Prerequisite
AUTH Provider IDP Side
Azure team will be set up SAML IDP configurations
Configuring SAML Single Sign-On (SSO)
Basic SAML Configuration’ section
Configure the User Attribute & Claims section and Adding custom roles
SAML-based Sign-on configuration
Setup API4Saml
Test SSO via azure
After that, you will get below Info From Azure Provider (below info it is Just sample credentials)
Azure Enterprise Application name: APIM4SAML
Unique Identifier (Entity ID): wso2apimv400
TenantID/Directory ID : j52c9ea1-7c21-47b1-82a3-33a74b1f9832 (Specific to the company) (update in below properties as auth.assertingEntityId)
SAML Single Sign-on Service URL: https://login.microsoftonline.com/a74f37bd-de4d-4eb1-954d-445a2ca2a6e8/saml2
SAML Entity ID (Reply URL Assertion Consumer Service URL): https://sts.windows.net/a74f37bd-de4d-4eb1-954d-445a2ca2a6e8/ (Specific To Project Level) (Updated in below properties as auth.holdingEntityId)
Sign-Out URL: https://login.microsoftonline.com/a74f37bd-de4d-4eb1-954d-445a2ca2a6e8/saml2
SAML signing certificate: APIM4SAML.cer(Base64 encoded certificate)
Alias: ps-ad (Specific to Company level)
Central AUTH Application Side
Set required Saml properties use information get from azure providerSAML properties
Related to SAML Info Needed To Update below details As per your credentials (for release Version Knowhow 9.0.0 to 9.5.0)
you have to Azure Saml parameter Mapping to auth application.properties file field like this
TenantId map to auth.assertingEntityId
SAML Entity ID map to auth.holdingEntityId
Alias map to auth.alias
SAML Entity ID map to appId in auth.samlLoginUrl
Code Block #NeededToUpdate : Saml info update Start auth.holdingEntityId=spn:a74f37bd-de4d-4eb1-954d-445a2ca2a6e8 auth.assertingEntityId=https://sts.windows.net/j52c9ea1-7c21-47b1-82a3-33a74b1f9832/ auth.alias=ps-ad auth.samlLoginUrl=https://login.microsoftonline.com/j52c9ea1-7c21-47b1-82a3-33a74b1f9832/federationmetadata/2007-06/federationmetadata.xml?appid=a74f37bd-de4d-4eb1-954d-445a2ca2a6e8 #NeededToUpdate : Saml info update End
If you are Using release Version Knowhow 10.0.0 Onwards you have to use
Saml Mapping to auth application.yml file
SAML Entity ID map to entity-id
TenantId and SAML Entity ID Map to MetaDataUrl
Code Block https://login.microsoftonline.com/{tenant-id}/federationmetadata/2007-06/federationmetadata.xml?appid={your-Entity ID}
Code Block |
---|
security:
filter:
dispatcher-types: async, error, request, forward
saml2:
relyingparty:
registration:
azure:
acs:
location: '{baseUrl}/saml/SSO'
assertingparty:
metadata-uri: =https://login.microsoftonline.com/j52c9ea1-7c21-47b1-82a3-33a74b1f9832/federationmetadata/2007-06/federationmetadata.xml?appid=a74f37bd-de4d-4eb1-954d-445a2ca2a6e8
entity-id: spn:a74f37bd-de4d-4eb1-954d-445a2ca2a6e8
singlelogout:
binding: POST
responseUrl: '{baseUrl}/saml/SingleLogout'
url: '{baseUrl}/saml/logout' |