Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 3 Next »

Prerequisite

AUTH Provider

  1. Azure team will be set up SAML IDP configurations

  2. Configuring SAML Single Sign-On (SSO)

    1. Basic SAML Configuration’ section

    2. Configure the User Attribute & Claims section and Adding custom roles

    3. SAML-based Sign-on configuration

    4. Setup API4Saml

    5. Test SSO via azure

  3. After that, we will below Info (below info it is Just sample credentials)

    1. Azure Enterprise Application name: APIM4SAML

    2. Identifier (Entity ID): wso2apimv400

    3. TenantID : j52c9ea1-7c21-47b1-82a3-33a74b1f9832

    4. SAML Single Sign-on Service URL: https://login.microsoftonline.com/a74f37bd-de4d-4eb1-954d-445a2ca2a6e8/saml2

    5. SAML Entity ID: https://sts.windows.net/a74f37bd-de4d-4eb1-954d-445a2ca2a6e8/

    6. Sign-Out URL: https://login.microsoftonline.com/a74f37bd-de4d-4eb1-954d-445a2ca2a6e8/saml2

    7. SAML signing certificate: APIM4SAML.cer(Base64 encoded certificate)

    8. Alias: ps-ad

Each Application Side

  1. Set Saml properties

    1. Needed To Update below details As per your credentials

      1. Related to SAML

    2. spring.security.saml2.serviceProvider.alias=ps-ad
spring.security.saml2.serviceProvider.entityId=spn:a74f37bd-de4d-4eb1-954d-445a2ca2a6e8
spring.security.saml2.serviceProvider.providers[0].alias=ps-ad
spring.security.saml2.serviceProvider.providers[0].metadata=https://login.microsoftonline.com/j52c9ea1-7c21-47b1-82a3-33a74b1f9832/federationmetadata/2007-06/federationmetadata.xml?appid=a74f37bd-de4d-4eb1-954d-445a2ca2a6e8/

      1. Related to Application

        auth.baseUrl=https://www.yourdomain.com/
auth.holdingEntityId=spn:a74f37bd-de4d-4eb1-954d-445a2ca2a6e8
auth.assertingEntityId=https://sts.windows.net/j52c9ea1-7c21-47b1-82a3-33a74b1f9832/
auth.nameId=urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
auth.logoutEmailQueryParam=email
auth.loginCallback=${auth.baseUrl}${server.servlet.context-path}/saml/sp/discovery?idp=${auth.assertingEntityId}
auth.logoutCallback=${auth.baseUrl}${server.servlet.context-path}/saml/sp/logout?${auth.logoutEmailQueryParam}=%s

auth.defaultRedirectToAfterLogout=${auth.baseUrl}${server.servlet.context-path}/hello
auth.defaultRedirectToAfterLogin=${auth.baseUiUrl}/login/status
#needtochange as per your
auth.loginSuccessPageFormat=${auth.baseUiUrl}/status?authToken=%s

    3. Only needed to set fields.

    4. spring.security.saml2.serviceProvider.signMetadata=false
spring.security.saml2.serviceProvider.signRequests=false
spring.security.saml2.serviceProvider.encryptAssertions=false
spring.security.saml2.serviceProvider.singleLogoutEnabled=true
spring.security.saml2.serviceProvider.wantAssertionsSigned=true
spring.security.saml2.serviceProvider.basePath=${auth.baseUrl}${server.servlet.context-path}
spring.security.saml2.serviceProvider.nameIds=urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
spring.security.saml2.serviceProvider.keys.active.name=sp-signing-key-1
spring.security.saml2.serviceProvider.providers[0].skipSslValidation=true
spring.security.saml2.serviceProvider.providers[0].authenticationRequestBinding=urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST

  2. Add SAML Dependency

    1. <dependency>
   <groupId>org.springframework.security.extensions</groupId>
   <artifactId>spring-security-saml2-core</artifactId>
   <version>2.0.0.M31</version>
</dependency>
<dependency>
   <groupId>org.opensaml</groupId>
   <artifactId>opensaml-saml-impl</artifactId>
   <version>3.2.0</version>
</dependency>

  3. SAML login From UI - it will redirect to Microsoft login page and validate internally and give response to application and return call back url

  4. after than Parse Saml XML response

  5. Save Required Details in DB

  • No labels

© 2022 Publicis Sapient. All rights reserved.