Day to Day Java

Extract certificate from the SAML service provider metadata file as follows, <X509Data> <X509Certificate> MIICNTCCAZ6gAwIBAgIES343gjANBgkqhkiG9w0BAQUFADBVMQswCQYDVQQGEwJVUzELMAkGA1UE CAwCQ0ExFjAUBgNVBAcMDU1vdW50YWluIFZpZXcxDTALBgNVBAoMBFdTTzIxEjAQBgNVBAMMCWxv Y2FsaG9zdDAeFw0xMDAyMTkwNzAyMjZaFw0zNTAyMTMwNzAyMjZaMFUxCzAJBgNVBAYTAlVTMQsw CQYDVQQIDAJDQTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzENMAsGA1UECgwEV1NPMjESMBAGA1UE AwwJbG9jYWxob3N0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCUp/oV1vWc8/TkQSiAvTou sMzOM4asB2iltr2QKozni5aVFu818MpOLZIr8LMnTzWllJvvaA5RAAdpbECb+48FjbBe0hseUdN5 HpwvnH/DW8ZccGvk53I6Orq7hLCv1ZHtuOCokghz/ATrhyPq+QktMfXnRS4HrKGJTzxaCcU7OQID AQABoxIwEDAOBgNVHQ8BAf8EBAMCBPAwDQYJKoZIhvcNAQEFBQADgYEAW5wPR7cr1LAdq+IrR44i QlRG5ITCZXY9hI0PygLP2rHANh+PYfTmxbuOnykNGyhM6FjFLbW2uZHQTY1jMrPprjOrmyK5sjJR O4d1DeGHT/YnIjs9JogRKv4XHECwLtIVdAbIdWHEtVZJyMSktcyysFcvuhPQK8Qc/E/Wq8uHSCo= </X509Certificate> </X509Data> Copy extracted certificate to ...

Prerequisites Use following keytool command to extract public certificate from the wso2is-5.1.0/repository/resources/security/wso2carbon.jks file. (pw: wso2carbon) keytool -export -alias wso2carbon -file key.crt -keystore wso2carbon.jks Important : In production environment you must not use the default wso2carbon.jks which comes with the WSO2 Identity Server Use following command to print the extracted public certificate, openssl x509 -text -inform DER -in key.crt Ex: -----BEGIN CERTIFICATE----- MIICNTCCAZ6gAwIBAgIES343gjANBgkqhkiG9w0BAQUFADBVMQswCQYDVQQGEwJV UzELMAkGA1UECAwCQ0ExFjAUBgNVBAcMDU1vdW50YWluIFZpZXcxDTALBgNVBAoM BFdTTzIxEjAQBgNVBAMMCWxvY2FsaG9zdDAeFw0xMDAyMTkwNzAyMjZaFw0zNTAy MTMwNzAyMjZaMFUxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDQTEWMBQGA1UEBwwN TW91bnRhaW4gVmlldzENMAsGA1UECgwEV1NPMjESMBAGA1UEAwwJbG9jYWxob3N0 MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCUp/oV1vWc8/TkQSiAvTousMzO M4asB2iltr2QKozni5aVFu818MpOLZIr8LMnTzWllJvvaA5RAAdpb...

With this feature WSO2 Identity Server facilitates IdP initiated SAML2 single log out requests. In the SAML service provider configuration UI here is a new configuration called “Enable IdP Initiated SLO”. You can enable this feature using this checkbox. Also you can define redirect URL after the single log out using "Return to URL" under “Enable IdP Initiated SLO” option. Following parameters can be used with IdP initiated SLO request. Parameter Description slo This is a mandatory parameter and must have the value “true” to mark the request as an IdP initiated log out request. spEntityID This is an optional parameter. Value of the parameter should be the SAML issuer name as in “Issuer” field in the SAML service provider configuration UI. returnTo This is an optional parameter. Value of the parameter should be the URL which needs to be redirected to, after the log out. If this parameter is present ...

This feature enables to define multiple assertion consumer service URLs for a SAML2 service provider.  In the  SAML service provider configuration UI there is a new configuration called “Assertion Consumer URLs”. You can add multiple assertion consumer   URLs for the SAML2 service provider using the “Add” button. Since we have multiple assertion consumer URLs, we need to define a default assertion consumer URL in case we can’t retrieve it from the authentication request. Now SP initiated SSO and IdP initiated SSO flows behave as follows, In SP initiated SSO, If no AssertionConsumerServiceUrl is given in the <AuthnRequest>, IS will send the response to default ACS URL of the SP. (Whether request is signed or not)  If the AssertionConsumerServiceUrl in <AuthnRequest> matches with one of the registered URLs, IS will send the response to the matched one.  If the AssertionConsumerServiceUrl in <AuthnRequest> does not match ...