Implement SSO with WSO2 Identity Server using Meteor
What is LoginRadius
LoginRadius is a customer identity platform that makes it easy to add Single Sign-On (SSO) to your applications. It supports standard protocols like SAML and OIDC, allowing users to sign in once and access multiple apps securely.
Integrating LoginRadius with your Meteor application helps you:
- Set up enterprise SSO with minimal configuration.
- Manage authentication centrally for all your SaaS environments.
- Improve security without adding complexity to your code.
Key Highlights
- Supports industry-standard protocols like SAML 2.0 and OIDC.
- Works seamlessly with WSO2 Identity Server for secure authentication and user federation.
- Integrates quickly with Meteor using LoginRadius SDKs and REST APIs.
- Simplifies token handling, session management, and user claim mapping.
- Includes built-in options for MFA, passkeys, and adaptive authentication.
- Offers SCIM provisioning to automatically sync users and groups.
- Provides centralized configuration and policy control through the LoginRadius Admin Console.
- Built for B2B SaaS scale; offers tenant isolation, audit logs, and 99.99% uptime SLAs.
How to Integrate: Step-by-Step Guide
Integrating LoginRadius with WSO2 Identity Server allows your Meteor application to authenticate users through enterprise identity providers using SAML 2.0 or OIDC.
Once connected, users can log in with their corporate credentials, while LoginRadius manages tokens, sessions, and policy enforcement behind the scenes.
1. Set Up Identity Provider
Create an application in WSO2 Identity Server and configure the SAML or OIDC settings. Add the LoginRadius ACS URL, Entity ID, and redirect URIs, then download the IdP metadata.
2. Add Identity Provider to LoginRadius
Go to Authentication → Identity Providers → Custom Identity Providers in the LoginRadius Admin Console. Create a new SAML/OIDC connection and upload the metadata or discovery details from WSO2 Identity Server.
3. Integrate LoginRadius with Meteor
Use the LoginRadius SDK or REST API for Meteor to handle authentication redirects, callbacks, and token validation. Map user claims such as email, name, and groups from WSO2 Identity Server to LoginRadius and your app.
4. Test and Deploy
Test the entire authentication flow locally. Once verified, deploy your Meteor application and confirm that users can log in through WSO2 Identity Server seamlessly.
Troubleshooting & Quick Fixes
- Login Loop After Redirect: Check callback URLs and cookie domain settings.
- 401 Unauthorized or Invalid Token: Verify client ID, issuer, and audience.
- User Assigned but Can’t Log In: Ensure proper user assignment and attribute mapping.
- Missing or Incorrect User Attributes: Verify attribute mappings in both WSO2 Identity Server and LoginRadius.
- SAML Certificate or Signature Error: Update or re-upload certificates and reimport metadata after rotation.
- MFA or Passkey Not Triggering: Ensure MFA is enabled and configured correctly.
FAQs
1. Can I use both SAML and OIDC with LoginRadius?
Yes. LoginRadius supports both protocols, and you can run parallel connections for different WSO2 Identity Server environments.
2. How do I configure multiple WSO2 Identity Server tenants?
Create separate connections in the LoginRadius Admin Console—one per tenant or organization.
3. Do I need to store tokens manually in my Meteor app?
No. LoginRadius SDKs and APIs handle token exchange and validation automatically.
4. How do I test SSO locally before deploying?
Use your Meteor app’s local environment with the same callback URL registered in LoginRadius.
5. Can LoginRadius enforce MFA after WSO2 Identity Server login?
Yes. You can enable step-up MFA in the Admin Console for extra security even after WSO2 Identity Server authentication.
6. What if user attributes aren’t syncing correctly?
Check attribute mappings in both WSO2 Identity Server and LoginRadius to ensure the correct claim names are used.
7. Does LoginRadius support SCIM provisioning with WSO2 Identity Server?
Yes. LoginRadius supports SCIM 2.0 to automatically sync users and groups from WSO2 Identity Server.