Layer7 API Management

Expand all | Collapse all

API gateway as Idp provider for API Portal

  • 1.  API gateway as Idp provider for API Portal

    Posted 04-09-2018 08:37 PM

    Can anyone provide the steps for configuring API gateway as IDP and API Portal 4.2 with BYOCMS as SP? I can found two conflicting posts on the capability of API gateway to work as IDP 

     

    SAML IdP Support APIG can work as IDP

    API Gateway as IDP of the SAAS portal APIG can not work as IDP

     

    Also,

    https://communities.ca.com/docs/DOC-231157028 - CA API gateway uses SAML with onelogin.com, gives the steps of APIG as SP but nothing is mentioned as on how to use it as IDP provider.



  • 2.  Re: API gateway as Idp provider for API Portal

    Posted 04-09-2018 11:11 PM

    I have the same case, I want to configure my Portal 4.2 with a CMS but I do not have a CA SSO license, we use Oracle in the company, the documentation does not help



  • 3.  Re: API gateway as Idp provider for API Portal

    Posted 12-21-2018 02:21 PM
      |   view attached

    Good morning,

     

    I've been working with a few customers on getting the API Portal to link into the gateway using a Mock up IDP configuration. I've attached a restman folder bundle that contains 3 services which provides a login page which then does a redirect to another service to validate the user against the local identity provider. This configuration is a template of what can be done and does require a few changes.

     

    Information to use the bundle:

    1) Portal SAML SSO Authentication Scheme configuration:

    Identity Provider URL: https://<gateway FQDN>/samlReqPost
    SAML Binding: Post
    SAML Token Attribute SAMLResponse
    SAML Token Attribute In: Parameter
    Mapping
    Email = mail
    First Name = givenName
    Last Name = sn
    Login = login
    Organization = organization
    Role = memberOf

    2) Modify the /samlRegPost service so that the Location header points to https://<gatewayFQDN>/testSamlLogin 

    3) Modify the /testSamlResponse1 so that

       a) the portalUrl context variable is set to https://gateway.support.local/portalAuth/sso/validateSaml 

       b) userOrg and userGroup context variables are populated with valid organization names. 

    4) Create a group called SAMLUsers in the local Identity Provider and create a sample user which needs to be added into the new group

     

    Sincerely,


    Stephen Hughes
    Broadcom Support

    Attachment(s)

    zip
    mock_idp_service.xml.zip   279K 1 version