there are multiple posts / blogs how to configure a WSO2 IS resident IdP. Great. Is there a way how to configure the resident SAML IdP (EntityId) ?
g.
Yes there is a way to configure.
Log in to IS management console and In "Home" under "Identity" section click on "List" in "Identity Providers" subsection. Once you get to "Identity Providers" page, You'll see a "Resident Identity Provider" Link with a red icon. Click that link and you will go to Resident Identity Provider configuration page. In that page click on the "Inbound Authentication Configuration" (It will expand) then click "SAML2 Web SSO Configuration", it will also expand and there you will see a text box to edit the idpEntityId, with the label "Identity Provider Entity Id"
Related
I would like to use Azure AD B2C as the only Sign-in mechanism for the APIM Dev Portal. Currently that works by showing a "Login with AAD B2C" button, and the user has to click that button to sign in.
This is fine but not ideal, I would like the login page to automatically redirect to B2C for login without showing the "Login with AAD B2C" button at all. This way, users who have already signed-in in B2C will also be automatically logged in to APIM Dev Portal.
Another way to achieve this could be to "trigger/simulate the Button click" automatically once the user goes to the login page. Essentially, we don't want our users to see that button, or have to click it.
Is this possible at all?
I have setup a gateway url which points to my actual domain. But if users go to the developer portal URL, a basic blank page with a little info on API-M is shown. How do I redirect this page to the actual domain?
Sign in to the Azure portal > API Management services > Select your API Management service instance.
Under Developer portal, select Identities > Click on Add:
Under Type, select Azure Active Directory from the drop-down menu.
Once selected, you'll be able to enter other necessary information.
Information includes Client ID and Client secret.
Save the Redirect URL for later.
And the same redirect URL must be added in the app registry in the Azure AD.
To configure this, please refer here for more detailed information.
I have deleted the username and password default identity provider from my APIM instance and also disabled the signup. Instead I have configured Azure AD as identity provider. Despite this the developer portal makes it possible to sign in both with username/password and azure ad, and it's possible to sign up.
Overview page:
Identities page:
Setting:
Signup settings:
According to some test in my side, it seems the username/password sign in will not be removed even if delete "Username and password" in "Identities" tab. But you can delete the widget directly, do it like below screenshot show:
You can also delete the widget "For your password".
Then click "Save changes" and click "Publish website".
After that, close the developer portal window and re-open it again, and copy the url to another inprivate window. Click "sign in", the page will not show username/password sign in box.
I am trying a new version of D2L and seeing two values that are missing from the LTI links. The values are context_id and ext_d2l_username both of these exist previously, is there any setting we need to do to make these values flow with the rest of the html post?
To enable sending context_id and ext_d2l_username, you first have to configure tool consumer information to allow sending them, and then make sure you also enabled it for that LTI link.
To configure tool consumer information:
Using an account with necessary privileges, from the Admin Tools choose External Learning Tools.
Click on the Settings link located close to the top right corner of the page.
Enable "Allow sending context information to tool provider" for context_id, and "Allow sending system username to tool provider" for ext_d2l_username.
After that, choose your LTI Link and under its configuration do the following:
Enable "Send context information to tool provider" for context_id. Note: this option will only be available if "Allow sending context information to tool provider" has been enabled in the Configure Tool Consumer Information screen.
Enable "Send system username too tool provider" for ext_d2l_username. Note: this option will only be available if "Allow sending system username to tool provider" has been enabled in the Configure Tool Consumer Information screen.
In order for the context_id to be sent when LTI link is launched, the link has to be launched from a course context. It will be be sent if it was added from a top org level.
I am doing integration of SalesForce and OpenSSO with SAML. I have implemented steps mentioned on site
http://wiki.developerforce.com/page/Single_Sign-On_with_SAML_on_Force.com
There are two important use cases for SAML
Identity Provider Initiated Login, where a user starts directly at their identity provider, logs in, and is then redirected to a landing page at the service provider;
----This case working fine
Service Provider Initiated Login, where a user starts by clicking a link to the the service provider (e.g. a bookmark, mailed link, etc.) and temporarily redirected to the identity provider for authentication, then returned to the link they initially requested.
I am trying to implement 2nd Scenario :I am performing following steps
created my domain in SalesForce and deployed for Users
Added Identity Provider in Single Sign-On Settings
When I access My Domain URL. It redirect me to Identity provider login page.
After login to IDP it won’t redirect back to SalesForce page. It shows IDP success page.
How should I redirect back to SalesForce success page?
Salesforce's SP initiated SAML implementation is basically a hack - You need to first fire off an IDP initiated SAML response which contains an attribute called ssoStartPage. this points to your IDP login page. Once salesforce has seen this attribute it remembers it and uses it for future (SP initiated) requests. This post should hopefully help you (see point 3 at the bottom)