[Download ] | [Documentation Index ] | [Release Note ]

WSO2 Identity Solution, v1.5-OpenID Provider Administrator's Guide

This document provides information and instructions on the functionality of the Management Console of WSO2 Identity Solution related to OpenID Provider.

Your feedback on WSO2 Identity Solution is most appreciated. Please send them to our mailing lists .

Content

Configuring WSO2 Identity Provider

Please configure WSO2 Identity Provider as in here .

Point your browser to https://host:port/admin. If you haven't changed the default settings then you should be able to login to https://localhost:12443/admin/ using username "admin" and passowrd "admin".

Initial OpenID Provider Configurations

WSO2 OpenID Provider supports following OpenID related specifications

Please refer this for configuring WSO2 OpenID Provider in a production environment

Enable OpenID Registration

By default OpenID registration is enabled in WSO2 Identity Solution. To change the setting, switch off the "Enable OpenID Registration" check box under "User Management" [Manage --> Users].

Defining Claims

By default claims related to OpenID are defined under two dialects.

Click the "switch" icon in the claim detail section of each claim to enable/disable a claim.

The same claim is identified by different namespaces under different contexts. For example,email address is identified by http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress for Information Cards and for OpenID Simple Registration by http://schema.openid.net/2007/05/claims/email and http://axschema.org/contact/email is used by OpenID Attribute Exchange. Even under OpenID Attribute Exchange, there can be different namespaces - another widely used one is http://schema.openid.net/contact/email .

If you want to suppport all of these. simply we have to enable all these claiims as supported claims - but this will give a bad user experince since he has to enter his email 4 time at the time of registration. To avoid this we use an internal claim mapper - which can map one namespace under one context to another namespace under a different context, using an XML configuration file [wso2-identity-solution-1.5/conf/openid-claim-mapper.xml file].

To add a new claim as an OpenID claim, make sure you set a non-empty value for the OpenID Tag field. You can't set the same OpenID Tag for two supported claims at the same time

With default installation WSO2 OpenID Provider supports following claims under OpenID Attribute Exchange 1.0 and all are mapped to the respective OpenID Simple Registration claims

Mapping Claims

This view allows mapping a claim to a user attribute in the user store. The available attibute identifiers will be shown in the claim edit view, when the display name of a claim is selected.