HI Team,
IBM has a security product which can be used for SAML2.0 SSO integrations. IBM wants to develop quick SAML2.0 SSO connectors of this security product for various service providers. apigee is one such service provider for which IBM wants to develop such connector between IBM Product which act as the Identity Provider and various partners(Service Provider) using SAML 2.0.
The purpose of these connectors is to make SAML2.0 SSO integration easy and quick.
We(Persistent) are IBM contractors and working on this connector development project with IBM.
Kindly do let us know whether
1.Free trial of apigee SAML 2.0 SSO feature.
2.If it doesnt support,we'd like to know the pricing details to purchase paid account with SAML 2.0 capability.
Could you please let us know required process in setting up SAML with Apigee
Did you try a trial account and the policies were not available?
I just checked one of my trial orgs and the policies appeared ready for use. I think it should work for you.
Handy link to SAML docs: http://docs.apigee.com/api-services/content/saml
Hi Carlos Thanks for the headsup.
I am having trial account and activated API management.
I can see only OATH and want to configuration setting to configure SAML 2.0??We are havinh=g IBM identity provider and want to set Apigee as Service Provider.
Please confirm.. when you are editing a proxy and want to add a policy to a flow, you are only seeing the OAuth policies and not the SAML policies, as shown below? There is no automatic configuration for SAML. You will need to configure the proxy.
I have added the Validate assertion as mention in pIc
Then how to proceed with that????.apigeeee3.png
Have you examined the documentation on the sAML policy? http://docs.apigee.com/api-services/content/saml
If so, what specifically is the problem?
I Checked the documentation.
As per it when you hav Validate Assertion it acts as SP and we have IBM Identity provider which will send the assertions and Apigee will validate(act as SP) in our use case.
So we dont need Generate SAML assertion part right??? If we are to configure only as SP.
Hi Dino,
I am trying to add ValidateSAMLAssertion Policy to the default helloworld application in apigee. Following is the sample XML code i have written to validate assertion: <?xml version="1.0" encoding="UTF-8" standalone="yes"?> <ValidateSAMLAssertion ignoreContentType="true" name="Validate-SAML-Assertion-1"> <Source name="request"> <Namespaces> <Namespace prefix="samlp">urn:oasis:names:tc:SAML:2.0:protocol</Namespace> <Namespace prefix="saml">urn:oasis:names:tc:SAML:2.0:assertion</Namespace> </Namespaces> <XPath>/samlp:Response/saml:Assertion</XPath> </Source> <TrustStore>myKeystore</TrustStore> <RemoveAssertion>false</RemoveAssertion> <DisplayName>ValidateSAMLAssertion</DisplayName> </ValidateSAMLAssertion>
What should be the issuer and assertion consumer service endpoint for this application that we need to share with identity provider to send SAML Assertion?