Skip to content

Login to Identity Server using another Identity Server - OAuth2

This tutorial guides you through setting up two instances of WSO2 Identity Server and using one Identity Server to authenticate the user and login to the other one.

  1. Start 2 Identity Servers. Start the 2nd Identity Server with its hostname set as "wso2is" with a relevant certificate added to the primary IS client-truststore and a port offset of 1.
    For more information on how to do this, see Default Ports of WSO2 Products and Changing the hostname .
  2. Configure an OAuth/OIDC service provider in the 2nd Identity Server.
    For more infomation on how to do this, see Configuring OAuth2-OpenID Connect Single-Sign-On .

    Callback Url: https://localhost:9443/commonauth

    configure-oauth-oidc-sp

  3. Create an identity provider in the first Identity Server.
    For more information on how to do this, see Configuring OAuth2-OpenID Connect.

    create-an-idp

  4. Setup the playground sample in the first Identity Server instance.

  5. Edit the service provider in the first Identity Server and select the Federation Authentication for Authentication type in Local and Outbound Authentication Configuration. Then select the created identity provider from the dropdown menu in Federation Authentication.
    select-federation-authentication
  6. Try the authorization code grant as described here. You will be redirected to the 2nd Identity Server instead of the 1st Identity Server for authentication. second-idp
Top