

Configuring inbound authentication for a service provider¶

The inbound authenticator component of WSO2 Identity Server identifies and parses all the incoming authentication requests and builds the corresponding response. A given inbound authenticator has two parts:

Authenticator process	Functionality
Request Processor	Accept a request from a service provider, validate the request, build a common object model that is understood by the authentication framework, and hand over the request to it.
Response Builder	Accept a common object model from the authentication framework and build a response.

The request processors and the response builders are protocol-aware, while the authentication framework is not coupled to any protocol.

WSO2 Identity Server includes inbound authenticators for SAML 2.0, OpenID Connect, OAuth 2.0, Kerberos KDC, and WS-Federation (passive).

Info

See the Identity Server Architecture for more information on how inbound authentication fits into the overall scheme.

Prerequisites¶

You need to register a service provider on the Management Console.

Removed Feature!

OpenID 2.0 has been removed from the base product in WSO2 Identity Server version 5.3.0 onwards as it is now an obsolete specification and has been superseded by OpenID Connect. Alternatively, we recommend that you use OpenID Connect.

Configure inbound authentication¶

To configure inbound authentication for the registered service provider:

On the Management Console, go to Main > Identity > Service Providers.
Click List, select the service provider you want to configure, and click on the corresponding Edit link.
Expand the Inbound Authentication Configurations section and expand the section that you wish to configure.

You can configure inbound authentication for the following protocols:
- SAML2 Web SSO Configuration
- OAuth/OpenID Connect Configuration
- OpenID Configuration
- WS-Federation (Passive) Configuration
- Kerberos KDC