This document explains how to set up the SSO integration with the Apiax platform and apps.
Before proceeding, consider the following definitions:
- User: the entity which wants to access the secured resource
- Service Provider (SP): the entity which provides the service and holds the secured resource
- Identity Provider (IdP): the entity which asserts the identity of the user (authentication)
SP Initiated Flow
The following figure depicts the service provider initiated flow.
IdP Initiated Flow
The following figure depicts the identity provider initiated flow.
Apiax supports SSO via the IdP Initiated Flow.
Example of Apiax Applications link for customer portals
The client requires the information mentioned below.
- Federation Metadata URL, which contains the following data:
- SAML Single Sign-On Service URL
- SAML Sign-Out URL
- SAML Signing Certificate
You must configure the client end with the following details:
- Assertion Consumer Service URL:
- Logout URL:
The SAML token must contain the following parameters:
- NameID - this ID identifies univocally the user (preferably, the user email address)
- Included Claims (optional)
- If the NameID is not the user’s email address, you must include a claim containing it
The client requires the following information:
- OpenID Connect Discovery URL, which contains the following data:
- Authorization URL
- Token URL
- Logout URL
- User Info Endpoint URL
- JWKS URL
Configure the client end with the following details:
- Login redirect URL:
Find more information by visiting the links below.