Exposing metadata of multiple SAML IdP
- Akash Kumar Jaiswal (Unlicensed)
- Ashhad Alam
This page helps you in exposing the metadata of multiple Identity Providers to Adeptia Connect. The steps may vary for different IdPs (e.g. SSO Circle, Keycloak, Okta, etc.). For a clustered set up, you can repeat the steps given in every node of the environment. Exposing IdP metadata to Adeptia Connect allows the Service Providers to read the details of IdP Server.
To expose the IdP metadata you need to set the value for the environment variable SAML_SSO_IDPS_CONFIGURATION_0_METADATA_LOCATION by using any of the following options given in the table below.
You can find this variable in the portal section of the global values.yaml file.
| Variable Name | Possible values | Example | Description |
|---|---|---|---|
| SAML_SSO_IDPS_CONFIGURATION_0_METADATA_LOCATION | Complete path of the IdP metadata file including its name. | /shared/subfolder/IdP.xml | The IdP metadata file can lie in any folder in the PVC. |
classpath:<name of the IdP metadata file> | classpath:IdP.xml | The IdP metadata file must lie within any classpath folder, for example, ext. | |
| Metadata URL. | https://ssocircle.com/metadata | metadata URL of the IdP server. |
If you want to expose metadata of another IdP, you need to use the number in incremental fashion. You will be using number 1 (one) in the variable name for the next IdP, for example, SAML_SSO_IDPS_CONFIGURATION_1_METADATA_LOCATION.
Configure IDP Initiated SSO
Open the browser and type the below URL using IDP initiated SSO (for SSO Circle).
For Example, https://<IDP Server Host>/sso/idpssoinit?metaAlias=/publicidp&spEntityID=<value of SP entity Id>
Where,
spEntityID is the name that is specified in the metadata of your service provider.
In case of multiple IdP providers, the log out from SAML will happen only through the provider that has been set up as default. Even if you logout from a secondary provider, the log-out call will be directed to the default provider only.