Thirty Solution Patterns with the WSO2 Identity Server
Prabath Siriwardena
3258

Hi Prabath,

Thanks for that highly informative article!

We are currently in the pre-production phase with WSO2 and trying out POCs. As part of that we were attempting to build a federation scenario wherein multiple apps (or service providers) federate to wso2 and WSO2 federates with the Enterprise, such that we only establish federation between WSO2 and the Enterprise instead of each app federating with the Enterprise.

[WEB APP1] <— — ->[WSO2 IS] <-->[ENTERPRISE ADFS]

[WEB APP2] < — — ->[WSO2 IS] ←>[ENTERPRISE ADFS]

In the WEB APP: WSO2 IS configured as IDP

In WSO2 IS: Web APP is configured as SP and ENTERPRISE ADFS is configured as IDP

In ENTERPRISE ADFS: WSO2 IS is configured as SP

However, this setup fails since the SAML request from the WEB APP is passed on to the ENTERPRISE ADFS. But since there is no federation between the WEB APP and ENTERPRISE ADFS, the flow fails.

Is the above scenario feasible with WSO2 IS?

Thanks!

Shanthi