Configuring multiple SAML IdPs
- Akash Kumar Jaiswal (Unlicensed)
- Ashhad Alam
- Rohan Dhanwade (Deactivated)
This page helps you in exposing the metadata of multiple Identity Providers to Adeptia Connect. Exposing IdP metadata information to Adeptia Connect allows Service Provider to read the details of IdP server from a particular location.
This page contains the following information.
Prerequisite
Before you start configuring multiple IdPs, ensure that you have met the following prerequisites:
- Depending upon the IdPs (for example, ADFS, PingFederate), download the respective IdP server metadata files.
- Rename the metadata files (for example, idp1.xml, idp2.xml).
Place the files at the location ...<ConnectPortalInstallFolder>/resources_config/saml.
You can also place a metadata file at any other location based on your choice.
Configuring multiple IdP servers
Once you have placed all the metadata files, you can expose them to Adeptia Connect by following the steps given below.
For a clustered set up, you can repeat the steps given in every node of the environment.
- Open saml.properties file located at <ConnectPortalInstallFolder>/resources_config/saml.
- Uncomment the property SAML_SSO_IDPS_CONFIGURATION_0_METADATA_LOCATION.
Provide the path of one of the IdP servers metadata file as the value for the property SAML_SSO_IDPS_CONFIGURATION_0_METADATA_LOCATION to expose this metadata.
- If you have placed the metadata file at a location other than ...<ConnectPortalInstallFolder>/resources_config/saml, you need to provide absolute path of the file as the value for the property.
- The application sets the default IdP based on what metadata file you expose by using the property SAML_SSO_IDPS_CONFIGURATION_0_METADATA_LOCATION. For example, if you provide the path of idp1.xml file as the value for this property, the IdP whose metadata is stored in idp1.xml file becomes the default IdP.
- Add the property SAML_SSO_IDPS_CONFIGURATION_1_METADATA_LOCATION
- Provide the path of the another IdP server metadata as the value for the property SAML_SSO_IDPS_CONFIGURATION_1_METADATA_LOCATION to expose this metadata.
- Keep adding the properties by using numbers in incremental fashion in their names, and provide the path of the xml files (metadata files) as their values until all the IdP metadata files are exposed.
For example, after you have added SAML_SSO_IDPS_CONFIGURATION_1_METADATA_LOCATION, the name of the next property you add should be SAML_SSO_IDPS_CONFIGURATION_2_METADATA_LOCATION.
Authenticating a user through non-default IdP server
If you have configured multiple IdPs, the users are by default authenticated through the default IdP. In case you want the user to be authenticated through a non-default IdP, you need to specify the registration Id of that IdP in the application URL as shown below.
Registration Id is the name of provided by the user to the IdP. In case of multiple IdPs, you can use the property SAML_SSO_IDPS_CONFIGURATION_0_REGISTRATION_ID in the saml.properties file to define the registration Id of one of the IdPs, and then replace the number in incremental fashion in the property name to define the registration Id of the next IdP, for example, SAML_SSO_IDPS_CONFIGURATION_1_REGISTRATION_ID, and so on.
https://<Domain name or IP>?registrationId=<registration_Id>
Landing to a specific page in Adeptia Connect
In case the users want to land to a specific page in Adetia Connect after getting authenticated through a non-default IdP, they need to enter the application URL in the format as shown in the example below.
https://<Domain name or IP>/?idp=<Entity ID of the IdP mentioned in the entityID attribute of its respective idp.xml file>#<dashboard/transactions/allMessages/all>
Where,
dashboard/transactions/allMessages/all is the application page where the user may want to land after logging in.