Prerequisite
AUTH Provider
Azure team will be set up SAML IDP configurations
Configuring SAML Single Sign-On (SSO)
Basic SAML Configuration’ section
Configure the User Attribute & Claims section and Adding custom roles
SAML-based Sign-on configuration
Setup API4Saml
Test SSO via azure
After that, we will below Info (below info it is Just sample credentials)
Azure Enterprise Application name: APIM4SAML
Identifier (Entity ID): wso2apimv400
Tenant ID “
SAML Single Sign-on Service URL: https://login.microsoftonline.com/a74f37bd-de4d-4eb1-954d-445a2ca2a6e8/saml2
SAML Entity ID: https://sts.windows.net/a74f37bd-de4d-4eb1-954d-445a2ca2a6e8/
Sign-Out URL: https://login.microsoftonline.com/a74f37bd-de4d-4eb1-954d-445a2ca2a6e8/saml2
SAML signing certificate: APIM4SAML.cer(Base64 encoded certificate)
Alias: ps-ad
Each Application Side
Set Saml properties
Needed To Update below details As per your credentials
Related to SAML
Code Block spring.security.saml2.serviceProvider.alias=ps-ad spring.security.saml2.serviceProvider.entityId=spn:a74f37bd-de4d-4eb1-954d-445a2ca2a6e8 spring.security.saml2.serviceProvider.providers[0].alias=ps-ad spring.security.saml2.serviceProvider.providers[0].metadata=https://login.microsoftonline.com/d52c9ea1-7c21-47b1-82a3-33a74b1f74b8/federationmetadata/2007-06/federationmetadata.xml?appid=ca57b740-23eb-462b-bc9d-4ebd4d3bb4a5
Related to Application
Code Block auth.baseUrl= auth.holdingEntityId=spn:a74f37bd-de4d-4eb1-954d-445a2ca2a6e8 auth.assertingEntityId=https://sts.windows.net/d52c9ea1-7c21-47b1-82a3-33a74b1f74b8/
Only needed to set fields.
Code Block spring.security.saml2.serviceProvider.signMetadata=false spring.security.saml2.serviceProvider.signRequests=false spring.security.saml2.serviceProvider.encryptAssertions=false spring.security.saml2.serviceProvider.singleLogoutEnabled=true spring.security.saml2.serviceProvider.wantAssertionsSigned=true spring.security.saml2.serviceProvider.basePath=${auth.baseUrl}${server.servlet.context-path} spring.security.saml2.serviceProvider.nameIds=urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress spring.security.saml2.serviceProvider.keys.active.name=sp-signing-key-1 spring.security.saml2.serviceProvider.providers[0].skipSslValidation=true spring.security.saml2.serviceProvider.providers[0].authenticationRequestBinding=urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
Add SAML Dependency
Request For SAML validate of each User
Parse Saml XML response
Save Required Details in DB