WSO2 Identity Server: Edit a service provider that was in the /repository/conf/identity/service-providers folder

Question

I have asked a similar question in a previous post, but I think this deserves it's own post.

In WSO2 Identity Server, I understand that service providers can be configured (on first startup only) if they are placed in the folder /repository/conf/identity/service-providers. I also understand that they are not visible through the management console ui if they are configured on first startup.

How do you edit them though? Let's say I want to want to edit the claims of an existing service provider? Change the allowed OAuth grant types? Even delete the service provider?

If I can't see the service provider in the console, how can I edit or delete it?

A follow-up but related question: What's the reasoning behind the "one and done" service provider setup that WSO2 provides? I expect to be adding service providers through the lifetime of my WSO2 implementation and it would be much easier if I could just place a file in a folder (the repository/conf/identity/service-providers folder that only works on first startup) and restart my server instead of going into the UI and performing multiple clicks to configure the service provider manually or upload it manually via file.

EDIT: @sajith pointed out that you should be able to configure service providers even after the server has started up once based on information in this article: https://docs.wso2.com/display/IS570/Configuring+a+SP+and+IdP+Using+Configuration+Files. However, I have not seen it work successfully. I know that something is happening because if I try to upload a service provider through the console (with a file upload) I get an error:

Console output:

Caused by: org.wso2.carbon.identity.application.common.IdentityApplicationManagementException: Application with the same name loaded from the file system.

So it looks like the WSO2 server is recognizing and loading the new service providers (even after the first startup) but I can't authenticate against them. Example response when attempting to authenticate against a new service provider:

{
    "error_description": "A valid OAuth client could not be found for client_id: test",
    "error": "invalid_client"
}

Answer 1

If I can't see the service provider in the console, how can I edit or delete it? What's the reasoning behind the "one and done" service provider setup that WSO2 provides?

This document says you can restart the WSO2 Identity Server to apply the file-based service-provider and identity­-provider configurations (configs which are placed inside <IS_HOME>/repository/conf/identity/) to the system.

I assume you have mixed with the following note regarding claim configurations.

The claims configured in /repository/conf/claim-config.xml file get applied only when you start the product for the first time, or for any newly created tenants. With the first startup, claim dialects and claims will be loaded from the file and persisted in the database. Any consecutive updates to the file will not be picked up and claim dialects and claims will be loaded from the database.

Edit:

{ "error_description": "A valid OAuth client could not be found for client_id: test", "error": "invalid_client" }

This is already answered in your previous question. invalid_client comes because you are setting a client id in the sp config file, but the identity server does not support to configure InboundAuthenticationConfig through this file.

Currently, the InboundAuthenticationConfig in the deployed file is not supported. But, you can have the SAML configurations in the WSO2_HOME/repository/conf/identity/sso-idp-config.xml file.

Therefore, you may use SOAP admin services for that purpose.