Configuring Inbound Authentication for a Service Provider¶
The inbound authenticator component of WSO2 Identity Server identifies and parses all the incoming authentication requests and builds the corresponding response. A given inbound authenticator has two parts:
- Request Processor
- Response Builder
For each protocol supported by WSO2 Identity Server, there should be an inbound authenticator. WSO2 Identity Server includes inbound authenticators for SAML 2.0, OpenID Connect, OAuth 2.0, Kerberos KDC, WS-Trust STS, and WS-Federation (passive). The responsibility of the SAML 2.0 request processor is to accept a SAML request from a service provider, validate the SAML request, and build a common object model that is understood by the authentication framework and handover the request to it. The responsibility of the SAML response builder is to accept a common object model from the authentication framework and build a SAML response out of it.
Both the request processors and the response builders are protocol-aware, while the authentication framework is not coupled to any protocol. For more information on the inbound authentication flow, see Architecture.
Let's learn how to configure inbound authentication for a service provider.
Before you begin
You must first register a service provider.
OpenID 2.0 has been removed from the base product in WSO2 Identity Server version 5.3.0 onwards as it is now an obsolete specification and has been superseded by OpenID Connect. Alternatively, we recommend that you use OpenID Connect.
You can configure inbound authentication in the following ways:
Configuring inbound authentication with SAML2 Web SSO¶
See here for instructions on configuring inbound authentication with SAML2 Web SSO.
Configuring inbound authentication with OAuth/OpenID Connect¶
See here for instructions on configuring inbound authentication with Oauth/OpenID Comnnect.
Configuring inbound authentication with WS-Federation¶
See here for instructions on configuring inbound authentication with WS-Federation.
Configuring inbound authentication with WS-Trest Security Token Service¶
See here for instructions on configuring inbound authentication with ws-trest security token service.
See Single Sign-On for details on configuring single sign-on for service provider using inbound authentication. See the following topics for samples of configuring single sign-on: