SAML Integration Flow

Prerequisite

AUTH Provider IDP Side

1. Azure team will be set up SAML IDP configurations

2. Configuring SAML Single Sign-On (SSO)

   1. Basic SAML Configuration’ section

   2. Configure the User Attribute & Claims section and Adding custom roles

   3. SAML-based Sign-on configuration

   4. Setup API4Saml

   5. Test SSO via azure

3. After that, you will get below Info From Azure Provider (below info it is Just sample credentials)

   1. Azure Enterprise Application name: APIM4SAML

   2. Identifier (Entity ID): wso2apimv400

   3. TenantID : j52c9ea1-7c21-47b1-82a3-33a74b1f9832 (Specific to the company) (update in below properties as auth.assertingEntityId)

   4. SAML Single Sign-on Service URL: https://login.microsoftonline.com/a74f37bd-de4d-4eb1-954d-445a2ca2a6e8/saml2

   5. SAML Entity ID: https://sts.windows.net/a74f37bd-de4d-4eb1-954d-445a2ca2a6e8/ (Specific To Project Level) (Updated in below properties as auth.holdingEntityId)

   6. Sign-Out URL: https://login.microsoftonline.com/a74f37bd-de4d-4eb1-954d-445a2ca2a6e8/saml2

   7. SAML signing certificate: APIM4SAML.cer(Base64 encoded certificate)

   8. Alias: ps-ad (Specific to Company level)

Central AUTH Application Side

1. Set required Saml properties use information get from azure provider

   1. Related to SAML Info

      1. Needed To Update below details As per your credentials

   2. #NeededToUpdate : Saml info update Start
      auth.holdingEntityId=spn:a74f37bd-de4d-4eb1-954d-445a2ca2a6e8
      auth.assertingEntityId=https://sts.windows.net/j52c9ea1-7c21-47b1-82a3-33a74b1f9832/
      auth.alias=ps-ad
      auth.samlLoginUrl=https://login.microsoftonline.com/j52c9ea1-7c21-47b1-82a3-33a74b1f9832/federationmetadata/2007-06/federationmetadata.xml?appid=a74f37bd-de4d-4eb1-954d-445a2ca2a6e8
      #NeededToUpdate : Saml info update End