Skip to content

Enable Login for a SAML Web Application

This page guides you through enabling login for a SAML web application.


  • Download Apache Tomcat 8.x and install it. Tomcat server installation location will later be referred to as <TOMCAT_HOME> in this guide.

  • It is recommended that you use a hostname that is not localhost to avoid browser errors. Modify your machine's /etc/hosts entry to reflect this.


    Note that wso2is.local is used in this documentation as an example, but you must modify this when configuring the authenticators or connectors with this sample application.

  • Download the SAML pickup dispatch application from the latest release assets.

Deploy the sample web app

To deploy the sample web app on a web container:

  1. Copy the downloaded .war file of the SAML application into the webapps directory of the Tomcat folder.

  2. Start the Tomcat server.

Register a service provider

  1. On the Management Console, go to Main > Identity > Service Providers and click Add.

  2. Enter saml2-web-app-pickup-dispatch as the Service Provider Name, and click Register.

  3. Expand the Inbound Authentication Configuration > SAML2 Web SSO Configuration section and, click Configure.

  4. Enter the following values in the fields mentioned.

    Field name Value
    Assertion Consumer URL


    Click Yes on the dialog that appears after you add the Assertion Consumer URL. This dialog appears when you add an http URL.

  5. Enable the following by selecting the corresponding checkboxes:

    • Enable Response Signing
    • Enable Signature Validation in Authentication Requests and Logout Requests
    • Enable Single Logout
    • Enable Attribute Profile
      • Include Attributes in the Response Always


    For more information on the advanced configurations, see Advanced SAML Configurations.

  6. Click Register to add the service provider and save the configurations.

Try it out

Now, let's log in to the application.

  1. Start the Tomcat server and access the following URL on your browser: http://localhost:8080/

  2. Click Login and enter your user credentials.

  3. Provide the required consent. You will be redirected to the Pickup Dispatch application home page.

You have successfully configured authentication for a SAML application.