SSO Integration with the Apiax Platform and Apps

This document explains how to set up the SSO integration with the Apiax platform and apps.

 

Definition

Before proceeding, consider the following definitions:

  • User: the entity which wants to access the secured resource
  • Service Provider (SP): the entity which provides the service and holds the secured resource
  • Identity Provider (IdP): the entity which asserts the identity of the user (authentication)

SP Initiated Flow

The following figure depicts the service provider initiated flow.

SSO service provider initiated flow

IdP Initiated Flow

The following figure depicts the identity provider initiated flow.

SSO identity provider initiated flow

Apiax supports SSO via the IdP Initiated Flow.

 

Example of Apiax Applications link for customer portals

https://auth.apiax.io/auth/realms/apiax/protocol/openid-connect/auth?client_id=apps-web&redirect_uri=https://apps.apiax.io&response_mode=fragment&response_type=code&scope=openid&kc_idp_hint=CUSTOMER_IPD_ALIAS

 

SAML Requirements

The client requires the information mentioned below.

  • Federation Metadata URL, which contains the following data:
    • SAML Single Sign-On Service URL
    • SAML Sign-Out URL
    • SAML Signing Certificate

You must configure the client end with the following details:

  • Assertion Consumer Service URL:
    https://auth.apiax.io/auth/realms/apiax/broker/<entity-id>/endpoint
  • Logout URL:
    https://auth.apiax.io/auth/realms/apiax/broker/<entity-id>/endpoint

The SAML token must contain the following parameters:

  • NameID - this ID identifies univocally the user (preferably, the user email address)
  • Included Claims (optional)
    • If the NameID is not the user’s email address, you must include a claim containing it

OIDC Requirements

The client requires the following information:

  • OpenID Connect Discovery URL, which contains the following data:
    • Authorization URL
    • Token URL
    • Logout URL
    • User Info Endpoint URL
    • JWKS URL
    • Issuer

Configure the client end with the following details:

  • Login redirect URL:
    https://auth.apiax.io/auth/realms/apiax/broker/<broker-id>/endpoint

Additional resources

Find more information by visiting the links below.

 

Was this article helpful?

Comments

0 comments

Article is closed for comments.

Still have questions?

Please submit a request and we will get back to you shortly.

Submit a ticket