Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Prerequisite

AUTH Provider

  1. Azure team will be set up SAML IDP configurations

  2. Configuring SAML Single Sign-On (SSO)

    1. Basic SAML Configuration’ section

    2. Configure the User Attribute & Claims section and Adding custom roles

    3. SAML-based Sign-on configuration

    4. Setup API4Saml

    5. Test SSO via azure

  3. After that, we will below Info (below info it is Just sample credentials)

    1. Azure Enterprise Application name: APIM4SAML

    2. Identifier (Entity ID): wso2apimv400

    3. Tenant ID “

    4. SAML Single Sign-on Service URL: https://login.microsoftonline.com/a74f37bd-de4d-4eb1-954d-445a2ca2a6e8/saml2

    5. SAML Entity ID: https://sts.windows.net/a74f37bd-de4d-4eb1-954d-445a2ca2a6e8/

    6. Sign-Out URL: https://login.microsoftonline.com/a74f37bd-de4d-4eb1-954d-445a2ca2a6e8/saml2

    7. SAML signing certificate: APIM4SAML.cer(Base64 encoded certificate)

    8. Alias: ps-ad

Each Application Side

  1. Set Saml properties

    1. Needed To Update below details As per your credentials

      1. Related to SAML

    2. Code Block
      spring.security.saml2.serviceProvider.alias=ps-ad
      spring.security.saml2.serviceProvider.entityId=spn:a74f37bd-de4d-4eb1-954d-445a2ca2a6e8
      spring.security.saml2.serviceProvider.providers[0].alias=ps-ad
      spring.security.saml2.serviceProvider.providers[0].metadata=https://login.microsoftonline.com/d52c9ea1-7c21-47b1-82a3-33a74b1f74b8/federationmetadata/2007-06/federationmetadata.xml?appid=ca57b740-23eb-462b-bc9d-4ebd4d3bb4a5
      
      
      1. Related to Application

        Code Block
        auth.baseUrl=
        auth.holdingEntityId=spn:a74f37bd-de4d-4eb1-954d-445a2ca2a6e8
        auth.assertingEntityId=https://sts.windows.net/d52c9ea1-7c21-47b1-82a3-33a74b1f74b8/
    3. Only needed to set fields.

    4. Code Block
      spring.security.saml2.serviceProvider.signMetadata=false
      spring.security.saml2.serviceProvider.signRequests=false
      spring.security.saml2.serviceProvider.encryptAssertions=false
      spring.security.saml2.serviceProvider.singleLogoutEnabled=true
      spring.security.saml2.serviceProvider.wantAssertionsSigned=true
      spring.security.saml2.serviceProvider.basePath=${auth.baseUrl}${server.servlet.context-path}
      spring.security.saml2.serviceProvider.nameIds=urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
      spring.security.saml2.serviceProvider.keys.active.name=sp-signing-key-1
      spring.security.saml2.serviceProvider.providers[0].skipSslValidation=true
      spring.security.saml2.serviceProvider.providers[0].authenticationRequestBinding=urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
  2. Add SAML Dependency

  3. Request For SAML validate of each User

  4. Parse Saml XML response

  5. Save Required Details in DB