Hi Asok, This comes with the behavior of SSO. When you register travelocity.com as a service provider in IS and point travelocity.com webapp to use IS as the identity provider, authentication process of webapp is totally handled by IS. Even the page you enter username/password is submitted by IS. Webapp does not have any idea on the valid user name and password of the user trying to login as all these details are captured and authenticated at IS side. IS then just let the webapp knows whether the user is authenticated or not.
This helps to keep the user passwords in a secured centralized place than saving it in each webapp and helps to provide a better user experience by not asking users to type username/password several times(If you are logged into IS, you are automatically logged into travelocity.com as well.). Therefore any other user in IS also can login to travelocity.com webapp with his/her credentials. This article[1] will provide more insight. Hope this helps. [1] - http://wso2.com/library/articles/2010/07/saml2-web-browser-based-sso-wso2-identity-server/ Thanks, Pushpalanka. -- Pushpalanka Jayawardhana, B.Sc.Eng.(Hons). Software Engineer, WSO2 Lanka (pvt) Ltd; wso2.com/ Mobile: +94779716248 Blog: pushpalankajaya.blogspot.com/ | LinkedIn: lk.linkedin.com/in/pushpalanka/ | Twitter: @pushpalanka On Fri, Sep 12, 2014 at 9:54 AM, Asok Perera <[email protected]> wrote: > Hi, > > This is a question occurred to me while working on 'Configuring SAML2 SSO' > sample in Identity server. (link below) > https://docs.wso2.com/display/IS500/Configuring+SAML2+SSO > > According to that sample, a user can log into service provider's > site/portal with Identity server's admin credentials. In this case, one can > use admin/admin username/password to log into travelocity.com. > > The question is, can I assume that IS admin is treated as a super user who > can log into all the service providers' web apps / services ? > If not, can somebody explain me why we can use admin credentials in the > above sample ? > > BR > > *Asok Aravinda Perera* > Software Engineer > WSO2, Inc.;http://wso2.com/ > <http://www.google.com/url?q=http%3A%2F%2Fwso2.com%2F&sa=D&sntz=1&usg=AFQjCNGJuLRux6KkJwXKVUCYOtEsNCmIAQ> > lean.enterprise.middleware > > Mobile: +94722241032 > > _______________________________________________ > Dev mailing list > [email protected] > http://wso2.org/cgi-bin/mailman/listinfo/dev > >
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
