim. Applies to both localClaim and remoteClaim elements.

claimMappings.localClaim.claimUri

claimMappings.remoteClaim.claimUri

String

URI specific to the claim. It applies to both localClaim and remoteClaim elements. When defined under localClaim , this is a URI defined under the dialect specific to the claim. If defined under the remoteClaim , this is a remote claim URI which maps with the local claim defined under the same parent claimMappings element. If only the local claim dialect is used, the same claimURI in localClaim should be used with claimURI in remoteClaim , since there are no explicit local to remote claim mappings.

claimMappings.requested

Boolean

This is a boolean that marks a mapped claim as a requested claim which ensures that the service provider definitely sends this claim to the Identity Server.

true - mark as requested

false - mark as not requested

roleClaimURI

String

Role claim URI is used to identify the claim that equates to the role of the user. This is linked to the permissions that you can apply for specific user roles. This is a remote claim URI mapped via claim mappings.

userClaimURI

String

User claim URI is also referred to as Subject claim URI in the management console. It is the claim that is used to uniquely identiy a user. For example, mapping the claims to the users email or ID attribute.

Click to view request
<xsd1:claimConfig>
    <!--Optional:-->
    <xsd1:alwaysSendMappedLocalSubjectId>?</xsd1:alwaysSendMappedLocalSubjectId>
    <!--Zero or more repetitions:-->
    <xsd1:claimMappings>
        <!--Optional:-->
        <xsd1:defaultValue>?</xsd1:defaultValue>
        <!--Optional:-->
        <xsd1:localClaim>
            <!--Optional:-->
            <xsd1:claimId>?</xsd1:claimId>
            <!--Optional:-->
            <xsd1:claimUri>?</xsd1:claimUri>
        </xsd1:localClaim>
        <!--Optional:-->
        <xsd1:mandatory>?</xsd1:mandatory>
        <!--Optional:-->
        <xsd1:remoteClaim>
            <!--Optional:-->
            <xsd1:claimId>?</xsd1:claimId>
            <!--Optional:-->
            <xsd1:claimUri>?</xsd1:claimUri>
        </xsd1:remoteClaim>
        <!--Optional:-->
        <xsd1:requested>?</xsd1:requested>
    </xsd1:claimMappings>
    <!--Zero or more repetitions:-->
    <xsd1:idpClaims>
        <!--Optional:-->
        <xsd1:claimId>?</xsd1:claimId>
        <!--Optional:-->
        <xsd1:claimUri>?</xsd1:claimUri>
    </xsd1:idpClaims>
    <!--Optional:-->
    <xsd1:localClaimDialect>?</xsd1:localClaimDialect>
    <!--Optional:-->
    <xsd1:roleClaimURI>?</xsd1:roleClaimURI>
    <!--Optional:-->
    <xsd1:userClaimURI>?</xsd1:userClaimURI>
</xsd1:claimConfig>
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://org.apache.axis2/xsd" xmlns:xsd1="http://model.common.application.identity.carbon.wso2.org/xsd">
   <soapenv:Header/>
   <soapenv:Body>
      <xsd:updateApplication>
         <!--Optional:-->
         <xsd:serviceProvider>
            <!--Optional:-->
            <xsd1:applicationID>2</xsd1:applicationID>
            <!--Optional:-->
            <xsd1:applicationName>travelocity.com</xsd1:applicationName>
            <!--Optional:-->
            <xsd1:claimConfig>
               <!--Optional:-->
               <xsd1:alwaysSendMappedLocalSubjectId>false</xsd1:alwaysSendMappedLocalSubjectId>
               <!--Zero or more repetitions:-->
               <xsd1:claimMappings>
                  <!--Optional:-->
                  <xsd1:localClaim>
                     <!--Optional:-->
                     <xsd1:claimUri>http://wso2.org/claims/givenname</xsd1:claimUri>
                  </xsd1:localClaim>
                  <!--Optional:-->
                  <xsd1:mandatory>true</xsd1:mandatory>
                  <!--Optional:-->
                  <xsd1:remoteClaim>
                     <!--Optional:-->
                     <xsd1:claimUri>name</xsd1:claimUri>
                  </xsd1:remoteClaim>
                  <!--Optional:-->
                  <xsd1:requested>true</xsd1:requested>
               </xsd1:claimMappings>
               <xsd1:claimMappings>
                  <!--Optional:-->
                  <xsd1:localClaim>
                     <!--Optional:-->
                     <xsd1:claimUri>http://wso2.org/claims/role</xsd1:claimUri>
                  </xsd1:localClaim>
                  <!--Optional:-->
                  <xsd1:mandatory>true</xsd1:mandatory>
                  <!--Optional:-->
                  <xsd1:remoteClaim>
                     <!--Optional:-->
                     <xsd1:claimUri>role</xsd1:claimUri>
                  </xsd1:remoteClaim>
                  <!--Optional:-->
                  <xsd1:requested>true</xsd1:requested>
               </xsd1:claimMappings>
               <!--Optional:-->
               <xsd1:localClaimDialect>false</xsd1:localClaimDialect>
               <!--Optional:-->
               <xsd1:roleClaimURI>role</xsd1:roleClaimURI>
               <!--Optional:-->
               <xsd1:userClaimURI>user</xsd1:userClaimURI>
            </xsd1:claimConfig>
            <!--Optional:-->
            <xsd1:description>sample service provider</xsd1:description>
            <!--Optional:-->
            <xsd1:inboundAuthenticationConfig></xsd1:inboundAuthenticationConfig>
            <!--Optional:-->
            <xsd1:inboundProvisioningConfig>
               <!--Optional:-->
               <xsd1:provisioningEnabled>false</xsd1:provisioningEnabled>
               <!--Optional:-->
               <xsd1:provisioningUserStore>PRIMARY</xsd1:provisioningUserStore>
            </xsd1:inboundProvisioningConfig>
            <!--Optional:-->
            <xsd1:localAndOutBoundAuthenticationConfig>
               <!--Optional:-->
               <xsd1:alwaysSendBackAuthenticatedListOfIdPs>false</xsd1:alwaysSendBackAuthenticatedListOfIdPs>
               <!--Optional:-->
               <xsd1:authenticationStepForAttributes></xsd1:authenticationStepForAttributes>
               <!--Optional:-->
               <xsd1:authenticationStepForSubject></xsd1:authenticationStepForSubject>
               <xsd1:authenticationType>default</xsd1:authenticationType>
               <!--Optional:-->
               <xsd1:subjectClaimUri>name</xsd1:subjectClaimUri>
            </xsd1:localAndOutBoundAuthenticationConfig>
            <!--Optional:-->
            <xsd1:outboundProvisioningConfig>
               <!--Zero or more repetitions:-->
               <xsd1:provisionByRoleList></xsd1:provisionByRoleList>
            </xsd1:outboundProvisioningConfig>
            <!--Optional:-->
            <xsd1:permissionAndRoleConfig></xsd1:permissionAndRoleConfig>
            <!--Optional:-->
            <xsd1:saasApp>false</xsd1:saasApp>
         </xsd:serviceProvider>
      </xsd:updateApplication>
   </soapenv:Body>
</soapenv:Envelope>

Roles and permissions

The <permissionAndRoleConfig> element defines all permission and role configuration level inputs. Under this element, specific permissions can be specified via zero or more <permissions> blocks.

Parameter Type Description
permissions.value String A string value that defines a service provider specific permission. This permission is added under /permission/applications/<service-provider-name>/<given-permission-name> and is available when adding roles.

Once the permissions are specified, the roles specific to the service provider can be mapped to local roles defined in the Identity Server via zero or more <roleMappings> blocks. A <roleMappings> block includes a <localRole> element and a <remoteRole> element. The <localRole> represents a local role defined in the identity server and the <remoteRole> represents the service provider specific role that you want to map to the local role.

