Layer7 API Management

Expand all | Collapse all

API gateway as Idp provider for API Portal

Jump to Best Answer
  • 1.  API gateway as Idp provider for API Portal

    Posted 04-09-2018 08:37 PM

    Can anyone provide the steps for configuring API gateway as IDP and API Portal 4.2 with BYOCMS as SP? I can found two conflicting posts on the capability of API gateway to work as IDP 


    SAML IdP Support APIG can work as IDP

    API Gateway as IDP of the SAAS portal APIG can not work as IDP


    Also, - CA API gateway uses SAML with, gives the steps of APIG as SP but nothing is mentioned as on how to use it as IDP provider.

  • 2.  Re: API gateway as Idp provider for API Portal

    Posted 04-09-2018 11:11 PM

    I have the same case, I want to configure my Portal 4.2 with a CMS but I do not have a CA SSO license, we use Oracle in the company, the documentation does not help

  • 3.  Re: API gateway as Idp provider for API Portal

    Posted 12-21-2018 02:21 PM
      |   view attached

    Good morning,


    I've been working with a few customers on getting the API Portal to link into the gateway using a Mock up IDP configuration. I've attached a restman folder bundle that contains 3 services which provides a login page which then does a redirect to another service to validate the user against the local identity provider. This configuration is a template of what can be done and does require a few changes.


    Information to use the bundle:

    1) Portal SAML SSO Authentication Scheme configuration:

    Identity Provider URL: https://<gateway FQDN>/samlReqPost
    SAML Binding: Post
    SAML Token Attribute SAMLResponse
    SAML Token Attribute In: Parameter
    Email = mail
    First Name = givenName
    Last Name = sn
    Login = login
    Organization = organization
    Role = memberOf

    2) Modify the /samlRegPost service so that the Location header points to https://<gatewayFQDN>/testSamlLogin 

    3) Modify the /testSamlResponse1 so that

       a) the portalUrl context variable is set to 

       b) userOrg and userGroup context variables are populated with valid organization names. 

    4) Create a group called SAMLUsers in the local Identity Provider and create a sample user which needs to be added into the new group



    Stephen Hughes
    Broadcom Support


    zip   279K 1 version

  • 4.  RE: API gateway as Idp provider for API Portal
    Best Answer

    Posted 01-14-2020 05:35 AM
    Just documented a use case at one of our client. 
    Portal SSO (SAML New) with API Gateway as the IDP
    Hope this helps