Federating OAuth Applications
In the following document we will be explaining how to federate the OAuth applications using an external indentity provider.
Pre-requisites¶
- Using the latest API-Manager distribution from https://wso2.com/api-management/
- Have an external IDP already configured. You can follow our SSO Documentation to setup okta as an external IDP
Configuration¶
- Go to
<APIM_HOME>/repository/conf/identity/service-providers/
and opendefault.xml
-
Comment out or remove the the
<LocalAuthenticatorConfigs ...
section and add the following.<FederatedIdentityProviders> <IdentityProvider> <!-- Name of the external IDP --> <IdentityProviderName>okta</IdentityProviderName> <IsEnabled>true</IsEnabled> <DefaultAuthenticatorConfig> <FederatedAuthenticatorConfig> <Name>OpenIDConnectAuthenticator</Name> <IsEnabled>true</IsEnabled> </FederatedAuthenticatorConfig> </DefaultAuthenticatorConfig> </IdentityProvider> </FederatedIdentityProviders>
Note
You can replace the FederatedAuthenticatorConfig name with your corresponding authenticator type of your IDP
Authenticator type Config name OpenId Connect OpenIDConnectAuthenticator SAML SAMLSSOAuthenticator -
Now for the OAuth applications created using the Developer Portal, the above external IDP will be used to generate the access token.