Parameter

Type

Description

localRole.localRoleName

String

This is the name of the local role which is defined in Identity Server.

localRole.userStoreId

String

This is the key of the userstore used by Identity Server.

remoteRole

String

Role specific to the service provider

Click to view request
<xsd1:permissionAndRoleConfig>
    <!--Zero or more repetitions:-->
    <xsd1:idpRoles>?</xsd1:idpRoles>
    <!--Zero or more repetitions:-->
    <xsd1:permissions>
        <!--Optional:-->
        <xsd1:value>?</xsd1:value>
    </xsd1:permissions>
    <!--Zero or more repetitions:-->
    <xsd1:roleMappings>
        <!--Optional:-->
        <xsd1:localRole>
            <!--Optional:-->
            <xsd1:localRoleName>?</xsd1:localRoleName>
            <!--Optional:-->
            <xsd1:userStoreId>?</xsd1:userStoreId>
        </xsd1:localRole>
        <!--Optional:-->
        <xsd1:remoteRole>?</xsd1:remoteRole>
    </xsd1:roleMappings>
</xsd1:permissionAndRoleConfig>
<soapenv:Envelope
    xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
    xmlns:xsd="http://org.apache.axis2/xsd"
    xmlns:xsd1="http://model.common.application.identity.carbon.wso2.org/xsd">
    <soapenv:Header/>
    <soapenv:Body>
        <xsd:updateApplication>
            <!--Optional:-->
            <xsd:serviceProvider>
                <!--Optional:-->
                <xsd1:applicationID>2</xsd1:applicationID>
                <!--Optional:-->
                <xsd1:applicationName>travelocity.com</xsd1:applicationName>
                <!--Optional:-->
                <xsd1:claimConfig>
                    <!--Optional:-->
                    <xsd1:alwaysSendMappedLocalSubjectId>false</xsd1:alwaysSendMappedLocalSubjectId>
                    <!--Optional:-->
                    <xsd1:localClaimDialect>true</xsd1:localClaimDialect>
                </xsd1:claimConfig>
                <!--Optional:-->
                <xsd1:description>sample service provider</xsd1:description>
                <!--Optional:-->
                <xsd1:inboundAuthenticationConfig></xsd1:inboundAuthenticationConfig>
                <!--Optional:-->
                <xsd1:inboundProvisioningConfig>
                    <!--Optional:-->
                    <xsd1:provisioningEnabled>false</xsd1:provisioningEnabled>
                    <!--Optional:-->
                    <xsd1:provisioningUserStore>PRIMARY</xsd1:provisioningUserStore>
                </xsd1:inboundProvisioningConfig>
                <!--Optional:-->
                <xsd1:localAndOutBoundAuthenticationConfig>
                    <!--Optional:-->
                    <xsd1:alwaysSendBackAuthenticatedListOfIdPs>false</xsd1:alwaysSendBackAuthenticatedListOfIdPs>
                    <!--Optional:-->
                    <xsd1:authenticationStepForAttributes></xsd1:authenticationStepForAttributes>
                    <!--Optional:-->
                    <xsd1:authenticationStepForSubject></xsd1:authenticationStepForSubject>
                    <xsd1:authenticationType>default</xsd1:authenticationType>
                    <!--Optional:-->
                    <xsd1:subjectClaimUri>http://wso2.org/claims/fullname</xsd1:subjectClaimUri>
                </xsd1:localAndOutBoundAuthenticationConfig>
                <!--Optional:-->
                <xsd1:outboundProvisioningConfig>
                    <!--Zero or more repetitions:-->
                    <xsd1:provisionByRoleList></xsd1:provisionByRoleList>
                </xsd1:outboundProvisioningConfig>
                <!--Optional:-->
                <xsd1:permissionAndRoleConfig>
                    <!--Zero or more repetitions:-->
                    <xsd1:permissions>
                        <!--Optional:-->
                        <xsd1:value>/sample/permission</xsd1:value>
                    </xsd1:permissions>
                    <!--Zero or more repetitions:-->
                    <xsd1:roleMappings>
                        <!--Optional:-->
                        <xsd1:localRole>
                            <!--Optional:-->
                            <xsd1:localRoleName>tester</xsd1:localRoleName>
                        </xsd1:localRole>
                        <!--Optional:-->
                        <xsd1:remoteRole>app-tester</xsd1:remoteRole>
                    </xsd1:roleMappings>
                </xsd1:permissionAndRoleConfig>
                <!--Optional:-->
                <xsd1:saasApp>false</xsd1:saasApp>
            </xsd:serviceProvider>
        </xsd:updateApplication>
    </soapenv:Body>
</soapenv:Envelope>

Inbound authentication

Inbound Authentication Configuration defines the protocol that the service provider and the Identity Server uses to communicate. You can add a common set of configurations for the service provider for any protocol such as SAML 2.0, OpenID Connect, OAuth 2.0, and WS-Federation (passive) that is supported by WSO2 Identity Server.

The <inboundAuthenticationConfig> element consists of zero or more <inboundAuthenticationRequestConfigs\> elements. The <inboundAuthenticationRequestConfigs\> element has following elements (Note: Only the required element are mentioned).

Important

You need to create inbound authenticator configurations accessing the appropriate services(Ex: OAuthAdminService, IdentitySAMLSSOConfigService, etc.), before updating service provider with inbound authenticator configurations.

Parameter Type Description
inboundAuthKey String Specify an identifier for the service provider as the authentication key.
inboundAuthType String Specify the authentication type. ex: samlsso, oauth2, wstrust, passivests,
properties Property Inbound authentication request properties
properties.name String Specify the property name
properties.value String Specify the property value
Click to view request
<xsd1:inboundAuthenticationConfig>
    <!--Zero or more repetitions:-->
    <xsd1:inboundAuthenticationRequestConfigs>
        <!--Optional:-->
        <xsd1:friendlyName>?</xsd1:friendlyName>
        <!--Optional:-->
        <xsd1:inboundAuthKey>?</xsd1:inboundAuthKey>
        <!--Optional:-->
        <xsd1:inboundAuthType>?</xsd1:inboundAuthType>
        <!--Optional:-->
        <xsd1:inboundConfigType>?</xsd1:inboundConfigType>
        <!--Zero or more repetitions:-->
        <xsd1:properties>
            <!--Optional:-->
            <xsd1:advanced>?</xsd1:advanced>
            <!--Optional:-->
            <xsd1:confidential>?</xsd1:confidential>
            <!--Optional:-->
            <xsd1:defaultValue>?</xsd1:defaultValue>
            <!--Optional:-->
            <xsd1:description>?</xsd1:description>
            <!--Optional:-->
            <xsd1:displayName>?</xsd1:displayName>
            <!--Optional:-->
            <xsd1:displayOrder>?</xsd1:displayOrder>
            <!--Optional:-->
            <xsd1:name>?</xsd1:name>
            <!--Optional:-->
            <xsd1:required>?</xsd1:required>
            <!--Optional:-->
            <xsd1:type>?</xsd1:type>
            <!--Optional:-->
            <xsd1:value>?</xsd1:value>
        </xsd1:properties>
    </xsd1:inboundAuthenticationRequestConfigs>
</xsd1:inboundAuthenticationConfig>
<soapenv:Envelope
    xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
    xmlns:xsd="http://org.apache.axis2/xsd"
    xmlns:xsd1="http://model.common.application.identity.carbon.wso2.org/xsd">
    <soapenv:Header/>
    <soapenv:Body>
        <xsd:updateApplication>
            <!--Optional:-->
            <xsd:serviceProvider>
                <!--Optional:-->
                <xsd1:applicationID>2</xsd1:applicationID>
                <!--Optional:-->
                <xsd1:applicationName>travelocity.com</xsd1:applicationName>
                <!--Optional:-->
                <xsd1:claimConfig>
                    <!--Optional:-->
                    <xsd1:alwaysSendMappedLocalSubjectId>false</xsd1:alwaysSendMappedLocalSubjectId>
                    <!--Optional:-->
                    <xsd1:localClaimDialect>true</xsd1:localClaimDialect>
                </xsd1:claimConfig>
                <!--Optional:-->
                <xsd1:description>sample service provider</xsd1:description>
                <!--Optional:-->
                <xsd1:inboundAuthenticationConfig>
                    <!--Zero or more repetitions:-->
                    <xsd1:inboundAuthenticationRequestConfigs>
                        <!--Optional:-->
                        <xsd1:inboundAuthKey>li6JMbjW6WDMKTWsRnGcjp5zcGhi</xsd1:inboundAuthKey>
                        <!--Optional:-->
                        <xsd1:inboundAuthType>oauth2</xsd1:inboundAuthType>
                        <!--Zero or more repetitions:-->
                        <xsd1:properties>
                            <!--Optional:-->
                            <xsd1:name>oauthConsumerSecret</xsd1:name>
                            <!--Optional:-->
                            <xsd1:value>NMB3EAfxh4YvSTqbb3iMkongAHjW</xsd1:value>
                        </xsd1:properties>
                    </xsd1:inboundAuthenticationRequestConfigs>
                    <xsd1:inboundAuthenticationRequestConfigs>
                        <!--Optional:-->
                        <xsd1:inboundAuthKey>travelocity.com</xsd1:inboundAuthKey>
                        <!--Optional:-->
                        <xsd1:inboundAuthType>samlsso</xsd1:inboundAuthType>
                        <!--Zero or more repetitions:-->
                        <xsd1:properties>
                            <!--Optional:-->
                            <xsd1:name>attrConsumServiceIndex</xsd1:name>
                            <!--Optional:-->
                            <xsd1:value>202240762</xsd1:value>
                        </xsd1:properties>
                    </xsd1:inboundAuthenticationRequestConfigs>
                </xsd1:inboundAuthenticationConfig>
                <!--Optional:-->
                <xsd1:inboundProvisioningConfig>
                    <!--Optional:-->
                    <xsd1:provisioningEnabled>false</xsd1:provisioningEnabled>
                    <!--Optional:-->
                    <xsd1:provisioningUserStore>PRIMARY</xsd1:provisioningUserStore>
                </xsd1:inboundProvisioningConfig>
                <!--Optional:-->
                <xsd1:localAndOutBoundAuthenticationConfig>
                    <!--Optional:-->
                    <xsd1:alwaysSendBackAuthenticatedListOfIdPs>false</xsd1:alwaysSendBackAuthenticatedListOfIdPs>
                    <!--Optional:-->
                    <xsd1:authenticationStepForAttributes></xsd1:authenticationStepForAttributes>
                    <!--Optional:-->
                    <xsd1:authenticationStepForSubject></xsd1:authenticationStepForSubject>
                    <xsd1:authenticationType>default</xsd1:authenticationType>
                    <!--Optional:-->
                    <xsd1:subjectClaimUri>http://wso2.org/claims/fullname</xsd1:subjectClaimUri>
                </xsd1:localAndOutBoundAuthenticationConfig>
                <!--Optional:-->
                <xsd1:outboundProvisioningConfig>
                    <!--Zero or more repetitions:-->
                    <xsd1:provisionByRoleList></xsd1:provisionByRoleList>
                </xsd1:outboundProvisioningConfig>
                <!--Optional:-->
                <xsd1:permissionAndRoleConfig></xsd1:permissionAndRoleConfig>
                <!--Optional:-->
                <xsd1:saasApp>false</xsd1:saasApp>
            </xsd:serviceProvider>
        </xsd:updateApplication>
    </soapenv:Body>
</soapenv:Envelope>

