Prerequisite
AUTH Provider
Azure team will be set up SAML IDP configurations
Configuring SAML Single Sign-On (SSO)
Basic SAML Configuration’ section
Configure the User Attribute & Claims section and Adding custom roles
SAML-based Sign-on configuration
Setup API4Saml
Test SSO via azure
After that, we will below Info (below info it is Just sample credentials)
Azure Enterprise Application name: APIM4SAML
Identifier (Entity ID): wso2apimv400
TenantID : j52c9ea1-7c21-47b1-82a3-33a74b1f9832
SAML Single Sign-on Service URL: https://login.microsoftonline.com/a74f37bd-de4d-4eb1-954d-445a2ca2a6e8/saml2
SAML Entity ID: https://sts.windows.net/a74f37bd-de4d-4eb1-954d-445a2ca2a6e8/
Sign-Out URL: https://login.microsoftonline.com/a74f37bd-de4d-4eb1-954d-445a2ca2a6e8/saml2
SAML signing certificate: APIM4SAML.cer(Base64 encoded certificate)
Alias: ps-ad
Each Application Side
Set Saml properties
Needed To Update below details As per your credentials
Related to SAML
spring.security.saml2.serviceProvider.alias=ps-ad spring.security.saml2.serviceProvider.entityId=spn:a74f37bd-de4d-4eb1-954d-445a2ca2a6e8 spring.security.saml2.serviceProvider.providers[0].alias=ps-ad spring.security.saml2.serviceProvider.providers[0].metadata=https://login.microsoftonline.com/j52c9ea1-7c21-47b1-82a3-33a74b1f9832/federationmetadata/2007-06/federationmetadata.xml?appid=a74f37bd-de4d-4eb1-954d-445a2ca2a6e8/
Related to Application
auth.baseUrl=https://www.yourdomain.com/ auth.holdingEntityId=spn:a74f37bd-de4d-4eb1-954d-445a2ca2a6e8 auth.assertingEntityId=https://sts.windows.net/j52c9ea1-7c21-47b1-82a3-33a74b1f9832/ auth.nameId=urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress auth.logoutEmailQueryParam=email auth.loginCallback=${auth.baseUrl}${server.servlet.context-path}/saml/sp/discovery?idp=${auth.assertingEntityId} auth.logoutCallback=${auth.baseUrl}${server.servlet.context-path}/saml/sp/logout?${auth.logoutEmailQueryParam}=%s auth.defaultRedirectToAfterLogout=${auth.baseUrl}${server.servlet.context-path}/hello auth.defaultRedirectToAfterLogin=${auth.baseUiUrl}/login/status #needtochange as per your auth.loginSuccessPageFormat=${auth.baseUiUrl}/status?authToken=%s
Only needed to set fields.
spring.security.saml2.serviceProvider.signMetadata=false spring.security.saml2.serviceProvider.signRequests=false spring.security.saml2.serviceProvider.encryptAssertions=false spring.security.saml2.serviceProvider.singleLogoutEnabled=true spring.security.saml2.serviceProvider.wantAssertionsSigned=true spring.security.saml2.serviceProvider.basePath=${auth.baseUrl}${server.servlet.context-path} spring.security.saml2.serviceProvider.nameIds=urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress spring.security.saml2.serviceProvider.keys.active.name=sp-signing-key-1 spring.security.saml2.serviceProvider.providers[0].skipSslValidation=true spring.security.saml2.serviceProvider.providers[0].authenticationRequestBinding=urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
Add SAML Dependency
<dependency> <groupId>org.springframework.security.extensions</groupId> <artifactId>spring-security-saml2-core</artifactId> <version>2.0.0.M31</version> </dependency> <dependency> <groupId>org.opensaml</groupId> <artifactId>opensaml-saml-impl</artifactId> <version>3.2.0</version> </dependency>
SAML login From UI - it will redirect to Microsoft login page and validate internally and give response to application and return call back url
after than Parse Saml XML response
Save Required Details in DB