Re: Apigee SSO - create user programmatically

jonathan_pennec · 07-22-2021 03:18 AM

Hi all,

I followed this doc : https://docs.apigee.com/api-platform/system-administration/enabling-saml-authentication-edge to enable SSO with SAML on my private cloud apigee instance.

It works fine, but when I authenticate, I've got an error because my user has not been previously created in apigee.

Is there a way to use a custom class implementation after SSO to be able to create apigee user automatically ?

Also, I would like to get the users authorizations during SSO (my IDP put them in the SAML assertion).

Is there a way to access SAML assertion in an implementation of ExternalRoleMapperServiceV2 ? (I refer to https://docs.apigee.com/private-cloud/v4.18.05/external-role-mapping).

Thanking you,

raoabhi31031997

According to this article https://www.drupal.org/docs/8/modules/apigee-edge/what-information-is-stored-on-apigee-edge , the user should be automatically created on Apigee edge after user creation on Drupal portal, right?

jonathan_pennec

Thanks for your answer.

I'am not using drupal dev portal, I'am using Edge-UI to authenticate my org employees.

Denis_KALITVI

either you can try to disable sso, create user and re-enable,

or you can try to create user with this management API:

https://apidocs.apigee.com/docs/users/1/routes/users/post

about automation, you can use IDM systems - first > create the user inside IDM (saml\ad or whatever you are using for your saml provider), next - use management API and create user. I remember you can map groups with AD and local LDAP groups(and now I see you provided the link), but creating user via that - not sure. Need to look @ the java code to see what it does, either way not sure it will be supported.