Inbound provisioning

The inbound provisioning of the service provider can be configured.

Parameter Type Description
provisioningEnabled Boolean Specify whether inbound provisioning is enabled
provisioningUserStore String User store domain name
Click to view request
<xsd1:inboundProvisioningConfig>
    <!--Optional:-->
    <xsd1:dumbMode>?</xsd1:dumbMode>
    <!--Optional:-->
    <xsd1:provisioningEnabled>?</xsd1:provisioningEnabled>
    <!--Optional:-->
    <xsd1:provisioningUserStore>?</xsd1:provisioningUserStore>
</xsd1:inboundProvisioningConfig>
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://org.apache.axis2/xsd" xmlns:xsd1="http://model.common.application.identity.carbon.wso2.org/xsd">
   <soapenv:Header/>
   <soapenv:Body>
      <xsd:updateApplication>
         <!--Optional:-->
         <xsd:serviceProvider>
            <!--Optional:-->
            <xsd1:applicationID>2</xsd1:applicationID>
            <!--Optional:-->
            <xsd1:applicationName>travelocity.com</xsd1:applicationName>
            <!--Optional:-->
            <xsd1:claimConfig>
               <!--Optional:-->
               <xsd1:alwaysSendMappedLocalSubjectId>false</xsd1:alwaysSendMappedLocalSubjectId>
               <!--Optional:-->
               <xsd1:localClaimDialect>true</xsd1:localClaimDialect>
            </xsd1:claimConfig>
            <!--Optional:-->
            <xsd1:description>sample service provider</xsd1:description>
            <!--Optional:-->
            <xsd1:inboundAuthenticationConfig></xsd1:inboundAuthenticationConfig>
            <!--Optional:-->
            <xsd1:inboundProvisioningConfig>
               <!--Optional:-->
               <xsd1:provisioningEnabled>true</xsd1:provisioningEnabled>
               <!--Optional:-->
               <xsd1:provisioningUserStore>PRIMARY</xsd1:provisioningUserStore>
            </xsd1:inboundProvisioningConfig>
            <!--Optional:-->
            <xsd1:localAndOutBoundAuthenticationConfig>
               <!--Optional:-->
               <xsd1:alwaysSendBackAuthenticatedListOfIdPs>false</xsd1:alwaysSendBackAuthenticatedListOfIdPs>
               <!--Optional:-->
               <xsd1:authenticationStepForAttributes></xsd1:authenticationStepForAttributes>
               <!--Optional:-->
               <xsd1:authenticationStepForSubject></xsd1:authenticationStepForSubject>
               <xsd1:authenticationType>default</xsd1:authenticationType>
               <!--Optional:-->
               <xsd1:subjectClaimUri>http://wso2.org/claims/fullname</xsd1:subjectClaimUri>
            </xsd1:localAndOutBoundAuthenticationConfig>
            <!--Optional:-->
            <xsd1:outboundProvisioningConfig>
               <!--Zero or more repetitions:-->
               <xsd1:provisionByRoleList></xsd1:provisionByRoleList>
            </xsd1:outboundProvisioningConfig>
            <!--Optional:-->
            <xsd1:permissionAndRoleConfig></xsd1:permissionAndRoleConfig>
            <!--Optional:-->
            <xsd1:saasApp>false</xsd1:saasApp>
         </xsd:serviceProvider>
      </xsd:updateApplication>
   </soapenv:Body>
</soapenv:Envelope>

Local and outbound authentication

Parameter

Type

Description

alwaysSendBackAuthenticatedListOfIdPs

boolean

Always send back the authenticated list of identity providers.

true - send authenticated list of IdPs

false - do not send authenticated list of IdPs

authenticationSteps

AuthenticationStep

Zero or more authentication steps. This can be used for subjects and attributes as well.

authenticationSteps.attributeStep

boolean

true - Use attributes from the current step

authenticationSteps.federatedIdentityProviders

IdentityProvider

To configure federated IdPs, there should be one or more registered IdPs with at least one federated authenticator enabled.

With the request, it is necessary to include the IdP name and the federated authenticator name.

The federated authenticator should be enabled in the IdP. If a federated authenticator is not mentioned, the default federated authenticator for the IdP will be used.

authenticationSteps.localAuthenticatorConfigs

LocalAuthenticatorConfigs

Local authentication related configs for the authentication step. For example, you can specify whether to use a basic or an IWA authenticator.


To use basic, localAuthenticatorConfigs.name should be 'BasicAuthenticator' while 'IWAAuthenticator' for iwa.

authenticationSteps.stepOrder

int

Execution order of the step

authenticationSteps.subjectStep

boolean

true - Use subject identifier from this step

authenticationType

String

Depending on the requirement, the authentication type can be specified. The available types are: default, local, federated, flow .


Refer the sample requests below on each authentication type configuration.

subjectClaimUri

String

Subject claim URI

Click to view default request
<xsd1:localAndOutBoundAuthenticationConfig>
    <!--Optional:-->
    <xsd1:alwaysSendBackAuthenticatedListOfIdPs>false</xsd1:alwaysSendBackAuthenticatedListOfIdPs>
    <!--Optional:-->
    <xsd1:authenticationType>default</xsd1:authenticationType>
    <!--Optional:-->
    <xsd1:subjectClaimUri>http://wso2.org/claims/fullname</xsd1:subjectClaimUri>
</xsd1:localAndOutBoundAuthenticationConfig>
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://org.apache.axis2/xsd" xmlns:xsd1="http://model.common.application.identity.carbon.wso2.org/xsd">
   <soapenv:Header/>
   <soapenv:Body>
      <xsd:updateApplication>
         <!--Optional:-->
         <xsd:serviceProvider>
            <!--Optional:-->
            <xsd1:applicationID>2</xsd1:applicationID>
            <!--Optional:-->
            <xsd1:applicationName>travelocity.com</xsd1:applicationName>
            <!--Optional:-->
            <xsd1:claimConfig>
               <!--Optional:-->
               <xsd1:alwaysSendMappedLocalSubjectId>false</xsd1:alwaysSendMappedLocalSubjectId>
               <!--Optional:-->
               <xsd1:localClaimDialect>true</xsd1:localClaimDialect>
            </xsd1:claimConfig>
            <!--Optional:-->
            <xsd1:description>sample service provider</xsd1:description>
            <!--Optional:-->
            <xsd1:inboundAuthenticationConfig></xsd1:inboundAuthenticationConfig>
            <!--Optional:-->
            <xsd1:inboundProvisioningConfig>
               <!--Optional:-->
               <xsd1:provisioningEnabled>false</xsd1:provisioningEnabled>
               <!--Optional:-->
               <xsd1:provisioningUserStore>PRIMARY</xsd1:provisioningUserStore>
            </xsd1:inboundProvisioningConfig>
            <!--Optional:-->
            <xsd1:localAndOutBoundAuthenticationConfig>
               <!--Optional:-->
               <xsd1:alwaysSendBackAuthenticatedListOfIdPs>false</xsd1:alwaysSendBackAuthenticatedListOfIdPs>
               <!--Optional:-->
               <xsd1:authenticationType>default</xsd1:authenticationType>
               <!--Optional:-->
               <xsd1:subjectClaimUri>http://wso2.org/claims/fullname</xsd1:subjectClaimUri>
            </xsd1:localAndOutBoundAuthenticationConfig>
            <!--Optional:-->
            <xsd1:outboundProvisioningConfig>
               <!--Zero or more repetitions:-->
               <xsd1:provisionByRoleList></xsd1:provisionByRoleList>
            </xsd1:outboundProvisioningConfig>
            <!--Optional:-->
            <xsd1:permissionAndRoleConfig></xsd1:permissionAndRoleConfig>
            <!--Optional:-->
            <xsd1:saasApp>false</xsd1:saasApp>
         </xsd:serviceProvider>
      </xsd:updateApplication>
   </soapenv:Body>
</soapenv:Envelope>
Click to view local request

As there is only one <authenticationSteps> element configured here, there is no need to set the authenticationSteps.stepOrder, authenticationSteps.subjectStep, authenticationSteps.attributeStep attributes.

