Exposing metadata of multiple SAML IdP

Owned by Akash Kumar Jaiswal (Unlicensed)
Last updated: Jun 07, 2023 by Ashhad Alam

This page helps you in exposing the metadata of multiple Identity Providers to Adeptia Connect. The steps may vary for different IdPs (e.g. SSO Circle, Keycloak, Okta, etc.). Exposing IdP metadata to Adeptia Connect allows the Service Providers to read the details of IdP Server.

To expose the IdP metadata you need to set the value for the environment variable SAML_SSO_IDPS_CONFIGURATION_0_METADATA_LOCATION by using any of the following options given in the table below.

You can find this variable in the portal section of the global values.yaml file.

Variable NamePossible valuesExampleDescription
SAML_SSO_IDPS_CONFIGURATION_0_METADATA_LOCATION

Complete path of the IdP metadata file including its name.

file:///shared/subfolder/IdP.xml

The IdP metadata file can lie in any folder in the PVC.

classpath:<name of the IdP metadata file>

classpath:IdP.xml

The IdP metadata file must lie within any classpath folder, for example, ext.

Metadata URL.https://ssocircle.com/metadatametadata URL of the IdP server.

If you want to expose metadata of another IdP, you need to use the number in incremental fashion. You will be using number 1 (one) in the variable name for the next IdP, for example, SAML_SSO_IDPS_CONFIGURATION_1_METADATA_LOCATION.

Configure IDP Initiated SSO

Open the browser and type the below URL using IDP initiated SSO (for SSO Circle).

For Example, https://<IDP Server Host>/sso/idpssoinit?metaAlias=/publicidp&spEntityID=<value of SP entity Id>

Where,
spEntityID is the name that is specified in the metadata of your service provider.

Authenticating a user through non-default IdP server

If you have configured multiple IdPs, the users are by default authenticated through the default IdP. In case you want the user to be authenticated through a non-default IdP, you need to specify the registration Id of that IdP in the application URL as shown below.

Registration Id is the name provided by the user to the IdP. In case of multiple IdPs, you have corresponding registration Ids defined in their respective environment variables in the portal values.yaml file. You can use the environment variable SAML_SSO_IDPS_CONFIGURATION_0_REGISTRATION_ID to define the registration Id of one of the IdPs, and then use the number in incremental fashion in the variable to define the registration Id of the next IdP, for example, SAML_SSO_IDPS_CONFIGURATION_1_REGISTRATION_ID, and so on.

https://<Domain name or IP>/?registrationId=<registration_Id>

Landing to a specific page in Adeptia Connect

In case the users want to land to a specific page in Adeptia Connect after getting authenticated through a non-default IdP, they need to specify the enter the application URL in the format as shown in the example below.

https://<Domain name or IP>/?registrationId=<registration_Id>#<dashboard/transactions/allMessages/all>

Where,

dashboard/transactions/allMessages/all is the application page where the user may want to land after logging in.


Related Topic

Login to Adeptia Connect with SAML