If there are default settings for the identity provider type you selected, they are listed on the dialog box. These settings provide information required to use an identity provider for authentication.
-
For each default setting, click the Value column and type the value.
Identity
Provider Type
Default Setting
DescriptionWS-Federation
MetadataAddress
The URL to the WS-Federation metadata document describing the server parameters.
Wtrealm
The name of the authentication realm, usually described in the metadata document as well.
OpenID Connect (OIDC)
ClientId
The Client Id provided by the OIDC client.
Scope
The list of requested OIDC scopes, space-separated.
At a minimum, request the openid scope. Optional scopes include: profile, email, address, and phone.
ResponseType
The expected OAuth response type.
Set the value to id_token or id_token token. No access token is returned when the value is id_token.
MetadataAddress
The URL to the OIDC service provider's discovery document.
This is typically derived by concatenating the string /.well-known/openid-configuration to the OIDC client's Issuer URI.
After you finish adding the OIDC identity provider in Smart API Manager:
Return to the OIDC client and add a Login Redirect Uri as:
<server>/sam/oauth/callback/Id
where <server> represents the base address for your Smart API Manager web server, and Id represents the Id value (GUID) of the identity provider from Smart API Manager. This configuration establishes the identity provider as an OIDC Relying Party.
SAML 2.0
MetadataAddress
The Identity Provider metadata URL provided by the SAML IDP.
Issuer
The Issuer URI provided by the SAML IDP.
You can also find the value in the MetadataAddress document at <EntityDescriptor entityID="<Issuer URI>">.
After you finish adding the SAML 2.0 identity provider in Smart API Manager:
Return to the identity management system to finish configuring the SAML IDP. You must enter the following information to establish the identity provider from Smart API Manager as a SAML SP (service provider).
The information you enter is based on values from Smart API Manager. In the following URLs, <server> represents the base address for your Smart API Manager web server, and Id represents the Id value (GUID) of the identity provider.
At a minimum, you must provide the Single sign on, or SSO URL (also called the SAML Assertion Consumer Service, or ACS URL) as:
<server>/sam/oauth/callback/Id/Acs
Also, you must provide the Audience URI (also known as SP Entity ID) as:
<server>/sam/oauth/callback/Id
If there is an option to configure the Single Logout URL, enter:
<server>/sam/oauth/callback/Id/Logout
And for SP Issuer, enter:
<server>/sam/oauth/callback/Id/
Local
TypeName
The fully qualified type name that implements the ILocalIdentityProvider interface.
InitializationString
An optional string parameter passed to the class constructor (if a constructor with a string parameter is implemented). The string may contain any information required.
-
If you want to add a setting:
-
Click NAME, type the setting name, and click ADD.
-
Click the Value column for the setting, type the setting value, and press ENTER.
-
-
If you want to remove a setting, click to select the setting, and click REMOVE.
-
Click NEXT to map identity provider claims to Smart API Manager claims.