<xsd1:localAndOutBoundAuthenticationConfig>
    <!--Zero or more repetitions:-->
    <xsd1:authenticationSteps>
        <!--Zero or more repetitions:-->
        <xsd1:localAuthenticatorConfigs>
            <!--Optional:-->
            <xsd1:displayName>basic</xsd1:displayName>
            <!--Optional:-->
            <xsd1:name>BasicAuthenticator</xsd1:name>
            <!--Optional:-->
            <xsd1:valid>true</xsd1:valid>
            <!--Zero or more repetitions:-->
        </xsd1:localAuthenticatorConfigs>
        <!--Optional:-->
        <xsd1:stepOrder>1</xsd1:stepOrder>
        <!--Optional:-->
        <xsd1:subjectStep>false</xsd1:subjectStep>
        <!--Optional:-->
    </xsd1:authenticationSteps>
    <xsd1:authenticationType>local</xsd1:authenticationType>
    <!--Optional:-->
    <xsd1:subjectClaimUri>http://wso2.org/claims/fullname</xsd1:subjectClaimUri>
</xsd1:localAndOutBoundAuthenticationConfig>
<soapenv:Envelope
    xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
    xmlns:xsd="http://org.apache.axis2/xsd"
    xmlns:xsd1="http://model.common.application.identity.carbon.wso2.org/xsd">
    <soapenv:Header/>
    <soapenv:Body>
        <xsd:updateApplication>
            <!--Optional:-->
            <xsd:serviceProvider>
                <!--Optional:-->
                <xsd1:applicationID>2</xsd1:applicationID>
                <!--Optional:-->
                <xsd1:applicationName>travelocity.com</xsd1:applicationName>
                <!--Optional:-->
                <xsd1:claimConfig>
                    <!--Optional:-->
                    <xsd1:alwaysSendMappedLocalSubjectId>false</xsd1:alwaysSendMappedLocalSubjectId>
                    <!--Optional:-->
                    <xsd1:localClaimDialect>true</xsd1:localClaimDialect>
                </xsd1:claimConfig>
                <!--Optional:-->
                <xsd1:description>sample service provider</xsd1:description>
                <!--Optional:-->
                <xsd1:inboundAuthenticationConfig></xsd1:inboundAuthenticationConfig>
                <!--Optional:-->
                <xsd1:inboundProvisioningConfig>
                    <!--Optional:-->
                    <xsd1:provisioningEnabled>false</xsd1:provisioningEnabled>
                    <!--Optional:-->
                    <xsd1:provisioningUserStore>PRIMARY</xsd1:provisioningUserStore>
                </xsd1:inboundProvisioningConfig>
                <!--Optional:-->
                <xsd1:localAndOutBoundAuthenticationConfig>
                    <!--Zero or more repetitions:-->
                    <xsd1:authenticationSteps>
                        <!--Zero or more repetitions:-->
                        <xsd1:localAuthenticatorConfigs>
                            <!--Optional:-->
                            <xsd1:displayName>basic</xsd1:displayName>
                            <!--Optional:-->
                            <xsd1:name>BasicAuthenticator</xsd1:name>
                            <!--Optional:-->
                            <xsd1:valid>true</xsd1:valid>
                            <!--Zero or more repetitions:-->
                        </xsd1:localAuthenticatorConfigs>
                        <!--Optional:-->
                        <xsd1:stepOrder>1</xsd1:stepOrder>
                        <!--Optional:-->
                        <xsd1:subjectStep>false</xsd1:subjectStep>
                        <!--Optional:-->
                    </xsd1:authenticationSteps>
                    <xsd1:authenticationType>local</xsd1:authenticationType>
                    <!--Optional:-->
                    <xsd1:subjectClaimUri>http://wso2.org/claims/fullname</xsd1:subjectClaimUri>
                </xsd1:localAndOutBoundAuthenticationConfig>
                <!--Optional:-->
                <xsd1:outboundProvisioningConfig>
                    <!--Zero or more repetitions:-->
                    <xsd1:provisionByRoleList></xsd1:provisionByRoleList>
                </xsd1:outboundProvisioningConfig>
                <!--Optional:-->
                <xsd1:permissionAndRoleConfig></xsd1:permissionAndRoleConfig>
                <!--Optional:-->
                <xsd1:saasApp>false</xsd1:saasApp>
            </xsd:serviceProvider>
        </xsd:updateApplication>
    </soapenv:Body>
</soapenv:Envelope>
Click to view federated request

As there is only one <authenticationSteps> configured here, there is no need to set the authenticationSteps.stepOrder, authenticationSteps.subjectStep, authenticationSteps.attributeStep attributes.

<xsd1:localAndOutBoundAuthenticationConfig>
    <!--Zero or more repetitions:-->
    <xsd1:authenticationSteps>
        <!--Zero or more repetitions:-->
        <xsd1:federatedIdentityProviders>
            <!--Zero or more repetitions:-->
            <xsd1:federatedAuthenticatorConfigs>
                <!--Optional:-->
                <xsd1:displayName>samlsso</xsd1:displayName>
                <!--Optional:-->
                <xsd1:name>SAMLSSOAuthenticator</xsd1:name>
                <!--Optional:-->
                <xsd1:valid>true</xsd1:valid>
            </xsd1:federatedAuthenticatorConfigs>
            <!--Optional:-->
            <xsd1:identityProviderName>TrustedIdP</xsd1:identityProviderName>
        </xsd1:federatedIdentityProviders>
        <!--Optional:-->
        <xsd1:stepOrder>1</xsd1:stepOrder>
        <!--Optional:-->
        <xsd1:subjectStep>false</xsd1:subjectStep>
        <!--Optional:-->
    </xsd1:authenticationSteps>
    <xsd1:authenticationType>federated</xsd1:authenticationType>
    <!--Optional:-->
    <xsd1:subjectClaimUri>http://wso2.org/claims/fullname</xsd1:subjectClaimUri>
</xsd1:localAndOutBoundAuthenticationConfig>
<soapenv:Envelope
    xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
    xmlns:xsd="http://org.apache.axis2/xsd"
    xmlns:xsd1="http://model.common.application.identity.carbon.wso2.org/xsd">
    <soapenv:Header/>
    <soapenv:Body>
        <xsd:updateApplication>
            <!--Optional:-->
            <xsd:serviceProvider>
                <!--Optional:-->
                <xsd1:applicationID>2</xsd1:applicationID>
                <!--Optional:-->
                <xsd1:applicationName>travelocity.com</xsd1:applicationName>
                <!--Optional:-->
                <xsd1:claimConfig>
                    <!--Optional:-->
                    <xsd1:alwaysSendMappedLocalSubjectId>false</xsd1:alwaysSendMappedLocalSubjectId>
                    <!--Optional:-->
                    <xsd1:localClaimDialect>true</xsd1:localClaimDialect>
                </xsd1:claimConfig>
                <!--Optional:-->
                <xsd1:description>sample service provider</xsd1:description>
                <!--Optional:-->
                <xsd1:inboundAuthenticationConfig></xsd1:inboundAuthenticationConfig>
                <!--Optional:-->
                <xsd1:inboundProvisioningConfig>
                    <!--Optional:-->
                    <xsd1:provisioningEnabled>false</xsd1:provisioningEnabled>
                    <!--Optional:-->
                    <xsd1:provisioningUserStore>PRIMARY</xsd1:provisioningUserStore>
                </xsd1:inboundProvisioningConfig>
                <!--Optional:-->
                <xsd1:localAndOutBoundAuthenticationConfig>
                    <!--Zero or more repetitions:-->
                    <xsd1:authenticationSteps>
                        <!--Zero or more repetitions:-->
                        <xsd1:federatedIdentityProviders>
                            <!--Zero or more repetitions:-->
                            <xsd1:federatedAuthenticatorConfigs>
                                <!--Optional:-->
                                <xsd1:displayName>samlsso</xsd1:displayName>
                                <!--Optional:-->
                                <xsd1:name>SAMLSSOAuthenticator</xsd1:name>
                                <!--Optional:-->
                                <xsd1:valid>true</xsd1:valid>
                            </xsd1:federatedAuthenticatorConfigs>
                            <!--Optional:-->
                            <xsd1:identityProviderName>TrustedIdP</xsd1:identityProviderName>
                        </xsd1:federatedIdentityProviders>
                        <!--Optional:-->
                        <xsd1:stepOrder>1</xsd1:stepOrder>
                        <!--Optional:-->
                        <xsd1:subjectStep>false</xsd1:subjectStep>
                        <!--Optional:-->
                    </xsd1:authenticationSteps>
                    <xsd1:authenticationType>federated</xsd1:authenticationType>
                    <!--Optional:-->
                    <xsd1:subjectClaimUri>http://wso2.org/claims/fullname</xsd1:subjectClaimUri>
                </xsd1:localAndOutBoundAuthenticationConfig>
                <!--Optional:-->
                <xsd1:outboundProvisioningConfig>
                    <!--Zero or more repetitions:-->
                    <xsd1:provisionByRoleList></xsd1:provisionByRoleList>
                </xsd1:outboundProvisioningConfig>
                <!--Optional:-->
                <xsd1:permissionAndRoleConfig></xsd1:permissionAndRoleConfig>
                <!--Optional:-->
                <xsd1:saasApp>false</xsd1:saasApp>
            </xsd:serviceProvider>
        </xsd:updateApplication>
    </soapenv:Body>
</soapenv:Envelope>
Click to view the advanced format

