Page Comparison

...

1. Azure team will be set up SAML IDP configurations

2. Configuring SAML Single Sign-On (SSO)

   1. Basic SAML Configuration’ section

   2. Configure the User Attribute & Claims section and Adding custom roles

   3. SAML-based Sign-on configuration

   4. Setup API4Saml

   5. Test SSO via azure

3. After that, we will below Info (below info it is Just sample credentials)

   1. Azure Enterprise Application name: APIM4SAML

   2. Identifier (Entity ID): wso2apimv400Tenant ID “

   3. TenantID : j52c9ea1-7c21-47b1-82a3-33a74b1f9832

   4. SAML Single Sign-on Service URL: https://login.microsoftonline.com/a74f37bd-de4d-4eb1-954d-445a2ca2a6e8/saml2

   5. SAML Entity ID: https://sts.windows.net/a74f37bd-de4d-4eb1-954d-445a2ca2a6e8/

   6. Sign-Out URL: https://login.microsoftonline.com/a74f37bd-de4d-4eb1-954d-445a2ca2a6e8/saml2

   7. SAML signing certificate: APIM4SAML.cer(Base64 encoded certificate)

   8. Alias: ps-ad

...

1. Set Saml properties

   1. Needed To Update below details As per your credentials

      1. Related to SAML

   2. Code Block

      spring.security.saml2.serviceProvider.alias=ps-ad spring.security.saml2.serviceProvider.entityId=spn:a74f37bd-de4d-4eb1-954d-445a2ca2a6e8 spring.security.saml2.serviceProvider.providers[0].alias=ps-ad spring.security.saml2.serviceProvider.providers[0].metadata=https://login.microsoftonline.com/d52c9ea1j52c9ea1-7c21-47b1-82a3-33a74b1f74b833a74b1f9832/federationmetadata/2007-06/federationmetadata.xml?appid=ca57b740a74f37bd-23ebde4d-462b4eb1-bc9d-4ebd4d3bb4a5 954d-445a2ca2a6e8/

      1. Related to Application

         Code Block

         auth.baseUrl=https://www.yourdomain.com/ auth.holdingEntityId=spn:a74f37bd-de4d-4eb1-954d-445a2ca2a6e8 auth.assertingEntityId=https://sts.windows.net/d52c9ea1j52c9ea1-7c21-47b1-82a3-33a74b1f74b8/33a74b1f9832/ auth.nameId=urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress auth.logoutEmailQueryParam=email auth.loginCallback=${auth.baseUrl}${server.servlet.context-path}/saml/sp/discovery?idp=${auth.assertingEntityId} auth.logoutCallback=${auth.baseUrl}${server.servlet.context-path}/saml/sp/logout?${auth.logoutEmailQueryParam}=%s auth.defaultRedirectToAfterLogout=${auth.baseUrl}${server.servlet.context-path}/hello auth.defaultRedirectToAfterLogin=${auth.baseUiUrl}/login/status #needtochange as per your auth.loginSuccessPageFormat=${auth.baseUiUrl}/status?authToken=%s

   3. Only needed to set fields.

   4. Code Block

      spring.security.saml2.serviceProvider.signMetadata=false spring.security.saml2.serviceProvider.signRequests=false spring.security.saml2.serviceProvider.encryptAssertions=false spring.security.saml2.serviceProvider.singleLogoutEnabled=true spring.security.saml2.serviceProvider.wantAssertionsSigned=true spring.security.saml2.serviceProvider.basePath=${auth.baseUrl}${server.servlet.context-path} spring.security.saml2.serviceProvider.nameIds=urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress spring.security.saml2.serviceProvider.keys.active.name=sp-signing-key-1 spring.security.saml2.serviceProvider.providers[0].skipSslValidation=true spring.security.saml2.serviceProvider.providers[0].authenticationRequestBinding=urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST

2. Add SAML Dependency

3. Request For SAML validate of each User

4. 1. Code Block
      <dependency> <groupId>org.springframework.security.extensions</groupId> <artifactId>spring-security-saml2-core</artifactId> <version>2.0.0.M31</version> </dependency> <dependency> <groupId>org.opensaml</groupId> <artifactId>opensaml-saml-impl</artifactId> <version>3.2.0</version> </dependency>

5. SAML login From UI - it will redirect to Microsoft login page and validate internally and give response to application and return call back url

6. after than Parse Saml XML response

7. Save Required Details in DB

...