WSO2 Asgardeo | OIDC

1. Display name

Choose a name for your identity provider. This is the user-facing name, so choose a name your users will recognize. This value can be changed later.

2. Prepare IDP

Copy the Callback URL. You will need this when configuring WSO2 Asgardeo.

Configure WSO2 Asgardeo

EXTERNAL

If you are using SCIM with your provider, make sure to check out the documentation for configuring this before proceeding. It might be that you need to configure this first or at the same time as setting up OIDC.

 

Open the WSO2 Asgardeo Console in a separate browser tab.

Select Explore Applications → Applications in the menu and choose New Application.

Select Standard Based Application

 

Enter a unique application a name and choose OIDC as security protocol. Register the application.

 

Allow grant types Code, and Update your selection.

 

Select the General TAB, and paste the Callback URL from the KSSO setup wizard into the Access URL field.

 

Open the User Attributes TAB and select your desired user attributes. Check Mandatory for the selected attributes and update your selection.

 

Open the Protocol TAB to find the Client ID and Client secret. You will need these for a later step in the KSSO setup guide.

 

Go back to the Kantega SSO setup wizard.

3. Metadata

I the Metadata step replace the {kantegassoorganization_name} placeholder with your WSO2 Asgardeo host to complete the Discovery URL. You will also find the Discovery URL under the Info TAB in the WSO2 Asgardeo Console.

4. Scopes

These are the scopes we were able to fetch from the metadata. You can add scope values from a list, start typing to add your own or unselect them. A minimum of one scope value is required.

 

5. Credentials

Copy and Paste the Client ID and Client Secret you find in the Asgardeo Console.

6. Summary

Check that everything looks good and submit your setup

Test

Test that logging in with WSO2 Asgardeo works as expected. This will help identify if there are any issues with the configuration. Follow the steps to perform the login test.