Hi Hanen,
I have attached a sample file based IDP file that demonstrates how to add
<Certificate> tag and the IDP role mapping as well.
Thanks,
Farasath
Farasath Ahamed
Software Engineer, WSO2 Inc.; http://wso2.com
Mobile: +94777603866
Blog: blog.farazath.com
Twitter: @farazath619 <https://twitter.com/farazath619>
<http://wso2.com/signature>
On Wed, Jul 5, 2017 at 9:09 PM, Hanen Ben Rhouma <[email protected]> wrote:
> Same question for the tag <Certificate> please. We're using a certificate
> so what should we mention in the xml file.
>
>
>
> Regards,
> Hanen
>
>
>
>
>
>
> On Wed, Jul 5, 2017 at 5:36 PM, Hanen Ben Rhouma <[email protected]>
> wrote:
>
>> Hello guys,
>>
>> Could you please tell me what are the xml tags I can use within an IDP
>> xml config file for role mapping. I mean the properties I can add for
>> mapping roles in the tag <PermissionAndRoleConfig>
>> in default.xml for example
>>
>>
>> Rehards,
>> Hanen
>>
>
>
> _______________________________________________
> Dev mailing list
> [email protected]
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>
<IdentityProvider>
<IdentityProviderName>FileBasedIDP</IdentityProviderName>
<DisplayName></DisplayName>
<IdentityProviderDescription></IdentityProviderDescription>
<Alias>https://localhost:9453/oauth2/token</Alias>
<IsPrimary>false</IsPrimary>
<IsEnabled>true</IsEnabled>
<FederatedAuthenticatorConfigs>
<saml2>
<Name>SAMLSSOAuthenticator</Name>
<DisplayName>samlsso</DisplayName>
<IsEnabled>true</IsEnabled>
<Properties>
<property>
<Name>IdpEntityId</Name>
<Value>localhost</Value>
</property>
<property>
<Name>SPEntityId</Name>
<Value>esb-ws02-dev</Value>
</property>
<property>
<Name>SSOUrl</Name>
<Value>https://localhost:9444/samlsso</Value>
</property>
<property>
<Name>IsAuthReqSigned</Name>
<Value>false</Value>
</property>
<property>
<Name>IsAssertionEncrypted</Name>
<Value>false</Value>
</property>
<property>
<Name>isAssertionSigned</Name>
<Value>false</Value>
</property>
<property>
<Name>IsLogoutEnabled</Name>
<Value>false</Value>
</property>
<property>
<Name>IsLogoutReqSigned</Name>
<Value>false</Value>
</property>
<property>
<Name>IsAuthnRespSigned</Name>
<Value>false</Value>
</property>
<property>
<Name>ForceAuthentication</Name>
<Value>as_request</Value>
</property>
<property>
<Name>IncludeNameIDPolicy</Name>
<Value>true</Value>
</property>
<property>
<Name>IncludeAuthnContext</Name>
<Value>yes</Value>
</property>
<property>
<Name>IncludeCert</Name>
<Value>true</Value>
</property>
<property>
<Name>RequestMethod</Name>
<Value>redirect</Value>
</property>
<property>
<Name>IncludeProtocolBinding</Name>
<Value>true</Value>
</property>
<property>
<Name>DigestAlgorithm</Name>
<Value>MD5</Value>
</property>
<property>
<Name>AuthnContextComparisonLevel</Name>
<Value>Exact</Value>
</property>
</Properties>
</saml2>
</FederatedAuthenticatorConfigs>
<DefaultAuthenticatorConfig>SAMLSSOAuthenticator</DefaultAuthenticatorConfig>
<PermissionAndRoleConfig>
<RoleMappings>
<RoleMapping>
<localRole>
<LocalRoleName>admin</LocalRoleName>
