To be able to use an identity provider for authentication, you define its default settings, as well as any other settings you need, in Smart API Manager. In addition, for the OpenID Connect and SAML 2.0 identity providers, there are additional settings you have to define in the identity provider application itself.
Define default settings
For each default setting, click the Value column and type the value. The values depend on the identity provider you chose:
Define additional settings, if needed
-
Click NAME, type the setting name, and click ADD.
-
Click the Value column for the setting, type the setting value, and press ENTER.
If you want to remove a setting, click to select the setting, and click REMOVE.
-
Click NEXT to map identity provider claims to Smart API Manager claims. The instructions continue with Map identity provider claims to Smart API Manager claims.
-
If you are using OpenID Connect or SAML 2.0, before you continue on with mapping the identity provider claims, complete the additional steps required for your identity provider.
Complete setup in OpenID Connect Identity Provider
For OpenID Connect, you must establish the identity provider as an OIDC Relying Party.
-
Return to the OIDC client.
-
Add a Login Redirect Uri, as follows:
<server>/sam/oauth/callback/<Id>
-
Add a Logout Redirect Uri, as follows:
<server>/sam/oauth/logout
Complete setup for SAML 2.0 Identity Provider
For the SAML 2.0 Identity Provider, you must establish the identity provider from Smart API Manager as a SAML SP (service provider). To do so, you must provide the following information in your SAML 2.0 identity provider.
-
Single sign on (SSO) URL (also called the SAML Assertion Consumer Service, or ACS URL):
<server>/sam/oauth/callback/<Id>/Acs
-
Audience URI (also called the SP Entity ID):
<server>/sam/oauth/callback/<Id>
-
If available, configure the Single Logout URL:
<server>/sam/oauth/callback/<id>/logout
-
SP Issuer:
<server>/sam/oauth/callback/<Id>/