Can anyone provide the steps for configuring API gateway as IDP and API Portal 4.2 with BYOCMS as SP? I can found two conflicting posts on the capability of API gateway to work as IDP
SAML IdP Support APIG can work as IDP
API Gateway as IDP of the SAAS portal APIG can not work as IDP
https://communities.ca.com/docs/DOC-231157028 - CA API gateway uses SAML with onelogin.com, gives the steps of APIG as SP but nothing is mentioned as on how to use it as IDP provider.
I have the same case, I want to configure my Portal 4.2 with a CMS but I do not have a CA SSO license, we use Oracle in the company, the documentation does not help
I've been working with a few customers on getting the API Portal to link into the gateway using a Mock up IDP configuration. I've attached a restman folder bundle that contains 3 services which provides a login page which then does a redirect to another service to validate the user against the local identity provider. This configuration is a template of what can be done and does require a few changes.
Information to use the bundle:
1) Portal SAML SSO Authentication Scheme configuration:
Identity Provider URL: https://<gateway FQDN>/samlReqPostSAML Binding: PostSAML Token Attribute SAMLResponseSAML Token Attribute In: ParameterMappingEmail = mailFirst Name = givenNameLast Name = snLogin = loginOrganization = organizationRole = memberOf
2) Modify the /samlRegPost service so that the Location header points to https://<gatewayFQDN>/testSamlLogin
3) Modify the /testSamlResponse1 so that
a) the portalUrl context variable is set to https://gateway.support.local/portalAuth/sso/validateSaml
b) userOrg and userGroup context variables are populated with valid organization names.
4) Create a group called SAMLUsers in the local Identity Provider and create a sample user which needs to be added into the new group
Stephen HughesBroadcom Support