Multiple <authenticationSteps> can be configured here. Therefore, in each <authenticationSteps>, the stepOrder and whether the subject identifiers and attributes should be used from that particular step.

<xsd1:localAndOutBoundAuthenticationConfig>
    <!--Zero or more repetitions:-->
    <xsd1:authenticationSteps>
        <!--Zero or more repetitions:-->
        <xsd1:federatedIdentityProviders>
            <!--Zero or more repetitions:-->
            <xsd1:federatedAuthenticatorConfigs>
                <!--Optional:-->
                <xsd1:displayName>samlsso</xsd1:displayName>
                <!--Optional:-->
                <xsd1:name>SAMLSSOAuthenticator</xsd1:name>
                <!--Optional:-->
                <xsd1:valid>true</xsd1:valid>
            </xsd1:federatedAuthenticatorConfigs>
            <!--Optional:-->
            <xsd1:identityProviderName>TrustedIdP</xsd1:identityProviderName>
        </xsd1:federatedIdentityProviders>
        <!--Zero or more repetitions:-->
        <xsd1:localAuthenticatorConfigs>
            <!--Optional:-->
            <xsd1:displayName>basic</xsd1:displayName>
            <!--Optional:-->
            <xsd1:name>BasicAuthenticator</xsd1:name>
            <!--Optional:-->
            <xsd1:valid>true</xsd1:valid>
            <!--Zero or more repetitions:-->
        </xsd1:localAuthenticatorConfigs>
        <!--Optional:-->
        <xsd1:stepOrder>1</xsd1:stepOrder>
        <!--Optional:-->
        <xsd1:subjectStep>false</xsd1:subjectStep>
        <!--Optional:-->
    </xsd1:authenticationSteps>
    <xsd1:authenticationType>flow</xsd1:authenticationType>
    <!--Optional:-->
    <xsd1:subjectClaimUri>http://wso2.org/cla
<soapenv:Envelope
    xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
    xmlns:xsd="http://org.apache.axis2/xsd"
    xmlns:xsd1="http://model.common.application.identity.carbon.wso2.org/xsd">
    <soapenv:Header/>
    <soapenv:Body>
        <xsd:updateApplication>
            <!--Optional:-->
            <xsd:serviceProvider>
                <!--Optional:-->
                <xsd1:applicationID>2</xsd1:applicationID>
                <!--Optional:-->
                <xsd1:applicationName>travelocity.com</xsd1:applicationName>
                <!--Optional:-->
                <xsd1:claimConfig>
                    <!--Optional:-->
                    <xsd1:alwaysSendMappedLocalSubjectId>false</xsd1:alwaysSendMappedLocalSubjectId>
                    <!--Optional:-->
                    <xsd1:localClaimDialect>true</xsd1:localClaimDialect>
                </xsd1:claimConfig>
                <!--Optional:-->
                <xsd1:description>sample service provider</xsd1:description>
                <!--Optional:-->
                <xsd1:inboundAuthenticationConfig></xsd1:inboundAuthenticationConfig>
                <!--Optional:-->
                <xsd1:inboundProvisioningConfig>
                    <!--Optional:-->
                    <xsd1:provisioningEnabled>false</xsd1:provisioningEnabled>
                    <!--Optional:-->
                    <xsd1:provisioningUserStore>PRIMARY</xsd1:provisioningUserStore>
                </xsd1:inboundProvisioningConfig>
                <!--Optional:-->
                <xsd1:localAndOutBoundAuthenticationConfig>
                    <!--Zero or more repetitions:-->
                    <xsd1:authenticationSteps>
                        <!--Zero or more repetitions:-->
                        <xsd1:federatedIdentityProviders>
                            <!--Zero or more repetitions:-->
                            <xsd1:federatedAuthenticatorConfigs>
                                <!--Optional:-->
                                <xsd1:displayName>samlsso</xsd1:displayName>
                                <!--Optional:-->
                                <xsd1:name>SAMLSSOAuthenticator</xsd1:name>
                                <!--Optional:-->
                                <xsd1:valid>true</xsd1:valid>
                            </xsd1:federatedAuthenticatorConfigs>
                            <!--Optional:-->
                            <xsd1:identityProviderName>TrustedIdP</xsd1:identityProviderName>
                        </xsd1:federatedIdentityProviders>
                        <!--Zero or more repetitions:-->
                        <xsd1:localAuthenticatorConfigs>
                            <!--Optional:-->
                            <xsd1:displayName>basic</xsd1:displayName>
                            <!--Optional:-->
                            <xsd1:name>BasicAuthenticator</xsd1:name>
                            <!--Optional:-->
                            <xsd1:valid>true</xsd1:valid>
                            <!--Zero or more repetitions:-->
                        </xsd1:localAuthenticatorConfigs>
                        <!--Optional:-->
                        <xsd1:stepOrder>1</xsd1:stepOrder>
                        <!--Optional:-->
                        <xsd1:subjectStep>false</xsd1:subjectStep>
                        <!--Optional:-->
                    </xsd1:authenticationSteps>
                    <xsd1:authenticationType>flow</xsd1:authenticationType>
                    <!--Optional:-->
                    <xsd1:subjectClaimUri>http://wso2.org/claims/fullname</xsd1:subjectClaimUri>
                </xsd1:localAndOutBoundAuthenticationConfig>
                <!--Optional:-->
                <xsd1:outboundProvisioningConfig>
                    <!--Zero or more repetitions:-->
                    <xsd1:provisionByRoleList></xsd1:provisionByRoleList>
                </xsd1:outboundProvisioningConfig>
                <!--Optional:-->
                <xsd1:permissionAndRoleConfig></xsd1:permissionAndRoleConfig>
                <!--Optional:-->
                <xsd1:saasApp>false</xsd1:saasApp>
            </xsd:serviceProvider>
        </xsd:updateApplication>
    </soapenv:Body>
</soapenv:Envelope>            

Request path authenticator

Specify configurations related to zero or more request path authenticators.

