Configuring Inbound Authentication for a Service Provider¶

The inbound authenticator component of WSO2 Identity Server identifies and parses all the incoming authentication requests and builds the corresponding response. A given inbound authenticator has two parts:

• Request Processor
• Response Builder

For each protocol supported by WSO2 Identity Server, there should be an inbound authenticator. WSO2 Identity Server includes inbound authenticators for SAML 2.0, OpenID Connect, OAuth 2.0, Kerberos KDC, WS-Trust STS, and WS-Federation (passive). The responsibility of the SAML 2.0 request processor is to accept a SAML request from a service provider, validate the SAML request, and build a common object model that is understood by the authentication framework and handover the request to it. The responsibility of the SAML response builder is to accept a common object model from the authentication framework and build a SAML response out of it.

Both the request processors and the response builders are protocol-aware, while the authentication framework is not coupled to any protocol. For more information on the inbound authentication flow, see Architecture.

Let's learn how to configure inbound authentication for a service provider.

You can configure inbound authentication in the following ways:

Configuring inbound authentication with SAML2 Web SSO¶

See here for instructions on configuring inbound authentication with SAML2 Web SSO.

Configuring inbound authentication with OAuth/OpenID Connect¶

See here for instructions on configuring inbound authentication with Oauth/OpenID Comnnect.

Configuring inbound authentication with WS-Federation¶

See here for instructions on configuring inbound authentication with WS-Federation.

Configuring inbound authentication with WS-Trest Security Token Service¶

See here for instructions on configuring inbound authentication with ws-trest security token service.