Adaptive authentication scenarios - Overview¶
See the topics given below to learn about the adaptive authentication scenarios supported in MWARE IAM and to try them out.
Adaptive authentication scenarios¶
- Role-Based
- User-Age-Based
- Tenant-Based
- User Store-Based
- IP-Based
- New-Device-Based
- ACR-Based
- With Function Library
- Limiting Active User Sessions
Set up the samples¶
To try out the adaptive authentication scenarios listed above, let's set up the sample applications.
Set up the sample¶
This section guides you on how to set up the sample SAML application.
Prerequisites¶
-
Download Apache Tomcat 8.x and install it. Tomcat server installation location will later be referred to as
<TOMCAT_HOME>
in this guide. -
It is recommended that you use a hostname that is not
localhost
to avoid browser errors. Modify your machine's/etc/hosts
entry to reflect this.Info
Note that
wso2is.local
is used in this documentation as an example, but you must modify this when configuring the authenticators or connectors with this sample application. -
Download the SAML pickup dispatch application from the latest release assets.
Deploy the sample web app¶
To deploy the sample web app on a web container:
-
Copy the downloaded
.war
file of the SAML application into thewebapps
directory of the Tomcat folder. -
Start the Tomcat server.
Add CORS configuration¶
SAML2 POST Binding requires CORS configurations to be set up.
Before configuring the service provider, add the following configurations to the deployment.toml
file found in <IS_HOME>/repository/conf/
. Adding this configuration allows HTTP POST
requests.
``` toml
[cors]
allow_generic_http_requests = true
allow_any_origin = false
allowed_origins = [
"http://localhost:8080"
]
allow_subdomains = false
supported_methods = [
"GET",
"POST",
"HEAD",
"OPTIONS"
]
support_any_header = true
supported_headers = []
exposed_headers = []
supports_credentials = true
max_age = 3600
tag_requests = false
```
Register a service provider¶
-
On the Management Console, go to Main > Identity > Service Providers and click Add.
-
Enter
saml2-web-app-pickup-dispatch
as the Service Provider Name, and click Register. -
Expand the Inbound Authentication Configuration > SAML2 Web SSO Configuration section and, click Configure.
-
Enter the following values in the fields mentioned.
Field name Value Issuer saml2-web-app-pickup-dispatch.com
Assertion Consumer URL http://localhost.com:8080/saml2-web-app-pickup-dispatch.com/home.jsp
Info
Click Yes on the dialog that appears after you add the Assertion Consumer URL. This dialog appears when you add an
http
URL. -
Enable the following by selecting the corresponding checkboxes:
- Enable Response Signing
- Enable Signature Validation in Authentication Requests and Logout Requests
- Enable Single Logout
- Enable Attribute Profile
- Include Attributes in the Response Always
Tip
For more information on the advanced configurations, see Advanced SAML Configurations.
-
Click Register to add the service provider and save the configurations.
Related topics