IBM has a security product which can be used for SAML2.0 SSO integrations. IBM wants to develop quick SAML2.0 SSO connectors of this security product for various service providers. apigee is one such service provider for which IBM wants to develop such connector between IBM Product which act as the Identity Provider and various partners(Service Provider) using SAML 2.0.
The purpose of these connectors is to make SAML2.0 SSO integration easy and quick.
We(Persistent) are IBM contractors and working on this connector development project with IBM.
Kindly do let us know whether
1.Free trial of apigee SAML 2.0 SSO feature.
2.If it doesnt support,we’d like to know the pricing details to purchase paid account with SAML 2.0 capability.
Could you please let us know required process in setting up SAML with Apigee
I am having trial account and activated API management.
I can see only OATH and want to configuration setting to configure SAML 2.0??We are havinh=g IBM identity provider and want to set Apigee as Service Provider.
Please confirm.. when you are editing a proxy and want to add a policy to a flow, you are only seeing the OAuth policies and not the SAML policies, as shown below? There is no automatic configuration for SAML. You will need to configure the proxy.
Inbound authentication and authorization: Validate SAML Assertion policy The SAML policy type enables API proxies to validate SAML assertions that are attached to inbound SOAP requests. The SAML policy validates incoming messages that contain a digitally-signed SAML assertion, rejects them if they are invalid, and sets variables that allow additional policies, or the backend services itself, to further validate the information in the assertion.
Outbound token generation: Generate SAML Assertion policy The SAML policy type enables API proxies to attach SAML assertions to outbound XML requests. Those assertions are then available to enable backend services to apply further security processing for authentication and authorization.
As per it when you hav Validate Assertion it acts as SP and we have IBM Identity provider which will send the assertions and Apigee will validate(act as SP) in our use case.
So we dont need Generate SAML assertion part right??? If we are to configure only as SP.
I am trying to add ValidateSAMLAssertion Policy to the default helloworld application in apigee. Following is the sample XML code i have written to validate assertion: <?xml version="1.0" encoding="UTF-8" standalone="yes"?> urn:oasis:names:tc:SAML:2.0:protocol urn:oasis:names:tc:SAML:2.0:assertion /samlp:Response/saml:Assertion myKeystore false ValidateSAMLAssertion
What should be the issuer and assertion consumer service endpoint for this application that we need to share with identity provider to send SAML Assertion?
