WSO2 Asgardeo | SAML

Owned by Mari Fuglem
Last updated: Jan 11, 2024 by August Heltne
4 min read

1. Display name

Choose a name for your identity provider. This is the user-facing name, so choose a name your users will recognize. This value can be changed later.

 

2. Redirect Mode

Select how the user will be redirected to the identity provider. You may configure more redirect modes after completing the setup.

 

3. Prepare IDP

Copy the Reply URL. You will need this when configuring WSO2 Asgardeo.

 

Configure WSO2 Asgardeo

EXTERNAL

If you are using SCIM with your provider, make sure to check out the documentation for configuring this before proceeding. It might be that you need to configure this first or at the same time as setting up OIDC.

Open the WSO2 Asgardeo Console in a separate browser tab.

Select Develop tab and Applications in the menu and choose New Application.

 

Select Standard-Based Application.

 

Enter a name for the application in the Name field, and choose SAML as security protocol.

Paste the Reply URL from the KSSO setup wizard into both the Issuer and the Assertion consumer service URLs field. Pless + symbol to add Assertion Consumer service URL.

Register the application.

Select the General TAB and paste the Reply URL from the KSSO setup wizard into the Access URL field.

Update the application.

 

User Attributes

Navigate to the Protocol tab. Scroll down to Attribute Profile and select to Enable attribute profile:

Then press the Update button below to save.

Then navigate to the User Attributes tab, and select the User Attributes: Full Name, Email, and Username:

4. Metadata

SAML metadata is an XML document that gives the necessary information about the Identity Provider’s configuration so that Kantega SSO as the relying party can establish trust with the Identity Provider.

Generate the correct Metadata URL to your SAML setup in WSO2 Asgardeo after the following pattern:

https://api.asgardeo.io/t/{organization_name}/identity/metadata/saml2

In the above URL, {organization_name} should be replaced by your organization name in your WSO2 Asgardeo account. See how this is set up in Kantega SSO in the below screenshot:

 

Do check in a browser that the URL you generate returns an XML text. Read more about the contents returned from the metadata URL on WSO2 Asgardeo’s documentation: https://wso2.com/asgardeo/docs/guides/authentication/saml/discover-saml-configs/#use-saml-metadata.

Alternatively, to generate and link to the Metadata URL you may select the Info tab and Download IdP metadata, and upload in Kantega SSO.

 

5. Redirect URL

The redirect URL that Kantega SSO needs to redirect the user to the correct location (the SAML 2.0 login page) on the Identity Provider. This value is usually retrieved from the metadata document in the previous step.

6. Certificate

The SAML signing certificate is usually imported from the metadata document.

7. Summary

Check that everything looks good and submit your setup

 

Test

Test that logging in with WSO2 Asgardeo works as expected. This will help identify if there are any issues with the configuration. Follow the steps to perform the login test.