<UserStoreId>PRIMARY</UserStoreId>
</localRole>
<remoteRole>TestSubscriber</remoteRole>
</RoleMapping>
</RoleMappings>
</PermissionAndRoleConfig>
<JustInTimeProvisioningConfig>
<!--<ProvisioningUserStore>JDBC</ProvisioningUserStore>-->
<IsProvisioningEnabled>true</IsProvisioningEnabled>
</JustInTimeProvisioningConfig>
<Certificate>MIIHNjCCBh6gAwIBAgIQPSw7YVMRJ9Yq8A9kxAn3kDANBgkqhkiG9w0BAQsFADB3
MQswCQYDVQQGEwJVUzEdMBsGA1UEChMUU3ltYW50ZWMgQ29ycG9yYXRpb24xHzAd
BgNVBAsTFlN5bWFudGVjIFRydXN0IE5ldHdvcmsxKDAmBgNVBAMTH1N5bWFudGVj
IENsYXNzIDMgRVYgU1NMIENBIC0gRzMwHhcNMTUwNjA0MDAwMDAwWhcNMTcwNjA0
MjM1OTU5WjCCATIxEzARBgsrBgEEAYI3PAIBAxMCTloxGjAYBgNVBA8TEUdvdmVy
bm1lbnQgRW50aXR5MRowGAYDVQQFExFHb3Zlcm5tZW50IEVudGl0eTELMAkGA1UE
BhMCTloxDTALBgNVBBEMBDYwMTExEzARBgNVBAgMCldlbGxpbmd0b24xEzARBgNV
BAcMCldlbGxpbmd0b24xITAfBgNVBAkMGExldmVsIDYsIDMzIEJvd2VuIFN0cmVl
dDE4MDYGA1UECgwvTWluaXN0cnkgb2YgQnVzaW5lc3MsIElubm92YXRpb24gYW5k
IEVtcGxveW1lbnQxEzARBgNVBAsMClJlYWxtZSBJVEUxKzApBgNVBAMMIml0ZS5z
YS5hdXRobi5zaWcuY29tcGFuaWVzLmdvdnQubnowggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDwNPXCpNDKTIPO2XzGXcVIvvjBuwGujLlgIFOpmSX/yrF0
ovuUp+3wsi6gBVoU3D0Ug4ZWGiWx4hVJgvDQBxDtmsysGnPA3+PYbzYPBC8pNAWn
BFEMjpPjsc12e3IkKtr7r5TkbJS4DrgT1hp3MdOPsStf7/yvbealgVJXsF4hRZZJ
oKwsR8vFfufua+mg2yo9+oRe3tB1o0UssUA6sJcS0fKa5wkFNJ/7GWO3MpAWoAC5
oKOo3+pEm3C8alA7xEAgVpOUWNtWyf3Ma/JIFBBd91xiLffrUn3dUMtbT7+TQwdL
wxJBHW0SGsqNtGb4ZCl1eeFUlh3Q6ip2AowM8hK5AgMBAAGjggL/MIIC+zAtBgNV
HREEJjAkgiJpdGUuc2EuYXV0aG4uc2lnLmNvbXBhbmllcy5nb3Z0Lm56MAkGA1Ud
EwQCMAAwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEF
BQcDAjBmBgNVHSAEXzBdMFsGC2CGSAGG+EUBBxcGMEwwIwYIKwYBBQUHAgEWF2h0
dHBzOi8vZC5zeW1jYi5jb20vY3BzMCUGCCsGAQUFBwICMBkaF2h0dHBzOi8vZC5z
eW1jYi5jb20vcnBhMB8GA1UdIwQYMBaAFAFZq+fdOgtZpmRj1s8gB1fVkedqMCsG
A1UdHwQkMCIwIKAeoByGGmh0dHA6Ly9zci5zeW1jYi5jb20vc3IuY3JsMFcGCCsG
AQUFBwEBBEswSTAfBggrBgEFBQcwAYYTaHR0cDovL3NyLnN5bWNkLmNvbTAmBggr
BgEFBQcwAoYaaHR0cDovL3NyLnN5bWNiLmNvbS9zci5jcnQwggF/BgorBgEEAdZ5
AgQCBIIBbwSCAWsBaQB3AKS5CZC0GFgUh7sTosxncAo8NZgE+RvfuON3zQ7IDdwQ
AAABTcDJbhEAAAQDAEgwRgIhAIadu4iSfmCQTczm8HOBbMt6lleP10VVxer5m99q
UoJhAiEA3g28UdogL67Wvdv9AwvtSSUfLEK/HpWi1U+g/IFCricAdgBWFAaaL9fC
7NP14b1Esj7HRna5vJkRXMDvlJhV1onQ3QAAAU3AyW7uAAAEAwBHMEUCIH1f82YZ
mrlUg5ACA7mRz/mF3d0GusvFyHcf3p43V90BAiEA0sudcTgkAWiwT9zOILiATFRU
1qFT0Eu7uXxg+wOMWxkAdgBo9pj4H2SCvjqM7rkoHUz8cVFdZ5PURNEKZ6y7T0/7
xAAAAU3AyW4gAAAEAwBHMEUCIAbeTprWfycZr5VHC85HWtk5geEZjcOx5k6f7LMv
X06nAiEA83n84OmNicpt6iiFHc+7umvzdSm30NQ0+kKThXVqn2QwDQYJKoZIhvcN
AQELBQADggEBAJPyDVZ0zHmv4tfNZTeByn/DM2cLKAjpDYAdR+Tj5LBNf5+4Miq5
bDBysvIZL5ztN6XK3nG/UIKSTGXXQ9iJLlIlaGxpcDAPnqReTDxK7QZQUIZCQgyE
ujqLNhBvO/jMC84VlxvEBoV43mbY6ncNs7Dfv7ovsvou4ME4RnO6p+ZXmC3fr1I2
ueWXEMlsShYxuagoJybdpptoevVwg0YEnTOGZSnx6KE9QSL3nhRmocZg0dGvsO/K
0oT9IMfNT9qdOYMjDVdeC0B00KNVjt9H3jJB0N2o7kD61rYbwKcFuvB9t8n38Ktm
xVT8cSxA3IS91XJtcfxsmY+dELF9mUBM6vY=</Certificate>
</IdentityProvider>
_______________________________________________
Dev mailing list
[email protected]
http://wso2.org/cgi-bin/mailman/listinfo/dev