Versions Compared

Old Version 3

changes.mady.by.user Roopa P

Saved on

compared with

New Version 4

changes.mady.by.user Hirenkumar Babariya

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Prerequisite

AUTH Provider IDP Side

  1. Azure team will be set up SAML IDP configurations

  2. Configuring SAML Single Sign-On (SSO)

    1. Basic SAML Configuration’ section

    2. Configure the User Attribute & Claims section and Adding custom roles

    3. SAML-based Sign-on configuration

    4. Setup API4Saml

    5. Test SSO via azure

  3. After that, we you will get below Info From Azure Provider (below info it is Just sample credentials)

    1. Azure Enterprise Application name: APIM4SAML

    2. Identifier (Entity ID): wso2apimv400

    3. TenantID : j52c9ea1-7c21-47b1-82a3-33a74b1f9832 (Specific to the company) (update in below properties as auth.assertingEntityId)

    4. SAML Single Sign-on Service URL: https://login.microsoftonline.com/a74f37bd-de4d-4eb1-954d-445a2ca2a6e8/saml2

    5. SAML Entity ID: https://sts.windows.net/a74f37bd-de4d-4eb1-954d-445a2ca2a6e8/(Specific To Project Level) (Updated in below properties as auth.holdingEntityId)

    6. Sign-Out URL: https://login.microsoftonline.com/a74f37bd-de4d-4eb1-954d-445a2ca2a6e8/saml2

    7. SAML signing certificate: APIM4SAML.cer(Base64 encoded certificate)

    8. Alias: ps-ad

...

    1. (Specific to Company level)

Central AUTH Application Side

  1. Set Saml properties

    1. Related to SAML Info

      1. Needed To Update below details As per your credentials

      1. Related to SAML

    2. Code Block
      spring.security.saml2.serviceProvider.alias=ps-ad
spring.security.saml2.serviceProvider.entityId#NeededToUpdate : Saml info update Start
auth.holdingEntityId=spn:a74f37bd-de4d-4eb1-954d-445a2ca2a6e8
spring.security.saml2.serviceProvider.providers[0].auth.assertingEntityId=https://sts.windows.net/j52c9ea1-7c21-47b1-82a3-33a74b1f9832/
auth.alias=ps-ad
spring.security.saml2.serviceProvider.providers[0].metadataauth.samlLoginUrl=https://login.microsoftonline.com/j52c9ea1-7c21-47b1-82a3-33a74b1f9832/federationmetadata/2007-06/federationmetadata.xml?appid=a74f37bd-de4d-4eb1-954d-445a2ca2a6e8/

      1. Related to Application

        Code Block
        auth.baseUrl=https://www.yourdomain.com/
auth.holdingEntityId=spn:a74f37bd-de4d-4eb1-954d-445a2ca2a6e8
auth.assertingEntityId=https://sts.windows.net/j52c9ea1-7c21-47b1-82a3-33a74b1f9832/
auth.nameId=urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
auth.logoutEmailQueryParam=email
auth.loginCallback=${auth.baseUrl}${server.servlet.context-path}/saml/sp/discovery?idp=${auth.assertingEntityId}
auth.logoutCallback=${auth.baseUrl}${server.servlet.context-path}/saml/sp/logout?${auth.logoutEmailQueryParam}=%s

auth.defaultRedirectToAfterLogout=${auth.baseUrl}${server.servlet.context-path}/hello
auth.defaultRedirectToAfterLogin=${auth.baseUiUrl}/login/status
#needtochange as per your
auth.loginSuccessPageFormat=${auth.baseUiUrl}/status?authToken=%s

    3. Only needed to set fields.

    4. Code Block
      
#NeededToUpdate : Saml info update End

    5. Related to SAML 2 Code - Same As Per Mention in Properties

      Code Block
      spring.security.saml2.serviceProvider.alias=${auth.alias}
spring.security.saml2.serviceProvider.signMetadata=false
spring.security.saml2.serviceProvider.signRequests=false
spring.security.saml2.serviceProvider.encryptAssertions=false
spring.security.saml2.serviceProvider.singleLogoutEnabled=true
spring.security.saml2.serviceProvider.wantAssertionsSigned=true
spring.security.saml2.serviceProvider.entityId=${auth.holdingEntityId}
spring.security.saml2.serviceProvider.basePath=${auth.baseUrl}${server.servlet.context-path}
spring.security.saml2.serviceProvider.nameIds=urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
spring.security.saml2.serviceProvider.keys.active.name=sp-signing-key-1
spring.security.saml2.serviceProvider.providers[0].alias=${auth.alias}
spring.security.saml2.serviceProvider.providers[0].skipSslValidation=true
spring.security.saml2.serviceProvider.providers[0].metadata=${auth.samlLoginUrl}
spring.security.saml2.serviceProvider.providers[0].authenticationRequestBinding=urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
    Add SAML Dependency
    1. 

auth.samlMaxAuthenticationAgeMillis=604800000
auth.nameId=urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
auth.logoutEmailQueryParam=email
auth.loginCallback=${auth.baseUrl}${server.servlet.context-path}/saml/sp/discovery?idp=${auth.assertingEntityId}
auth.logoutCallback=${auth.baseUrl}${server.servlet.context-path}/saml/sp/logout?${auth.logoutEmailQueryParam}=%s
auth.defaultRedirectToAfterLogout=${auth.baseUrl}${server.servlet.context-path}/hello
auth.defaultRedirectToAfterLogin=${auth.baseUiUrl}/login/status
auth.loginSuccessPageFormat=${auth.baseUiUrl}/status?authToken=%s

  1. Used Below SAML Dependency in Project

    Code Block
    <dependency>
   <groupId>org.springframework.security.extensions</groupId>
   <artifactId>spring-security-saml2-core</artifactId>
   <version>2.0.0.M31</version>
</dependency>
<dependency>
   <groupId>org.opensaml</groupId>
   <artifactId>opensaml-saml-impl</artifactId>
   <version>3.2.0</version>
</dependency>

  2. SAML login From UI - it will redirect to Microsoft login page and validate Username/Password internally and give response

...

  1. mention URL endpoint as per properties file and return call back

...

  1. URL

...

  1. Parse

...

  1. SAML XML response

  2. Save Required Details in DB