Is it possible to use username without domain for authentication in WSO2

问题

I just created tenant with name mycompany.com. Within this tenant, I registered Service Provider with name SP. After integrating my application with WSO2, the apps will create SAML Authn request

<?xml version="1.0" encoding="UTF-8"?>
<saml2p:AuthnRequest  AssertionConsumerServiceURL="https://localhost:8443/myapp/auth/sso"
    Destination="https://localhost:9443/samlsso"
    ForceAuthn="false" ID="a2i70af753i64cce4ehj977h3h9085h"
    IsPassive="false" IssueInstant="2016-03-30T02:51:12.083Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">SP@mycompany.com</saml2:Issuer>
    <saml2p:NameIDPolicy AllowCreate="true" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent" SPNameQualifier="SP"/>
    <saml2p:RequestedAuthnContext Comparison="exact">
        <saml2:AuthnContextClassRef xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
    </saml2p:RequestedAuthnContext>
</saml2p:AuthnRequest>

It will redirect to WSO2 login page with this URL:

https://localhost:9443/authenticationendpoint/login.do?commonAuthCallerPath=%2Fsamlsso&forceAuth=false&passiveAuth=false&tenantDomain=mycompany.com&sessionDataKey=22e974a4-1a42-4670-82f5-3538828d7d03&relyingParty=SP%40mycompany.com&type=samlsso&sp=SP&isSaaSApp=false&authenticators=GoogleOIDCAuthenticator%3AGoogle%3BFacebookAuthenticator%3AFB%3BSAMLSSOAuthenticator%3AADFS%3BBasicAuthenticator%3ALOCAL

I am wondering why I need to passing tenant domain name as part of username.

i.e:

Username: user@mycompany.com

Passwword: secret

Can we configure WSO2 such that it takes the domain name from the URL parameter instead of appending it to the username

回答1:

Username is used in the same format throughtout all the cases. So, tenant domain should be there with username.

回答2:

If you don't want to append tenant domain to the username, you can use tenant dropdown feature in the authentication endpoint as described in 'Loading tenants into the dropdown in the login page of the authentication endpoint web application' section of [1]

[1] https://docs.wso2.com/display/IS510/Customizing+the+Authentication+Endpoint

回答3:

If you have single tenant better you don't want use tenant like above. Please use WSO2 IS without tenant. So you can use only username and password.

来源：https://stackoverflow.com/questions/36322798/is-it-possible-to-use-username-without-domain-for-authentication-in-wso2