API Gateway 10.3 | Using API Gateway | API Gateway Administration | System Settings | Configuring SAML Settings for Single Sign-on
 
Configuring SAML Settings for Single Sign-on
Security Assertion Markup Language is an XML-based standard for exchanging authentication and authorization data between security domains. You can configure SAML settings for single sign-on for API Gateway in the Systems Settings section.
*To configure SAML settings for single sign-on
1. Expand the menu options icon , in the title bar, and select Administration.
2. Select System Settings > SAML SSO.
3. Set the toggle button to the on position to enable SAML.
4. Provide the SAML redirect URl the format being a correct URL address.
For example, /saml/sso/login.
5. Select Send signed SAML auth request if you want to send out the signed SAML authorization request to the Identity Provider (IDP).
6. Select Require signed assertion from IDP to receive a signed assertion from IDP.
7. Provide the Service provider identity which is the hostname of the machine or localhost.
8. Provide the location where the IDP metadata is stored in the IDP metadata location field.
The location is the file URL of IDP metadata stored locally.
9. Provide the location where the Gateway metadata is stored in the Gateway metadata location.
The location is the file URL of IDP metadata stored locally for example, http(s)://APIGatewayinstance:9072/gatewayui/saml/sso/metadata
10. Provide the following information in the Keystore properties section:
*Keystore location: Location where the keystore file is stored.
*Keystore type: The file type of the keystore file. The file type can be either JKS or PKCS12.
*Keystore password: Password to access the keystore file.
11. Provide the following information in the Default key properties section:
*Default key alias: Provide the alias for the specific key and associated certificate within the keystore.
*Default key alias password: Provide the password to access the default key alias.
12. Provide the following information in the Sign key properties section:
*Sign key alias: Provide the alias of the default key used to digitally sign requests sent to the service provider.
*Sign key alias password: Provide the password to access the sign key alias.
13. Provide the following information in the Encrypt key properties section:
*Encrypt key alias: Provide the alias of the default key used to encrypt the request that is sent to the service provider.
*Encrypt key alias password: Provide the password to access the encrypt key alias.
14. Click Save.