Parameter

Type

Description

displayName

String

The name that displays

enabled

Boolean

true - enable

false - deisable

name

String

OAuthRequestPathAuthenticator

BasicAuthRequestPathAuthenticator

valid

boolean

true - valid

false - invalid

properties

Property

List of properties in a array

Click to view request
<xsd1:requestPathAuthenticatorConfigs>
    <!--Optional:-->
    <xsd1:name>BasicAuthRequestPathAuthenticator</xsd1:name>
    <!--Optional:-->
    <xsd1:valid>true</xsd1:valid>
</xsd1:requestPathAuthenticatorConfigs>
<xsd1:requestPathAuthenticatorConfigs>
    <!--Optional:-->
    <xsd1:name>OAuthRequestPathAuthenticator</xsd1:name>
    <!--Optional:-->
    <xsd1:valid>true</xsd1:valid>
</xsd1:requestPathAuthenticatorConfigs>
<soapenv:Envelope
    xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
    xmlns:xsd="http://org.apache.axis2/xsd"
    xmlns:xsd1="http://model.common.application.identity.carbon.wso2.org/xsd">
    <soapenv:Header/>
    <soapenv:Body>
        <xsd:updateApplication>
            <!--Optional:-->
            <xsd:serviceProvider>
                <!--Optional:-->
                <xsd1:applicationID>2</xsd1:applicationID>
                <!--Optional:-->
                <xsd1:applicationName>travelocity.com</xsd1:applicationName>
                <!--Optional:-->
                <xsd1:claimConfig>
                    <!--Optional:-->
                    <xsd1:alwaysSendMappedLocalSubjectId>false</xsd1:alwaysSendMappedLocalSubjectId>
                    <!--Optional:-->
                    <xsd1:localClaimDialect>true</xsd1:localClaimDialect>
                </xsd1:claimConfig>
                <!--Optional:-->
                <xsd1:description>sample service provider</xsd1:description>
                <!--Optional:-->
                <xsd1:inboundAuthenticationConfig></xsd1:inboundAuthenticationConfig>
                <!--Optional:-->
                <xsd1:inboundProvisioningConfig>
                    <!--Optional:-->
                    <xsd1:provisioningEnabled>false</xsd1:provisioningEnabled>
                    <!--Optional:-->
                    <xsd1:provisioningUserStore>PRIMARY</xsd1:provisioningUserStore>
                </xsd1:inboundProvisioningConfig>
                <!--Optional:-->
                <xsd1:localAndOutBoundAuthenticationConfig>
                    <!--Optional:-->
                    <xsd1:alwaysSendBackAuthenticatedListOfIdPs>false</xsd1:alwaysSendBackAuthenticatedListOfIdPs>
                    <!--Optional:-->
                    <xsd1:authenticationStepForAttributes></xsd1:authenticationStepForAttributes>
                    <!--Optional:-->
                    <xsd1:authenticationStepForSubject></xsd1:authenticationStepForSubject>
                    <xsd1:authenticationType>default</xsd1:authenticationType>
                    <!--Optional:-->
                    <xsd1:subjectClaimUri>http://wso2.org/claims/fullname</xsd1:subjectClaimUri>
                </xsd1:localAndOutBoundAuthenticationConfig>
                <!--Optional:-->
                <xsd1:outboundProvisioningConfig>
                    <!--Zero or more repetitions:-->
                    <xsd1:provisionByRoleList></xsd1:provisionByRoleList>
                </xsd1:outboundProvisioningConfig>
                <!--Optional:-->
                <xsd1:permissionAndRoleConfig></xsd1:permissionAndRoleConfig>
                <!--Zero or more repetitions:-->
                <xsd1:requestPathAuthenticatorConfigs>
                    <!--Optional:-->
                    <xsd1:name>BasicAuthRequestPathAuthenticator</xsd1:name>
                    <!--Optional:-->
                    <xsd1:valid>true</xsd1:valid>
                </xsd1:requestPathAuthenticatorConfigs>
                <xsd1:requestPathAuthenticatorConfigs>
                    <!--Optional:-->
                    <xsd1:name>OAuthRequestPathAuthenticator</xsd1:name>
                    <!--Optional:-->
                    <xsd1:valid>true</xsd1:valid>
                </xsd1:requestPathAuthenticatorConfigs>
                <!--Optional:-->
                <xsd1:saasApp>false</xsd1:saasApp>
            </xsd:serviceProvider>
        </xsd:updateApplication>
    </soapenv:Body>
</soapenv:Envelope>      

Outbound provisioning

To configure the outbound provisioning of the service provider, use the following parameters.

Parameter

Type

Description

provisionByRoleList

String

-

provisioningIdentityProviders

IdentityProvider

To configure provisioning IdPs, there should be one or more registered IdPs, with at least one outbound provisioning connector enabled.

Include the IdP name and provisioning connector name and specify whether to enable JiT provisioning with the request.

Click to view request
<xsd1:outboundProvisioningConfig>
    <!--Zero or more repetitions:-->
    <xsd1:provisionByRoleList></xsd1:provisionByRoleList>
    <!--Zero or more repetitions:-->
    <xsd1:provisioningIdentityProviders>
        <!--Optional:-->
        <xsd1:defaultProvisioningConnectorConfig>
            <!--Optional:-->
            <xsd1:blocking>false</xsd1:blocking>
            <!--Optional:-->
            <xsd1:enabled>false</xsd1:enabled>
            <!--Optional:-->
            <xsd1:name>scim</xsd1:name>
            <!--Optional:-->
        </xsd1:defaultProvisioningConnectorConfig>
        <!--Optional:-->
        <xsd1:identityProviderName>TrustedIdP</xsd1:identityProviderName>
        <!--Optional:-->
        <xsd1:justInTimeProvisioningConfig>
            <!--Optional:-->
            <xsd1:dumbMode>false</xsd1:dumbMode>
            <!--Optional:-->
            <xsd1:provisioningEnabled>true</xsd1:provisioningEnabled>
        </xsd1:justInTimeProvisioningConfig>
    </xsd1:provisioningIdentityProviders>
</xsd1:outboundProvisioningConfig>
<soapenv:Envelope
    xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
    xmlns:xsd="http://org.apache.axis2/xsd"
    xmlns:xsd1="http://model.common.application.identity.carbon.wso2.org/xsd">
    <soapenv:Header/>
    <soapenv:Body>
        <xsd:updateApplication>
            <!--Optional:-->
            <xsd:serviceProvider>
                <!--Optional:-->
                <xsd1:applicationID>2</xsd1:applicationID>
                <!--Optional:-->
                <xsd1:applicationName>travelocity.com</xsd1:applicationName>
                <!--Optional:-->
                <xsd1:claimConfig>
                    <!--Optional:-->
                    <xsd1:alwaysSendMappedLocalSubjectId>false</xsd1:alwaysSendMappedLocalSubjectId>
                    <!--Zero or more repetitions:-->
                    <xsd1:claimMappings>
                        <!--Optional:-->
                        <xsd1:localClaim>
                            <!--Optional:-->
                            <xsd1:claimUri>http://wso2.org/claims/givenname</xsd1:claimUri>
                        </xsd1:localClaim>
                        <!--Optional:-->
                        <xsd1:mandatory>true</xsd1:mandatory>
                        <!--Optional:-->
                        <xsd1:remoteClaim>
                            <!--Optional:-->
                            <xsd1:claimUri>name</xsd1:claimUri>
                        </xsd1:remoteClaim>
                        <!--Optional:-->
                        <xsd1:requested>true</xsd1:requested>
                    </xsd1:claimMappings>
                    <xsd1:claimMappings>
                        <!--Optional:-->
                        <xsd1:localClaim>
                            <!--Optional:-->
                            <xsd1:claimUri>http://wso2.org/claims/role</xsd1:claimUri>
                        </xsd1:localClaim>
                        <!--Optional:-->
                        <xsd1:mandatory>true</xsd1:mandatory>
                        <!--Optional:-->
                        <xsd1:remoteClaim>
                            <!--Optional:-->
                            <xsd1:claimUri>role</xsd1:claimUri>
                        </xsd1:remoteClaim>
                        <!--Optional:-->
                        <xsd1:requested>true</xsd1:requested>
                    </xsd1:claimMappings>
                    <!--Optional:-->
                    <xsd1:localClaimDialect>false</xsd1:localClaimDialect>
                    <!--Optional:-->
                    <xsd1:roleClaimURI>role</xsd1:roleClaimURI>
                    <!--Optional:-->
                    <xsd1:userClaimURI>user</xsd1:userClaimURI>
                </xsd1:claimConfig>
                <!--Optional:-->
                <xsd1:description>sample service provider</xsd1:description>
                <!--Optional:-->
                <xsd1:inboundAuthenticationConfig></xsd1:inboundAuthenticationConfig>
                <!--Optional:-->
                <xsd1:inboundProvisioningConfig>
                    <!--Optional:-->
                    <xsd1:provisioningEnabled>false</xsd1:provisioningEnabled>
                    <!--Optional:-->
                    <xsd1:provisioningUserStore>PRIMARY</xsd1:provisioningUserStore>
                </xsd1:inboundProvisioningConfig>
                <!--Optional:-->
                <xsd1:localAndOutBoundAuthenticationConfig>
                    <!--Optional:-->
                    <xsd1:alwaysSendBackAuthenticatedListOfIdPs>false</xsd1:alwaysSendBackAuthenticatedListOfIdPs>
                    <!--Optional:-->
                    <xsd1:authenticationStepForAttributes></xsd1:authenticationStepForAttributes>
                    <!--Optional:-->
                    <xsd1:authenticationStepForSubject></xsd1:authenticationStepForSubject>
                    <xsd1:authenticationType>default</xsd1:authenticationType>
                    <!--Optional:-->
                    <xsd1:subjectClaimUri>name</xsd1:subjectClaimUri>
                </xsd1:localAndOutBoundAuthenticationConfig>
                <!--Optional:-->
                <xsd1:outboundProvisioningConfig>
                    <!--Zero or more repetitions:-->
                    <xsd1:provisionByRoleList></xsd1:provisionByRoleList>
                    <!--Zero or more repetitions:-->
                    <xsd1:provisioningIdentityProviders>
                        <!--Optional:-->
                        <xsd1:defaultProvisioningConnectorConfig>
                            <!--Optional:-->
                            <xsd1:blocking>false</xsd1:blocking>
                            <!--Optional:-->
                            <xsd1:enabled>false</xsd1:enabled>
                            <!--Optional:-->
                            <xsd1:name>scim</xsd1:name>
                            <!--Optional:-->
                        </xsd1:defaultProvisioningConnectorConfig>
                        <!--Optional:-->
                        <xsd1:identityProviderName>TrustedIdP</xsd1:identityProviderName>
                        <!--Optional:-->
                        <xsd1:justInTimeProvisioningConfig>
                            <!--Optional:-->
                            <xsd1:dumbMode>false</xsd1:dumbMode>
                            <!--Optional:-->
                            <xsd1:provisioningEnabled>true</xsd1:provisioningEnabled>
                        </xsd1:justInTimeProvisioningConfig>
                    </xsd1:provisioningIdentityProviders>
                </xsd1:outboundProvisioningConfig>
                <!--Optional:-->
                <xsd1:permissionAndRoleConfig></xsd1:permissionAndRoleConfig>
                <!--Optional:-->
                <xsd1:saasApp>false</xsd1:saasApp>
            </xsd:serviceProvider>
        </xsd:updateApplication>
    </soapenv:Body>
</soapenv:Envelope>

