Prerequisites
- You should have IS 5.0.0 Server downloaded. You can download it from here WSO2 Identity Server 5.0.0
- You should have setup the travelocity app for SAML SSO with Identity Server. You can refer the steps from here SAML SSO with WSO2 Identity Server
Steps
1. Enable IDP initiated SAML SSO for the Service Provider
2. Constructing the GET request for IDP initiated SSO
3. Constructing the GET request for IDP initiated SSO for Non Super Tenant Domain
Enable IDP initiated SAML SSO for the Service Provider
To enable IDP initiated SAML SSO you need to tick on “Enable IdP Initiated SSO” check box in SAML2 SSO issuer configuration ( SAML SSO Service Provider for travelocity.com if you have followed SAML SSO with WSO2 Identity Server )
Constructing the GET request for IDP initiated SSO
To construct the GET request you need to follow this pattern. You will be directly calling the IDP with the GET request.
https://{Hostname}:{Port}/samlsso?spEntityID={SAML2 SSO Issuer name given to the Service Provider created}
If you are running Identity Server in 9443 port localhost and your Service Provider Issuer name = travelocity.com, The GET request will be as follows :
https://localhost:9443/samlsso?spEntityID=travelocity.com
Constructing the GET request for IDP initiated SSO for Non Super Tenant Domain
If your SAML2 SSO issuer has been configured in a separate tenant other than super tenant, then you need to append the tenantDomain parameter as well.Note that in travelocity.properties if you have changed the Issuer specifically for the tenant domain with your tenant domain, you need to append it to the issuer as well.
For example if your tenant domain is ymc.com and if you have changed the issuer in travelocity.properties as travelocity.com@ymc.com, you need to use that as the issuer in GET request.
Example GET for tenant domain
https://localhost:9443/samlsso?spEntityID=travelocity.com@ymc.com&tenantDomain=ymc.com
When you do the GET request, you will be directed to the IS login page.
No comments:
Post a Comment