Adding a new claim dialect and claims in WSO2 IS
WSO2 Identity Server is an identity and access management server that facilitates security, while connecting and managing multiple identities across different application.
Now let’s see how to add an external claim dialect and related claims to WSO2 IS.
Before adding an external claim dialect we need some prerequisites. You can find it from the “Before you begin” section in WSO2 Document.Okay, let’s start.
Adding claim dialect and claims.
Step 1. Adding the claim dialect
Start the WSO2 IS and log in to management console. Then go to Main →Add claim dialect. Add the dialect claim URI and click add. Go to the list in the claim and see whether your dialect URI appears there.
Step 2. Adding claims to the claim dialect
Go to Main →Add external claim. Add the dialect URI of the dialect that you wish to add the claim. Then do the claim mapping by adding the external claim URI and the wso2 local claim URI of the claim.
Go to claims list and see whether your claims have been added to the claim dialect.
Configuring travelocity.
Let’s see whether your external claim dialect can be used as a SP claim dialect by a Service Provider.
Prerequisite.You should download tomcat and travelocity web app to test the process. Add the downloaded zip folder in to the web app folder in the tomcat.
Step 1. Register travelocity as a service provider
In the management console go to Main →Service Providers → Add.
You can find all the necessary details to configure travelocity web app in here. If you need More details.
When registering the service provider make sure to enable attribute profile.Once you select the checkbox to Include Attributes in the Response Always, the identity provider always includes the attribute values related to the selected claims in the SAML attribute statement.
Step 2. Configure service provider claim dialect.
Go to Service Provider →list →edit(travelocity) → claim configuration.
In there you have to select local claim dialect and add requested claims. Requested claims are the claims that are requested from a user when user log in to the web application. If you make a requested claim mandatory it should be definitely given by the user at the login or when creating user profile.
Then you can add a subject claim URI which specify the attribute that uniquely identify a user.
Plus add the service provider claim dialect from the drop down.
Then click update. Now we have travelocity as a service provider in WSO2 IS.
Let’s check whether we have done these configurations correctly.
When you log in to the travelocity through tomcat, you have to provide values for requested attributes.
If you can see the requested claims and subject URI claims in the travelocity profile, you have configured everything correctly.
References