deleteApplication

Description A service provider is deleted based on the application name. The input parameters and the format of the request should be as follows.
Permission Level /permission/admin/manage
Input Parameters
  • applicationName [String]: This is the application name.
Request
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://org.apache.axis2/xsd">
 <soapenv:Header/>
 <soapenv:Body>
    <xsd:deleteApplication>
       <!--Optional:-->
       <xsd:applicationName>TestSP</xsd:applicationName>
    </xsd:deleteApplication>
 </soapenv:Body>
</soapenv:Envelope>
Response
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
 <soapenv:Body>
    <ns:deleteApplicationResponse xmlns:ns="http://org.apache.axis2/xsd">
       <ns:return xsi:nil="true" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"/>
    </ns:deleteApplicationResponse>
 </soapenv:Body>
</soapenv:Envelope>

getAllApplicationBasicInfo

Description This operation can use to get all available service provider names and their descriptions.
Permission Level /permission/admin/manage
Request
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://org.apache.axis2/xsd">
 <soapenv:Header/>
 <soapenv:Body>
    <xsd:getAllApplicationBasicInfo/>
 </soapenv:Body>
<</soapenv:Envelope>
Response
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
 <soapenv:Body>
    <ns:getAllApplicationBasicInfoResponse xmlns:ns="http://org.apache.axis2/xsd" xmlns:ax2115="http://core.carbon.wso2.org/xsd" xmlns:ax2114="http://mgt.application.identity.carbon.wso2.org/xsd" xmlns:ax2120="http://common.application.identity.carbon.wso2.org/xsd" xmlns:ax2117="http://model.common.application.identity.carbon.wso2.org/xsd">
 <ns:return xsi:type="ax2117:ApplicationBasicInfo" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
          <ax2117:applicationName>TestSP1</ax2117:applicationName>
          <ax2117:description>Test Service Provider-1</ax2117:description>
       </ns:return>
    </ns:getAllApplicationBasicInfoResponse>
 </soapenv:Body>
</soapenv:Envelope>

getAllIdentityProviders

Description This operation retrieves the available identity providers.
Permission Level /permission/admin/manage
Request
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://org.apache.axis2/xsd">
 <soapenv:Header/>
 <soapenv:Body>
    <xsd:getAllIdentityProviders/>
 <</soapenv:Body>
</soapenv:Envelope>
Response
<soapenv:Envelope
    xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
  <soapenv:Body>
      <ns:getAllIdentityProvidersResponse
          xmlns:ns="http://org.apache.axis2/xsd"
          xmlns:ax2115="http://core.carbon.wso2.org/xsd"
          xmlns:ax2114="http://mgt.application.identity.carbon.wso2.org/xsd"
          xmlns:ax2120="http://common.application.identity.carbon.wso2.org/xsd"
          xmlns:ax2117="http://model.common.application.identity.carbon.wso2.org/xsd">
          <ns:return xsi:type="ax2117:IdentityProvider"
              xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
              <ax2117:alias xsi:nil="true"/>
              <ax2117:certificate xsi:nil="true"/>
              <ax2117:claimConfig xsi:nil="true"/>
              <ax2117:defaultAuthenticatorConfig xsi:nil="true"/>
              <ax2117:defaultProvisioningConnectorConfig xsi:nil="true"/>
              <ax2117:displayName xsi:nil="true"/>
              <ax2117:enable>true</ax2117:enable>
              <ax2117:federatedAuthenticatorConfigs xsi:type="ax2117:FederatedAuthenticatorConfig">
          ...</ax2117:federatedAuthenticatorConfigs>
  <<ax2117:federationHub>false</ax2117:federationHub>
              <ax2117:homeRealmId xsi:nil="true"/>
              <ax2117:identityProviderDescription xsi:nil="true"/>
              <ax2117:identityProviderName>TestIdP</ax2117:identityProviderName>
              <ax2117:justInTimeProvisioningConfig xsi:nil="true"/>
              <ax2117:permissionAndRoleConfig xsi:nil="true"/>
              <ax2117:primary>false</ax2117:primary>
              <ax2117:provisioningConnectorConfigs xsi:type="ax2117:ProvisioningConnectorConfig">...
          </ax2117:provisioningConnectorConfigs>
              <ax2117:provisioningRole xsi:nil="true"/>
          </ns:return>
      </ns:getAllIdentityProvidersResponse>
  </soapenv:Body>
</soapenv:Envelope>

getAllLocalAuthenticators

Description This operation retrieves the available local authenticators.
Permission Level /permission/admin/manage
Request
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://org.apache.axis2/xsd">
 <soapenv:Header/>
 <<soapenv:Body>
    <xsd:getAllLocalAuthenticators/>
 </soapenv:Body>
</soapenv:Envelope>
Response
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
 <soapenv:Body>
    <ns:getAllLocalAuthenticatorsResponse xmlns:ns="http://org.apache.axis2/xsd" xmlns:ax2115="http://core.carbon.wso2.org/xsd" xmlns:ax2114="http://mgt.application.identity.carbon.wso2.org/xsd" xmlns:ax2120="http://common.application.identity.carbon.wso2.org/xsd" xmlns:ax2117="http://model.common.application.identity.carbon.wso2.org/xsd">
       <ns:return xsi:type="ax2117:LocalAuthenticatorConfig" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
          <ax2117:displayName>basic</ax2117:displayName>
          <ax2117:enabled>false</ax2117:enabled>
          <ax2117:name>BasicAuthenticator</ax2117:name>
          <ax2117:valid>true</ax2117:valid>
       </ns:return>
       <ns:return xsi:type="ax2117:LocalAuthenticatorConfig" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
          <ax2117:displayName>iwa</ax2117:displayName>
          <ax2117:enabled>false</ax2117:enabled>
          <ax2117:name>IWAAuthenticator</ax2117:name>
          <ax2117:valid>true</ax2117:valid>
       </ns:return>
    </ns:getAllLocalAuthenticatorsResponse>
 </soapenv:Body>
</soapenv:Envelope>

