The main objective of this blog is to give an overview of OIDC RP-initiated logout and how the WSO2 Identity Server handles it.
What is OpenID Connect (OIDC)?
OpenID Connect 1.0 is a simple identity layer on top of the OAuth 2.0 protocol. It allows Clients to verify the identity of the End-User based on the authentication performed by an Authorization Server.
WSO2 Identity Server supports different user session management capabilities.
Imagine, you have logged into two applications AppA and AppB. As an end-user you may want to manage your user sessions. You may want to terminate one session, or terminate all sessions, or you want to see all your active sessions. In order to support your use cases, WSO2 IS provides User Session management REST APIs.
WSO2 IS supports session management using REST APIs. It has
Both Me and Admin APIs…
This blog shows how you can add saml authentication to a spring-boot-application with the WSO2 Identity server in a few minutes.
The sample application uses Spring Boot and the spring-security-saml2-service-provider module which is new in Spring Security 5.2 . This shows how to integrate your spring-boot-saml application with WSO2 Identity Server.
If you have
spring-security-saml2-service-provider on your classpath, you can take advantage of some auto-configuration to make it easy to set up a SAML 2.0 Relying Party. This configuration makes use of the properties under
This blog contains the content under the following topics.
1. Register a saml aservice…
You may end up in SSL issues when you are trying to integrate your android application with WSO2 identity server running in a local machine.
This may occur when your android emulator trying to call the local server through the ip-address 10.0.2.2
javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
Spring Security is a powerful and highly customizable authentication and access-control framework. It is the de-facto standard for securing Spring-based applications. .
“Spring Boot is basically an extension of the Spring framework which eliminated the boilerplate configurations required for setting up a Spring application.” 
It will take only 5 minutes to create a simple spring-boot web application using Intellij Idea and secure it using the OIDC protocol for authenticating the users. WSO2 Identity Server provides several authentication and authorization mechanisms with different Standards.
This blog will guild you on how to create a simple spring-boot web application and make…
All confidential clients must be authenticated at the Token API to obtain an access token. The platform’s OAuth 2.0 Token API supports the following authentication methods:
Let's see how OAuth clients can authenticate to Token API using privat_key_jwt.
All Clients have a private key and public key for the SSL handshake. We can consider this Private Key JWT Authentication in 2 steps:
There are some sample applications that demonstrates SAML2 SSO with WSO2 Identity Server(IS).
But saml2-web-app-pickup-dispatch.com and saml2-web-app-pickup-manager.com are the recent samples app and we recommend to use this app with the latest IS versions.
Lets see how to configure saml2-web-app-pickup-dispatch.com app in a tenant.
mvn clean installfrom the
4. You can find SSO sample applications in
target directory of
<IS_SAMPLE_REPO>/saml2-sso-sample/saml2-web-app-pickup-manager directories. Application distributions are named
WSO2 IS sends Account recovery confirmation mails for the following scenarios:
But if the user didn’t get the recovery mail for some reason or confirmation code expired, then account recovery confirmation emails need to be resent. Resending account recovery confirmation mails.
This feature available in 5.3.0 wum update, 5.7.0 wum update and in the latest IS versions.
To configure this feature, first we need to configure email templates via the management console.
Refer this document for Resending Account…
The JSON Web Token (JWT) is simply a JSON string containing claim values. To know about JWT, please read my previous blog. A JWT will look like
When we decode the JWT, it will look as
"name": "John Doe",
When the grant-type is saml-bearer-grant, SP can exchange the saml assertion obtained from an Identity Provider which is trusted by the Identity Server. …
Software Engineer @WSO2, CSE Undergraduate @ University of Moratuwa, Former Software Engineering Intern @ WSO2