Uploading Adeptia Connect metadata to IdP server allows IdP server to fetch the details of Service Provider such as server name, metadata information, certificate, encryption, single logout, and much more.
This page helps you in configuring multiple IDPs in Adeptia Connect. The steps may vary for various IDP providers (e.g. SSO Circle, Keycloak, Okta, etc.). This page guides the multiple IDP configuration through an example of SSO circle. For a clustered set up, you can repeat the steps given in every node of the environment.
Configure Multiple IDP in Adeptia Connect
...
- Save the multiple idp.xml file and rename it (for example, idp_1.xml and idp2idp_2.xml).
Placing Multiple IDP Metadata in Adeptia Connect
Placing IdP metadata information within Adeptia Connect allows Service Provider to read the details of IdP Server from a particular location.
After you have placed the both idp.xml file, you need to set up the bean for both idp.xml file as explained in below image files. By default there will be one bean in the file, you may copy-paste the bean and change the file name. Refer to the image below (securityContext.xml file file).
Uncomment the following bean from the securityContext.xml file:
Setting Default SAML SSO IDP
- Go to …<ConnectPortalInstallFolder>\resources_config\saml location.
- Open securityContext.xml file. Add the following property as below:
Where,
- Value is the entityID value from idp.xml file.
- To get the entityID, go to …<ConnectPortalInstallFolder>\resources_config\saml location and open the IDP metadata file that you want to set as default.
- Restart the Connect Portal.
Configure IDP Initiated SSO
Open the browser and type the below URL using IDP initiated SSO (for SSO Circle).
...
For Example, https://
...
<IDP Server Host>/sso/idpssoinit?metaAlias=
...
/publicidp&spEntityID=<value of SP entity Id>
Where,
spEntityID is the name that is specified in the metadata of your service provider.
Enabling multiple SAML IDP Provider in clustered environment
...
Info |
---|
In case of multiple IDP providers, the log out from SAML will happen only through the provider that has been set up as default. Even if you logout from a secondary provider, the log-out call will be directed to the default provider only. |