getAllLocalClaimUris

Description This operation retrieves the available claim URI values that are in http://wso2.org/claims dialect.
Permission Level /permission/admin/manage
Request
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://org.apache.axis2/xsd">
 <soapenv:Header/>
 <<soapenv:Body>
    <xsd:getAllLocalClaimUris/>
 </soapenv:Body>
</soapenv:Envelope>
Response
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
 <soapenv:Body>
    <ns:getAllLocalClaimUrisResponse xmlns:ns="http://org.apache.axis2/xsd" xmlns:ax2115="http://core.carbon.wso2.org/xsd" xmlns:ax2114="http://mgt.application.identity.carbon.wso2.org/xsd" xmlns:ax2120="http://common.application.identity.carbon.wso2.org/xsd" xmlns:ax2117="http://model.common.application.identity.carbon.wso2.org/xsd">
       <ns:return>http://wso2.org/claims/otherphone</ns:return>
       <ns:return>http://wso2.org/claims/dob</ns:return>
       <ns:return>http://wso2.org/claims/primaryChallengeQuestion</ns:return>
       <ns:return>http://wso2.org/claims/role</ns:return>
       <ns:return>http://wso2.org/claims/challengeQuestion1</ns:return>
       <ns:return>http://wso2.org/claims/telephone</ns:return>
       <ns:return>http://wso2.org/claims/mobile</ns:return>
       <ns:return>http://wso2.org/claims/country</ns:return>
       <ns:return>http://wso2.org/claims/challengeQuestionUris</ns:return>
       <ns:return>http://wso2.org/claims/postalcode</ns:return>
       <ns:return>http://wso2.org/claims/challengeQuestion2</ns:return>
       <ns:return>http://wso2.org/claims/identity/accountLocked</ns:return>
       <ns:return>http://wso2.org/claims/nickname</ns:return>
       <ns:return>http://wso2.org/claims/streetaddress</ns:return>
       <ns:return>http://wso2.org/claims/url</ns:return>
       <ns:return>http://wso2.org/claims/givenname</ns:return>
       <ns:return>http://wso2.org/claims/emailaddress</ns:return>
       <ns:return>http://wso2.org/claims/oneTimePassword</ns:return>
       <ns:return>http://wso2.org/claims/region</ns:return>
       <ns:return>http://wso2.org/claims/gender</ns:return>
       <ns:return>http://wso2.org/claims/fullname</ns:return>
       <ns:return>http://wso2.org/claims/passwordTimestamp</ns:return>
       <ns:return>http://wso2.org/claims/title</ns:return>
       <ns:return>http://wso2.org/claims/locality</ns:return>
       <ns:return>http://wso2.org/claims/stateorprovince</ns:return>
       <ns:return>http://wso2.org/claims/im</ns:return>
       <ns:return>http://wso2.org/claims/organization</ns:return>
       <ns:return>http://wso2.org/claims/lastname</ns:return>
    </ns:getAllLocalClaimUrisResponse>
 </soapenv:Body>
</soapenv:Envelope>

getAllRequestPathAuthenticators

Description This operation retrieves the available request patch authenticators.
Permission Level /permission/admin/manage
Request
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://org.apache.axis2/xsd">
 <soapenv:Header/>
 <soapenv:Body>
    <xsd:getAllRequestPathAuthenticators/>
 </soapenv:Body>
</soapenv:Envelope>
Response
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
 <soapenv:Body>
    <ns:getAllRequestPathAuthenticatorsResponse xmlns:ns="http://org.apache.axis2/xsd" xmlns:ax2115="http://core.carbon.wso2.org/xsd" xmlns:ax2114="http://mgt.application.identity.carbon.wso2.org/xsd" xmlns:ax2120="http://common.application.identity.carbon.wso2.org/xsd" xmlns:ax2117="http://model.common.application.identity.carbon.wso2.org/xsd">
       <ns:return xsi:type="ax2117:RequestPathAuthenticatorConfig" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
          <ax2117:displayName>basic-auth</ax2117:displayName>
          <ax2117:enabled>false</ax2117:enabled>
          <ax2117:name>BasicAuthRequestPathAuthenticator</ax2117:name>
          <ax2117:valid>true</ax2117:valid>
       </ns:return>
       <ns:return xsi:type="ax2117:RequestPathAuthenticatorConfig" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
          <ax2117:displayName>oauth-bearer</ax2117:displayName>
          <ax2117:enabled>false</ax2117:enabled>
          <ax2117:name>OAuthRequestPathAuthenticator</ax2117:name>
          <ax2117:valid>true</ax2117:valid>
       </ns:return>
    </ns:getAllRequestPathAuthenticatorsResponse>
 </soapenv:Body>
</soapenv:Envelope>

getApplication

Description This operation retrieves the the service provider information while passing the application name.
Permission Level /permission/admin/manage
Input Parameters
  • applicationName [String]: This is the application name.
Request
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://org.apache.axis2/xsd">
 <soapenv:Header/>
 <soapenv:Body>
    <xsd:getApplication>
       <!--Optional:-->
       <xsd:applicationName>TestSP</xsd:applicationName>
    </xsd:getApplication>
 <</soapenv:Body>
</soapenv:Envelope>
Response
<soapenv:Envelope
    xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
    <soapenv:Body>
        <ns:getApplicationResponse
            xmlns:ns="http://org.apache.axis2/xsd">
            <ns:return xsi:type="ax2117:ServiceProvider"
                xmlns:ax2115="http://core.carbon.wso2.org/xsd"
                xmlns:ax2114="http://mgt.application.identity.carbon.wso2.org/xsd"
                xmlns:ax2120="http://common.application.identity.carbon.wso2.org/xsd"
                xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                xmlns:ax2117="http://model.common.application.identity.carbon.wso2.org/xsd">
                <ax2117:applicationID>4</ax2117:applicationID>
                <ax2117:applicationName>TestSP</ax2117:applicationName>
                <ax2117:claimConfig xsi:type="ax2117:ClaimConfig">...
            </ax2117:claimConfig>
                <ax2117:description>Description</ax2117:description>
                <ax2117:inboundAuthenticationConfig xsi:type="ax2117:InboundAuthenticationConfig">
            ...
            </ax2117:inboundAuthenticationConfig>
                <ax2117:localAndOutBoundAuthenticationConfig xsi:type="ax2117:LocalAndOutboundAuthenticationConfig">
            ...</ax2117:localAndOutBoundAuthenticationConfig>
                <ax2117:outboundProvisioningConfig xsi:type="ax2117:OutboundProvisioningConfig">
            ..    
            </ax2117:outboundProvisioningConfig>
                <ax2117:owner xsi:type="ax2117:User">
                ...
            </ax2117:owner>
                <ax2117:permissionAndRoleConfig xsi:type="ax2117:PermissionsAndRoleConfig"/>
                <ax2117:saasApp>true</ax2117:saasApp>
            </ns:return>
        </ns:getApplicationResponse>
    </soapenv:Body>
</soapenv:Envelope>

getIdentityProvider

Description This operation retrieves the identity provider information while passing the identity provider name.
Permission Level /permission/admin/manage
Input Parameters
  • federatedIdPName [String]: This is the identity provider name.
Request
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://org.apache.axis2/xsd">
 <soapenv:Header/>
 <soapenv:Body>
    <xsd:getIdentityProvider>
       <!--Optional:-->
       <xsd:federatedIdPName>TestIdP</xsd:federatedIdPName>
    </xsd:getIdentityProvider>
 </soapenv:Body>
</soapenv:Envelope>
Response
<soapenv:Envelope
    xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
  <soapenv:Body>
      <ns:getIdentityProvidersResponse
          xmlns:ns="http://org.apache.axis2/xsd"
          xmlns:ax2115="http://core.carbon.wso2.org/xsd"
          xmlns:ax2114="http://mgt.application.identity.carbon.wso2.org/xsd"
          xmlns:ax2120="http://common.application.identity.carbon.wso2.org/xsd"
          xmlns:ax2117="http://model.common.application.identity.carbon.wso2.org/xsd">
          <ns:return xsi:type="ax2117:IdentityProvider"
              xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
              <ax2117:alias xsi:nil="true"/>
              <ax2117:certificate xsi:nil="true"/>
              <ax2117:claimConfig xsi:nil="true"/>
              <ax2117:defaultAuthenticatorConfig xsi:nil="true"/>
              <ax2117:defaultProvisioningConnectorConfig xsi:nil="true"/>
              <ax2117:displayName xsi:nil="true"/>
              <ax2117:enable>true</ax2117:enable>
              <ax2117:federatedAuthenticatorConfigs xsi:type="ax2117:FederatedAuthenticatorConfig">
          ...</ax2117:federatedAuthenticatorConfigs>
              <ax2117:federationHub>false</ax2117:federationHub>
              <ax2117:homeRealmId xsi:nil="true"/>
              <ax2117:identityProviderDescription xsi:nil="true"/>
              <ax2117:identityProviderName>TestIdP</ax2117:identityProviderName>
              <ax2117:justInTimeProvisioningConfig xsi:nil="true"/>
              <ax2117:permissionAndRoleConfig xsi:nil="true"/>
              <ax2117:primary>false</ax2117:primary>
              <ax2117:provisioningConnectorConfigs xsi:type="ax2117:ProvisioningConnectorConfig">...
          </ax2117:provisioningConnectorConfigs>
              <ax2117:provisioningRole xsi:nil="true"/>
          </ns:return>
      </ns:getIdentityProvidersResponse>
  </soapenv:Body>
</soapenv:Envelope>
Top