Versions Compared

Old Version 2

changes.mady.by.user Roopa P

Saved on

compared with

New Version Current

changes.mady.by.user Manoj Kumar Srivastava

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Info

PSKnowHOW uses SAML for identity provider integration.

Prerequisite

AUTH Provider IDP Side

  1. Azure team will be set up SAML IDP configurations

  2. Configuring SAML Single Sign-On (SSO)

    1. Basic SAML Configuration’ section

    2. Configure the User Attribute & Claims section and Adding custom roles

    3. SAML-based Sign-on configuration

    4. Setup API4Saml

    5. Test SSO via azure

  3. After that, we you will get below Info From Azure Provider (below info it is Just sample credentials)

    1. Azure Enterprise Application name: APIM4SAML

    2. Unique Identifier (Entity ID): wso2apimv400 Tenant ID “

    3. TenantID/Directory ID : j52c9ea1-7c21-47b1-82a3-33a74b1f9832 (Specific to the company)

    4. SAML Single Sign-on Service URL: https://login.microsoftonline.com/a74f37bd-de4d-4eb1-954d-445a2ca2a6e8/saml2

    5. SAML Entity ID (Reply URL Assertion Consumer Service URL): https://sts.windows.net/a74f37bd-de4d-4eb1-954d-445a2ca2a6e8/ (Specific To Project Level) (Updated in below properties as auth.holdingEntityId)

    6. Sign-Out URL: https://login.microsoftonline.com/a74f37bd-de4d-4eb1-954d-445a2ca2a6e8/saml2

    7. SAML signing certificate: APIM4SAML.cer(Base64 encoded certificate)

    8. Alias: ps-ad

...

    1. (Specific to Company level)

Central AUTH Application Side

  1. Set Saml required SAML properties

    Save Required Details in DB

    1. Related to SAML Info Needed To Update below details As per your credentials

      1. Related to SAML

      Code Blockspring.security.saml2.serviceProvider.alias=ps-ad spring.security.saml2.serviceProvider.entityId

      (for release Version Knowhow 9.0.0 to 9.5.0)

    2. you have to Azure Saml parameter Mapping to auth application.properties file field like this

      1. TenantId map to auth.assertingEntityId

      2. SAML Entity ID map to auth.holdingEntityId

      3. Alias map to auth.alias

      4. SAML Entity ID map to appId in auth.samlLoginUrl

    3. Code Block
      #NeededToUpdate : Saml info update Start
auth.holdingEntityId=spn:a74f37bd-de4d-4eb1-954d-445a2ca2a6e8
spring.security.saml2.serviceProvider.providers[0].auth.assertingEntityId=https://sts.windows.net/j52c9ea1-7c21-47b1-82a3-33a74b1f9832/
auth.alias=ps-ad
spring.security.saml2.serviceProvider.providers[0].metadataauth.samlLoginUrl=https://login.microsoftonline.com/d52c9ea1j52c9ea1-7c21-47b1-82a3-33a74b1f74b833a74b1f9832/federationmetadata/2007-06/federationmetadata.xml?appid=ca57b740a74f37bd-23ebde4d-462b4eb1-bc9d-4ebd4d3bb4a5

      1. Related to Application

        Code Block
        auth.baseUrl=
auth.holdingEntityId=spn:a74f37bd-de4d-4eb1-954d-445a2ca2a6e8
auth.assertingEntityId=https://sts.windows.net/d52c9ea1-7c21-47b1-82a3-33a74b1f74b8/

    4. Only needed to set fields.

    5. Code Block
      spring.security.saml2.serviceProvider.signMetadata=false
spring.security.saml2.serviceProvider.signRequests=false
spring.security.saml2.serviceProvider.encryptAssertions=false
spring.security.saml2.serviceProvider.singleLogoutEnabled=true
spring.security.saml2.serviceProvider.wantAssertionsSigned=true
spring.security.saml2.serviceProvider.basePath=${auth.baseUrl}${server.servlet.context-path}
spring.security.saml2.serviceProvider.nameIds=urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
spring.security.saml2.serviceProvider.keys.active.name=sp-signing-key-1
spring.security.saml2.serviceProvider.providers[0].skipSslValidation=true
spring.security.saml2.serviceProvider.providers[0].authenticationRequestBinding=urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST

  2. Add SAML Dependency

  3. Request For SAML validate of each User

  4. Parse Saml XML response 

    1. 954d-445a2ca2a6e8
#NeededToUpdate : Saml info update End

If you are Using release Version Knowhow 10.0.0 Onwards you have to use

Saml Mapping to auth application.yml file

  1. SAML Entity ID map to entity-id

  2. TenantId and SAML Entity ID Map to MetaDataUrl

    Code Block
    https://login.microsoftonline.com/{tenant-id}/federationmetadata/2007-06/federationmetadata.xml?appid={your-Entity ID}
Code Block
security:
    filter:
      dispatcher-types: async, error, request, forward
    saml2:
      relyingparty:
        registration:
          azure:
            acs:
              location: '{baseUrl}/saml/SSO'
            assertingparty:
              metadata-uri: =https://login.microsoftonline.com/j52c9ea1-7c21-47b1-82a3-33a74b1f9832/federationmetadata/2007-06/federationmetadata.xml?appid=a74f37bd-de4d-4eb1-954d-445a2ca2a6e8
            entity-id: spn:a74f37bd-de4d-4eb1-954d-445a2ca2a6e8
            singlelogout:
              binding: POST
              responseUrl: '{baseUrl}/saml/SingleLogout'
              url: '{baseUrl}/saml/logout'