0

We are running WSO2 IS version 5.10. and want to use external iDP (SafeNet) as step 2 authentication for Service Provider. I configured Service Provider in order to use an advanced configuration for the login process. I configured 2 steps where first step is basic auth and second step is federeted iDP - SafeNet (Saml2SSO). Everything work's fine except one thing - when i try to logon to my application, WSO2 shows me login interface, I put my credentials (username and password) after that a redirected to SafeNet login interface and I should put my username again in safenet login page. So the user name, how it say correctly, does not transferred to step 2 (sorry for my English ))). I inspect SAML request which is generated by WSO2 and could not find NAMEID. Can any one help with this?

Community
  • 1
  • 1
Alexander
  • 1
  • 1
  • Which IDP do you want to handle the login part? – Piraveena Paralogarajah Feb 02 '21 at 13:58
  • What is the use-case that you are trying? Do you want to use SafeNet to do the authentication instead of IS? – Piraveena Paralogarajah Feb 02 '21 at 14:13
  • I try to configure MFA for application. https://docs.wso2.com/display/IS530/Configuring+Multi-factor+Authentication+for+WSO2+IS 1-st step is WSO2 basic auth, and second step is federated SafeNet iDP. t I want the username to be taken from step 1 – Alexander Feb 02 '21 at 14:32
  • In order for safenet to substitute the username in the login field, the SAML request from wso2 should contain a nameid. – Alexander Feb 02 '21 at 14:37
  • nameID is always send from the wso2is. By default wso2 use this format "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" for nameID but you can change it in the IDP sso config (check https://is.docs.wso2.com/en/latest/learn/configuring-saml-2.0-web-sso/#preliminary-configs) – Inthirakumaaran Feb 02 '21 at 17:21
  • Unfortunately not. There is no nameID in SAML request. That's the problem. May be i should configure something? And one more thing. I try to put in 1-st step SafeNet authentication and in second WSO2 basic. Assertion from SafeNet contain nameID, but in step 2 username is not populated, so wso2is does not read nameID – Alexander Feb 03 '21 at 06:01
  • May be some one know, how to add additional assertions in a SAML request to federated iDP? – Alexander Feb 03 '21 at 10:42

0 Answers0