Single Sign-On Configuration

Figure 1: SSO Configuration

This page is used for Single Sign-on configuration. Service Providers can be added and removed from this page. Following points should be taken into consideration when adding a service provider.

• Issuer - The issuer value specified in the SAML Authentication Request issued by the Service Provider
• Assertion Consumer URL - The URL of the assertion consumer service of the service provider.
• Enable Signature Validation in Authentication Requests and Logout Requests - nabling this option will make sure that the integrity is protected in all the authentication and logout requests that WSO2 Cloud Identity SSO Service receives.
• Certificate Alias - If the signature validation is enabled, the public key of the service provider is required to do the signature validation of the SAML Tokens. So the publlic key of the service provider should be imported to the keystore and point to that certificate using its alias.
• Custom Logout URL - This URL will be used in Single Logout.

Following is a sample configuration for Google Apps.

Figure 2: A sample SSO Configuration