API Gateway 10.5 | Using API Gateway | Usage Scenarios | SAML SSO
 
SAML SSO
 
How to enable SAML SSO in API Gateway?
Single sign-on (SSO) is a user authentication service that permits a user to use one set of login credentials to access multiple applications and service providers. In addition to the convenient factor, implementing SSO makes user logins more secure as it uses SAML protocol for communication.
Security Assertion Markup Language (SAML) is an open standard that allows identity providers to pass authorization credentials to service providers. SAML uses Extensible Markup Language (XML) for standardized communication between the identity providers and service providers. SAML provides a solution to allow your identity provider and service providers to exist separately from each other, which centralizes user management and provides access to services. In this case,API Gateway is the service provider.
*Identity Provider (IdP) - Performs authentication and passes the users's identity to the service provider for authorization.
*Service Provider - Trusts the identity provider and authorizes the given user to access the requested resource.
Limitation
When you log into API Gateway using SSO, both the IdP and API Gateway sessions are created. But when you log out from API Gateway, only the API Gateway session gets terminated, the IdP session gets terminated based on its session timeout configuration. API Gateway does not support Single Logout (SLO).